public void forwardFrame(IPFrame frame) { var id = RandomString(10); var udpFrame = (UDPFrame)frame.EncapsulatedFrame; var e = new System.Net.IPEndPoint(System.Net.IPAddress.Parse("192.168.1.220"), udpFrame.DestinationPort); logger.Debug("{0} Source Port: {1}", id, udpFrame.SourcePort); logger.Debug("{0} Dest Port: {1}", id, udpFrame.DestinationPort); ProxySocket socket; var cacheKey = string.Format("{0}:{1}->{2}", udpFrame.SourcePort, udpFrame.DestinationPort, e.ToString()); if (!natTable.TryGetValue(cacheKey, out socket)) { socket = new ProxySocket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp); socket.ProxyEndPoint = new System.Net.IPEndPoint(System.Net.IPAddress.Parse("192.168.1.150"), 1080); socket.ProxyType = ProxyTypes.Socks5; socket.Connect(e); Task.Run(() => { try { logger.Debug("{0} Create a new UDP Receive Task", id); var buffer = new byte[8192]; ProxySocket tmp; while (natTable.TryGetValue(cacheKey, out tmp)) { logger.Debug("start receive"); var bytesReceived = socket.Receive(buffer); logger.Debug("{0} Received packet", id); natTable.Add(cacheKey, socket); var receivedIPFrame = new IPv4Frame(); receivedIPFrame.SourceAddress = frame.DestinationAddress; receivedIPFrame.DestinationAddress = frame.SourceAddress; receivedIPFrame.Protocol = IPProtocol.UDP; var receivedUDPFrame = new UDPFrame(); receivedUDPFrame.SourcePort = udpFrame.DestinationPort; receivedUDPFrame.DestinationPort = udpFrame.SourcePort; logger.Debug("{0} RSource Port: {1}", id, receivedUDPFrame.SourcePort); logger.Debug("{0} RDest Port: {1}", id, receivedUDPFrame.DestinationPort); receivedUDPFrame.EncapsulatedFrame = new RawDataFrame(buffer, 0, bytesReceived); receivedIPFrame.EncapsulatedFrame = receivedUDPFrame; receivedUDPFrame.Checksum = receivedUDPFrame.CalculateChecksum(receivedIPFrame.GetPseudoHeader()); tap.Write(receivedIPFrame.FrameBytes, 0, receivedIPFrame.Length); tap.Flush(); logger.Debug("{0} wrote", id); } } catch (SocketException err) { logger.Error(err); } }); } natTable.Add(cacheKey, socket); socket.BeginSend(udpFrame.EncapsulatedFrame.FrameBytes, 0, udpFrame.EncapsulatedFrame.FrameBytes.Length, 0, ar => { socket.EndSend(ar); logger.Debug("{0} Sent to Dest", id); }, null); }
/// <summary> /// Decapsulates the given UDP frame if the binding of this socket matches the frame and invokes the FrameDecapsulated event when finished. /// </summary> /// <param name="fFrame">The frame to process</param> /// <param name="bPush">A bool indicating whether the frame is delivered with a push flag</param> /// <returns>A bool indicating whether the given frame matched the binding of this socket</returns> public override bool PushUp(Frame fFrame, bool bPush) { if (fFrame.FrameType != FrameTypes.UDP) { try { fFrame = new UDPFrame(fFrame.FrameBytes); } catch { return(false); } } UDPFrame fUDPFrame = (UDPFrame)fFrame; if (fUDPFrame.SourcePort != this.RemoteBinding || fUDPFrame.DestinationPort != this.LocalBinding) { return(false); } InvokeFrameDecapsulated(fUDPFrame.EncapsulatedFrame, bPush); return(true); }
/// <summary> /// Checks for DNS frames in this frame and spoofes the response, if a response entry does match /// </summary> /// <param name="fInputFrame">The frame to handle</param> /// <returns>The modified frame</returns> protected override Frame ModifyTraffic(Frame fInputFrame) { if (!bPause) { IPFrame ipFrame = GetIPFrame(fInputFrame); UDPFrame udpFrame = GetUDPFrame(fInputFrame); DNSFrame dnsFrame = (DNSFrame)GetFrameByType(fInputFrame, FrameTypes.DNS); if (dnsFrame != null && ipFrame != null) { if (dnsFrame.QRFlag) { foreach (DNSResourceRecord r in dnsFrame.GetAnswers()) { ProcessDNSRecord(r, ipFrame.DestinationAddress); } foreach (DNSResourceRecord r in dnsFrame.GetAuthorotives()) { ProcessDNSRecord(r, ipFrame.DestinationAddress); } foreach (DNSResourceRecord r in dnsFrame.GetAdditionals()) { ProcessDNSRecord(r, ipFrame.DestinationAddress); } } if (udpFrame != null) { udpFrame.Checksum = new byte[2]; //Empty checksum } } } return(fInputFrame); }
/// <summary> /// Encapsulates the given UDP frame according to the binding of this socket and invokes the FrameEncapsulated event when finished. /// </summary> /// <param name="fFrame">The frame to process</param> /// <param name="bPush">A bool indicating whether the frame is delivered with a push flag</param> public override void PushDown(Frame fFrame, bool bPush) { UDPFrame fUDPFrame = new UDPFrame(); fUDPFrame.DestinationPort = RemoteBinding; fUDPFrame.SourcePort = LocalBinding; fUDPFrame.EncapsulatedFrame = fFrame; InvokeFrameEncapsulated(fUDPFrame, bPush); }
static bool PacketFilter(IPv4Header ipv4Header, UDPFrame udpFrame) { if (ipv4Header.ChecksumOK == false || !ipv4Header.SourceAddress.Equals(FilterSourceAddr) || !ipv4Header.DestinationAddress.Equals(FilterDestAddr) || udpFrame.Header.DestinationPort != FilterDestPort) { return(false); } return(UDPFns.UDPChecksum(ipv4Header.SourceAddress, ipv4Header.DestinationAddress, udpFrame) == udpFrame.Header.Checksum); }
/// <summary> /// Checks whether the input frame contains a DNS component. /// If it contains a DNS frame, the DNS frame will be parsed and logged /// </summary> /// <param name="fInputFrame">The frame to analyze</param> protected override void HandleTraffic(Frame fInputFrame) { UDPFrame fUDP = GetUDPFrame(fInputFrame); IPFrame ipFrame = GetIPFrame(fInputFrame); DNSFrame dFrame = (DNSFrame)GetFrameByType(fInputFrame, FrameTypes.DNS); if (fUDP != null && ipFrame != null && dFrame != null) { bool bFound = false; foreach (DNSItem di in lLog) { foreach (DNSQuestion qs in dFrame.GetQuestions()) { if ((di.QueryingHost.Equals(ipFrame.SourceAddress) || di.QueryingHost.Equals(ipFrame.DestinationAddress)) && di.TransactionID == dFrame.Identifier && di.QueryName == qs.Query && !di.TransactionComplete) { bFound = true; } } } if (!bFound) { foreach (DNSQuestion qs in dFrame.GetQuestions()) { DNSItem dsItem; if (dFrame.QRFlag) { dsItem = new DNSItem(qs.Query, ipFrame.DestinationAddress, ipFrame.SourceAddress, TimeSpan.Zero, dFrame.Identifier); } else { dsItem = new DNSItem(qs.Query, ipFrame.SourceAddress, ipFrame.DestinationAddress, TimeSpan.Zero, dFrame.Identifier); } AddLogItem(dsItem); } } if (dFrame.QRFlag) { foreach (DNSItem dsItem in lLog) { if (dFrame.Identifier == dsItem.TransactionID && !dsItem.TransactionComplete) { foreach (DNSResourceRecord rr in dFrame.GetAnswers()) { if (rr.Type == DNSResourceType.CNAME) { if (rr.Name == dsItem.QueryName) { string strTMPName = ASCIIEncoding.ASCII.GetString(rr.ResourceData); foreach (DNSResourceRecord rr2 in dFrame.GetAnswers()) { if (rr2.Type == DNSResourceType.A && rr2.Name == strTMPName) { IPAddress ipa = new IPAddress(rr2.ResourceData); if (!dsItem.ContainsAnswer(ipa)) { dsItem.AddAnswer(ipa); } dsItem.ChacheTime = new TimeSpan(0, 0, rr2.TTL); dsItem.TransactionComplete = true; dsItem.AnsweringServer = ipFrame.SourceAddress; InvokeUpdated(dsItem); } } } } if (rr.Type == DNSResourceType.A && rr.Name == dsItem.QueryName) { IPAddress ipa = new IPAddress(rr.ResourceData); if (!dsItem.ContainsAnswer(ipa)) { dsItem.AddAnswer(ipa); } dsItem.ChacheTime = new TimeSpan(0, 0, rr.TTL); dsItem.AnsweringServer = ipFrame.SourceAddress; dsItem.TransactionComplete = true; InvokeUpdated(dsItem); } } } } } } }