private bool IsNeighborFiltered(Neighbor neighbor)
{
// true -> El vecino NO se pinta
// false -> El vecino SI se pinta
// Se comprueba el nombre
if (!string.IsNullOrEmpty(neighbor.computerName))
{
if (neighbor.computerName.ToLower().Contains(strFilter.ToLower()))
return false;
}
// Se comprueba la MAC
if (neighbor.physicalAddress.ToString().ToLower().Contains(strFilter.ToLower()))
return false;
// Se comprueban las IPs
for (int ip = 0; ip < neighbor.GetIPs().Count; ip++)
{
if (neighbor.GetIPs()[ip].ToString().ToLower().Contains(strFilter.ToLower()))
return false;
}
return true;
}
internal void ReverseResolutionAsync(Neighbor n)
{
Thread t = new Thread(new System.Threading.ParameterizedThreadStart(ReverseResolution));
t.IsBackground = true;
t.Start(n);
}
private void _CheckIfNeighborRoutesPackets(Neighbor n)
{
if (n == null)
return;
IPAddress IpSrc = Program.CurrentProject.data.GetIPv4FromDevice(device);
if (IpSrc == null)
return;
n.canRoutePackets = RouteStatus.Verifing;
EthernetPacket eth = new EthernetPacket(Program.CurrentProject.data.GetDevice().MacAddress, n.physicalAddress, EthernetPacketType.IpV4);
IPAddress IpDst = IPAddress.Parse("8.8.8.8");
eth.PayloadPacket = new IPv4Packet(IpSrc, IpDst);
eth.PayloadPacket.PayloadPacket = new TcpPacket((ushort)31337, (ushort)53);
((IPv4Packet)eth.PayloadPacket).UpdateIPChecksum();
((TcpPacket)eth.PayloadPacket.PayloadPacket).Syn = true;
((TcpPacket)eth.PayloadPacket.PayloadPacket).UpdateTCPChecksum();
Thread t = new Thread(new ParameterizedThreadStart(CheckIfRouted));
t.IsBackground = true;
t.Start(n);
Program.CurrentProject.data.SendPacket(eth);
}
public void CheckIfNeighborRoutesPackets(Neighbor n)
{
_CheckIfNeighborRoutesPackets(n);
}
public IPAddress GetIPv6FromNeighbor(Neighbor neighbor)
{
for (int i = 0; i < neighbor.GetIPs().Count; i++)
{
if (neighbor.GetIPs()[i].GetAddressBytes().Length == 16)
return neighbor.GetIPs()[i];
}
return null;
}
public void RemoveNeighbor(Neighbor neighbor)
{
neighbors.Remove(neighbor);
}
public NeighborEventArgs(Neighbor Neighbor)
{
this.Neighbor = Neighbor;
}
private void AnalyzeARP(Packet packet)
{
if (!(packet.PayloadPacket is ARPPacket))
return;
if (!(packet is EthernetPacket))
return;
EthernetPacket ethernet = (EthernetPacket)packet;
ARPPacket arp = (ARPPacket)packet.PayloadPacket;
// Si el paquete va dirigido a nuestra MAC...
if (ethernet.DestinationHwAddress.Equals(localPhysicalAddress))
{
PhysicalAddress mac = arp.SenderHardwareAddress;
IPAddress ip = arp.SenderProtocolAddress;
Neighbor neighbor = Program.CurrentProject.data.GetNeighbor(mac);
if (neighbor == null)
{
// Creamos el vecino
neighbor = new Neighbor();
neighbor.physicalAddress = mac;
neighbor.AddIP(ip);
Program.CurrentProject.data.AddNeighbor(neighbor);
NewNeighbor(this, new NeighborEventArgs(neighbor));
}
else
{
// Si ya existe, comprobamos si tiene la iP ipv4 y se la añadimos (en caso de que lo la tenga)
if (!neighbor.ExistsIP(ip))
{
neighbor.AddIP(ip);
Program.CurrentProject.data.AddNeighbor(neighbor);
}
}
}
// Si va dirigido a broadcast ...
else if (ethernet.DestinationHwAddress.Equals(PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF")))
{
// Si los que están "negociando" las tablas ARP están siendo atacados por un MITM,
// se les vuelve a atacar envenenando sus tablas
if (arp.Operation == ARPOperation.Request)
{
PhysicalAddress senderMac = arp.SenderHardwareAddress;
PhysicalAddress destinationMac = arp.TargetHardwareAddress;
IPAddress senderIp = arp.SenderProtocolAddress;
IPAddress destinationIp = arp.TargetProtocolAddress;
SynchronizedCollection<Attack> lstAttacks = Program.CurrentProject.data.GetAttacks();
// En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar
foreach (Attack attk in lstAttacks.Where(A => (A.attackType == AttackType.ARPSpoofing || A.attackType == AttackType.InvalidMacSpoofIpv4) && A.attackStatus == AttackStatus.Attacking))
{
if (attk is MitmAttack)
{
MitmAttack mitmArp = (MitmAttack)attk;
if (
((mitmArp.t1.ip.Equals(senderIp)) || (mitmArp.t1.ip.Equals(destinationIp)))
&&
((mitmArp.t2.ip.Equals(senderIp)) || (mitmArp.t2.ip.Equals(destinationIp)))
)
{
// Lo envia a ambas partes del ataque, se vuelve a envenenar a los dos equipos
// (aunque unicamente sería necesario al que hace la solicitud (request)
ethernet = Attacks.ARPSpoofing.GenerateResponseArpPoison(device.Interface.MacAddress,
((MitmAttack)mitmArp).t2.mac,
((MitmAttack)mitmArp).t2.ip,
((MitmAttack)mitmArp).t1.ip);
Program.CurrentProject.data.SendPacket(ethernet);
ethernet = Attacks.ARPSpoofing.GenerateResponseArpPoison(device.Interface.MacAddress,
((MitmAttack)mitmArp).t1.mac,
((MitmAttack)mitmArp).t1.ip,
((MitmAttack)mitmArp).t2.ip);
Program.CurrentProject.data.SendPacket(ethernet);
}
}
else if (attk is InvalidMacSpoofAttackIpv4Attack)
{
ethernet = Attacks.ARPSpoofing.GenerateResponseArpPoison(device.Interface.MacAddress,
((InvalidMacSpoofAttackIpv4Attack)attk).t2.mac,
((InvalidMacSpoofAttackIpv4Attack)attk).t2.ip,
((InvalidMacSpoofAttackIpv4Attack)attk).t1.ip);
Program.CurrentProject.data.SendPacket(ethernet);
}
}
}
}
OnNewARP(new ArpEventArgs(packet));
}
public NeighborEventArgs(Neighbor Neighbor)
{
this.Neighbor = Neighbor;
}
public override bool Equals(object obj)
{
Neighbor n = obj as Neighbor;
return(this.physicalAddress.Equals(n.physicalAddress));
}
public bool ExistsNeighbor(Neighbor neighbor)
{
return(neighbors.Contains(neighbor));
}
public void CheckIfNeighborRoutesPackets(Neighbor n)
{
_CheckIfNeighborRoutesPackets(n);
}
public void RemoveNeighbor(Neighbor neighbor)
{
neighbors.Remove(neighbor);
}
public bool ExistsNeighbor(Neighbor neighbor)
{
return neighbors.Contains(neighbor);
}
private void Update_Routers(Neighbor neighbor)
{
treeView.Invoke(new MethodInvoker(delegate
{
treeView.BeginUpdate();
}));
if (!treeView.Nodes[mainNode].Nodes[routersNode].Nodes.ContainsKey(neighbor.physicalAddress.ToString()))
{
// Si el vecino puede enrutar y no se ha agregado, se agrega
if (neighbor.canRoutePackets == RouteStatus.CanRoute)
{
treeView.Invoke(new MethodInvoker(delegate
{
TreeNode tn = treeView.Nodes[mainNode].Nodes[routersNode].Nodes.Add(neighbor.physicalAddress.ToString(), neighbor.physicalAddress.ToString());
tn.Tag = neighbor;
tn.ImageIndex = tn.SelectedImageIndex = 11;
if (treeView.Nodes[mainNode].Nodes[routersNode].Nodes.Count == 1)
treeView.Nodes[mainNode].Nodes[routersNode].Expand();
}));
}
}
// Como se puede haber insertado el nodo en el IF anterior, se vuelve a comprobar a ver si podemos insertarle la IP
if (treeView.Nodes[mainNode].Nodes[routersNode].Nodes.ContainsKey(neighbor.physicalAddress.ToString()))
{
// El router existe. Se insertan nodos desplegables por cada IP que tenga el router
TreeNode tnRouter = treeView.Nodes[mainNode].Nodes[routersNode].Nodes[neighbor.physicalAddress.ToString()];
foreach (IPAddress ipAddress in neighbor.GetIPs())
{
// Se agrega la IP en caso de que no exista
if (!tnRouter.Nodes.ContainsKey(ipAddress.ToString()))
{
lbRoutersBruteForce.Items.Add(ipAddress.ToString());
treeView.Invoke(new MethodInvoker(delegate
{
TreeNode tnRouterIP = tnRouter.Nodes.Add(ipAddress.ToString(), ipAddress.ToString());
tnRouterIP.ImageIndex = tnRouterIP.SelectedImageIndex = 0;
tnRouterIP.Tag = ipAddress;
tnRouter.Expand();
Thread tColorChanger = new Thread(new ParameterizedThreadStart(ChangeColor));
tColorChanger.IsBackground = true;
tColorChanger.Start(tnRouterIP);
}));
}
else
{
// Si ya existia, se agregan los puertos en caso de que no existan.
TreeNode tnIP = tnRouter.Nodes[ipAddress.ToString()];
UpdatePortsOfIPNode(tnIP);
}
}
// Si el router tiene nombre, se le establece en el nodo
if (!tnRouter.Text.StartsWith(neighbor.ToString()))
{
treeView.Invoke(new MethodInvoker(delegate
{
tnRouter.Text = neighbor.ToString();
Thread tColorChanger = new Thread(new ParameterizedThreadStart(ChangeColorUpdate));
tColorChanger.IsBackground = true;
tColorChanger.Start(tnRouter);
}));
}
// Se le pone el iconcillo de OS
if ((neighbor.osPlatform != Platform.Unknow) && (tnRouter.ImageIndex == 11))
{
treeView.Invoke(new MethodInvoker(delegate
{
int imageOS = Program.CurrentProject.data.GetImageNumberOS(neighbor.osPlatform);
tnRouter.ImageIndex = tnRouter.SelectedImageIndex = imageOS;
}));
}
}
treeView.Invoke(new MethodInvoker(delegate
{
treeView.EndUpdate();
}));
}
public void AddNeighbor(Neighbor neighbor)
{
NeighborEventArgs ea;
if (neighbor.physicalAddress == null)
throw new Exception("Neighbor without physical address");
if (neighbor.physicalAddress.Equals(device.Interface.MacAddress))
return;
lock (neighborLock)
{
if (ExistsNeighbor(neighbor))
{
Neighbor newNeighbor = GetNeighbor(neighbor.physicalAddress);
newNeighbor.Combine(neighbor);
ea = new NeighborEventArgs(newNeighbor);
ea.Tipo = NeighborOperacionTreeView.Actualizar;
NewNeighbor(newNeighbor, ea);
return;
}
if (neighbor.GetIPs().Count == 0)
throw new Exception("Neighbor without ips");
neighbors.Add(neighbor);
ea = new NeighborEventArgs(neighbor);
ea.Tipo = NeighborOperacionTreeView.Añadir;
NewNeighbor(neighbor, ea);
}
ReverseResolutionAsync(neighbor); // Resolucion de nombre a partir de IP
_CheckIfNeighborRoutesPackets(neighbor);
}
private void addNeighborToolStripMenuItem_Click(object sender, EventArgs e)
{
bool added = false;
FormAddNeighbor fAddNeighbor = new FormAddNeighbor();
fAddNeighbor = (FormAddNeighbor)ShowForm(fAddNeighbor);
if (fAddNeighbor.mac != null && fAddNeighbor.ip != null)
{
// Comprobar si ya existe un vecino con esa mac
Neighbor n = Program.CurrentProject.data.GetNeighbor(fAddNeighbor.mac);
if (n == null)
{
// No existia. Se agrega.
n = new Neighbor();
n.physicalAddress = fAddNeighbor.mac;
n.AddIP(fAddNeighbor.ip);
Program.CurrentProject.data.AddNeighbor(n);
added = true;
}
else
{
// Ya existia. Verificamos si ya tenia asignada la IP
if (n.ExistsIP(fAddNeighbor.ip))
{
// Existia
ShowMessage("IP Address '" + fAddNeighbor.ip.ToString() + "' is already asigned to a neighbor with '" + fAddNeighbor.mac.ToString() + "' as MAC address", 2000, FormMessage.IconType.Info);
return;
}
else
{
// No existia. Se agrega
n = new Neighbor();
n.physicalAddress = fAddNeighbor.mac;
n.AddIP(fAddNeighbor.ip);
Program.CurrentProject.data.AddNeighbor(n);
added = true;
}
}
if (added)
ShowMessage("IP '" + fAddNeighbor.ip.ToString() + "' added successfully with '" + fAddNeighbor.mac.ToString() + "' as MAC", 2000, FormMessage.IconType.Info);
}
}
private void AnalyzeLLMNR(Packet packet)
{
if (!(packet is EthernetPacket))
return;
// IPv4 y IPv6
if (packet.PayloadPacket.PayloadPacket is UdpPacket)
{
// Respuestas de LLMNR. De aqui podemos capturar el nombre.
if ((((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort == 5355) && (((EthernetPacket)packet).Type == EthernetPacketType.IpV4))
{
LLMNR.LLMNRAnswer LLMNRAnswer = new LLMNR.LLMNRAnswer(packet.PayloadPacket.PayloadPacket.PayloadData);
// Solo lo cojemos las respuestas que son de tipo PTR o de tipo A
if (LLMNRAnswer.isPtrResponse == true && LLMNRAnswer.computerName != string.Empty)
{
Neighbor neighbor = Program.CurrentProject.data.GetNeighbor(((EthernetPacket)(packet)).SourceHwAddress);
if (neighbor == null)
{
neighbor = new Neighbor();
neighbor.computerName = LLMNRAnswer.computerName;
neighbor.AddIP(LLMNRAnswer.ipAddress);
neighbor.physicalAddress = ((EthernetPacket)(packet)).SourceHwAddress;
Program.CurrentProject.data.AddNeighbor(neighbor);
NewNeighbor(this, new NeighborEventArgs(neighbor));
}
else
{
neighbor.computerName = LLMNRAnswer.computerName;
Program.CurrentProject.data.AddNeighbor(neighbor);
}
}
}
if ((((EthernetPacket)packet).Type == EthernetPacketType.IpV4) && (((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 5355))
{
SynchronizedCollection<Attack> lstAttacks = Program.CurrentProject.data.GetAttacks();
// En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar
foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv4 && A.attackStatus == AttackStatus.Attacking))
{
MitmAttack mitmAtt = (MitmAttack)attk;
if (((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip))
WpadIPv4Attack.Instance.GenerateLLMNRResponse(packet);
}
}
if ((((EthernetPacket)packet).Type == EthernetPacketType.IpV6) && (((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 5355))
{
SynchronizedCollection<Attack> lstAttacks = Program.CurrentProject.data.GetAttacks();
// En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar
foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv6 && A.attackStatus == AttackStatus.Attacking))
{
MitmAttack mitmAtt = (MitmAttack)attk;
if (((IPv6Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip))
WpadIPv6Attack.Instance.GenerateLLMNRResponse(packet);
}
}
}
}
public void Combine(Neighbor n)
{
foreach (var ip in n.ips)
this.AddIP(ip);
foreach (var port in n.ports)
this.AddPort(port);
if (string.IsNullOrEmpty(this.computerName))
this.computerName = n.computerName;
else if (!this.computerName.Equals(n.computerName) && !string.IsNullOrEmpty(n.computerName))
this.computerName = string.Format("{0} - {1})", this.computerName, n.computerName);
}
