private bool IsNeighborFiltered(Neighbor neighbor) { // true -> El vecino NO se pinta // false -> El vecino SI se pinta // Se comprueba el nombre if (!string.IsNullOrEmpty(neighbor.computerName)) { if (neighbor.computerName.ToLower().Contains(strFilter.ToLower())) return false; } // Se comprueba la MAC if (neighbor.physicalAddress.ToString().ToLower().Contains(strFilter.ToLower())) return false; // Se comprueban las IPs for (int ip = 0; ip < neighbor.GetIPs().Count; ip++) { if (neighbor.GetIPs()[ip].ToString().ToLower().Contains(strFilter.ToLower())) return false; } return true; }
internal void ReverseResolutionAsync(Neighbor n) { Thread t = new Thread(new System.Threading.ParameterizedThreadStart(ReverseResolution)); t.IsBackground = true; t.Start(n); }
private void _CheckIfNeighborRoutesPackets(Neighbor n) { if (n == null) return; IPAddress IpSrc = Program.CurrentProject.data.GetIPv4FromDevice(device); if (IpSrc == null) return; n.canRoutePackets = RouteStatus.Verifing; EthernetPacket eth = new EthernetPacket(Program.CurrentProject.data.GetDevice().MacAddress, n.physicalAddress, EthernetPacketType.IpV4); IPAddress IpDst = IPAddress.Parse("8.8.8.8"); eth.PayloadPacket = new IPv4Packet(IpSrc, IpDst); eth.PayloadPacket.PayloadPacket = new TcpPacket((ushort)31337, (ushort)53); ((IPv4Packet)eth.PayloadPacket).UpdateIPChecksum(); ((TcpPacket)eth.PayloadPacket.PayloadPacket).Syn = true; ((TcpPacket)eth.PayloadPacket.PayloadPacket).UpdateTCPChecksum(); Thread t = new Thread(new ParameterizedThreadStart(CheckIfRouted)); t.IsBackground = true; t.Start(n); Program.CurrentProject.data.SendPacket(eth); }
public void CheckIfNeighborRoutesPackets(Neighbor n) { _CheckIfNeighborRoutesPackets(n); }
public IPAddress GetIPv6FromNeighbor(Neighbor neighbor) { for (int i = 0; i < neighbor.GetIPs().Count; i++) { if (neighbor.GetIPs()[i].GetAddressBytes().Length == 16) return neighbor.GetIPs()[i]; } return null; }
public void RemoveNeighbor(Neighbor neighbor) { neighbors.Remove(neighbor); }
public NeighborEventArgs(Neighbor Neighbor) { this.Neighbor = Neighbor; }
private void AnalyzeARP(Packet packet) { if (!(packet.PayloadPacket is ARPPacket)) return; if (!(packet is EthernetPacket)) return; EthernetPacket ethernet = (EthernetPacket)packet; ARPPacket arp = (ARPPacket)packet.PayloadPacket; // Si el paquete va dirigido a nuestra MAC... if (ethernet.DestinationHwAddress.Equals(localPhysicalAddress)) { PhysicalAddress mac = arp.SenderHardwareAddress; IPAddress ip = arp.SenderProtocolAddress; Neighbor neighbor = Program.CurrentProject.data.GetNeighbor(mac); if (neighbor == null) { // Creamos el vecino neighbor = new Neighbor(); neighbor.physicalAddress = mac; neighbor.AddIP(ip); Program.CurrentProject.data.AddNeighbor(neighbor); NewNeighbor(this, new NeighborEventArgs(neighbor)); } else { // Si ya existe, comprobamos si tiene la iP ipv4 y se la añadimos (en caso de que lo la tenga) if (!neighbor.ExistsIP(ip)) { neighbor.AddIP(ip); Program.CurrentProject.data.AddNeighbor(neighbor); } } } // Si va dirigido a broadcast ... else if (ethernet.DestinationHwAddress.Equals(PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF"))) { // Si los que están "negociando" las tablas ARP están siendo atacados por un MITM, // se les vuelve a atacar envenenando sus tablas if (arp.Operation == ARPOperation.Request) { PhysicalAddress senderMac = arp.SenderHardwareAddress; PhysicalAddress destinationMac = arp.TargetHardwareAddress; IPAddress senderIp = arp.SenderProtocolAddress; IPAddress destinationIp = arp.TargetProtocolAddress; SynchronizedCollection<Attack> lstAttacks = Program.CurrentProject.data.GetAttacks(); // En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar foreach (Attack attk in lstAttacks.Where(A => (A.attackType == AttackType.ARPSpoofing || A.attackType == AttackType.InvalidMacSpoofIpv4) && A.attackStatus == AttackStatus.Attacking)) { if (attk is MitmAttack) { MitmAttack mitmArp = (MitmAttack)attk; if ( ((mitmArp.t1.ip.Equals(senderIp)) || (mitmArp.t1.ip.Equals(destinationIp))) && ((mitmArp.t2.ip.Equals(senderIp)) || (mitmArp.t2.ip.Equals(destinationIp))) ) { // Lo envia a ambas partes del ataque, se vuelve a envenenar a los dos equipos // (aunque unicamente sería necesario al que hace la solicitud (request) ethernet = Attacks.ARPSpoofing.GenerateResponseArpPoison(device.Interface.MacAddress, ((MitmAttack)mitmArp).t2.mac, ((MitmAttack)mitmArp).t2.ip, ((MitmAttack)mitmArp).t1.ip); Program.CurrentProject.data.SendPacket(ethernet); ethernet = Attacks.ARPSpoofing.GenerateResponseArpPoison(device.Interface.MacAddress, ((MitmAttack)mitmArp).t1.mac, ((MitmAttack)mitmArp).t1.ip, ((MitmAttack)mitmArp).t2.ip); Program.CurrentProject.data.SendPacket(ethernet); } } else if (attk is InvalidMacSpoofAttackIpv4Attack) { ethernet = Attacks.ARPSpoofing.GenerateResponseArpPoison(device.Interface.MacAddress, ((InvalidMacSpoofAttackIpv4Attack)attk).t2.mac, ((InvalidMacSpoofAttackIpv4Attack)attk).t2.ip, ((InvalidMacSpoofAttackIpv4Attack)attk).t1.ip); Program.CurrentProject.data.SendPacket(ethernet); } } } } OnNewARP(new ArpEventArgs(packet)); }
public override bool Equals(object obj) { Neighbor n = obj as Neighbor; return(this.physicalAddress.Equals(n.physicalAddress)); }
public bool ExistsNeighbor(Neighbor neighbor) { return(neighbors.Contains(neighbor)); }
public bool ExistsNeighbor(Neighbor neighbor) { return neighbors.Contains(neighbor); }
private void Update_Routers(Neighbor neighbor) { treeView.Invoke(new MethodInvoker(delegate { treeView.BeginUpdate(); })); if (!treeView.Nodes[mainNode].Nodes[routersNode].Nodes.ContainsKey(neighbor.physicalAddress.ToString())) { // Si el vecino puede enrutar y no se ha agregado, se agrega if (neighbor.canRoutePackets == RouteStatus.CanRoute) { treeView.Invoke(new MethodInvoker(delegate { TreeNode tn = treeView.Nodes[mainNode].Nodes[routersNode].Nodes.Add(neighbor.physicalAddress.ToString(), neighbor.physicalAddress.ToString()); tn.Tag = neighbor; tn.ImageIndex = tn.SelectedImageIndex = 11; if (treeView.Nodes[mainNode].Nodes[routersNode].Nodes.Count == 1) treeView.Nodes[mainNode].Nodes[routersNode].Expand(); })); } } // Como se puede haber insertado el nodo en el IF anterior, se vuelve a comprobar a ver si podemos insertarle la IP if (treeView.Nodes[mainNode].Nodes[routersNode].Nodes.ContainsKey(neighbor.physicalAddress.ToString())) { // El router existe. Se insertan nodos desplegables por cada IP que tenga el router TreeNode tnRouter = treeView.Nodes[mainNode].Nodes[routersNode].Nodes[neighbor.physicalAddress.ToString()]; foreach (IPAddress ipAddress in neighbor.GetIPs()) { // Se agrega la IP en caso de que no exista if (!tnRouter.Nodes.ContainsKey(ipAddress.ToString())) { lbRoutersBruteForce.Items.Add(ipAddress.ToString()); treeView.Invoke(new MethodInvoker(delegate { TreeNode tnRouterIP = tnRouter.Nodes.Add(ipAddress.ToString(), ipAddress.ToString()); tnRouterIP.ImageIndex = tnRouterIP.SelectedImageIndex = 0; tnRouterIP.Tag = ipAddress; tnRouter.Expand(); Thread tColorChanger = new Thread(new ParameterizedThreadStart(ChangeColor)); tColorChanger.IsBackground = true; tColorChanger.Start(tnRouterIP); })); } else { // Si ya existia, se agregan los puertos en caso de que no existan. TreeNode tnIP = tnRouter.Nodes[ipAddress.ToString()]; UpdatePortsOfIPNode(tnIP); } } // Si el router tiene nombre, se le establece en el nodo if (!tnRouter.Text.StartsWith(neighbor.ToString())) { treeView.Invoke(new MethodInvoker(delegate { tnRouter.Text = neighbor.ToString(); Thread tColorChanger = new Thread(new ParameterizedThreadStart(ChangeColorUpdate)); tColorChanger.IsBackground = true; tColorChanger.Start(tnRouter); })); } // Se le pone el iconcillo de OS if ((neighbor.osPlatform != Platform.Unknow) && (tnRouter.ImageIndex == 11)) { treeView.Invoke(new MethodInvoker(delegate { int imageOS = Program.CurrentProject.data.GetImageNumberOS(neighbor.osPlatform); tnRouter.ImageIndex = tnRouter.SelectedImageIndex = imageOS; })); } } treeView.Invoke(new MethodInvoker(delegate { treeView.EndUpdate(); })); }
public void AddNeighbor(Neighbor neighbor) { NeighborEventArgs ea; if (neighbor.physicalAddress == null) throw new Exception("Neighbor without physical address"); if (neighbor.physicalAddress.Equals(device.Interface.MacAddress)) return; lock (neighborLock) { if (ExistsNeighbor(neighbor)) { Neighbor newNeighbor = GetNeighbor(neighbor.physicalAddress); newNeighbor.Combine(neighbor); ea = new NeighborEventArgs(newNeighbor); ea.Tipo = NeighborOperacionTreeView.Actualizar; NewNeighbor(newNeighbor, ea); return; } if (neighbor.GetIPs().Count == 0) throw new Exception("Neighbor without ips"); neighbors.Add(neighbor); ea = new NeighborEventArgs(neighbor); ea.Tipo = NeighborOperacionTreeView.Añadir; NewNeighbor(neighbor, ea); } ReverseResolutionAsync(neighbor); // Resolucion de nombre a partir de IP _CheckIfNeighborRoutesPackets(neighbor); }
private void addNeighborToolStripMenuItem_Click(object sender, EventArgs e) { bool added = false; FormAddNeighbor fAddNeighbor = new FormAddNeighbor(); fAddNeighbor = (FormAddNeighbor)ShowForm(fAddNeighbor); if (fAddNeighbor.mac != null && fAddNeighbor.ip != null) { // Comprobar si ya existe un vecino con esa mac Neighbor n = Program.CurrentProject.data.GetNeighbor(fAddNeighbor.mac); if (n == null) { // No existia. Se agrega. n = new Neighbor(); n.physicalAddress = fAddNeighbor.mac; n.AddIP(fAddNeighbor.ip); Program.CurrentProject.data.AddNeighbor(n); added = true; } else { // Ya existia. Verificamos si ya tenia asignada la IP if (n.ExistsIP(fAddNeighbor.ip)) { // Existia ShowMessage("IP Address '" + fAddNeighbor.ip.ToString() + "' is already asigned to a neighbor with '" + fAddNeighbor.mac.ToString() + "' as MAC address", 2000, FormMessage.IconType.Info); return; } else { // No existia. Se agrega n = new Neighbor(); n.physicalAddress = fAddNeighbor.mac; n.AddIP(fAddNeighbor.ip); Program.CurrentProject.data.AddNeighbor(n); added = true; } } if (added) ShowMessage("IP '" + fAddNeighbor.ip.ToString() + "' added successfully with '" + fAddNeighbor.mac.ToString() + "' as MAC", 2000, FormMessage.IconType.Info); } }
private void AnalyzeLLMNR(Packet packet) { if (!(packet is EthernetPacket)) return; // IPv4 y IPv6 if (packet.PayloadPacket.PayloadPacket is UdpPacket) { // Respuestas de LLMNR. De aqui podemos capturar el nombre. if ((((UdpPacket)(packet.PayloadPacket.PayloadPacket)).SourcePort == 5355) && (((EthernetPacket)packet).Type == EthernetPacketType.IpV4)) { LLMNR.LLMNRAnswer LLMNRAnswer = new LLMNR.LLMNRAnswer(packet.PayloadPacket.PayloadPacket.PayloadData); // Solo lo cojemos las respuestas que son de tipo PTR o de tipo A if (LLMNRAnswer.isPtrResponse == true && LLMNRAnswer.computerName != string.Empty) { Neighbor neighbor = Program.CurrentProject.data.GetNeighbor(((EthernetPacket)(packet)).SourceHwAddress); if (neighbor == null) { neighbor = new Neighbor(); neighbor.computerName = LLMNRAnswer.computerName; neighbor.AddIP(LLMNRAnswer.ipAddress); neighbor.physicalAddress = ((EthernetPacket)(packet)).SourceHwAddress; Program.CurrentProject.data.AddNeighbor(neighbor); NewNeighbor(this, new NeighborEventArgs(neighbor)); } else { neighbor.computerName = LLMNRAnswer.computerName; Program.CurrentProject.data.AddNeighbor(neighbor); } } } if ((((EthernetPacket)packet).Type == EthernetPacketType.IpV4) && (((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 5355)) { SynchronizedCollection<Attack> lstAttacks = Program.CurrentProject.data.GetAttacks(); // En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv4 && A.attackStatus == AttackStatus.Attacking)) { MitmAttack mitmAtt = (MitmAttack)attk; if (((IPv4Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip)) WpadIPv4Attack.Instance.GenerateLLMNRResponse(packet); } } if ((((EthernetPacket)packet).Type == EthernetPacketType.IpV6) && (((UdpPacket)(packet.PayloadPacket.PayloadPacket)).DestinationPort == 5355)) { SynchronizedCollection<Attack> lstAttacks = Program.CurrentProject.data.GetAttacks(); // En caso de MITM ARP -> Si el equipo está intentando restablecer su tabla ARP ... se le vuelve a envenenar foreach (Attack attk in lstAttacks.Where(A => A.attackType == AttackType.WpadIPv6 && A.attackStatus == AttackStatus.Attacking)) { MitmAttack mitmAtt = (MitmAttack)attk; if (((IPv6Packet)((EthernetPacket)packet).PayloadPacket).SourceAddress.Equals(mitmAtt.t2.ip)) WpadIPv6Attack.Instance.GenerateLLMNRResponse(packet); } } } }
public void Combine(Neighbor n) { foreach (var ip in n.ips) this.AddIP(ip); foreach (var port in n.ports) this.AddPort(port); if (string.IsNullOrEmpty(this.computerName)) this.computerName = n.computerName; else if (!this.computerName.Equals(n.computerName) && !string.IsNullOrEmpty(n.computerName)) this.computerName = string.Format("{0} - {1})", this.computerName, n.computerName); }