Beispiel #1
0
bool ArpPkt::createPkt(uint8_t*& buf,uint32_t& len){
    if(isPktUsed){
        return false;
    }

    isPktUsed = true;

    if (libnet_adv_cull_packet(l, &buf, &len)== -1) {
        return false;
    }
    return true;


}
Beispiel #2
0
u_int16_t get_sum(u_int8_t *payload, u_int32_t total_pload_size, u_int16_t id,
                  u_int16_t seq) {

    /* Builds the ICMP header with the whole payload, gets
     *    the checksum from it and returns it (in host order). */

    char errbuf[LIBNET_ERRBUF_SIZE];
    libnet_ptag_t icmp_tag;
    u_int8_t *packet;
    u_int32_t packet_size;
    u_int16_t *sum_p, sum;
    u_int8_t dummy_dst[6] = {0, 0, 0, 0, 0, 0};

    icmp_tag = LIBNET_PTAG_INITIALIZER;

    /* Switching to advanced link mode */
    /* Nothing should be built yet and all random numbers
     *    * should be already generated. */
    libnet_destroy(l);
    l = libnet_init(LIBNET_LINK_ADV, "eth0", errbuf);
    if (l == NULL) {
        fprintf(stderr, "libnet_init() failed (link_adv): %s\n", errbuf);
        exit(EXIT_FAILURE);
    }

    /* Building the header */
    icmp_tag = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id, seq, payload,
                                        total_pload_size, l, icmp_tag);

    if (icmp_tag == -1) {

        fprintf(stderr, "Error building ICMP header: %s\n", libnet_geterror(l));
        libnet_destroy(l);
        exit(EXIT_FAILURE);
    }

    /* Building dummy IP header */
    if (libnet_autobuild_ipv4(
                (LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + total_pload_size),
                IPPROTO_ICMP, 0, l) == -1) {
        fprintf(stderr, "Error building dummy IP header: %s\n", libnet_geterror(l));
        libnet_destroy(l);
        exit(EXIT_FAILURE);
    }

    /* Building dummy Ethernet header */
    if (libnet_autobuild_ethernet(dummy_dst, ETHERTYPE_IP, l) == -1) {
        fprintf(stderr, "Error building dummy Ethernet header: %s\n",
                libnet_geterror(l));
        libnet_destroy(l);
        exit(EXIT_FAILURE);
    }

    /* Pulling the packet */
    if (libnet_adv_cull_packet(l, &packet, &packet_size) == -1) {
        fprintf(stderr, "Error pulling the packet: %s\n", libnet_geterror(l));
        libnet_destroy(l);
        exit(EXIT_FAILURE);
    }

    /* Grabbing the checksum */
    /* We want the 37th and 38th bytes: eth header (14) + ip
     *    * header (20) + icmp type and code (2) = 36 */
    sum_p = (u_int16_t *)(packet + 36);
    sum = ntohs(*sum_p);

    /* Freeing memory */
    libnet_adv_free_packet(l, packet);

    /* Clearing the header */
    libnet_clear_packet(l);

    /* Switching back to IPv4 raw socket mode */
    libnet_destroy(l);
    l = libnet_init(LIBNET_RAW4, "eth0", errbuf);
    if (l == NULL) {
        fprintf(stderr, "libnet_init() failed (raw4, 2nd call): %s\n", errbuf);
        exit(EXIT_FAILURE);
    }

    return sum;
}
Beispiel #3
0
int
main(int argc, char *argv[])
{
    int c;
    uint32_t i;
    libnet_t *l;
    libnet_ptag_t t;
    char *device = NULL;
    uint8_t *packet;
    uint32_t packet_s;
    char errbuf[LIBNET_ERRBUF_SIZE];

    printf("libnet 1.1 packet shaping: ARP[link -- autobuilding ethernet]\n"); 

    if (argc > 1)
    {
         device = argv[1];
    }

    l = libnet_init(
            LIBNET_LINK_ADV,                        /* injection type */
            device,                                 /* network interface */
            errbuf);                                /* errbuf */

    if (l == NULL)
    {
        fprintf(stderr, "%s", errbuf);
        exit(EXIT_FAILURE);
    }
	else

    /*
     *  Build the packet, remmebering that order IS important.  We must
     *  build the packet from lowest protocol type on up as it would
     *  appear on the wire.  So for our ARP packet:
     *
     *  -------------------------------------------
     *  |  Ethernet   |           ARP             |
     *  -------------------------------------------
     *         ^                     ^
     *         |------------------   |
     *  libnet_build_ethernet()--|   |
     *                               |
     *  libnet_build_arp()-----------|
     */
	 
    i = libnet_get_ipaddr4(l);
  
    t = libnet_autobuild_arp(
            ARPOP_REPLY,                            /* operation type */
            enet_src,                               /* sender hardware addr */
            (uint8_t *)&i,                         /* sender protocol addr */
            enet_dst,                               /* target hardware addr */
            (uint8_t *)&i,                         /* target protocol addr */
            l);                                     /* libnet context */
    if (t == -1)
    {
        fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(l));
        goto bad;
    }

    t = libnet_autobuild_ethernet(
            enet_dst,                               /* ethernet destination */
            ETHERTYPE_ARP,                          /* protocol type */
            l);                                     /* libnet handle */
    if (t == -1)
    {
        fprintf(stderr, "Can't build ethernet header: %s\n",
                libnet_geterror(l));
        goto bad;
    }


    if (libnet_adv_cull_packet(l, &packet, &packet_s) == -1)
    {
        fprintf(stderr, "%s", libnet_geterror(l));
    }
    else
    {
        fprintf(stderr, "packet size: %d\n", packet_s);
        libnet_adv_free_packet(l, packet);
    }

    c = libnet_write(l);

    if (c == -1)
    {
        fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
        goto bad;
    }
    else
    {
        fprintf(stderr, "Wrote %d byte ARP packet from context \"%s\"; "
                "check the wire.\n", c, libnet_cq_getlabel(l));
    }
    libnet_destroy(l);
    return (EXIT_SUCCESS);
bad:
    libnet_destroy(l);
    return (EXIT_FAILURE);
}
Beispiel #4
0
int main (int argc, char **argv) {
    char *interface = NULL;
    libnet_t *libnet_handle = NULL;
    char pcap_error_buffer[PCAP_ERRBUF_SIZE];
    char libnet_error_buffer[LIBNET_ERRBUF_SIZE];
    struct libnet_ether_addr *hw_src = NULL;
    struct libnet_ether_addr *hw_dst = NULL;
    struct in_addr ip_src, ip_dst;
    u_int8_t *packet = NULL;
    u_int32_t packet_size;
    int status;

    if (argc > 1)
        interface = argv[1];

    if (interface == NULL)
        interface = pcap_lookupdev(pcap_error_buffer);

    if (interface == NULL) {
        fprintf(stderr, "pcap_lookupdev: %s\n", pcap_error_buffer);
        exit(EXIT_FAILURE);
    }

    printf ("using inteface %s\n", interface);

    if ((libnet_handle = libnet_init(LIBNET_LINK_ADV, interface, libnet_error_buffer)) == NULL) {
        fprintf(stderr, "%s", libnet_error_buffer);
        exit(EXIT_FAILURE);
    }

    /* seed random number generator with an unique number */
    srand(getpid()*time(NULL));

    if ((hw_src = malloc(sizeof(struct libnet_ether_addr))) == NULL) {
        fprintf(stderr, "%s\n", strerror(errno));
        exit(EXIT_FAILURE);
    }

    if ((hw_dst = malloc(sizeof(struct libnet_ether_addr))) == NULL) {
        fprintf(stderr, "%s\n", strerror(errno));
        exit(EXIT_FAILURE);
    }

    memset((void *)&hw_dst->ether_addr_octet, 0xff, MSIZE);
    hw_src->ether_addr_octet[0] = 0x00;

    ip_dst.s_addr = 0;

    printf("flooding with arp packets with random hw / ip addresses\n");

    for (;;) {

            ip_src.s_addr = rand();

            hw_src->ether_addr_octet[1] = (int) (80.0*rand()/(RAND_MAX+1.0));
            hw_src->ether_addr_octet[2] = (int) (255.0*rand()/(RAND_MAX+1.0));
            hw_src->ether_addr_octet[3] = (int) (255.0*rand()/(RAND_MAX+1.0));
            hw_src->ether_addr_octet[4] = (int) (255.0*rand()/(RAND_MAX+1.0));
            hw_src->ether_addr_octet[5] = (int) (255.0*rand()/(RAND_MAX+1.0));

            if (libnet_build_arp(
                    ARPHRD_ETHER,                       /* hardware addr */
                    ETHERTYPE_IP,                       /* protocol addr */
                    ETHER_ADDR_LEN,                     /* hardware addr size */
                    4,                                  /* protocol addr size */
                    ARPOP_REPLY,                        /* operation type */
                    hw_src->ether_addr_octet,           /* sender hardware addr */
                    (u_int8_t *)&ip_src.s_addr,         /* sender protocol addr */
                    hw_dst->ether_addr_octet,           /* target hardware addr */
                    (u_int8_t *)&ip_dst.s_addr,         /* target protocol addr */
                    NULL,                               /* payload */
                    0,                                  /* payload size */
                    libnet_handle,                      /* libnet context */
                    0) == -1)                           /* libnet id */
                libnet_die(libnet_handle);

            if (libnet_build_ethernet(
                    hw_dst->ether_addr_octet,           /* dest eth addr */
                    hw_src->ether_addr_octet,           /* src eth addr */
                    ETHERTYPE_ARP,                      /* protocol type */
                    NULL,                               /* payload */
                    0,                                  /* payload size */
                    libnet_handle,                      /* libnet context */
                    0) == -1)                           /* libnet id */
                libnet_die(libnet_handle);

            if (libnet_adv_cull_packet(libnet_handle, &packet, &packet_size) == -1)
                libnet_die(libnet_handle);

            libnet_adv_free_packet(libnet_handle, packet);


            if ((status = libnet_write(libnet_handle)) == -1)
                printf("!");
            else
                printf(".");

            usleep(100);

            libnet_clear_packet(libnet_handle);

    }

    libnet_destroy(libnet_handle);

    return EXIT_SUCCESS;
}
Beispiel #5
0
/**
 * Function to inject TCP packets to the wireless interface.  Requires headers
 * from a TO_DS packet for use in crafting the FROM_DS response.
 */
void inject_tcp(airpwn_ctx *ctx,
								ieee80211_hdr *w_hdr,
								struct iphdr *ip_hdr,
								struct tcphdr *tcp_hdr,
								uint8_t *wepkey,
								uint32_t keylen,
								char *content,
								uint32_t contentlen,
								uint8_t tcpflags,
								uint32_t *seqnum)
{

  // libnet wants the data in host-byte-order
  u_int ack = ntohl(tcp_hdr->seq) + 
    ( ntohs(ip_hdr->tot_len) - ip_hdr->ihl * 4 - tcp_hdr->doff * 4 );
  
  ctx->tcp_t = libnet_build_tcp(
    ntohs(tcp_hdr->dest), // source port
    ntohs(tcp_hdr->source), // dest port
    *seqnum, // sequence number
    ack, // ack number
    tcpflags, // flags
    0xffff, // window size
    0, // checksum
    0, // urg ptr
    20 + contentlen, // total length of the TCP packet
    (uint8_t*)content, // response
    contentlen, // response_length
    ctx->lnet, // libnet_t pointer
    ctx->tcp_t // ptag
  );

  if(ctx->tcp_t == -1){
    printf("libnet_build_tcp returns error: %s\n", libnet_geterror(ctx->lnet));
    return;
  }

  ctx->ip_t = libnet_build_ipv4(
    40 + contentlen, // length
    0, // TOS bits
    1, // IPID (need to calculate)
    0, // fragmentation
    0xff, // TTL
    6, // protocol
    0, // checksum
    ip_hdr->daddr, // source address
    ip_hdr->saddr, // dest address
    NULL, // response
    0, // response length
    ctx->lnet, // libnet_t pointer
    ctx->ip_t // ptag
  );

  if(ctx->ip_t == -1){
    printf("libnet_build_ipv4 returns error: %s\n", libnet_geterror(ctx->lnet));
    return;
  }

  // copy the libnet packets to to a buffer to send raw..
  
  unsigned char packet_buff[0x10000];

  memcpy(packet_buff, w_hdr, IEEE80211_HDR_LEN);

  ieee80211_hdr *n_w_hdr = (ieee80211_hdr *)packet_buff;

  // set the FROM_DS flag and swap MAC addresses
  n_w_hdr->flags = IEEE80211_FROM_DS;
  if(wepkey)
    n_w_hdr->flags |= IEEE80211_WEP_FLAG;
  n_w_hdr->llc.type = LLC_TYPE_IP;

  uint8_t tmp_addr[6];
  memcpy(tmp_addr, n_w_hdr->addr1, 6);
  memcpy(n_w_hdr->addr1, n_w_hdr->addr2, 6);
  memcpy(n_w_hdr->addr2, tmp_addr, 6);
    
  u_int32_t packet_len;
  u_int8_t *lnet_packet_buf;
  
  // cull_packet will dump the packet (with correct checksums) into a
  // buffer for us to send via the raw socket
  if(libnet_adv_cull_packet(ctx->lnet, &lnet_packet_buf, &packet_len) == -1){
    printf("libnet_adv_cull_packet returns error: %s\n", 
			libnet_geterror(ctx->lnet));
    return;
  }

  memcpy(packet_buff + IEEE80211_HDR_LEN, lnet_packet_buf, packet_len);

  libnet_adv_free_packet(ctx->lnet, lnet_packet_buf);

  // total packet length
  int len = IEEE80211_HDR_LEN + 40 + contentlen;
  
  if(wepkey){
    uint8_t tmpbuf[0x10000];
    /* encryption starts after the 802.11 header, but the LLC header
     * gets encrypted. */
    memcpy(tmpbuf, packet_buff+IEEE80211_HDR_LEN_NO_LLC, 
			len-IEEE80211_HDR_LEN_NO_LLC);
    len = wep_encrypt(tmpbuf, packet_buff+IEEE80211_HDR_LEN_NO_LLC,
			len-IEEE80211_HDR_LEN_NO_LLC, wepkey, keylen);
    if(len <= 0){
      fprintf(stderr, "Error performing WEP encryption!\n");
      return;
    } else
      len += IEEE80211_HDR_LEN_NO_LLC;
  }

  /* Establish lorcon packet transmission structure */
  ctx->in_packet.packet = packet_buff;
  ctx->in_packet.plen = len;

  /* Send the packet */
  if (tx80211_txpacket(&ctx->inject_tx, &ctx->in_packet) < 0) {
    fprintf(stderr, "Unable to transmit packet.");
    perror("tx80211_txpacket");
    return;
  }

  *seqnum += contentlen;  //advance the sequence number
  
  printlog(ctx, 2, "wrote %d bytes to the wire(less)\n", len);
}
Beispiel #6
0
void *macflood(void *n) {
  int32_t i,c;
  u_char smaca[ETHER_ADDR_LEN], dmaca[ETHER_ADDR_LEN];
  libnet_t *llif;
  char ebuf[PCAP_ERRBUF_SIZE];
  libnet_ptag_t pkt;
  u_int8_t *packet;
  u_int32_t packet_s;

  for(i=0; i != *(int32_t *)n; ++i) {

    // initiliaze libnet context
    if((llif=libnet_init(LIBNET_LINK_ADV, intf, ebuf))==NULL)
      errx(1, "%s", ebuf);

    // Initialize Randomgenerator
    libnet_seed_prand(llif);

    // Generate random source mac
    gen_mac(smaca);
    gen_mac(dmaca);

    //build ARP
    if ((pkt = libnet_build_arp(
            ARPHRD_ETHER,                           /* hardware addr */
            ETHERTYPE_IP,                           /* protocol addr */
            6,                                      /* hardware addr size */
            4,                                      /* protocol addr size */
            ARPOP_REQUEST,                            /* operation type */
            empty_mac,                                  /* sender hardware addr */
            (u_int8_t *)&empty_ip,                  /* sender protocol addr */
            empty_mac,
            (u_int8_t *)&empty_ip,                  /* target protocol addr */
            NULL,                                   /* payload */
            0,                                      /* payload size */
            llif,                                   /* libnet context */
            0))==-1)                                /* libnet id */
      fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(llif));

    // Build ethernet
    if ((pkt = libnet_build_ethernet(
            dmaca,                /* ethernet destination */
            smaca,                /* source macadress */
            ETHERTYPE_ARP,        /* protocol type */
            NULL,                 /* Payload */
            0,                    /* length of payload*/
            llif,                 /* libnet id */
            0))==-1)              /* ptag */
      fprintf(stderr, "Can't build ethernet header: %s\n",
        libnet_geterror(llif));

    if (libnet_adv_cull_packet(llif, &packet, &packet_s) == -1)
        fprintf(stderr, "%s", libnet_geterror(llif));

    // Write package to wire
    if ((c = libnet_write(llif))==-1)
      errx(1, "Write error: %s\n", libnet_geterror(llif));
    if(verbose)
      fprintf(stderr, "SRC-MAC: %x:%x:%x:%x:%x:%x |"
        "DST-MAC: %x:%x:%x:%x:%x:%x\n",
      smaca[0],smaca[1],smaca[2],smaca[3],smaca[4],smaca[5],
      dmaca[0], dmaca[1], dmaca[2], dmaca[3], dmaca[4], dmaca[5]);

    libnet_destroy(llif);
  }
  fprintf(stderr, "%d Packages sent.\n", *(int32_t *)n);
}
Beispiel #7
0
int main(int argc, char *argv[]){
	int c;
	uint32_t i;
	libnet_t *l;
	libnet_ptag_t t;
	char *device =NULL;
	uint8_t *packet;
	uint32_t packet_s;
	char errbuf[LIBNET_ERRBUF_SIZE];
	
	u_char enet_src[6] = {0x08,0x00,0x27,0x92,0x07,0xb6};
	u_char enet_dst[6] = {0x94,0xB8,0X6D,0xFC,0xDA,0xA0};
	u_char ip_dst[4] ={0xc0,0xa8,0x2b,0x92};
	u_char ip_src[4] ={0xc0,0xa8,0x2b,0x01};
	

	printf("libnet 1.1 packet shaping : ARP [link --autobuilding ethernet]\n");
	
	if(argc >1){
		device = argv[1];
	}


	l =libnet_init(LIBNET_LINK_ADV, device,errbuf);

	if(l ==NULL){
		fprintf(stderr,"libnet_init() failed :%s",errbuf);
		exit(EXIT_FAILURE);

	}else
		i =libnet_get_ipaddr4(l);
	
	t=libnet_autobuild_arp(ARPOP_REPLY,enet_src,ip_src,enet_dst,ip_dst,l);
	if(t ==-1)
	{
		fprintf(stderr, "can't build ARP header:%s\n",libnet_geterror(l));
		goto bad;
	}

	t=libnet_autobuild_ethernet(enet_dst,ETHERTYPE_ARP, l);


	if(libnet_adv_cull_packet(l,&packet,&packet_s)==-1){
		fprintf(stderr, "%s",libnet_geterror(l));
	}else{
		fprintf(stderr, "packet size : %d\n", packet_s);
		libnet_adv_free_packet(l,packet);
	}
	c=libnet_write(l);
	if(c==-1){
		fprintf(stderr,"Write error : %s \n",libnet_geterror(l));
		goto bad;

	}else{
		fprintf(stderr,"Wrote %d byte ARP packet from context \ %s\";""check the wire\n",c,libnet_cq_getlabel(l));

	}
	libnet_destroy(l);
	return (EXIT_SUCCESS);
bad :
	libnet_destroy(l);
	return(EXIT_SUCCESS);

}