static int
print_intf(const struct intf_entry *entry, void *arg)
{
int i;
printf("%s:", entry->intf_name);
printf(" flags=0x%x<%s>", entry->intf_flags,
flags2string(entry->intf_flags));
if (entry->intf_mtu != 0)
printf(" mtu %d", entry->intf_mtu);
printf("\n");
if (entry->intf_addr.addr_type == ADDR_TYPE_IP) {
if (entry->intf_dst_addr.addr_type == ADDR_TYPE_IP) {
printf("\tinet %s --> %s\n",
addr_ntoa(&entry->intf_addr),
addr_ntoa(&entry->intf_dst_addr));
} else
printf("\tinet %s\n", addr_ntoa(&entry->intf_addr));
}
if (entry->intf_link_addr.addr_type == ADDR_TYPE_ETH)
printf("\tlink %s\n", addr_ntoa(&entry->intf_link_addr));
for (i = 0; i < entry->intf_alias_num; i++)
printf("\talias %s\n", addr_ntoa(&entry->intf_alias_addrs[i]));
return (0);
}
static int
pyextend_populate_connections(struct tuple *hdr, void *arg)
{
PyObject *pArgs = arg, *pValue;
struct addr src, dst;
addr_pack(&src, ADDR_TYPE_IP, IP_ADDR_BITS, &hdr->ip_src, IP_ADDR_LEN);
addr_pack(&dst, ADDR_TYPE_IP, IP_ADDR_BITS, &hdr->ip_dst, IP_ADDR_LEN);
pValue = Py_BuildValue("{sssssisisisi}",
"src", addr_ntoa(&src),
"dst", addr_ntoa(&dst),
"sport", hdr->sport,
"dport", hdr->dport,
"received", hdr->received,
"sent", hdr->sent);
if (pValue == NULL) {
PyErr_Print();
syslog(LOG_ERR, "%s: failed to build argument list", __func__);
exit(EXIT_FAILURE);
}
/* pValue reference stolen here */
PyList_Append(pArgs, pValue);
return (0);
}
static int
test_ping(void)
{
struct pkt *pkt;
struct timeval tv;
printf("ping: "); fflush(stdout);
ping->pkt_icmp_msg->echo.icmp_id = rand_uint16(ctx.rnd);
pkt = pkt_dup(ping);
pkt->pkt_ip->ip_id = rand_uint16(ctx.rnd);
ip_checksum(pkt->pkt_ip, pkt->pkt_end - pkt->pkt_eth_data);
pcap_filter(ctx.pcap, "icmp[0] = 0 and src %s and dst %s",
addr_ntoa(&ctx.dst), addr_ntoa(&ctx.src));
send_pkt(pkt);
for (tv = read_tv; (pkt = recv_pkt(&tv)) != NULL; tv = read_tv) {
if (memcmp(&pkt->pkt_icmp_msg->echo,
&ping->pkt_icmp_msg->echo, 8) == 0)
break;
}
printf("%s\n", pkt ? timeval_ntoa(&tv) : "no reply");
return (0);
}
int print_route_entry(const struct route_entry *re, void *cp) {
const struct addr *dst;
const struct addr *gw;
dst = &re->route_dst;
gw = &re->route_gw;
printf("%s -> %s\n", addr_ntoa(dst), addr_ntoa(gw));
return(0);
}
static int
test_frag(char *overlap, int drop)
{
struct timeval tv, save_tv = read_tv;
struct pkt *pkt;
struct icmp_msg_echo *echo;
char *frag_argv[4];
if (overlap != NULL)
printf("frag-%s: ", overlap);
else if (drop)
printf("frag-timeout (please wait): ");
else
printf("frag: ");
fflush(stdout);
ping->pkt_ip->ip_id = rand_uint16(ctx.rnd);
ping->pkt_icmp_msg->echo.icmp_id = rand_uint16(ctx.rnd);
pkt = pkt_dup(ping);
ip_checksum(pkt->pkt_ip, pkt->pkt_end - pkt->pkt_eth_data);
TAILQ_INSERT_TAIL(&ctx.pktq, pkt, pkt_next);
frag_argv[0] = "ip_frag";
frag_argv[1] = "8";
frag_argv[2] = overlap;
frag_argv[3] = NULL;
mod_ip_frag.open(overlap ? 3 : 2, frag_argv, NULL);
mod_ip_frag.apply(NULL, &ctx.pktq, NULL);
if (drop) {
pkt = TAILQ_LAST(&ctx.pktq, pktq);
TAILQ_REMOVE(&ctx.pktq, pkt, pkt_next);
pkt_free(pkt);
save_tv.tv_sec = FRAG_TIMEOUT;
}
pcap_filter(ctx.pcap, "icmp[0] = %d and src %s and dst %s",
drop ? 11 : 0, addr_ntoa(&ctx.dst), addr_ntoa(&ctx.src));
send_pktq(&ctx.pktq);
for (tv = save_tv; (pkt = recv_pkt(&tv)) != NULL; tv = save_tv) {
if (drop) {
echo = (struct icmp_msg_echo *)
(pkt->pkt_icmp_msg->timexceed.icmp_ip +
IP_HDR_LEN + ICMP_HDR_LEN);
} else {
echo = &pkt->pkt_icmp_msg->echo;
}
if (echo->icmp_id == ping->pkt_icmp_msg->echo.icmp_id)
break;
}
printf("%s\n", pkt ? timeval_ntoa(&tv) : "no reply");
return (0);
}
SV *
intf_c2sv(IntfEntry *entry)
{
HV *out = newHV();
SV *out_ref = newRV_noinc((SV *)out);
char *sAddr, *sDstAddr, *sLnkAddr;
hv_store(out, "intf_len", 8, newSViv(entry->intf_len), 0);
hv_store(out, "intf_name", 9, newSVpv(entry->intf_name, 0), 0);
hv_store(out, "intf_type", 9, newSViv(entry->intf_type), 0);
hv_store(out, "intf_flags", 10, newSViv(entry->intf_flags), 0);
hv_store(out, "intf_mtu", 8, newSViv(entry->intf_mtu), 0);
sAddr = addr_ntoa(&(entry->intf_addr));
if (sAddr == NULL) {
hv_store(out, "intf_addr", 9, &PL_sv_undef, 0);
}
else {
hv_store(out, "intf_addr", 9, newSVpv(sAddr, 0), 0);
}
sDstAddr = addr_ntoa(&(entry->intf_dst_addr));
if (sDstAddr == NULL) {
hv_store(out, "intf_dst_addr", 13, &PL_sv_undef, 0);
}
else {
hv_store(out, "intf_dst_addr", 13, newSVpv(sDstAddr, 0), 0);
}
sLnkAddr = addr_ntoa(&(entry->intf_link_addr));
if (sLnkAddr == NULL) {
hv_store(out, "intf_link_addr", 14, &PL_sv_undef, 0);
}
else {
hv_store(out, "intf_link_addr", 14, newSVpv(sLnkAddr, 0), 0);
}
hv_store(out, "intf_alias_num", 14, newSViv(entry->intf_alias_num), 0);
if (entry->intf_alias_num > 0) {
int i;
AV *aliases = newAV();
SV *aliases_ref = newRV_noinc((SV *)aliases);
for (i=0; i<entry->intf_alias_num; i++) {
char *alias = addr_ntoa(&(entry->intf_alias_addrs[i]));
if (alias != NULL) {
av_push(aliases, newSVpv(alias, 0));
}
}
hv_store(out, "intf_alias_addrs", 16, aliases_ref, 0);
}
else {
hv_store(out, "intf_alias_addrs", 16, newRV_noinc((SV *)newAV()), 0);
}
return out_ref;
}
int
telnet_makeconnect(struct bufferevent *bev, struct argument *arg)
{
extern struct addr *socks_dst_addr;
struct evbuffer *input = EVBUFFER_INPUT(bev);
struct telnet_state *state = arg->a_state;
ip_addr_t address;
socks_resolveaddress("www.google.com", &address);
if (evbuffer_find(input, CCPROXY, strlen(CCPROXY)) != NULL) {
state->response = "telnet-proxy: CCproxy";
state->connect_wait = "OK!";
evbuffer_add_printf(EVBUFFER_OUTPUT(bev),
"open %s:80\r\n", addr_ntoa(socks_dst_addr));
bufferevent_enable(bev, EV_WRITE);
return (1);
} else if (evbuffer_find(input, GATEWAY1, strlen(GATEWAY1)) != NULL) {
state->response = "telnet-proxy: Gateway";
state->connect_wait = "Connected to:";
evbuffer_add_printf(EVBUFFER_OUTPUT(bev),
"%s:80\r\n", addr_ntoa(socks_dst_addr));
bufferevent_enable(bev, EV_WRITE);
return (1);
} else if (evbuffer_find(input, GATEWAY2, strlen(GATEWAY2)) != NULL) {
state->response = "telnet-proxy: Gateway";
/*
* We do not get a connection confirmation, just the echoed
* string. So, we wait for the echo and then send our command.
*/
state->connect_wait = ":80";
evbuffer_add_printf(EVBUFFER_OUTPUT(bev),
"%s:80\r\n", addr_ntoa(socks_dst_addr));
bufferevent_enable(bev, EV_WRITE);
return (1);
} else if (evbuffer_find(input, WINGATE, strlen(WINGATE)) != NULL) {
state->response = "telnet-proxy: WinGate";
state->connect_wait = "...Connected";
evbuffer_add_printf(EVBUFFER_OUTPUT(bev),
"%s:80\r\n", addr_ntoa(socks_dst_addr));
bufferevent_enable(bev, EV_WRITE);
return (1);
} else if (EVBUFFER_LENGTH(input) > 512) {
return (-1);
}
return (0);
}
SV *
route_c2sv(RouteEntry *entry)
{
HV *out = newHV();
SV *out_ref = newRV_noinc((SV *)out);
char *dst, *gw;
if (entry != NULL) {
dst = addr_ntoa(&(entry->route_dst));
dst == NULL ? hv_store(out, "route_dst", 9, &PL_sv_undef, 0)
: hv_store(out, "route_dst", 9, newSVpv(dst, 0), 0);
gw = addr_ntoa(&(entry->route_gw));
gw == NULL ? hv_store(out, "route_gw", 8, &PL_sv_undef, 0)
: hv_store(out, "route_gw", 8, newSVpv(gw, 0), 0);
}
return out_ref;
}
char *
spammer_key_print(void *key, size_t keylen)
{
struct addr addr;
addr_pack(&addr, ADDR_TYPE_IP, IP_ADDR_BITS, key, IP_ADDR_LEN);
return (addr_ntoa(&addr));
}
in_addr_t anubis_lookup_ip_address(const char *expression) {
//get param
char *buffer = anubis_parse_param("lookup_ip_address", expression);
if(!buffer)
return 0;
if(!strcasecmp(buffer, "ff:ff:ff:ff:ff:ff") || !strcasecmp(buffer, "Broadcast")) {
return INADDR_BROADCAST;
}//end if
else {
arp_t *handle = arp_open();
struct arp_entry arp_entry = {0};
if(!handle) {
anubis_perror("arp_open()");
return 0;
}//end if
addr_pton(buffer, &arp_entry.arp_ha);
int ret = arp_loop(handle, arp_lookup_ip_address_callback, (void *)&arp_entry);
if(ret == 1) {
char *ip_address = addr_ntoa(&arp_entry.arp_pa);
arp_close(handle);
return anubis_ip_aton(ip_address);
}//end if
else {
anubis_err("lookup_ip_address(): \"%s\" is not found\n", buffer);
arp_close(handle);
return 0;
}//end else
}//end else
}//end anubis_lookup_ip_address
char *
ip_ntoa(const ip_addr_t *ip)
{
struct addr a;
addr_pack(&a, ADDR_TYPE_IP, IP_ADDR_BITS, ip, IP_ADDR_LEN);
return (addr_ntoa(&a));
}
char *
ip6_ntoa(const ip6_addr_t *ip6)
{
struct addr a;
addr_pack(&a, ADDR_TYPE_IP6, IP6_ADDR_BITS, ip6->data, IP6_ADDR_LEN);
return (addr_ntoa(&a));
}
char *
eth_ntoa(const eth_addr_t *eth)
{
struct addr a;
addr_pack(&a, ADDR_TYPE_ETH, ETH_ADDR_BITS, eth->data, ETH_ADDR_LEN);
return (addr_ntoa(&a));
}
static void
arpd_init(char *dev, int naddresses, char **addresses)
{
struct bpf_program fcode;
char filter[1024], ebuf[PCAP_ERRBUF_SIZE], *dst;
intf_t *intf;
dst = arpd_expandips(naddresses, addresses);
if ((arpd_arp = arp_open()) == NULL)
err(1, "arp_open");
if ((intf = intf_open()) == NULL)
err(1, "intf_open");
if (dev == NULL) {
if ((dev = pcap_lookupdev(ebuf)) == NULL)
errx(1, "pcap_lookupdev: %s", ebuf);
}
arpd_ifent.intf_len = sizeof(arpd_ifent);
strncpy(arpd_ifent.intf_name, dev, sizeof(arpd_ifent.intf_name) - 1);
arpd_ifent.intf_name[sizeof(arpd_ifent.intf_name) - 1] = '\0';
if (intf_get(intf, &arpd_ifent) < 0)
err(1, "intf_get");
if (arpd_ifent.intf_addr.addr_type != ADDR_TYPE_IP ||
arpd_ifent.intf_link_addr.addr_type != ADDR_TYPE_ETH)
errx(1, "bad interface configuration: not IP or Ethernet");
arpd_ifent.intf_addr.addr_bits = IP_ADDR_BITS;
snprintf(filter, sizeof(filter), "arp %s%s%s and not ether src %s",
dst ? "and (" : "", dst ? dst : "", dst ? ")" : "",
addr_ntoa(&arpd_ifent.intf_link_addr));
if ((arpd_pcap = pcap_open_live(dev, 128, 0, 500, ebuf)) == NULL)
errx(1, "pcap_open_live: %s", ebuf);
if (pcap_compile(arpd_pcap, &fcode, filter, 1, 0) < 0 ||
pcap_setfilter(arpd_pcap, &fcode) < 0)
errx(1, "bad pcap filter: %s", pcap_geterr(arpd_pcap));
#if defined(BSD) && defined(BIOCIMMEDIATE)
{
int on = 1;
if (ioctl(pcap_fileno(arpd_pcap), BIOCIMMEDIATE, &on) < 0)
err(1, "BIOCIMMEDIATE");
}
#endif
if ((arpd_eth = eth_open(dev)) == NULL)
errx(1, "eth_open");
#ifndef LOG_PERROR
#define LOG_PERROR 0
#endif
openlog("arpd", LOG_PERROR|LOG_PID|LOG_CONS, LOG_DAEMON);
syslog(LOG_INFO, "listening on %s: %s", dev, filter);
}
tun_t *
tun_open(struct addr *src, struct addr *dst, int mtu)
{
tun_t *tun;
char cmd[512];
int ppa;
if ((tun = calloc(1, sizeof(*tun))) == NULL)
return (NULL);
tun->fd = tun->ip_fd = tun->if_fd = -1;
if ((tun->fd = open(DEV_TUN, O_RDWR, 0)) < 0)
return (tun_close(tun));
if ((tun->ip_fd = open(DEV_IP, O_RDWR, 0)) < 0)
return (tun_close(tun));
if ((ppa = ioctl(tun->fd, TUNNEWPPA, ppa)) < 0)
return (tun_close(tun));
if ((tun->if_fd = open(DEV_TUN, O_RDWR, 0)) < 0)
return (tun_close(tun));
if (ioctl(tun->if_fd, I_PUSH, "ip") < 0)
return (tun_close(tun));
if (ioctl(tun->if_fd, IF_UNITSEL, (char *)&ppa) < 0)
return (tun_close(tun));
if (ioctl(tun->ip_fd, I_LINK, tun->if_fd) < 0)
return (tun_close(tun));
snprintf(tun->name, sizeof(tun->name), "tun%d", ppa);
snprintf(cmd, sizeof(cmd), "ifconfig %s %s/32 %s mtu %d up",
tun->name, addr_ntoa(src), addr_ntoa(dst), mtu);
if (system(cmd) < 0)
return (tun_close(tun));
return (tun);
}
static void
arpd_send(eth_t *eth, int op,
struct addr *sha, struct addr *spa,
struct addr *tha, struct addr *tpa)
{
u_char pkt[ETH_HDR_LEN + ARP_HDR_LEN + ARP_ETHIP_LEN];
eth_pack_hdr(pkt, tha->addr_eth, sha->addr_eth, ETH_TYPE_ARP);
arp_pack_hdr_ethip(pkt + ETH_HDR_LEN, op, sha->addr_eth,
spa->addr_ip, tha->addr_eth, tpa->addr_ip);
if (op == ARP_OP_REQUEST) {
syslog(LOG_DEBUG, "%s: who-has %s tell %s", __func__,
addr_ntoa(tpa), addr_ntoa(spa));
} else if (op == ARP_OP_REPLY) {
syslog(LOG_INFO, "arp reply %s is-at %s",
addr_ntoa(spa), addr_ntoa(sha));
}
if (eth_send(eth, pkt, sizeof(pkt)) != sizeof(pkt))
syslog(LOG_ERR, "couldn't send packet: %m");
}
void
http_makeconnect(struct bufferevent *bev, struct argument *arg)
{
extern struct addr *socks_dst_addr;
ip_addr_t address;
socks_resolveaddress("www.google.com", &address);
evbuffer_add_printf(EVBUFFER_OUTPUT(bev),
"CONNECT %s:80 HTTP/1.0\r\n"
"\r\n", addr_ntoa(socks_dst_addr), SSHUSERAGENT);
bufferevent_enable(bev, EV_WRITE);
}
SV *
fw_c2sv(FwRule *rule)
{
HV *out = newHV();
SV *out_ref = newRV_noinc((SV *)out);
AV *sport, *dport;
char *src, *dst;
int i;
hv_store(out, "fw_device", 9, newSVpv(rule->fw_device, 0), 0);
hv_store(out, "fw_op", 5, newSViv(rule->fw_op), 0);
hv_store(out, "fw_dir", 6, newSViv(rule->fw_dir), 0);
hv_store(out, "fw_proto", 8, newSViv(rule->fw_proto), 0);
src = addr_ntoa(&(rule->fw_src));
if (src == NULL) {
hv_store(out, "fw_src", 6, &PL_sv_undef, 0);
}
else {
hv_store(out, "fw_src", 6, newSVpv(src, 0), 0);
}
dst = addr_ntoa(&(rule->fw_dst));
if (dst == NULL) {
hv_store(out, "fw_dst", 6, &PL_sv_undef, 0);
}
else {
hv_store(out, "fw_dst", 6, newSVpv(dst, 0), 0);
}
sport = newAV();
dport = newAV();
for (i=0; i<2; i++) {
av_push(sport, newSViv(rule->fw_sport[i]));
av_push(dport, newSViv(rule->fw_dport[i]));
}
hv_store(out, "fw_sport", 8, newRV_noinc((SV *)sport), 0);
hv_store(out, "fw_dport", 8, newRV_noinc((SV *)dport), 0);
return out_ref;
}
static int
arpd_lookup(struct addr *addr)
{
struct arp_entry arpent;
int error;
if (addr_cmp(addr, &arpd_ifent.intf_addr) == 0) {
syslog(LOG_DEBUG, "%s: %s at %s", __func__,
addr_ntoa(addr), addr_ntoa(&arpd_ifent.intf_link_addr));
return (0);
}
memcpy(&arpent.arp_pa, addr, sizeof(*addr));
error = arp_get(arpd_arp, &arpent);
if (error == -1) {
syslog(LOG_DEBUG, "%s: no entry for %s", __func__,
addr_ntoa(addr));
} else {
syslog(LOG_DEBUG, "%s: %s at %s", __func__,
addr_ntoa(addr), addr_ntoa(&arpent.arp_ha));
}
return (error);
}
static void addr_store_dump(struct addr_store *store)
{
int i;
struct addr_list *node;
for (i = 0; i < ADDR_STORE_NUM_BUCKETS; i++) {
node = store->buckets[i];
if (node)
printf("Bucket #%i:\n", i);
while (node) {
printf("\t%s\n", addr_ntoa(node->addr, store));
node = node->next;
}
}
}
void
http_makerequest(struct bufferevent *bev, struct argument *arg,
const char *word, int fqdn)
{
extern struct addr *socks_dst_addr;
ip_addr_t address;
socks_resolveaddress("www.google.com", &address);
evbuffer_add_printf(EVBUFFER_OUTPUT(bev),
"GET %s%s/search?hl=en&ie=UTF-8&oe=UTF-8&q=%s&btnG=Google+Search HTTP/1.0\r\n"
"Host: www.google.com\r\n"
"User-Agent: %s\r\n"
"\r\n",
fqdn ? "http://" : "",
fqdn ? addr_ntoa(socks_dst_addr) : "",
word, SSHUSERAGENT);
bufferevent_enable(bev, EV_WRITE);
}
int main(int argc, char* argv[]) {
if (getuid() != 0) {
printf("You need to be root\n");
return 1;
}
route_t* router = route_open();
struct route_entry entry;
addr_pton("8.8.8.8", &entry.route_dst);
route_get(router, &entry);
printf("gateway is %s\n", addr_ntoa(&entry.route_gw));
route_close(router);
return 0;
}
void retrans(struct my_pkthdr *h, u_char *pack ) {
struct eth_hdr *ethhdr;
struct ip_hdr *iphdr;
struct tcp_hdr *tcphdr;
struct addr srcad, srcha;
char sip[32],smac[32];
int n;
ethhdr = (struct eth_hdr *)pack;
iphdr = (struct ip_hdr *)(pack+ETH_HDR_LEN);
tcphdr= (struct tcp_hdr *)(pack+ETH_HDR_LEN+TCP_HDR_LEN);
addr_pack(&srcha,ADDR_TYPE_ETH,ETH_ADDR_BITS,&(ethhdr->eth_src),ETH_ADDR_LEN);
addr_pack(&srcad,ADDR_TYPE_IP,IP_ADDR_BITS,&(iphdr->ip_src),IP_ADDR_LEN);
if((strcmp(addr_ntoa(&srcha),ahw)==0)){
// Replace source address with my address and destination address
memcpy( ðhdr->eth_src, &reat_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_src, &reat_ip.addr_ip, IP_ADDR_LEN);
// Replace destination address with other client
if ( addr_cmp( &srcad, &aad ) == 0 ) {
memcpy( ðhdr->eth_dst, &revi_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &revi_ip.addr_ip, IP_ADDR_LEN);
}else{
memcpy( ðhdr->eth_dst, &reat_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &reat_ip.addr_ip, IP_ADDR_LEN);
}
/* if(modify_tcp_header(&tcphdr,tcphdr->th_sport,tcphdr->th_dport,next_seq,next_ack,tcphdr->th_flags,tcphdr->th_win,tcphdr->th_sum,tcphdr->th_urp,2)<0){
// return;
}
if(modify_tcp_header(&tcphdr,tcphdr->th_sport,tcphdr->th_dport,next_seq,next_ack,tcphdr->th_flags,tcphdr->th_win,tcphdr->th_sum,tcphdr->th_urp,3)<0){
// return;
}*/
ip_checksum((void *)iphdr, ntohs(iphdr->ip_len));
n = eth_send(e,pack,h->len);
//n=ip_send(e,pack,h->len);
if ( n != h->len ) {
fprintf(stderr,"Partial packet transmission %d/%d\n",n,h->len);
} else {
fprintf(stdout, "Packet Transmission Successfull %d %d\n", n, h->len);
}
}
}
std::ostream & Hosts::trace(std::ostream & os) const
{
for (Hostset::const_iterator i = m_hosts.begin(); i != m_hosts.end(); ++i)
os << addr_ntoa(*i) << '\n';
return os;
}
void retrans(struct my_pkthdr *h, u_char *pack ) {
struct eth_hdr *ethhdr;
struct ip_hdr *iphdr;
struct addr srcad, srcha;
char sip[32],smac[32];
int n;
ethhdr = (struct eth_hdr *)pack;
iphdr = (struct ip_hdr *)(pack + ETH_HDR_LEN);
/*
DELETE ME WHEN FINISHED
struct addr ad;
struct addr mad, mha; // my ip, mac
struct addr vad, vha, vprt; // victim ip, mac
struct addr aad, aha, aprt; // attacker ip, mac
struct addr revi_ip, revi_mac; // replay victim ip, mac
struct addr reat_ip, reat_mac; // replay attacker ip, mac
char mip[32], mhw[32]; // my ip, mac
char vip[32], vhw[32], vpt[32]; // victim ip, mac
char aip[32], ahw[32], apt[32]; // attacker ip, mac
char rvip[32], rvmc[32]; // replay victim ip, mac
char ratip[32], ratmac[32]; // replay attacker ip, mac*/
// Get source addresses from packet (mac and ip)
addr_pack(&srcha,ADDR_TYPE_ETH,ETH_ADDR_BITS,&(ethhdr->eth_src),ETH_ADDR_LEN);
addr_pack(&srcad,ADDR_TYPE_IP,IP_ADDR_BITS,&(iphdr->ip_src),IP_ADDR_LEN);
if((strcmp(addr_ntoa(&srcha),vhw)==0)){
// Replace source address with my address and destination address
memcpy( ðhdr->eth_src, &revi_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_src, &revi_ip.addr_ip, IP_ADDR_LEN);
// Replace destination address with other client
if ( addr_cmp( &srcad, &vad ) == 0 ) {
memcpy( ðhdr->eth_dst, &reat_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &reat_ip.addr_ip, IP_ADDR_LEN);
}else{
memcpy( ðhdr->eth_dst, &revi_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &revi_ip.addr_ip, IP_ADDR_LEN);
}
// Compute both ip and tcp checksums
ip_checksum((void *)iphdr, ntohs(iphdr->ip_len));
// Send packet
n = eth_send(e,pack,h->len);
if ( n != h->len ) {
fprintf(stderr,"Partial packet transmission %d/%d\n",n,h->len);
} else {
fprintf(stdout, "Packet Transmission Successfull %d %d\n", n, h->len);
}
}
if((strcmp(addr_ntoa(&srcha),ahw)==0)){
// Replace source address with my address and destination address
memcpy( ðhdr->eth_src, &reat_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_src, &reat_ip.addr_ip, IP_ADDR_LEN);
// Replace destination address with other client
if ( addr_cmp( &srcad, &aad ) == 0 ) {
memcpy( ðhdr->eth_dst, &revi_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &revi_ip.addr_ip, IP_ADDR_LEN);
}else{
memcpy( ðhdr->eth_dst, &reat_mac.addr_eth, ETH_ADDR_LEN);
memcpy( &iphdr->ip_dst, &reat_ip.addr_ip, IP_ADDR_LEN);
}
// Compute both ip and tcp checksums
ip_checksum((void *)iphdr, ntohs(iphdr->ip_len));
// Send packet
n = eth_send(e,pack,h->len);
if ( n != h->len ) {
fprintf(stderr,"Partial packet transmission %d/%d\n",n,h->len);
} else {
fprintf(stdout, "Packet Transmission Successfull %d %d\n", n, h->len);
}
}
}
u_int8_t *anubis_lookup_mac_address(const char *expression, const char *device) {
//get param
char *buffer = anubis_parse_param("lookup_mac_address", expression);
if(!buffer)
return NULL;
if(!strcasecmp(buffer, "255.255.255.255") || !strcasecmp(buffer, "Broadcast")) {
return (u_int8_t *)"\xff\xff\xff\xff\xff\xff";
}//end if
else if(!strncasecmp(buffer, "224.", 4) || !strncasecmp(buffer, "239.", 4)) {
char mac_address[MAC_ADDRSTRLEN] = {0};
int byte1 = 1, byte2 = 0, byte3 = 0, byte4 = 0;
if(sscanf(buffer, "%d.%d.%d.%d", &byte1, &byte2, &byte3, &byte4) != 4) {
anubis_err("lookup_mac_address(): \"%s\" is not found\n", buffer);
return NULL;
}//end if
snprintf(mac_address, sizeof(mac_address), "01:00:5e:%02x:%02x:%02x", byte2, byte3, byte4);
return anubis_mac_aton(mac_address);
}//end if multicast
else {
arp_t *handle = arp_open();
struct arp_entry arp_entry = {0};
int arping = 0;
if(!handle) {
anubis_perror("arp_open()");
return NULL;
}//end if
addr_pton(buffer, &arp_entry.arp_pa);
AGAIN:
if(arp_get(handle, &arp_entry) == 0) {
char *mac_address = addr_ntoa(&arp_entry.arp_ha);
arp_close(handle);
if(arping) {
anubis_verbose("Found \"%s\" at \"%s\"\n", buffer, mac_address);
}//end if found
return anubis_mac_aton(mac_address);
}//end if
else {
if(arping) {
anubis_err("lookup_mac_address(): \"%s\" is not found\n", buffer);
arp_close(handle);
return NULL;
}//end if
else {
//try to arping
anubis_verbose("MAC address of \"%s\" is not found in the ARP cache, trying to arping \"%s\"\n", buffer, buffer);
pid_t pid = fork();
if(pid == 0) {
FILE *temp_out_stream = out_stream;
FILE *temp_err_stream = err_stream;
int out_fail = 0;
int err_fail = 0;
out_stream = anubis_null_stream();
err_stream = anubis_null_stream();
if(!out_stream) {
out_stream = temp_out_stream;
out_fail = 1;
}//end if
if(!err_stream) {
err_stream = temp_err_stream;
err_fail = 1;
}//end if
//arping 3 three times
for(int i = 0 ; i < 3 ; i++)
anubis_arping(device, buffer);
anubis_wait_microsecond(800000); //wait 800 ms
//restore
if(!out_fail) {
fclose(out_stream);
out_stream = temp_out_stream;
}//end if
if(!err_fail) {
fclose(err_stream);
err_stream = temp_err_stream;
}//end if
exit(0);
}//end if
else if(pid < 0) {
anubis_perror("fork()");
}//end if
#ifdef __CYGWIN__
wait(0);
#else
wait(NULL);
#endif //wait fork finish
arping = 1;
goto AGAIN;
}
}//end else
}//end else
}//end anubis_lookup_mac_address
static void
fragroute_init(const char *dst, const char *outfile)
{
struct arp_entry arpent;
struct intf_entry ifent;
struct route_entry rtent;
#ifdef WIN32
WSADATA wsdata;
if (WSAStartup(MAKEWORD(2, 2), &wsdata) != 0)
err(1, "couldn't initialize Winsock");
SetConsoleCtrlHandler(fragroute_signal, TRUE);
#else
signal(SIGINT, fragroute_signal);
signal(SIGTERM, fragroute_signal);
#endif
if (addr_aton(dst, &ctx.dst) < 0)
err(1, "destination address invalid");
if (ctx.dst.addr_bits != IP_ADDR_BITS)
errx(1, "only /32 destinations supported at this time");
pkt_init(128);
event_init();
// event_sigcb = fragroute_close;
if ((ctx.arp = arp_open()) == NULL ||
(ctx.intf = intf_open()) == NULL ||
(ctx.route = route_open()) == NULL)
err(1, "couldn't open kernel networking interfaces");
/* Find outgoing interface, addresses, and MTU. */
ifent.intf_len = sizeof(ifent);
if (intf_get_dst(ctx.intf, &ifent, &ctx.dst) < 0)
err(1, "couldn't determine outgoing interface");
memcpy(&ctx.src, &ifent.intf_addr, sizeof(ctx.src));
ctx.src.addr_bits = IP_ADDR_BITS;
memcpy(&ctx.smac, &ifent.intf_link_addr, sizeof(ctx.smac));
ctx.mtu = ifent.intf_mtu;
/* Open outgoing interface for sending. */
if ((ctx.eth = eth_open(ifent.intf_name)) == NULL)
err(1, "couldn't open %s for sending", ifent.intf_name);
/* Find destination MAC address. */
memcpy(&arpent.arp_pa, &ctx.dst, sizeof(arpent.arp_pa));
if (arp_get(ctx.arp, &arpent) < 0) {
memcpy(&rtent.route_dst, &ctx.dst, sizeof(rtent.route_dst));
if (route_get(ctx.route, &rtent) < 0)
err(1, "no route to %s", addr_ntoa(&rtent.route_dst));
memcpy(&arpent.arp_pa, &rtent.route_gw, sizeof(arpent.arp_pa));
if (arp_get(ctx.arp, &arpent) < 0)
err(1, "no ARP entry for %s",
addr_ntoa(&arpent.arp_pa));
}
memcpy(&ctx.dmac, &arpent.arp_ha, sizeof(ctx.dmac));
/* Setup our tunnel. */
if ((ctx.tun = tun_open(&ctx.src, &ctx.dst, ctx.mtu)) == NULL)
err(1, "couldn't initialize tunnel interface");
ctx.dfile = NULL;
if (outfile && ((ctx.dfile = pcap_dump_open(ctx.tun->pcap, outfile)) == NULL))
err(1, "couldn't open pcap dump file");
tun_register(ctx.tun, fragroute_process, &ctx);
}
static int
test_ip_opt(void)
{
struct pkt *pkt;
struct timeval tv;
struct ip_opt opts[IP_OPT_MAX];
int i, len, max;
printf("ip-opt: "); fflush(stdout);
memset(&opts, 0, sizeof(opts));
max = 0;
opts[max].opt_type = IP_OPT_SEC;
opts[max].opt_len = IP_OPT_LEN + 9;
max++;
opts[max].opt_type = IP_OPT_LSRR;
opts[max].opt_len = IP_OPT_LEN + 1 + 4;
opts[max].opt_data.rr.ptr = 8;
opts[max].opt_data.rr.iplist[0] = ping->pkt_ip->ip_src;
max++;
opts[max].opt_type = IP_OPT_TS;
opts[max].opt_len = IP_OPT_LEN + 1 + 1 + 4;
opts[max].opt_data.ts.ptr = 5;
opts[max].opt_data.ts.flg = IP_OPT_TS_TSONLY;
max++;
opts[max].opt_type = IP_OPT_ESEC;
opts[max].opt_len = IP_OPT_LEN;
max++;
opts[max].opt_type = IP_OPT_CIPSO;
opts[max].opt_len = IP_OPT_LEN;
max++;
opts[max].opt_type = IP_OPT_RR;
opts[max].opt_len = IP_OPT_LEN + 1 + 4;
opts[max].opt_data.rr.ptr = 4;
max++;
opts[max].opt_type = IP_OPT_SATID;
opts[max].opt_len = IP_OPT_LEN + 2;
max++;
opts[max].opt_type = IP_OPT_SSRR;
opts[max].opt_len = IP_OPT_LEN + 1 + 4;
opts[max].opt_data.rr.ptr = 8;
opts[max].opt_data.rr.iplist[0] = ping->pkt_ip->ip_src;
max++;
pcap_filter(ctx.pcap, "icmp and src %s and dst %s",
addr_ntoa(&ctx.dst), addr_ntoa(&ctx.src));
ping->pkt_icmp_msg->echo.icmp_id = rand_uint16(ctx.rnd);
for (i = 0; i < max; i++) {
pkt = pkt_dup(ping);
pkt->pkt_ip->ip_id = rand_uint16(ctx.rnd);
pkt->pkt_icmp_msg->echo.icmp_seq = opts[i].opt_type;
len = ip_add_option(pkt->pkt_ip, PKT_BUF_LEN - ETH_HDR_LEN +
IP_HDR_LEN, IP_PROTO_IP, &opts[i], opts[i].opt_len);
pkt->pkt_end += len;
ip_checksum(pkt->pkt_ip, pkt->pkt_end - pkt->pkt_eth_data);
send_pkt(pkt);
}
i = 0;
for (tv = read_tv; (pkt = recv_pkt(&tv)) != NULL; tv = read_tv) {
if (pkt->pkt_icmp->icmp_type == ICMP_ECHOREPLY &&
pkt->pkt_icmp_msg->echo.icmp_id ==
ping->pkt_icmp_msg->echo.icmp_id) {
i = IP_OPT_NUMBER(pkt->pkt_icmp_msg->echo.icmp_seq);
printf("%s ", optnames[i]);
}
}
printf("%s\n", i ? "" : "none");
return (0);
}
static int
test_ip_tracert(void)
{
struct timeval tv;
struct hop hops[IP_TTL_DEFAULT];
struct pkt *pkt;
struct icmp_msg_echo *echo;
int i, hopcnt, max_ttl;
printf("ip-tracert: "); fflush(stdout);
pcap_filter(ctx.pcap, "icmp[0] = 0 and src %s and dst %s",
addr_ntoa(&ctx.dst), addr_ntoa(&ctx.src));
ping->pkt_icmp_msg->echo.icmp_id = rand_uint16(ctx.rnd);
pkt = pkt_dup(ping);
pkt->pkt_ip->ip_id = rand_uint16(ctx.rnd);
ip_checksum(pkt->pkt_ip, pkt->pkt_end - pkt->pkt_eth_data);
send_pkt(pkt);
tv = read_tv;
if ((pkt = recv_pkt(&tv)) == NULL) {
printf("no reply\n");
return (0);
}
/* XXX - guess remote stack's starting TTL */
for (i = 2; pkt->pkt_ip->ip_ttl > i; i <<= 1)
;
if ((max_ttl = i - pkt->pkt_ip->ip_ttl + 1) > IP_TTL_DEFAULT)
max_ttl = IP_TTL_DEFAULT;
printf("%s, %d hops max\n", ip_ntoa(&ping->pkt_ip->ip_dst), max_ttl);
pcap_filter(ctx.pcap, "icmp and dst %s", addr_ntoa(&ctx.src));
for (i = 1; i < max_ttl + 1; i++) {
pkt = pkt_dup(ping);
pkt->pkt_ip->ip_id = rand_uint16(ctx.rnd);
pkt->pkt_ip->ip_ttl = i;
pkt->pkt_icmp_msg->echo.icmp_seq = htons(i);
ip_checksum(pkt->pkt_ip, pkt->pkt_end - pkt->pkt_eth_data);
send_pkt(pkt);
usleep(42); /* XXX */
}
memset(&hops, 0, sizeof(hops));
hopcnt = 0;
for (tv = read_tv; (pkt = recv_pkt(&tv)) != NULL; tv = read_tv) {
if ((pkt->pkt_icmp->icmp_type == ICMP_TIMEXCEED ||
pkt->pkt_icmp->icmp_type == ICMP_UNREACH) &&
pkt->pkt_end - pkt->pkt_eth_data >=
(IP_HDR_LEN + ICMP_LEN_MIN) * 2) {
echo = (struct icmp_msg_echo *)
(pkt->pkt_icmp_msg->timexceed.icmp_ip +
IP_HDR_LEN + ICMP_HDR_LEN);
} else if (pkt->pkt_icmp->icmp_type == ICMP_ECHOREPLY) {
echo = &pkt->pkt_icmp_msg->echo;
} else
continue;
if (echo->icmp_id != ping->pkt_icmp_msg->echo.icmp_id)
continue;
i = ntohs(echo->icmp_seq);
addr_pack(&hops[i].addr, ADDR_TYPE_IP, IP_ADDR_BITS,
&pkt->pkt_ip->ip_src, IP_ADDR_LEN);
memcpy(&hops[i].icmp, pkt->pkt_icmp, ICMP_HDR_LEN);
hops[i].ttl = pkt->pkt_ip->ip_ttl;
hopcnt++;
if (pkt->pkt_ip->ip_src == ping->pkt_ip->ip_dst)
break;
}
for (i = 1; i < hopcnt + 1; i++) {
if (hops[i].addr.addr_type == ADDR_TYPE_IP) {
printf("%2d %s (%d)\n",
i, addr_ntoa(&hops[i].addr), hops[i].ttl);
} else
printf("%2d *\n", i);
}
return (0);
}
int
main(int argc, char *argv[])
{
struct intf_entry ifent;
intf_t *intf;
int i, tests;
char *cmd;
if (argc < 3)
usage();
for (tests = 0, i = 1; i < argc - 1; i++) {
cmd = argv[i];
if (strcmp(cmd, "all") == 0)
tests = ~0;
else if (strcmp(cmd, "ping") == 0)
tests |= TEST_PING;
else if (strcmp(cmd, "ip-opt") == 0)
tests |= TEST_IP_OPT;
else if (strcmp(cmd, "ip-tracert") == 0)
tests |= TEST_IP_TRACERT;
else if (strcmp(cmd, "frag") == 0)
tests |= TEST_FRAG;
else if (strcmp(cmd, "frag-new") == 0)
tests |= TEST_FRAG_NEW;
else if (strcmp(cmd, "frag-old") == 0)
tests |= TEST_FRAG_OLD;
else if (strcmp(cmd, "frag-timeout") == 0)
tests |= TEST_FRAG_TIMEOUT;
else
usage();
}
if (addr_aton(argv[i], &ctx.dst) < 0)
err(1, "invalid host %s", argv[i]);
if ((intf = intf_open()) == NULL)
err(1, "couldn't open interface handle");
ifent.intf_len = sizeof(ifent);
if (intf_get_dst(intf, &ifent, &ctx.dst) < 0)
err(1, "couldn't find interface for %s", addr_ntoa(&ctx.dst));
memcpy(&ctx.src, &ifent.intf_addr, sizeof(ctx.src));
ctx.src.addr_bits = IP_ADDR_BITS;
intf_close(intf);
if ((ctx.ip = ip_open()) == NULL)
err(1, "couldn't open raw IP interface");
if ((ctx.pcap = pcap_open(ifent.intf_name)) == NULL)
err(1, "couldn't open %s for sniffing", ifent.intf_name);
if ((ctx.dloff = pcap_dloff(ctx.pcap)) < 0)
err(1, "couldn't determine link layer offset");
ctx.rnd = rand_open();
pkt_init(16);
TAILQ_INIT(&ctx.pktq);
ping = pkt_new();
ip_pack_hdr(ping->pkt_ip, 0, IP_HDR_LEN + 8 + 24, 666, 0,
IP_TTL_DEFAULT, IP_PROTO_ICMP, ctx.src.addr_ip, ctx.dst.addr_ip);
icmp_pack_hdr_echo(ping->pkt_icmp, ICMP_ECHO, ICMP_CODE_NONE,
666, 1, "AAAAAAAABBBBBBBBCCCCCCCC", 24);
ping->pkt_end = ping->pkt_eth_data + IP_HDR_LEN + 8 + 24;
pkt_decorate(ping);
if ((tests & TEST_PING) != 0)
test_ping();
if ((tests & TEST_IP_OPT) != 0)
test_ip_opt();
if ((tests & TEST_IP_TRACERT) != 0)
test_ip_tracert();
if ((tests & TEST_FRAG) != 0)
test_frag(NULL, 0);
if ((tests & TEST_FRAG_NEW) != 0)
test_frag("new", 0);
if ((tests & TEST_FRAG_OLD) != 0)
test_frag("old", 0);
if ((tests & TEST_FRAG_TIMEOUT) != 0)
test_frag(NULL, 1);
rand_close(ctx.rnd);
pcap_close(ctx.pcap);
ip_close(ctx.ip);
exit(0);
}
