Exemple #1
0
/**
 * @brief IPv4 callback function
 */
void ipv4_callback ( pntoh_ipv4_flow_t flow , pntoh_ipv4_tuple4_t tuple , unsigned char *data , size_t len , unsigned short reason )
{
        i = 0;

        if (DEBUG)
        {
                fprintf( stderr, "\n\n[i] Got an IPv4 datagram! (%s) %s --> ", ntoh_get_reason(reason) , inet_ntoa( *(struct in_addr*) &tuple->source ) );
                fprintf( stderr, "%s | %i/%i bytes - Key: %04x - ID: %02x - Proto: %d (%s)\n\n", inet_ntoa( *(struct in_addr*) &tuple->destination ), (int)len, (int)(flow->total) , flow->key, ntohs( tuple->id ), tuple->protocol, get_proto_description( tuple->protocol ) );
        }

        if ( tuple->protocol == IPPROTO_TCP )
        {
                send_tcp_segment ( (struct ip*) data , &tcp_callback );
        }
        else
        {
                if (DEBUG)
                {
                        for ( i = 0; i < flow->total ; i++ )
                        {
                                fprintf( stderr, "%02x ", data[i] );
                        }
                }
        }

        if (DEBUG)
        {
                write(2, "\n", 1);
        }

        return;
}
Exemple #2
0
/* IPv4 Callback */
void ipv4_callback ( pntoh_ipv4_flow_t flow , pntoh_ipv4_tuple4_t tuple , unsigned char *data , size_t len , unsigned short reason )
{
	unsigned int i = 0;

	fprintf( stderr, "\n\n[i] Got an IPv4 datagram! (%s) %s --> ", ntoh_get_reason(reason) , inet_ntoa( *(struct in_addr*) &tuple->source ) );
	fprintf( stderr, "%s | %zu/%zu bytes - Key: %04x - ID: %02x - Proto: %d (%s)\n\n", inet_ntoa( *(struct in_addr*) &tuple->destination ), len, flow->total , flow->key, ntohs( tuple->id ), tuple->protocol, get_proto_description( tuple->protocol ) );

	if ( tuple->protocol == IPPROTO_TCP )
		send_tcp_segment ( (struct ip*) data , &tcp_callback );
	else
		for ( i = 0; i < flow->total ; i++ )
			fprintf( stderr, "%02x ", data[i] );

	fprintf( stderr, "\n" );

	return;
}
Exemple #3
0
int main ( int argc , char *argv[] )
{
	/* parameters parsing */
	int c;

	/* pcap */
	char 			errbuf[PCAP_ERRBUF_SIZE];
	struct bpf_program 	fp;
	char 			filter_exp[] = "ip and tcp";
	char 			*source = 0;
	char 			*filter = filter_exp;
	const unsigned char	*packet = 0;
	struct pcap_pkthdr 	header;

	/* packet dissection */
	struct ip	*ip;
	unsigned int	error;

	/* extra */
	unsigned int ipf,tcps;

	fprintf( stderr, "\n###########################" );
	fprintf( stderr, "\n#     libntoh Example     #" );
	fprintf( stderr, "\n# ----------------------- #" );
	fprintf( stderr, "\n# Written by Chema Garcia #" );
	fprintf( stderr, "\n# ----------------------- #" );
	fprintf( stderr, "\n#  http://safetybits.net  #" );
	fprintf( stderr, "\n#   [email protected]  #" );
	fprintf( stderr, "\n###########################\n" );

	fprintf( stderr, "\n[i] libntoh version: %s\n", ntoh_version() );

	if ( argc < 3 )
	{
		fprintf( stderr, "\n[+] Usage: %s <options>\n", argv[0] );
		fprintf( stderr, "\n+ Options:" );
		fprintf( stderr, "\n\t-i | --iface <val> -----> Interface to read packets from" );
		fprintf( stderr, "\n\t-f | --file <val> ------> File path to read packets from" );
		fprintf( stderr, "\n\t-F | --filter <val> ----> Capture filter (default: \"ip and tcp\")" );
		fprintf( stderr, "\n\t-c | --client ----------> Receive client data");
		fprintf( stderr, "\n\t-s | --server ----------> Receive server data\n\n");
		exit( 1 );
	}

	/* check parameters */
	while ( 1 )
	{
		int option_index = 0;
		static struct option long_options[] =
		{
		{ "iface" , 1 , 0 , 'i' } ,
		{ "file" , 1 , 0 , 'f' } ,
		{ "filter" , 1 , 0 , 'F' } ,
		{ "client" , 0 , 0 , 'c' },
		{ "server" , 0 , 0 , 's' },
		{ 0 , 0 , 0 , 0 } };

		if ( ( c = getopt_long( argc, argv, "i:f:F:cs", long_options, &option_index ) ) < 0 )
			break;

		switch ( c )
		{
			case 'i':
				source = optarg;
				handle = pcap_open_live( optarg, 65535, 1, 0, errbuf );
				break;

			case 'f':
				source = optarg;
				handle = pcap_open_offline( optarg, errbuf );
				break;

			case 'F':
				filter = optarg;
				break;

			case 'c':
				receive |= RECV_CLIENT;
				break;

			case 's':
				receive |= RECV_SERVER;
				break;
		}
	}

	if ( !receive )
		receive = (RECV_CLIENT | RECV_SERVER);

	if ( !handle )
	{
		fprintf( stderr, "\n[e] Error loading %s: %s\n", source, errbuf );
		exit( -1 );
	}

	if ( pcap_compile( handle, &fp, filter, 0, 0 ) < 0 )
	{
		fprintf( stderr, "\n[e] Error compiling filter \"%s\": %s\n\n", filter, pcap_geterr( handle ) );
		pcap_close( handle );
		exit( -2 );
	}

	if ( pcap_setfilter( handle, &fp ) < 0 )
	{
		fprintf( stderr, "\n[e] Cannot set filter \"%s\": %s\n\n", filter, pcap_geterr( handle ) );
		pcap_close( handle );
		exit( -3 );
	}
	pcap_freecode( &fp );

	/* verify datalink */
	if ( pcap_datalink( handle ) != DLT_EN10MB )
	{
		fprintf ( stderr , "\n[e] libntoh is independent from link layer, but this example only works with ethernet link layer\n");
		pcap_close ( handle );
		exit ( -4 );
	}

	fprintf( stderr, "\n[i] Source: %s / %s", source, pcap_datalink_val_to_description( pcap_datalink( handle ) ) );
	fprintf( stderr, "\n[i] Filter: %s", filter );

	fprintf( stderr, "\n[i] Receive data from client: ");
	if ( receive & RECV_CLIENT )
		fprintf( stderr , "Yes");
	else
		fprintf( stderr , "No");

	fprintf( stderr, "\n[i] Receive data from server: ");
	if ( receive & RECV_SERVER )
		fprintf( stderr , "Yes");
	else
		fprintf( stderr , "No");

	signal( SIGINT, &shandler );
	signal( SIGTERM, &shandler );

	/*******************************************/
	/** libntoh initialization process starts **/
	/*******************************************/

	ntoh_init ();

	if ( ! (tcp_session = ntoh_tcp_new_session ( 0 , 0 , &error ) ) )
	{
		fprintf ( stderr , "\n[e] Error %d creating TCP session: %s" , error , ntoh_get_errdesc ( error ) );
		exit ( -5 );
	}

	fprintf ( stderr , "\n[i] Max. TCP streams allowed: %d" , ntoh_tcp_get_size ( tcp_session ) );

	if ( ! (ipv4_session = ntoh_ipv4_new_session ( 0 , 0 , &error )) )
	{
		ntoh_tcp_free_session ( tcp_session );
		fprintf ( stderr , "\n[e] Error %d creating IPv4 session: %s" , error , ntoh_get_errdesc ( error ) );
		exit ( -6 );
	}

	fprintf ( stderr , "\n[i] Max. IPv4 flows allowed: %d\n\n" , ntoh_ipv4_get_size ( ipv4_session ) );

	/* capture starts */
	while ( ( packet = pcap_next( handle, &header ) ) != 0 )
	{
		/* get packet headers */
		ip = (struct ip*) ( packet + sizeof ( struct ether_header ) );
		if ( (ip->ip_hl * 4 ) < sizeof(struct ip) )
			continue;

		/* it is an IPv4 fragment */
		if ( NTOH_IPV4_IS_FRAGMENT(ip->ip_off) )
			send_ipv4_fragment ( ip , &ipv4_callback );
		/* or a TCP segment */
		else if ( ip->ip_p == IPPROTO_TCP )
			send_tcp_segment ( ip , &tcp_callback );
	}

	tcps = ntoh_tcp_count_streams( tcp_session );
	ipf = ntoh_ipv4_count_flows ( ipv4_session );

	/* no streams left */
	if ( ipf + tcps > 0 )
	{
		fprintf( stderr, "\n\n[+] There are currently %i stored TCP stream(s) and %i IPv4 flow(s). You can wait them to get closed or press CTRL+C\n" , tcps , ipf );
		pause();
	}

	shandler( 0 );

	//dummy return
	return 0;
}
Exemple #4
0
int main (int argc , char *argv[])
{
        signal( SIGINT, &shandler );
        signal( SIGTERM, &shandler );
        signal( SIGSEGV, &shandler );

        write(2, "\n\t\t######################################", 41);
        write(2, "\n\t\t#           Dump HTTP Sigs           #", 41);
        write(2, "\n\t\t# ---------------------------------- #", 41);
        write(2, "\n\t\t#     Written by Ernest Richards     #", 41);
        write(2, "\n\t\t#  Based on code from Chema Garcia   #", 41);
        write(2, "\n\t\t# ---------------------------------- #", 41);
        write(2, "\n\t\t# Github.com/ernesto341/ais-research #", 41);
        write(2, "\n\t\t######################################\n", 42);
        write(2, "\n\t\tX      -----    Active    -----      X\n\n", 43);

        if (DEBUG)
        {
                sprintf(buf, "\n[i] libntoh version: %s\n", ntoh_version());
                write(2, buf, strlen(buf));
        }

        if ( argc < 3 )
        {
                sprintf(buf, "\n[+] Usage: %s <options>\n", argv[0]);
                write(2, buf, strlen(buf));
                write(2, "\n+ Options:", 11);      // 28
                write(2, "\n\t-i | --iface <val> -----> Interface to read packets from", 58);
                write(2, "\n\t-f | --file <val> ------> File path to read packets from", 58);
                write(2, "\n\t-F | --filter <val> ----> Capture filter (must contain \"tcp\" or \"ip\")", 71);
                write(2, "\n\t-c | --client ----------> Receive client data only", 52);
                write(2, "\n\t-s | --server ----------> Receive server data only\n\n", 54);
                exit(1);
        }

        /* parameters parsing */
        int32_t c = 0;

        /* pcap */
        char errbuf[PCAP_ERRBUF_SIZE];
        struct bpf_program fp;
        char filter_exp[] = "ip";
        char *source = 0;
        char *filter = filter_exp;
        const unsigned char *packet = 0;
        struct pcap_pkthdr header;

        /* packet dissection */
        struct ip	*ip;
        uint32_t error = 0;

        /* extra */
        uint32_t ipf, tcps;

        /* check parameters */
        while ( c >= 0 )
        {
                int32_t option_index = 0;
                static struct option long_options[] =
                {
                        { "iface" , 1 , 0 , 'i' },
                        { "file" , 1 , 0 , 'f' },
                        { "filter" , 1 , 0 , 'F' },
                        { "client" , 0 , 0 , 'c' },
                        { "server" , 0 , 0 , 's' },
                        { 0 , 0 , 0 , 0 }
                };

                c = getopt_long( argc, argv, "i:f:F:cs", long_options, &option_index );

                if (c >= 0)
                {

                        switch ( c )
                        {
                                case 'i':
                                        source = optarg;
                                        handle = pcap_open_live( optarg, 65535, 1, 0, errbuf );
                                        break;

                                case 'f':
                                        source = optarg;
                                        handle = pcap_open_offline( optarg, errbuf );
                                        break;

                                case 'F':
                                        filter = optarg;
                                        break;

                                case 'c':
                                        receive |= RECV_CLIENT;
                                        break;

                                case 's':
                                        receive |= RECV_SERVER;
                                        break;
                        }
                }
        }

        if ( !receive )
        {
                receive = (RECV_CLIENT | RECV_SERVER);
        }

        if ( !handle )
        {
                if (DEBUG)
                {
                        fprintf( stderr, "\n[e] Error loading %s: %s\n", source, errbuf );
                }
                exit( -1 );
        }

        if ( pcap_compile( handle, &fp, filter, 0, 0 ) < 0 )
        {
                if (DEBUG)
                {
                        fprintf( stderr, "\n[e] Error compiling filter \"%s\": %s\n\n", filter, pcap_geterr( handle ) );
                }
                pcap_close( handle );
                exit( -2 );
        }

        if ( pcap_setfilter( handle, &fp ) < 0 )
        {
                if (DEBUG)
                {
                        fprintf( stderr, "\n[e] Cannot set filter \"%s\": %s\n\n", filter, pcap_geterr( handle ) );
                }
                pcap_close( handle );
                exit( -3 );
        }
        pcap_freecode( &fp );

        /* verify datalink */
        if ( pcap_datalink( handle ) != DLT_EN10MB )
        {
                if (DEBUG)
                {
                        fprintf ( stderr , "\n[e] libntoh is independent from link layer, but this code only works with ethernet link layer\n");
                }
                pcap_close ( handle );
                exit ( -4 );
        }

        if (DEBUG)
        {
                fprintf( stderr, "\n[i] Source: %s / %s", source, pcap_datalink_val_to_description( pcap_datalink( handle ) ) );
                fprintf( stderr, "\n[i] Filter: %s", filter );

                fprintf( stderr, "\n[i] Receive data from client: ");
                if ( receive & RECV_CLIENT )
                {
                        fprintf( stderr , "Yes");
                }
                else
                {
                        fprintf( stderr , "No");
                }

                fprintf( stderr, "\n[i] Receive data from server: ");
                if ( receive & RECV_SERVER )
                {
                        fprintf( stderr , "Yes");
                }
                else
                {
                        fprintf( stderr , "No");
                }
        }

        /*******************************************/
        /** libntoh initialization process starts **/
        /*******************************************/

        initMem(&snc);

        /* fork and exec retrieve in retdir */

        char *null_args[] = {NULL};
        char *null_envp[] = {NULL};
        
        if ((ret_pid = fork()) == 0) /* child */
        {
                if (execve((char *)"./retdir/retrieve\0", null_args, null_envp) < 0)
                {
                        perror("execve()");
                        shandler(-1);
                }
        }
        else
        {

                if ((t5Convert = (sig_atomic_t *)malloc(sizeof(sig_atomic_t) * t5TplLen)) < (sig_atomic_t *)0)
                {
                        write(2, "\n\t[e] --- Unable to allocate sufficient memory\n", 47);
                        fflush(stderr);
                        _exit(-1);
                }

                ntoh_init ();

                if ( ! (tcp_session = ntoh_tcp_new_session ( 0 , 0 , &error ) ) )
                {
                        if (DEBUG)
                        {
                                fprintf ( stderr , "\n[e] Error %d creating TCP session: %s" , error , ntoh_get_errdesc ( error ) );
                        }
                        exit ( -5 );
                }

                if (DEBUG)
                {
                        fprintf ( stderr , "\n[i] Max. TCP streams allowed: %d" , ntoh_tcp_get_size ( tcp_session ) );
                }

                if ( ! (ipv4_session = ntoh_ipv4_new_session ( 0 , 0 , &error )) )
                {
                        ntoh_tcp_free_session ( tcp_session );
                        if (DEBUG)
                        {
                                fprintf ( stderr , "\n[e] Error %d creating IPv4 session: %s" , error , ntoh_get_errdesc ( error ) );
                        }
                        exit ( -6 );
                }

                if (DEBUG)
                {
                        fprintf ( stderr , "\n[i] Max. IPv4 flows allowed: %d\n\n" , ntoh_ipv4_get_size ( ipv4_session ) );

                        fflush(stderr);
                }

                /* capture starts */
                /* accept signal from consumer to quit */
                while ( ( packet = pcap_next( handle, &header ) ) != 0 && snc.smem.shm[CTL][FLAGS] != CDONE)
                {
                        static int pc = 0;
                        fprintf(stdout, "Packet %d\n", ++pc);
                        fflush(stdout);
                        /* get packet headers */
                        ip = (struct ip*) ( packet + sizeof ( struct ether_header ) );
                        if ( (ip->ip_hl * 4 ) < (int)sizeof(struct ip) )
                        {
                                continue;
                        }

                        /* it is an IPv4 fragment */
                        if ( NTOH_IPV4_IS_FRAGMENT(ip->ip_off) )
                        {
                                send_ipv4_fragment ( ip , &ipv4_callback );
                        }
                        /* or a TCP segment */
                        else if ( ip->ip_p == IPPROTO_TCP )
                        {
                                send_tcp_segment ( ip , &tcp_callback );
                        }
                }
                if (snc.smem.shm[CTL][FLAGS] == CDONE)
                {
                        shandler( 0 );
                }

                tcps = ntoh_tcp_count_streams( tcp_session );
                ipf = ntoh_ipv4_count_flows ( ipv4_session );

                /* no streams left */
                if ( ipf + tcps > 0 )
                {
                        if (DEBUG)
                        {
                                fprintf( stderr, "\n\n[+] There are currently %i stored TCP stream(s) and %i IPv4 flow(s). You can wait for them to get closed or press CTRL+C\n" , tcps , ipf );
                                pause();
                        }
                }

                shandler( 0 );

        }
        //dummy return, should never be called
        return (0);
}