bool ArpPkt::createPkt(uint8_t*& buf,uint32_t& len){ if(isPktUsed){ return false; } isPktUsed = true; if (libnet_adv_cull_packet(l, &buf, &len)== -1) { return false; } return true; }
u_int16_t get_sum(u_int8_t *payload, u_int32_t total_pload_size, u_int16_t id, u_int16_t seq) { /* Builds the ICMP header with the whole payload, gets * the checksum from it and returns it (in host order). */ char errbuf[LIBNET_ERRBUF_SIZE]; libnet_ptag_t icmp_tag; u_int8_t *packet; u_int32_t packet_size; u_int16_t *sum_p, sum; u_int8_t dummy_dst[6] = {0, 0, 0, 0, 0, 0}; icmp_tag = LIBNET_PTAG_INITIALIZER; /* Switching to advanced link mode */ /* Nothing should be built yet and all random numbers * * should be already generated. */ libnet_destroy(l); l = libnet_init(LIBNET_LINK_ADV, "eth0", errbuf); if (l == NULL) { fprintf(stderr, "libnet_init() failed (link_adv): %s\n", errbuf); exit(EXIT_FAILURE); } /* Building the header */ icmp_tag = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id, seq, payload, total_pload_size, l, icmp_tag); if (icmp_tag == -1) { fprintf(stderr, "Error building ICMP header: %s\n", libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } /* Building dummy IP header */ if (libnet_autobuild_ipv4( (LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + total_pload_size), IPPROTO_ICMP, 0, l) == -1) { fprintf(stderr, "Error building dummy IP header: %s\n", libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } /* Building dummy Ethernet header */ if (libnet_autobuild_ethernet(dummy_dst, ETHERTYPE_IP, l) == -1) { fprintf(stderr, "Error building dummy Ethernet header: %s\n", libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } /* Pulling the packet */ if (libnet_adv_cull_packet(l, &packet, &packet_size) == -1) { fprintf(stderr, "Error pulling the packet: %s\n", libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } /* Grabbing the checksum */ /* We want the 37th and 38th bytes: eth header (14) + ip * * header (20) + icmp type and code (2) = 36 */ sum_p = (u_int16_t *)(packet + 36); sum = ntohs(*sum_p); /* Freeing memory */ libnet_adv_free_packet(l, packet); /* Clearing the header */ libnet_clear_packet(l); /* Switching back to IPv4 raw socket mode */ libnet_destroy(l); l = libnet_init(LIBNET_RAW4, "eth0", errbuf); if (l == NULL) { fprintf(stderr, "libnet_init() failed (raw4, 2nd call): %s\n", errbuf); exit(EXIT_FAILURE); } return sum; }
int main(int argc, char *argv[]) { int c; uint32_t i; libnet_t *l; libnet_ptag_t t; char *device = NULL; uint8_t *packet; uint32_t packet_s; char errbuf[LIBNET_ERRBUF_SIZE]; printf("libnet 1.1 packet shaping: ARP[link -- autobuilding ethernet]\n"); if (argc > 1) { device = argv[1]; } l = libnet_init( LIBNET_LINK_ADV, /* injection type */ device, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "%s", errbuf); exit(EXIT_FAILURE); } else /* * Build the packet, remmebering that order IS important. We must * build the packet from lowest protocol type on up as it would * appear on the wire. So for our ARP packet: * * ------------------------------------------- * | Ethernet | ARP | * ------------------------------------------- * ^ ^ * |------------------ | * libnet_build_ethernet()--| | * | * libnet_build_arp()-----------| */ i = libnet_get_ipaddr4(l); t = libnet_autobuild_arp( ARPOP_REPLY, /* operation type */ enet_src, /* sender hardware addr */ (uint8_t *)&i, /* sender protocol addr */ enet_dst, /* target hardware addr */ (uint8_t *)&i, /* target protocol addr */ l); /* libnet context */ if (t == -1) { fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_autobuild_ethernet( enet_dst, /* ethernet destination */ ETHERTYPE_ARP, /* protocol type */ l); /* libnet handle */ if (t == -1) { fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l)); goto bad; } if (libnet_adv_cull_packet(l, &packet, &packet_s) == -1) { fprintf(stderr, "%s", libnet_geterror(l)); } else { fprintf(stderr, "packet size: %d\n", packet_s); libnet_adv_free_packet(l, packet); } c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte ARP packet from context \"%s\"; " "check the wire.\n", c, libnet_cq_getlabel(l)); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int main (int argc, char **argv) { char *interface = NULL; libnet_t *libnet_handle = NULL; char pcap_error_buffer[PCAP_ERRBUF_SIZE]; char libnet_error_buffer[LIBNET_ERRBUF_SIZE]; struct libnet_ether_addr *hw_src = NULL; struct libnet_ether_addr *hw_dst = NULL; struct in_addr ip_src, ip_dst; u_int8_t *packet = NULL; u_int32_t packet_size; int status; if (argc > 1) interface = argv[1]; if (interface == NULL) interface = pcap_lookupdev(pcap_error_buffer); if (interface == NULL) { fprintf(stderr, "pcap_lookupdev: %s\n", pcap_error_buffer); exit(EXIT_FAILURE); } printf ("using inteface %s\n", interface); if ((libnet_handle = libnet_init(LIBNET_LINK_ADV, interface, libnet_error_buffer)) == NULL) { fprintf(stderr, "%s", libnet_error_buffer); exit(EXIT_FAILURE); } /* seed random number generator with an unique number */ srand(getpid()*time(NULL)); if ((hw_src = malloc(sizeof(struct libnet_ether_addr))) == NULL) { fprintf(stderr, "%s\n", strerror(errno)); exit(EXIT_FAILURE); } if ((hw_dst = malloc(sizeof(struct libnet_ether_addr))) == NULL) { fprintf(stderr, "%s\n", strerror(errno)); exit(EXIT_FAILURE); } memset((void *)&hw_dst->ether_addr_octet, 0xff, MSIZE); hw_src->ether_addr_octet[0] = 0x00; ip_dst.s_addr = 0; printf("flooding with arp packets with random hw / ip addresses\n"); for (;;) { ip_src.s_addr = rand(); hw_src->ether_addr_octet[1] = (int) (80.0*rand()/(RAND_MAX+1.0)); hw_src->ether_addr_octet[2] = (int) (255.0*rand()/(RAND_MAX+1.0)); hw_src->ether_addr_octet[3] = (int) (255.0*rand()/(RAND_MAX+1.0)); hw_src->ether_addr_octet[4] = (int) (255.0*rand()/(RAND_MAX+1.0)); hw_src->ether_addr_octet[5] = (int) (255.0*rand()/(RAND_MAX+1.0)); if (libnet_build_arp( ARPHRD_ETHER, /* hardware addr */ ETHERTYPE_IP, /* protocol addr */ ETHER_ADDR_LEN, /* hardware addr size */ 4, /* protocol addr size */ ARPOP_REPLY, /* operation type */ hw_src->ether_addr_octet, /* sender hardware addr */ (u_int8_t *)&ip_src.s_addr, /* sender protocol addr */ hw_dst->ether_addr_octet, /* target hardware addr */ (u_int8_t *)&ip_dst.s_addr, /* target protocol addr */ NULL, /* payload */ 0, /* payload size */ libnet_handle, /* libnet context */ 0) == -1) /* libnet id */ libnet_die(libnet_handle); if (libnet_build_ethernet( hw_dst->ether_addr_octet, /* dest eth addr */ hw_src->ether_addr_octet, /* src eth addr */ ETHERTYPE_ARP, /* protocol type */ NULL, /* payload */ 0, /* payload size */ libnet_handle, /* libnet context */ 0) == -1) /* libnet id */ libnet_die(libnet_handle); if (libnet_adv_cull_packet(libnet_handle, &packet, &packet_size) == -1) libnet_die(libnet_handle); libnet_adv_free_packet(libnet_handle, packet); if ((status = libnet_write(libnet_handle)) == -1) printf("!"); else printf("."); usleep(100); libnet_clear_packet(libnet_handle); } libnet_destroy(libnet_handle); return EXIT_SUCCESS; }
/** * Function to inject TCP packets to the wireless interface. Requires headers * from a TO_DS packet for use in crafting the FROM_DS response. */ void inject_tcp(airpwn_ctx *ctx, ieee80211_hdr *w_hdr, struct iphdr *ip_hdr, struct tcphdr *tcp_hdr, uint8_t *wepkey, uint32_t keylen, char *content, uint32_t contentlen, uint8_t tcpflags, uint32_t *seqnum) { // libnet wants the data in host-byte-order u_int ack = ntohl(tcp_hdr->seq) + ( ntohs(ip_hdr->tot_len) - ip_hdr->ihl * 4 - tcp_hdr->doff * 4 ); ctx->tcp_t = libnet_build_tcp( ntohs(tcp_hdr->dest), // source port ntohs(tcp_hdr->source), // dest port *seqnum, // sequence number ack, // ack number tcpflags, // flags 0xffff, // window size 0, // checksum 0, // urg ptr 20 + contentlen, // total length of the TCP packet (uint8_t*)content, // response contentlen, // response_length ctx->lnet, // libnet_t pointer ctx->tcp_t // ptag ); if(ctx->tcp_t == -1){ printf("libnet_build_tcp returns error: %s\n", libnet_geterror(ctx->lnet)); return; } ctx->ip_t = libnet_build_ipv4( 40 + contentlen, // length 0, // TOS bits 1, // IPID (need to calculate) 0, // fragmentation 0xff, // TTL 6, // protocol 0, // checksum ip_hdr->daddr, // source address ip_hdr->saddr, // dest address NULL, // response 0, // response length ctx->lnet, // libnet_t pointer ctx->ip_t // ptag ); if(ctx->ip_t == -1){ printf("libnet_build_ipv4 returns error: %s\n", libnet_geterror(ctx->lnet)); return; } // copy the libnet packets to to a buffer to send raw.. unsigned char packet_buff[0x10000]; memcpy(packet_buff, w_hdr, IEEE80211_HDR_LEN); ieee80211_hdr *n_w_hdr = (ieee80211_hdr *)packet_buff; // set the FROM_DS flag and swap MAC addresses n_w_hdr->flags = IEEE80211_FROM_DS; if(wepkey) n_w_hdr->flags |= IEEE80211_WEP_FLAG; n_w_hdr->llc.type = LLC_TYPE_IP; uint8_t tmp_addr[6]; memcpy(tmp_addr, n_w_hdr->addr1, 6); memcpy(n_w_hdr->addr1, n_w_hdr->addr2, 6); memcpy(n_w_hdr->addr2, tmp_addr, 6); u_int32_t packet_len; u_int8_t *lnet_packet_buf; // cull_packet will dump the packet (with correct checksums) into a // buffer for us to send via the raw socket if(libnet_adv_cull_packet(ctx->lnet, &lnet_packet_buf, &packet_len) == -1){ printf("libnet_adv_cull_packet returns error: %s\n", libnet_geterror(ctx->lnet)); return; } memcpy(packet_buff + IEEE80211_HDR_LEN, lnet_packet_buf, packet_len); libnet_adv_free_packet(ctx->lnet, lnet_packet_buf); // total packet length int len = IEEE80211_HDR_LEN + 40 + contentlen; if(wepkey){ uint8_t tmpbuf[0x10000]; /* encryption starts after the 802.11 header, but the LLC header * gets encrypted. */ memcpy(tmpbuf, packet_buff+IEEE80211_HDR_LEN_NO_LLC, len-IEEE80211_HDR_LEN_NO_LLC); len = wep_encrypt(tmpbuf, packet_buff+IEEE80211_HDR_LEN_NO_LLC, len-IEEE80211_HDR_LEN_NO_LLC, wepkey, keylen); if(len <= 0){ fprintf(stderr, "Error performing WEP encryption!\n"); return; } else len += IEEE80211_HDR_LEN_NO_LLC; } /* Establish lorcon packet transmission structure */ ctx->in_packet.packet = packet_buff; ctx->in_packet.plen = len; /* Send the packet */ if (tx80211_txpacket(&ctx->inject_tx, &ctx->in_packet) < 0) { fprintf(stderr, "Unable to transmit packet."); perror("tx80211_txpacket"); return; } *seqnum += contentlen; //advance the sequence number printlog(ctx, 2, "wrote %d bytes to the wire(less)\n", len); }
void *macflood(void *n) { int32_t i,c; u_char smaca[ETHER_ADDR_LEN], dmaca[ETHER_ADDR_LEN]; libnet_t *llif; char ebuf[PCAP_ERRBUF_SIZE]; libnet_ptag_t pkt; u_int8_t *packet; u_int32_t packet_s; for(i=0; i != *(int32_t *)n; ++i) { // initiliaze libnet context if((llif=libnet_init(LIBNET_LINK_ADV, intf, ebuf))==NULL) errx(1, "%s", ebuf); // Initialize Randomgenerator libnet_seed_prand(llif); // Generate random source mac gen_mac(smaca); gen_mac(dmaca); //build ARP if ((pkt = libnet_build_arp( ARPHRD_ETHER, /* hardware addr */ ETHERTYPE_IP, /* protocol addr */ 6, /* hardware addr size */ 4, /* protocol addr size */ ARPOP_REQUEST, /* operation type */ empty_mac, /* sender hardware addr */ (u_int8_t *)&empty_ip, /* sender protocol addr */ empty_mac, (u_int8_t *)&empty_ip, /* target protocol addr */ NULL, /* payload */ 0, /* payload size */ llif, /* libnet context */ 0))==-1) /* libnet id */ fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(llif)); // Build ethernet if ((pkt = libnet_build_ethernet( dmaca, /* ethernet destination */ smaca, /* source macadress */ ETHERTYPE_ARP, /* protocol type */ NULL, /* Payload */ 0, /* length of payload*/ llif, /* libnet id */ 0))==-1) /* ptag */ fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(llif)); if (libnet_adv_cull_packet(llif, &packet, &packet_s) == -1) fprintf(stderr, "%s", libnet_geterror(llif)); // Write package to wire if ((c = libnet_write(llif))==-1) errx(1, "Write error: %s\n", libnet_geterror(llif)); if(verbose) fprintf(stderr, "SRC-MAC: %x:%x:%x:%x:%x:%x |" "DST-MAC: %x:%x:%x:%x:%x:%x\n", smaca[0],smaca[1],smaca[2],smaca[3],smaca[4],smaca[5], dmaca[0], dmaca[1], dmaca[2], dmaca[3], dmaca[4], dmaca[5]); libnet_destroy(llif); } fprintf(stderr, "%d Packages sent.\n", *(int32_t *)n); }
int main(int argc, char *argv[]){ int c; uint32_t i; libnet_t *l; libnet_ptag_t t; char *device =NULL; uint8_t *packet; uint32_t packet_s; char errbuf[LIBNET_ERRBUF_SIZE]; u_char enet_src[6] = {0x08,0x00,0x27,0x92,0x07,0xb6}; u_char enet_dst[6] = {0x94,0xB8,0X6D,0xFC,0xDA,0xA0}; u_char ip_dst[4] ={0xc0,0xa8,0x2b,0x92}; u_char ip_src[4] ={0xc0,0xa8,0x2b,0x01}; printf("libnet 1.1 packet shaping : ARP [link --autobuilding ethernet]\n"); if(argc >1){ device = argv[1]; } l =libnet_init(LIBNET_LINK_ADV, device,errbuf); if(l ==NULL){ fprintf(stderr,"libnet_init() failed :%s",errbuf); exit(EXIT_FAILURE); }else i =libnet_get_ipaddr4(l); t=libnet_autobuild_arp(ARPOP_REPLY,enet_src,ip_src,enet_dst,ip_dst,l); if(t ==-1) { fprintf(stderr, "can't build ARP header:%s\n",libnet_geterror(l)); goto bad; } t=libnet_autobuild_ethernet(enet_dst,ETHERTYPE_ARP, l); if(libnet_adv_cull_packet(l,&packet,&packet_s)==-1){ fprintf(stderr, "%s",libnet_geterror(l)); }else{ fprintf(stderr, "packet size : %d\n", packet_s); libnet_adv_free_packet(l,packet); } c=libnet_write(l); if(c==-1){ fprintf(stderr,"Write error : %s \n",libnet_geterror(l)); goto bad; }else{ fprintf(stderr,"Wrote %d byte ARP packet from context \ %s\";""check the wire\n",c,libnet_cq_getlabel(l)); } libnet_destroy(l); return (EXIT_SUCCESS); bad : libnet_destroy(l); return(EXIT_SUCCESS); }