-
Notifications
You must be signed in to change notification settings - Fork 0
/
send_reusch
332 lines (279 loc) · 9.35 KB
/
send_reusch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
import socket, sys
from socket import AF_PACKET, SOCK_RAW
from struct import *
import ipaddress
#
#
#
################# SENDER #########
#
#
#
device_interface = "enp4s0"
msg_dict = {
"syn": [0,0,0,0,1,0], # syn
"ack": [0,1,0,0,0,0], # ack
"rst": [0,0,0,1,0,0],
"syn/ack":[0,1,0,0,1,0],
"fin": [0,0,0,0,0,1],
}
def sendeth(eth_frame, interface = device_interface):
"""Send raw Ethernet packet on interface."""
s = socket.socket(AF_PACKET, SOCK_RAW)
s.bind((interface, 0))
result = s.send(eth_frame)
s.close()
return result
def checksum(msg):
s = 0
# loop taking 2 characters at a time
for i in range(0, len(msg), 2):
w = (ord(msg[i]) << 8) + (ord(msg[i+1]))
s = s + w
s = (s >> 16) + (s & 0xffff)
s = ~s & 0xffff
return s
"""
Function that build ipv6 header
@paramter source_addr - source address (check ifconfig)
@paramter dest_addr - destination address
@return ipv6 header in hexadecimal
"""
def build_ipv6_header(source_addr, dest_addr):
version = 6
traffic_class = 0
shift = lambda shifted, shift, adder : shifted << shift + traffic_class
#version << 8 + traffic_class
sub_packet = shift(version, 8, traffic_class)
flow_label = 0
#sub_packet << 20 + flow_label
sub_packet_1 = shift(sub_packet, 20, flow_label)
payload_lenght = 20
next_header = socket.IPPROTO_TCP
hop_limit = 255
sub_packet_2 = (payload_lenght << 16) + (next_header << 8) + hop_limit
ip_header = pack('!II16s16s', sub_packet_1,sub_packet_2, source_addr, dest_addr)
return ip_header
"""
Function that build tcp header
@parameter source - source port
@paramter dest - destination port
@paramter source_ip - source ip (check ifconfig)
@parameter dest_ip - destination ip
@return tcp header in hexadecimal
"""
def build_tcp_header(source, dest, source_ip, dest_ip,atk_type,sequence):
# tcp header fields
seq = sequence
ack_seq = sequence
doff = 5 #4 bit field, size of tcp header, 5 * 4 = 20 bytes
#tcp flags
urg,ack,psh,rst,syn,fin = msg_dict[atk_type]
#print(msg_dict[atk_type])
window = socket.htons(5840) # maximum allowed window size
check = 0
urg_ptr = 0
offset_res = (doff << 4) + 0
tcp_flags = fin + (syn << 1) + (rst << 2) + (psh <<3) + (ack << 4) + (urg << 5)
# the ! in the pack format string means network order
tcp_header = pack('!HHLLBBHHH' , source, dest, seq, ack_seq, offset_res, tcp_flags, window, check, urg_ptr)
# pseudo header fields
source_address = socket.inet_pton(socket.AF_INET6, source_ip)
dest_address = socket.inet_pton(socket.AF_INET6,dest_ip)
placeholder = 0
protocol = socket.IPPROTO_TCP
tcp_length = len(tcp_header)
psh = pack('!16s16sHBB' , source_address , dest_address , tcp_length, placeholder, protocol)
psh = psh + tcp_header
tcp_checksum = checksum(psh)
# make the tcp header again and fill the correct checksum
return pack('!HHLLBBHHH' , source, dest, seq, ack_seq, offset_res, tcp_flags, window, tcp_checksum , urg_ptr)
def tcp_connect(msg_type,sequence):
tcp_header = build_tcp_header(631, ports, source_ip, dest_ip,msg_type,sequence)
# final full packet - syn packets dont have any data
packet = eth_header + ip_header + tcp_header
result = sendeth(packet, device_interface)
print("Sent {} bytes" .format(result))
return
#
#
###########################################################
# LISTENER #
###########################################################
def check_answer(my_ipv6,atk_dst_ipv6,atk_type,msg_type,src_ipv6,dst_ipv6,dst_tcp):
print("Checking answer")
if (response_type == msg_type) and (atk_dst_ipv6 == src_ipv6):
ret_value = True
else:
ret_value = False
return ret_value
def unpack_eth_header(data):
dst_mac, src_mac, proto = unpack('!6s6sH', data)
#print(socket.htons(proto))
return socket.htons(proto)
def check_type(tcp_flags):
sequence = ''
for flag in tcp_flags:
sequence += str(flag)
if '000010' == sequence:
return 'syn'
elif '000100' == sequence:
return 'rst'
elif '010000' == sequence:
return 'ack'
elif '010100' == sequence:
return 'ack/rst'
elif '000001' == sequence:
return 'fin'
elif '010010' == sequence:
return 'syn/ack'
def get_ipv6_addr(bytes_addr):
return str(ipaddress.ip_address(bytes_addr))
def unpack_ipv6_header(data):
sub_packet_1, sub_packet_2, src_addr, dst_addr = unpack('!II16s16s', data[:40])
bits_packet_1 = "{:32b}".format(sub_packet_1)
version2 = bits_packet_1[:4]
traffic_class2 = bits_packet_1[4:12]
flow_label2 = bits_packet_1[12:32]
#print('Version: {}'.format(int(version2,2)))
#print('Traffic: {}'.format(int(traffic_class2,2)))
#print('Flow: {}'.format(int(flow_label2,2)))
bits_packet_2 = "{:32b}".format(sub_packet_2)
payload_lenght2 = bits_packet_2[:16]
next_header2 = bits_packet_2[16:24]
hop_limit2 = bits_packet_2[24:32]
#print('Payload: {}'.format(int(payload_lenght2,2)))
#print('Next: {}'.format(int(next_header2,2)))
#print('hop: {}'.format(int(hop_limit2,2)))
#print(str(ipaddress.ip_address(src_addr)))
return get_ipv6_addr(src_addr), get_ipv6_addr(dst_addr)
def unpack_tcp_header(data):
src_port, dest_port, sequence, acknowledgment, offset_reserved_flags, tcp_flags, window, tcp_checksum, urg_ptr = unpack('!HHLLBBHHH', data)
#print(dest_port)
#print('flags raw {}'.format(tcp_flags))
offset = (offset_reserved_flags >> 12) * 4
flag_urg = (tcp_flags & 32) >> 5
flag_ack = (tcp_flags & 16) >> 4
flag_psh = (tcp_flags & 8) >> 3
flag_rst = (tcp_flags & 4) >> 2
flag_syn = (tcp_flags & 2) >> 1
flag_fin = tcp_flags & 1
flags = []
flags.append(flag_urg)
flags.append(flag_ack)
flags.append(flag_psh)
flags.append(flag_rst)
flags.append(flag_syn)
flags.append(flag_fin)
#print(flags)
# identficiar tipo de ataque
#print(flags)
return src_port, dest_port, flags
def determine_answer(msg_type,atk_type):
#print(msg_type)
if(atk_type == 1 or atk_type == 2):
if(msg_type == 'syn/ack'):
return True
elif msg_type == 'ack/rst':
return False
elif atk_type == 3:
if(msg_type == 'ack/rst'):
return False
else:
return True
elif atk_type == 4:
if(msg_type == 'rst'):
return True
else:
return False
##### LISTENER ######
def listener(my_ipv6,atk_dst_ipv6,atk_type, conn, atk_port):
msg_count = 0
timeout_after = 100 # messages on network
print("Waiting for answer")
while True:
raw_packet, addr = conn.recvfrom(65535)
eth_proto = unpack_eth_header(raw_packet[:14])
if eth_proto == 56710:
src_ipv6, dst_ipv6 = unpack_ipv6_header(raw_packet[14:54])
if ( atk_type == 3 or atk_type == 4):
msg_count += 1
if (msg_count > timeout_after):
if ( atk_type == 3):
return True
elif ( atk_type == 4):
return False
if eth_proto == 56710 and my_ipv6 == dst_ipv6 and len(raw_packet) <= 80:
src_port,dst_tcp, tcp_flags = unpack_tcp_header(raw_packet[54:74])
if(src_port == atk_port):
msg_type = check_type(tcp_flags)
return determine_answer(msg_type,atk_type)
############## MAIN ###############
#
if __name__ == "__main__":
# src=fe:ed:fa:ce:be:ef, dst=52:54:00:12:35:02, type=0x0800 (IP)
src_mac = [0xa4, 0x1f, 0x72,0xf5, 0x90, 0x80]
dst_mac = [0x74, 0xe6, 0xe2,0xcf, 0x93, 0x49]
# Ethernet header
eth_header = pack('!6B6BH', dst_mac[0], dst_mac[1], dst_mac[2], dst_mac[3], dst_mac[4], dst_mac[5],
src_mac[0], src_mac[1], src_mac[2], src_mac[3], src_mac[4], src_mac[5], 0x86DD)
source_ip = "fe80::a61f:72ff:fef5:9080"
dest_ip = "fe80::b37:7d65:17a:d87f"
my_ipv6 = source_ip
dst_ipv6 = dest_ip
source_addr = socket.inet_pton(socket.AF_INET6,my_ipv6)
dest_addr = socket.inet_pton(socket.AF_INET6,dst_ipv6)
ip_header = build_ipv6_header(source_addr, dest_addr)
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
opened_ports = []
for ports in range(int(sys.argv[2]), int(sys.argv[3])):
print('>>>>>>>>>>>>>>>>>>>>>>> Sending to Port {}'.format(ports))
if sys.argv[1] == "1": # SYN
tcp_connect("syn",0)
if listener(my_ipv6,dst_ipv6,1, conn,ports):
print("syn/ack received, sending ack")
tcp_connect("ack",1)
print('Sucessfully connected to {}'.format(ports))
opened_ports.append(ports)
else:
#tcp_connect("ack",1)
print("RST received -> closed")
# PORTA FECHADA -> TESTAR PROXIMA
# ENVIAR ACK
elif sys.argv[1] == "2": #SYN RST
tcp_connect("syn",0)
if listener(my_ipv6,dst_ipv6,2, conn,ports):
print("syn/ack received, sending rst")
tcp_connect("rst",1) # RESPONDE UM ACK
print('{} Half opened'.format(ports))
opened_ports.append(ports)
# FIM DO ATAQUE
#break
# PORTA ABERTA -> ENVIAR ACK
else:
#tcp_connect("rst",1)
print("Closed")
# PORTA FECHADA -> TESTAR PROXIMA
elif sys.argv[1] == "3": #FIN
tcp_connect("fin",0)
if listener(my_ipv6,dst_ipv6,3, conn,ports):
# DEVE IMPLEMENTAR TIMEOUT -> ENCONTROU PORTA ABERTA
print('{} is opened'.format(ports))
opened_ports.append(ports)
#break
# PORTA ABERTA -> ENVIAR ACK
else:
print("Closed")
# PORTA FECHADA -> TESTAR PROXIMA
elif sys.argv[1] == "4": #SYNACK
tcp_connect("syn/ack",0)
if listener(my_ipv6,dst_ipv6,4, conn,ports):
opened_ports.append(ports)
print('{} is opened'.format(ports))
#break
# PORTA ABERTA -> ENVIAR ACK
else:
print("Closed")
# PORTA FECHADA -> TESTAR PROXIMA
print("\n>>>>>> END OF ATTACK <<<<<< ")
print('\nAvailable ports: {}\n'.format(opened_ports))