Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import socket, sys
- from struct import *
- # checksum computation
- def checksum(bytes_stream):
- checksum = 0
- _sum = 0
- for i in range(0, len(bytes_stream), 2):
- #bit16_int = int.from_bytes(bytes_stream[i] + bytes_stream[i + 1], byteorder='big')
- _sum += bytes_stream[i] + bytes_stream[i + 1]
- _sum = (_sum >> 16) + (_sum & 0xffff)
- checksum = (~_sum) & 0xffff
- return checksum
- # checksum function needed for checksum calculation
- def checksum_old(msg):
- s = 0
- # loop taking 2 chars at a time (16-bit)
- for i in range(0, len(msg), 2):
- w = (ord(str(msg[i])) << 8) + ord(str(msg[i + 1]))
- s += w
- # 16-bit padding and adding carry
- s = (s >> 16) + (s & 0xffff)
- # complement and mask to 4 byte short
- s = ~s & 0xffff
- return s
- def calculate_packet_total_length():
- return 20 + 20
- def create_syn_packet(src_ip, dst_ip, src_port, dst_port):
- print("[*] Creating SYN packet...")
- # start constructing the packet
- packet = '' # final IP packet to send
- payload = b'' # this is the message to send but it is void when establishing the connection (when SYN is on)
- # note that this variable is useless for this program, but I added it to make the code
- # more understandable
- # ip header fields
- version = 4 # version: IPv4
- ihl = 5 # internet header length: 5 words (20 bytes)
- tos = 0 # type of service: irrelevant for our purpose
- tot_len = calculate_packet_total_length() # total length: IP packet total length
- identification = 54321 # identification (packet ID): irrelevant for our purpose
- fragment_offset = 0 # fragment offset (it includes flags): irrelevant for our purpose
- ttl = 255 # time-to-live: set to the max (2^8 - 1 = 255)
- protocol = 6#socket.IPPROTO_TCP # protocol: tcp protocol
- ip_header_checksum = 0 # ip header checksum
- source_ip = socket.inet_aton(src_ip) # source IP address
- dest_ip = socket.inet_aton(dst_ip) # destination IP address
- # version and ihl are 4 bits each, but the minimum we can store is 8-bit (1 byte)
- # so we have to put them together
- version_ihl = (version << 4) + ihl
- # temporary ip header to compute checksum
- tmp_ip_header = pack('!BBHHHBBH4s4s',
- version_ihl, tos, tot_len, # ip header 1st row (first 32 bits)
- identification, fragment_offset, # 2nd row
- ttl, protocol, ip_header_checksum, # 3rd row
- source_ip, # 4th row
- dest_ip) # 5th row
- ip_header_checksum = checksum(tmp_ip_header)
- # pack the ip header (the ! stands for big-endian notation)
- # ip header in this case is 5 row, 32 bits each => that's why total length is 5 words
- ip_header = pack('!BBHHHBBH4s4s',
- version_ihl, tos, tot_len, # ip header 1st row (first 32 bits)
- identification, fragment_offset, # 2nd row
- ttl, protocol, ip_header_checksum, # 3rd row
- source_ip, # 4th row
- dest_ip) # 5th row
- # tcp header fields
- #source_port = socket.htons(src_port) # source port
- #dest_port = socket.htons(dst_port) # destination port
- source_port = src_port
- dest_port = dst_port
- seq = 0 # sequence number
- ack_seq = 0 # acknowledgement number (ACK)
- data_offset = 5 # data offset: where data (payload) starts relative to the TCP header (it starts after the 5 words TCP header)
- reserved_ns = 0 # reserved field (3 bits) + NS (1 bit): irrelevant for our purpose
- fin = 0 # FIN bit
- syn = 1 # SYN bit: we want this to be active
- rst = 0 # RST bit
- psh = 0 # PSH bit
- ack = 0 # ACK bit
- urg = 0 # URG bit
- ecu = 0 # ECU bit
- cwr = 0 # CWR bit
- window_size = socket.htons(5840) # window size: maximum window size
- tcp_checksum = 0 # tcp checksum: calculated on pseudo-header + tcp header + payload (checksum is 0 in computation)
- urg_ptr = 0 # urgent pointer (only needed when URG bit is on): irrelevant for our purpose
- # data offset and (reserved + NS) are 4 bits each, but the minimum we can store is 8-bit (1 byte)
- # so we have to put them together
- data_offset_reserved_ns = (data_offset << 4) + reserved_ns
- # put 1-bit flags together
- tcp_flags = fin + (syn << 1) + (rst << 2) + (psh << 3) + (ack << 4) + (urg << 5) + (ecu << 6) + (cwr << 7)
- # pack the temporary tcp header (used for checksum computation)
- tmp_tcp_header = pack('!HHLLBBHHH',
- source_port, dest_port, # 1st row (each row is 32 bits long)
- seq, # 2nd row
- ack_seq, # 3rd row
- data_offset_reserved_ns, tcp_flags, window_size, # 4th row
- tcp_checksum, urg_ptr) # 5th row
- # pseudo header fields
- source_address = socket.inet_aton(src_ip) # inet_aton() converts an IPv4 address from dotted-quad string format (for example, ‘123.45.67.89’) to 32-bit packed binary format
- dest_address = socket.inet_aton(dst_ip) # same as aboce
- placeholder = 0 # 4 bit filled with zeros (used for padding)
- protocol = socket.IPPROTO_TCP # protocol we're using (TCP = 0x0006)
- tcp_length = len(tmp_tcp_header) + len(payload) # tcp segment length
- # pack the pseudo-header
- pseudo_header = pack('!4s4sBBH',
- source_address, # 1st row
- dest_address, # 2nd row
- placeholder, protocol, tcp_length) # 3rd row
- # TCP checksum computation
- tcp_checksum = checksum(pseudo_header + tmp_tcp_header + payload)
- # pack the final tcp header
- tcp_header = pack('!HHLLBBHHH',
- source_port, dest_port, # 1st row (each row is 32 bits long)
- seq, # 2nd row
- ack_seq, # 3rd row
- data_offset_reserved_ns, tcp_flags, window_size, # 4th row
- tcp_checksum, urg_ptr) # 5th row
- tcp_segment = tcp_header + payload
- packet = ip_header + tcp_segment
- print("[*] TCP checksum: " + hex(tcp_checksum))
- return packet
- def to_mypcap(packet):
- t = iter(packet.hex())
- return ' '.join(a+b for a,b in zip(t, t))
- def save_to_file_as_mypcap(mypcap_packet, file_name, format='normal', ethernet_frame=False):
- ethernet_frame_prefix = ''
- if ethernet_frame:
- ethernet_frame_prefix = '9c97264832bc98541b9f5de40800'
- string_to_save = ''
- if format == 'hex_dump':
- tmp_packet = mypcap_packet.replace(' ', '')
- tmp_packet = ethernet_frame_prefix + tmp_packet
- for i in range(0, len(tmp_packet), 32):
- prefix = '{0:04d}'.format(int(i / 32) * 10) + ' '
- m = min(len(tmp_packet) - i, 32)
- content = tmp_packet[i:i+m]
- t = iter(content)
- content = ' '.join(a+b for a,b in zip(t, t)) + '\n'
- string_to_save += prefix + content
- else:
- string_to_save = mypcap_packet
- try:
- f = open(file_name, 'w')
- f.write(string_to_save)
- f.close()
- except:
- return False
- return True
- def save_to_file_as_binary(binary_packet, file_name):
- try:
- f = open(file_name, 'wb')
- f.write(binary_packet)
- f.close()
- except:
- return False
- return True
- def main():
- #packet = b'E\x00\x00\xf0\x00\x00@\x00@\x11\xb4\xb0\xc0\xa8\x01\xfd\xc0\xa8\x01\xff\x00\x8a\x00\x8a\x00\xdc7\x1e\x11\nD\x97\xc0\xa8\x01\xfd\x00\x8a\x00\xc6\x00\x00 FEEFEDEIEOEJEDEPEMEPFCCACACACAAA\x00 FHEPFCELEHFCEPFFFACACACACACACABO\x00\xffSMB%\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00,\x00V\x00\x03\x00\x01\x00\x01\x00\x02\x00=\x00\\MAILSLOT\\BROWSE\x00\x0f6\x80\xfc\n\x00TECHNICOLOR\x00\x00\x00\x00\x00\x04\t\x03\x9a\x04\x00\x0f\x01U\xaaDSL Gateway\x00'
- #mypcap_packet = to_mypcap(packet)
- #save_to_file_as_mypcap(mypcap_packet, 'test_packet_log.mypcap', format='hex_dump')
- #save_to_file_as_binary(packet, 'test_packet_log.bin')
- #return
- src_ip = '192.168.1.74'
- dest_ip = '192.168.1.66'
- src_port = 1234
- dest_port = 5018
- # create a raw socket
- s = None
- try:
- s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
- except socket.error:#, msg:
- print("[!] Socket cannot be created. Error: ")# + str(socket.error.strerror))
- #print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]
- sys.exit(1)
- # tell kernel not to put in headers, since we are providing it
- s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
- packet = create_syn_packet(src_ip, dest_ip, src_port, dest_port)
- for i in range(0, 100):
- src_port += 1
- num_of_bytes_sent = s.sendto(packet, (dest_ip, dest_port))
- print('[*] Number of bytes sent: {} bytes'.format(num_of_bytes_sent))
- mypcap_packet = to_mypcap(packet)
- save_to_file_as_mypcap(mypcap_packet, 'packet_log.mypcap', format='hex_dump', ethernet_frame=True)
- save_to_file_as_binary(packet, 'packet_log.bin')
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement