API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 30th, 2020
51
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.18 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python3
  2. import ctypes
  3. import socket
  4.  
  5. #bpf instruction
  6. class bpf_inst(ctypes.Structure):
  7. _fields_=[
  8. ("code",ctypes.c_uint16),
  9. ("jt",ctypes.c_uint8),
  10. ("jf",ctypes.c_uint8),
  11. ("k",ctypes.c_uint32),
  12. ]
  13.  
  14. class bpf_fprog(ctypes.Structure):
  15. _fields_=[
  16. ("length",ctypes.c_ushort),
  17. ("filters",ctypes.POINTER(bpf_inst*5)),
  18. ]
  19.  
  20. class Constants(object):
  21. #bpf classes
  22. BPF_LD=0x00
  23. BPF_LDX=0x01
  24. BPF_ST=0x02
  25. BPF_STX=0x03
  26. BPF_ALU=0x04
  27. BPF_JMP=0x05
  28. BPF_RET=0x06
  29. BPF_MISC=0x07
  30.  
  31. '''For jump and arithmetic instructions
  32. bpf sources
  33. For BPF_ALU or BPF_JMP'''
  34. BPF_K=0x00
  35. BPF_X=0x08
  36. '''bpf opcodes
  37. For BPF_ALU'''
  38. BPF_ADD=0x00
  39. BPF_SUB=0x10
  40. BPF_MUL=0x20
  41. BPF_DIV=0x30
  42. BPF_OR=0x40
  43. BPF_AND=0x50
  44. BPF_LSH=0x60
  45. BPF_RSH=0x70
  46. BPF_NEG=0x80
  47. BPF_MOD=0x90
  48. BPF_XOR=0xa0
  49. BPF_MOV=0xb0
  50. BPF_ARSH=0xc0
  51. BPF_END=0xd0
  52. #For BPF_JMP
  53. BPF_JA=0x00
  54. BPF_JEQ=0x10
  55. BPF_JGT=0x20
  56. BPF_JGE=0x30
  57. BPF_JSET=0x40
  58. BPF_JNE=0x50
  59. BPF_JSGT=0x60
  60. BPF_JSGE=0x70
  61. BPF_CALL=0x80
  62. BPF_EXIT=0x90
  63. BPF_JLT=0xa0
  64. BPF_JLE=0xb0
  65. BPF_JSLT=0xc0
  66. BPF_JSLE=0xd0
  67.  
  68. '''For load and store instruction
  69. bpf size modifiers'''
  70. BPF_W=0x00
  71. BPF_H=0x08
  72. BPF_B=0x10
  73. BPF_DW=0x18
  74. #bpf mode modifiers
  75. BPF_IMM=0x00
  76. BPF_ABS=0x20
  77. BPF_IND=0x40
  78. BPF_MEM=0x60
  79. BPF_LEN=0x80
  80. BPF_MSH=0xa0
  81. BPF_XADD=0xc0
  82.  
  83. BPF_A=0x10
  84.  
  85. #Socket filter
  86. SO_ATTACH_FILTER = 26
  87.  
  88.  
  89.  
  90. filters=[(Constants.BPF_LD | Constants.BPF_H | Constants.BPF_ABS,0,0,12),
  91. (Constants.BPF_JMP | Constants.BPF_JEQ | Constants.BPF_K,0,2,0x800),
  92. (Constants.BPF_LD | Constants.BPF_W | Constants.BPF_ABS,0,0,4),
  93. (Constants.BPF_RET | Constants.BPF_A,0,0,0),
  94. (Constants.BPF_RET | Constants.BPF_K,0,0,0),
  95. ]
  96.  
  97. fprog=bpf_fprog(5,ctypes.pointer((bpf_inst*5)(*filters)))
  98. s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
  99. s.setsockopt(socket.SOL_SOCKET,Constants.SO_ATTACH_FILTER, fprog)
  100. s.bind(('eth0', 0x0800))
  101.  
  102. while True:
  103. data, addr = s.recvfrom(65565)
  104. print(data)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!