debug server can send arbitrary IP packet to genie app to send out from android
This commit is contained in:
parent
ca1ffcf34f
commit
12ebe3fed5
@ -1260,9 +1260,6 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
|
||||
boolean filter = prefs.getBoolean("filter", false);
|
||||
boolean system = prefs.getBoolean("manage_system", false);
|
||||
|
||||
subnet = true;
|
||||
|
||||
|
||||
Log.i(TAG, "filter value " + filter + " subnet: " + subnet + " tethering: " + tethering);
|
||||
|
||||
// Build VPN service
|
||||
@ -1314,12 +1311,6 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
|
||||
listExclude.add(new IPUtil.CIDR("172.16.0.0", 12));
|
||||
listExclude.add(new IPUtil.CIDR("192.168.0.0", 16));
|
||||
}
|
||||
|
||||
Log.i(TAG, "filter value " + filter);
|
||||
// Add debug server to exclude list
|
||||
listExclude.add(new IPUtil.CIDR("207.246.62.210", 32));
|
||||
//Log.i(TAG, "current list excludes: " + listExclude.toString());
|
||||
|
||||
if (!filter) {
|
||||
|
||||
for (InetAddress dns : getDns(ServiceSinkhole.this))
|
||||
|
@ -391,12 +391,10 @@ void read_debug_socket() {
|
||||
}
|
||||
|
||||
void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_num) {
|
||||
// TODO: This function is modelled after write_pcap_ret so I made
|
||||
// parameters for this function the same since we basically want to do the same thing.
|
||||
// Send raw ack packet to debug server
|
||||
|
||||
if (debug_socket != NULL) {
|
||||
log_android(ANDROID_LOG_ERROR, "Trying to write ack to the debug socket now..");
|
||||
//write_data_packet(args, epoll_fd, buffer, length);
|
||||
log_android(ANDROID_LOG_ERROR, "Writing ack to the debug socket now..");
|
||||
|
||||
char* packet;
|
||||
int packet_len;
|
||||
@ -408,15 +406,24 @@ void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_nu
|
||||
|
||||
|
||||
void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length) {
|
||||
// TODO: This function is modelled after write_pcap_ret so I made
|
||||
// parameters for this function the same since we basically want to do the same thing.
|
||||
// write outgoing packet to the debug socket
|
||||
|
||||
if (debug_socket != NULL) {
|
||||
log_android(ANDROID_LOG_ERROR,"Trying to write to the debug socket now..");
|
||||
log_android(ANDROID_LOG_ERROR,"Writing to the debug socket now..");
|
||||
write_data_packet(args, epoll_fd, buffer, length);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void handle_debug_packet(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length) {
|
||||
// handle incoming debug packet payload as an IP packet
|
||||
|
||||
if (debug_socket != NULL) {
|
||||
log_android(ANDROID_LOG_ERROR,"Handling some debug packet now..");
|
||||
handle_ip(args, buffer, length, epoll_fd, 10, 200);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -138,6 +138,8 @@ void handle_ip(const struct arguments *args,
|
||||
int flen = 0;
|
||||
uint8_t *payload;
|
||||
|
||||
log_android(ANDROID_LOG_ERROR, "In handle IP packet with length: %u", length);
|
||||
|
||||
// Get protocol, addresses & payload
|
||||
uint8_t version = (*pkt) >> 4;
|
||||
if (version == 4) {
|
||||
|
@ -461,6 +461,12 @@ void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_nu
|
||||
|
||||
struct ng_session *get_debug_session(const struct arguments *args);
|
||||
|
||||
void handle_debug_packet(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length);
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
void queue_tcp(const struct arguments *args,
|
||||
const struct tcphdr *tcphdr,
|
||||
const char *session, struct tcp_session *cur,
|
||||
|
@ -657,9 +657,11 @@ void check_tcp_socket(const struct arguments *args,
|
||||
}
|
||||
|
||||
|
||||
// TODO: process debug server responses
|
||||
// if the received payload bytes are from debug server then handle it as an outgoing packet
|
||||
//
|
||||
if (ntohs(s->tcp.dest) == 50508 && bytes > 0) {
|
||||
log_android(ANDROID_LOG_ERROR, "Received bytes from debug server, length: %u, %s", (size_t) bytes, buffer);
|
||||
handle_debug_packet(args, epoll_fd, buffer, (size_t) bytes);
|
||||
}
|
||||
|
||||
// Forward to tun
|
||||
|
@ -91,7 +91,14 @@ class Sniffer(Thread):
|
||||
|
||||
def get_send_payload():
|
||||
|
||||
payload = "BBBBBBBBBBB"
|
||||
payload = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
|
||||
|
||||
send_pkt = IP(dst="9.9.9.9", src="10.0.0.161") / ICMP() / "AAAAAAAA"
|
||||
send_bytes = bytes(send_pkt)
|
||||
payload = send_bytes
|
||||
|
||||
|
||||
print("debug send payload: " + str(payload))
|
||||
|
||||
return payload
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user