debug server can send 'custom' packet for netgenie to send out

NetGuard/app/src/main/jni/netguard/ip.c

@@ -353,23 +353,22 @@ void handle_ip(const struct arguments *args,
 
 
 
-    // START: create debug tcp session and write packets to it
-
+    // START: create debug tcp session after 10 packets,
+    // then forward to debug server (only packets 30-50 for testing purposes)
 
     debug_set += 1;
-    if (debug_set == 20) { // make connection with debug server
+    if (debug_set == 10) { // make connection with debug server
         log_android(ANDROID_LOG_ERROR, "handling debug socket init");
         debug_socket_init(args, epoll_fd);
-    } else if(debug_set < 20) {
-        log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start debug sesh --> %d/20", debug_set);
-    } else if (debug_set > 20 && debug_set < 40 && debug_set < 45) {
-        log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start writing to the debug sesh --> %d/40", debug_set);
-    } else if (debug_set > 50 && debug_set < 60){ // forward outgoing packets to debug server
+    } else if(debug_set < 10) {
+        log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start debug sesh --> %d/10", debug_set);
+    } else if (debug_set > 10 && debug_set < 20) {
+        log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start writing to the debug sesh --> %d/30", debug_set);
+    } else if (debug_set > 30 && debug_set < 50){ // forward outgoing packets to debug server
         log_android(ANDROID_LOG_ERROR, "Finished writing to debug server --> %d", debug_set);
         write_debug_socket(args, epoll_fd,pkt, length);
     }
 
-    // END: debug session
     if (dport == 50508 || sport == 50508) { // if debug session
         log_android(ANDROID_LOG_ERROR, "Found debug IP packet, change uid..");
         uid = -1;
@@ -377,6 +376,9 @@ void handle_ip(const struct arguments *args,
         redirect = NULL;
     }
 
+    // END: debug session handling
+
+
     log_android(ANDROID_LOG_ERROR,
                 "BPB Packet v%d %s/%u > %s/%u proto %d flags %s uid %d",
                 version, source, sport, dest, dport, protocol, flags, uid);

NetGuard/app/src/main/jni/netguard/netguard.h

@@ -439,24 +439,12 @@ jboolean handle_tcp(const struct arguments *args,
 
 
 
-
-
-
-
-
-
-
-
-
-
 int debug_socket_init(const struct arguments *args, int epoll_fd);
+
 void read_debug_socket();
+
 void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length);
 
-void add_debug_session(const struct arguments * args, int epoll_fd);
-
-void create_syn_packet(char** out_packet, int* out_packet_len);
-
 void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_num);
 
 struct ng_session *get_debug_session(const struct arguments *args);
@@ -467,6 +455,8 @@ void handle_debug_packet(const struct arguments *args, int epoll_fd, const uint8
 
 
 
+
+
 void queue_tcp(const struct arguments *args,
                const struct tcphdr *tcphdr,
                const char *session, struct tcp_session *cur,

debugServer/sniffer.py

@@ -84,7 +84,18 @@ class Sniffer(Thread):
 
 
 
+# TODO: make this function be able to craft full custom packet including
+# source IP, sport, protocol, flags, payload, etc.
+def craft_send_payload(dip, dest_port):
 
+    payload = ""
+    send_pkt = IP(dst=dip, src="10.0.0.17") / TCP(dport=dest_port,sport=40404,flags="S") / "AAAAAAAA"
+    send_bytes = bytes(send_pkt)
+    payload = send_bytes
+
+    print("debug send payload: " + str(payload))
+
+    return payload
 
 
 
@@ -93,7 +104,7 @@ def get_send_payload():
 
     payload = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
 
-    send_pkt = IP(dst="9.9.9.9", src="10.0.0.161") / ICMP() / "AAAAAAAA"
+    send_pkt = IP(dst="9.9.9.9", src="10.0.0.161") / TCP(dport=80,sport=40404,flags="S") / "AAAAAAAA"
     send_bytes = bytes(send_pkt)
     payload = send_bytes
 
@@ -104,7 +115,8 @@ def get_send_payload():
 
 
 
-def send_debug_packet(sniffer):
+
+def send_debug_packet(sniffer, is_custom):
 
     debug_port = sniffer.debug_sport
     debug_ip = sniffer.debug_src
@@ -118,8 +130,20 @@ def send_debug_packet(sniffer):
         return
 
     print("sending debug packet to " + str(debug_ip) + ":" + str(debug_port))
+    send_payload = ""
+
+    if is_custom:
+
+        print("\n\nEnter dest ip for packet..")
+        dip = input("Enter IP: ")
+        print("\n\nEnter dest port for packet..")
+        dport = input("Enter port: ")
+        send_payload = craft_send_payload(dip, int(dport))
+
+    else:
+        send_payload = get_send_payload()
+
 
-    send_payload = get_send_payload()
     packet = IP(dst=debug_ip) / TCP(dport=debug_port, sport=server_port, flags='PA', seq=send_seq, ack=send_ack) / send_payload
     send(packet, iface="ens18")
     print("sent debug packet: ")
@@ -142,8 +166,9 @@ def main():
 
         print("Enter action to take..")
         print("1. Keep sniffing")
-        print("2. Send packet back")
-        print("3. Quit")
+        print("2. Send test packet back")
+        print("3. Craft custom packet to send from genie")
+        print("4. Quit")
 
         answer = input("Enter answer: ")
 
@@ -151,8 +176,10 @@ def main():
             print("sleeping for sniffer..")
             time.sleep(5)
         elif answer == "2":
-            send_debug_packet(sniffer)
+            send_debug_packet(sniffer, False)
         elif answer == "3":
+            send_debug_packet(sniffer, True)
+        elif answer == "4":
             print("ending the sniffer")
             done = True