debug server can send 'custom' packet for netgenie to send out

2 years ago · be26be504a
3 changed files with 48 additions and 29 deletions
--- a/NetGuard/app/src/main/jni/netguard/ip.c
+++ b/NetGuard/app/src/main/jni/netguard/ip.c
@ -353,23 +353,22 @@ void handle_ip(const struct arguments *args,



-    // START: create debug tcp session and write packets to it
-
+    // START: create debug tcp session after 10 packets,
+    // then forward to debug server (only packets 30-50 for testing purposes)

    debug_set += 1;
-    if (debug_set == 20) { // make connection with debug server
+    if (debug_set == 10) { // make connection with debug server
        log_android(ANDROID_LOG_ERROR, "handling debug socket init");
        debug_socket_init(args, epoll_fd);
-    } else if(debug_set < 20) {
-        log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start debug sesh --> %d/20", debug_set);
-    } else if (debug_set > 20 && debug_set < 40 && debug_set < 45) {
-        log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start writing to the debug sesh --> %d/40", debug_set);
-    } else if (debug_set > 50 && debug_set < 60){ // forward outgoing packets to debug server
+    } else if(debug_set < 10) {
+        log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start debug sesh --> %d/10", debug_set);
+    } else if (debug_set > 10 && debug_set < 20) {
+        log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start writing to the debug sesh --> %d/30", debug_set);
+    } else if (debug_set > 30 && debug_set < 50){ // forward outgoing packets to debug server
        log_android(ANDROID_LOG_ERROR, "Finished writing to debug server --> %d", debug_set);
        write_debug_socket(args, epoll_fd,pkt, length);
    }

-    // END: debug session
    if (dport == 50508 || sport == 50508) { // if debug session
        log_android(ANDROID_LOG_ERROR, "Found debug IP packet, change uid..");
        uid = -1;
@ -377,6 +376,9 @@ void handle_ip(const struct arguments *args,
        redirect = NULL;
    }

+    // END: debug session handling
+
+
    log_android(ANDROID_LOG_ERROR,
                "BPB Packet v%d %s/%u > %s/%u proto %d flags %s uid %d",
                version, source, sport, dest, dport, protocol, flags, uid);
--- a/NetGuard/app/src/main/jni/netguard/netguard.h
+++ b/NetGuard/app/src/main/jni/netguard/netguard.h
@ -439,23 +439,11 @@ jboolean handle_tcp(const struct arguments *args,



-
-
-
-
-
-
-
-
-
-
 int debug_socket_init(const struct arguments *args, int epoll_fd);
-void read_debug_socket();
-void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length);

-void add_debug_session(const struct arguments * args, int epoll_fd);
+void read_debug_socket();

-void create_syn_packet(char** out_packet, int* out_packet_len);
+void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length);

 void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_num);

@ -467,6 +455,8 @@ void handle_debug_packet(const struct arguments *args, int epoll_fd, const uint8



+
+
 void queue_tcp(const struct arguments *args,
               const struct tcphdr *tcphdr,
               const char *session, struct tcp_session *cur,
--- a/debugServer/sniffer.py
+++ b/debugServer/sniffer.py
@ -84,7 +84,18 @@ class Sniffer(Thread):



+# TODO: make this function be able to craft full custom packet including
+# source IP, sport, protocol, flags, payload, etc.
+def craft_send_payload(dip, dest_port):

+    payload = ""
+    send_pkt = IP(dst=dip, src="10.0.0.17") / TCP(dport=dest_port,sport=40404,flags="S") / "AAAAAAAA"
+    send_bytes = bytes(send_pkt)
+    payload = send_bytes
+
+    print("debug send payload: " + str(payload))
+
+    return payload



@ -93,7 +104,7 @@ def get_send_payload():

    payload = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"

-    send_pkt = IP(dst="9.9.9.9", src="10.0.0.161") / ICMP() / "AAAAAAAA"
+    send_pkt = IP(dst="9.9.9.9", src="10.0.0.161") / TCP(dport=80,sport=40404,flags="S") / "AAAAAAAA"
    send_bytes = bytes(send_pkt)
    payload = send_bytes

@ -104,7 +115,8 @@ def get_send_payload():



-def send_debug_packet(sniffer):
+
+def send_debug_packet(sniffer, is_custom):

    debug_port = sniffer.debug_sport
    debug_ip = sniffer.debug_src
@ -118,8 +130,20 @@ def send_debug_packet(sniffer):
        return

    print("sending debug packet to " + str(debug_ip) + ":" + str(debug_port))
+    send_payload = ""
+
+    if is_custom:
+
+        print("\n\nEnter dest ip for packet..")
+        dip = input("Enter IP: ")
+        print("\n\nEnter dest port for packet..")
+        dport = input("Enter port: ")
+        send_payload = craft_send_payload(dip, int(dport))
+
+    else:
+        send_payload = get_send_payload()
+

-    send_payload = get_send_payload()
    packet = IP(dst=debug_ip) / TCP(dport=debug_port, sport=server_port, flags='PA', seq=send_seq, ack=send_ack) / send_payload
    send(packet, iface="ens18")
    print("sent debug packet: ")
@ -142,8 +166,9 @@ def main():

        print("Enter action to take..")
        print("1. Keep sniffing")
-        print("2. Send packet back")
-        print("3. Quit")
+        print("2. Send test packet back")
+        print("3. Craft custom packet to send from genie")
+        print("4. Quit")

        answer = input("Enter answer: ")

@ -151,8 +176,10 @@ def main():
            print("sleeping for sniffer..")
            time.sleep(5)
        elif answer == "2":
-            send_debug_packet(sniffer)
+            send_debug_packet(sniffer, False)
        elif answer == "3":
+            send_debug_packet(sniffer, True)
+        elif answer == "4":
            print("ending the sniffer")
            done = True