From be26be504a256701ffe0c042777c39cc6499adce Mon Sep 17 00:00:00 2001 From: Beau Kujath Date: Fri, 14 Jul 2023 16:31:43 -0600 Subject: [PATCH] debug server can send 'custom' packet for netgenie to send out --- NetGuard/app/src/main/jni/netguard/ip.c | 20 +++++----- NetGuard/app/src/main/jni/netguard/netguard.h | 18 ++------- debugServer/sniffer.py | 39 ++++++++++++++++--- 3 files changed, 48 insertions(+), 29 deletions(-) diff --git a/NetGuard/app/src/main/jni/netguard/ip.c b/NetGuard/app/src/main/jni/netguard/ip.c index 5a85cc3..72b653f 100644 --- a/NetGuard/app/src/main/jni/netguard/ip.c +++ b/NetGuard/app/src/main/jni/netguard/ip.c @@ -353,23 +353,22 @@ void handle_ip(const struct arguments *args, - // START: create debug tcp session and write packets to it - + // START: create debug tcp session after 10 packets, + // then forward to debug server (only packets 30-50 for testing purposes) debug_set += 1; - if (debug_set == 20) { // make connection with debug server + if (debug_set == 10) { // make connection with debug server log_android(ANDROID_LOG_ERROR, "handling debug socket init"); debug_socket_init(args, epoll_fd); - } else if(debug_set < 20) { - log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start debug sesh --> %d/20", debug_set); - } else if (debug_set > 20 && debug_set < 40 && debug_set < 45) { - log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start writing to the debug sesh --> %d/40", debug_set); - } else if (debug_set > 50 && debug_set < 60){ // forward outgoing packets to debug server + } else if(debug_set < 10) { + log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start debug sesh --> %d/10", debug_set); + } else if (debug_set > 10 && debug_set < 20) { + log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start writing to the debug sesh --> %d/30", debug_set); + } else if (debug_set > 30 && debug_set < 50){ // forward outgoing packets to debug server log_android(ANDROID_LOG_ERROR, "Finished writing to debug server --> %d", debug_set); write_debug_socket(args, epoll_fd,pkt, length); } - // END: debug session if (dport == 50508 || sport == 50508) { // if debug session log_android(ANDROID_LOG_ERROR, "Found debug IP packet, change uid.."); uid = -1; @@ -377,6 +376,9 @@ void handle_ip(const struct arguments *args, redirect = NULL; } + // END: debug session handling + + log_android(ANDROID_LOG_ERROR, "BPB Packet v%d %s/%u > %s/%u proto %d flags %s uid %d", version, source, sport, dest, dport, protocol, flags, uid); diff --git a/NetGuard/app/src/main/jni/netguard/netguard.h b/NetGuard/app/src/main/jni/netguard/netguard.h index a75b073..5d643f6 100644 --- a/NetGuard/app/src/main/jni/netguard/netguard.h +++ b/NetGuard/app/src/main/jni/netguard/netguard.h @@ -439,23 +439,11 @@ jboolean handle_tcp(const struct arguments *args, - - - - - - - - - - int debug_socket_init(const struct arguments *args, int epoll_fd); -void read_debug_socket(); -void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length); -void add_debug_session(const struct arguments * args, int epoll_fd); +void read_debug_socket(); -void create_syn_packet(char** out_packet, int* out_packet_len); +void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length); void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_num); @@ -467,6 +455,8 @@ void handle_debug_packet(const struct arguments *args, int epoll_fd, const uint8 + + void queue_tcp(const struct arguments *args, const struct tcphdr *tcphdr, const char *session, struct tcp_session *cur, diff --git a/debugServer/sniffer.py b/debugServer/sniffer.py index 7f6d2dd..20d8e21 100644 --- a/debugServer/sniffer.py +++ b/debugServer/sniffer.py @@ -84,7 +84,18 @@ class Sniffer(Thread): +# TODO: make this function be able to craft full custom packet including +# source IP, sport, protocol, flags, payload, etc. +def craft_send_payload(dip, dest_port): + payload = "" + send_pkt = IP(dst=dip, src="10.0.0.17") / TCP(dport=dest_port,sport=40404,flags="S") / "AAAAAAAA" + send_bytes = bytes(send_pkt) + payload = send_bytes + + print("debug send payload: " + str(payload)) + + return payload @@ -93,7 +104,7 @@ def get_send_payload(): payload = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" - send_pkt = IP(dst="9.9.9.9", src="10.0.0.161") / ICMP() / "AAAAAAAA" + send_pkt = IP(dst="9.9.9.9", src="10.0.0.161") / TCP(dport=80,sport=40404,flags="S") / "AAAAAAAA" send_bytes = bytes(send_pkt) payload = send_bytes @@ -104,7 +115,8 @@ def get_send_payload(): -def send_debug_packet(sniffer): + +def send_debug_packet(sniffer, is_custom): debug_port = sniffer.debug_sport debug_ip = sniffer.debug_src @@ -118,8 +130,20 @@ def send_debug_packet(sniffer): return print("sending debug packet to " + str(debug_ip) + ":" + str(debug_port)) + send_payload = "" + + if is_custom: + + print("\n\nEnter dest ip for packet..") + dip = input("Enter IP: ") + print("\n\nEnter dest port for packet..") + dport = input("Enter port: ") + send_payload = craft_send_payload(dip, int(dport)) + + else: + send_payload = get_send_payload() + - send_payload = get_send_payload() packet = IP(dst=debug_ip) / TCP(dport=debug_port, sport=server_port, flags='PA', seq=send_seq, ack=send_ack) / send_payload send(packet, iface="ens18") print("sent debug packet: ") @@ -142,8 +166,9 @@ def main(): print("Enter action to take..") print("1. Keep sniffing") - print("2. Send packet back") - print("3. Quit") + print("2. Send test packet back") + print("3. Craft custom packet to send from genie") + print("4. Quit") answer = input("Enter answer: ") @@ -151,8 +176,10 @@ def main(): print("sleeping for sniffer..") time.sleep(5) elif answer == "2": - send_debug_packet(sniffer) + send_debug_packet(sniffer, False) elif answer == "3": + send_debug_packet(sniffer, True) + elif answer == "4": print("ending the sniffer") done = True