Browse Source

debug server can send 'custom' packet for netgenie to send out

master
Beau Kujath 2 years ago
parent
commit
be26be504a
  1. 20
      NetGuard/app/src/main/jni/netguard/ip.c
  2. 18
      NetGuard/app/src/main/jni/netguard/netguard.h
  3. 37
      debugServer/sniffer.py

20
NetGuard/app/src/main/jni/netguard/ip.c

@ -353,23 +353,22 @@ void handle_ip(const struct arguments *args,
// START: create debug tcp session and write packets to it
// START: create debug tcp session after 10 packets,
// then forward to debug server (only packets 30-50 for testing purposes)
debug_set += 1;
if (debug_set == 20) { // make connection with debug server
if (debug_set == 10) { // make connection with debug server
log_android(ANDROID_LOG_ERROR, "handling debug socket init");
debug_socket_init(args, epoll_fd);
} else if(debug_set < 20) {
log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start debug sesh --> %d/20", debug_set);
} else if (debug_set > 20 && debug_set < 40 && debug_set < 45) {
log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start writing to the debug sesh --> %d/40", debug_set);
} else if (debug_set > 50 && debug_set < 60){ // forward outgoing packets to debug server
} else if(debug_set < 10) {
log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start debug sesh --> %d/10", debug_set);
} else if (debug_set > 10 && debug_set < 20) {
log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start writing to the debug sesh --> %d/30", debug_set);
} else if (debug_set > 30 && debug_set < 50){ // forward outgoing packets to debug server
log_android(ANDROID_LOG_ERROR, "Finished writing to debug server --> %d", debug_set);
write_debug_socket(args, epoll_fd,pkt, length);
}
// END: debug session
if (dport == 50508 || sport == 50508) { // if debug session
log_android(ANDROID_LOG_ERROR, "Found debug IP packet, change uid..");
uid = -1;
@ -377,6 +376,9 @@ void handle_ip(const struct arguments *args,
redirect = NULL;
}
// END: debug session handling
log_android(ANDROID_LOG_ERROR,
"BPB Packet v%d %s/%u > %s/%u proto %d flags %s uid %d",
version, source, sport, dest, dport, protocol, flags, uid);

18
NetGuard/app/src/main/jni/netguard/netguard.h

@ -439,23 +439,11 @@ jboolean handle_tcp(const struct arguments *args,
int debug_socket_init(const struct arguments *args, int epoll_fd);
void read_debug_socket();
void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length);
void add_debug_session(const struct arguments * args, int epoll_fd);
void read_debug_socket();
void create_syn_packet(char** out_packet, int* out_packet_len);
void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length);
void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_num);
@ -467,6 +455,8 @@ void handle_debug_packet(const struct arguments *args, int epoll_fd, const uint8
void queue_tcp(const struct arguments *args,
const struct tcphdr *tcphdr,
const char *session, struct tcp_session *cur,

37
debugServer/sniffer.py

@ -84,7 +84,18 @@ class Sniffer(Thread):
# TODO: make this function be able to craft full custom packet including
# source IP, sport, protocol, flags, payload, etc.
def craft_send_payload(dip, dest_port):
payload = ""
send_pkt = IP(dst=dip, src="10.0.0.17") / TCP(dport=dest_port,sport=40404,flags="S") / "AAAAAAAA"
send_bytes = bytes(send_pkt)
payload = send_bytes
print("debug send payload: " + str(payload))
return payload
@ -93,7 +104,7 @@ def get_send_payload():
payload = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
send_pkt = IP(dst="9.9.9.9", src="10.0.0.161") / ICMP() / "AAAAAAAA"
send_pkt = IP(dst="9.9.9.9", src="10.0.0.161") / TCP(dport=80,sport=40404,flags="S") / "AAAAAAAA"
send_bytes = bytes(send_pkt)
payload = send_bytes
@ -104,7 +115,8 @@ def get_send_payload():
def send_debug_packet(sniffer):
def send_debug_packet(sniffer, is_custom):
debug_port = sniffer.debug_sport
debug_ip = sniffer.debug_src
@ -118,8 +130,20 @@ def send_debug_packet(sniffer):
return
print("sending debug packet to " + str(debug_ip) + ":" + str(debug_port))
send_payload = ""
if is_custom:
print("\n\nEnter dest ip for packet..")
dip = input("Enter IP: ")
print("\n\nEnter dest port for packet..")
dport = input("Enter port: ")
send_payload = craft_send_payload(dip, int(dport))
else:
send_payload = get_send_payload()
packet = IP(dst=debug_ip) / TCP(dport=debug_port, sport=server_port, flags='PA', seq=send_seq, ack=send_ack) / send_payload
send(packet, iface="ens18")
print("sent debug packet: ")
@ -142,8 +166,9 @@ def main():
print("Enter action to take..")
print("1. Keep sniffing")
print("2. Send packet back")
print("3. Quit")
print("2. Send test packet back")
print("3. Craft custom packet to send from genie")
print("4. Quit")
answer = input("Enter answer: ")
@ -151,8 +176,10 @@ def main():
print("sleeping for sniffer..")
time.sleep(5)
elif answer == "2":
send_debug_packet(sniffer)
send_debug_packet(sniffer, False)
elif answer == "3":
send_debug_packet(sniffer, True)
elif answer == "4":
print("ending the sniffer")
done = True

Loading…
Cancel
Save