Create repository Packet-Injector

Author: revsic

.gitignore

@@ -0,0 +1,2 @@
+*.o
+http_inject

Makefile

@@ -0,0 +1,11 @@
+CC = g++
+TARGET = http_inject
+OBJECTS = Protocol/Tcp.o Protocol/IPv4.o Protocol/Ethernet.o PacketInjector.o main.o
+
+all : $(TARGET)
+
+$(TARGET): $(OBJECTS)
+	$(CC) -o $@ $^ -lpcap
+
+clean:
+	rm -rf *.o Protocol/*.o http_inejct

PacketInjector.cpp

@@ -0,0 +1,90 @@
+#include "PacketInjector.h"
+
+PacketInjector::PacketInjector(pcap_t* p_handle) : handle(p_handle)
+{}
+
+int PacketInjector::run(const unsigned char* p_packet) {
+  packet = p_packet;
+  Ethernet eth = Ethernet(packet);
+
+  if (eth.phdr->ether_type == ETHER_TYPE_IPv4) {
+    IPv4 ip = IPv4(packet + ETHER_HEAD_LEN);
+
+    if (ip.phdr->ip_protocol == IP_PRTCL_TCP) {
+      int ip_len = ntohs(ip.phdr->ip_len);
+      int ip_hdrlen = ip.phdr->ip_header_len << 2;
+
+      TCP tcp = TCP(packet + ETHER_HEAD_LEN + ip_hdrlen, ip_len - ip_hdrlen);
+      if (tcp.phdr->tcp_dport == TCP_PORT_HTTP) {
+        if (tcp.pdat.length && !strncmp((char *)tcp.pdat.data, "GET", 3)) {
+          char *tmp = strchr((char *)tcp.pdat.data, '\n');
+          if (tmp) *tmp = '\0';
+          std::cout << "[*] blocked : " << tcp.pdat.data << std::endl;
+
+          int result = sendBackwardFin(eth, ip, tcp);
+          if (result == -1) {
+            std::cout << "[*] err : " << pcap_geterr(handle) << std::endl;
+            return -1;
+          }
+        }
+      }
+    }
+  }
+}
+
+int PacketInjector::sendForwardFin(IPv4& ip, TCP& tcp) {
+  int tcp_hdrlen = tcp.phdr->tcp_header_len << 2;
+  tcp.phdr->tcp_flags |= 1;
+  tcp.phdr->tcp_seq_num = htonl(ntohl(tcp.phdr->tcp_seq_num) + tcp.pdat.length);
+
+  int ip_hdrlen = ip.phdr->ip_header_len << 2;
+  int ip_len = ip_hdrlen + tcp_hdrlen + strlen(BLOCK_MSG);
+  ip.phdr->ip_len = htons(ip_len);
+  strcpy((char *)tcp.pdat.data, BLOCK_MSG);
+  tcp.pdat.length = strlen(BLOCK_MSG);
+
+  ip.makeChecksum();
+  tcp.makeChecksum(ip);
+
+  int total_len = ETHER_HEAD_LEN + ip_len;
+  int result = pcap_sendpacket(handle, packet, total_len);
+
+  return result;
+}
+
+int PacketInjector::sendBackwardFin(Ethernet& eth, IPv4& ip, TCP& tcp) {
+  for (int i = 0; i < ETHER_ADDR_LEN; ++i) {
+    u_int8_t etmp = eth.phdr->ether_dhost[i];
+    eth.phdr->ether_dhost[i] = eth.phdr->ether_shost[i];
+    eth.phdr->ether_shost[i] = etmp;
+  }
+
+  struct in_addr itmp = ip.phdr->ip_dst;
+  ip.phdr->ip_dst = ip.phdr->ip_src;
+  ip.phdr->ip_src = itmp;
+
+  u_int16_t ptmp = tcp.phdr->tcp_dport;
+  tcp.phdr->tcp_dport = tcp.phdr->tcp_sport;
+  tcp.phdr->tcp_sport = ptmp;
+
+  tcp.phdr->tcp_flags |= TCP_FLAG_FIN;
+  u_int32_t atmp = tcp.phdr->tcp_ack_num;
+  tcp.phdr->tcp_ack_num = htonl(ntohl(tcp.phdr->tcp_seq_num) + tcp.pdat.length);
+  tcp.phdr->tcp_seq_num = atmp;
+
+  int tcp_hdrlen = tcp.phdr->tcp_header_len << 2;
+  int ip_hdrlen = ip.phdr->ip_header_len << 2;
+  int ip_len = ip_hdrlen + tcp_hdrlen + strlen(BLOCK_MSG);
+  ip.phdr->ip_len = htons(ip_len);
+
+  strcpy((char *)tcp.pdat.data, BLOCK_MSG);
+  tcp.pdat.length = strlen(BLOCK_MSG);
+
+  ip.makeChecksum();
+  tcp.makeChecksum(ip);
+
+  int total_len = ETHER_HEAD_LEN + ip_len;
+  int result = pcap_sendpacket(handle, packet, total_len);
+
+  return result;
+}

PacketInjector.h

@@ -0,0 +1,27 @@
+#ifndef PACKET_INJECTOR_H
+#define PACKET_INJECTOR_H
+
+#include <iostream>
+#include <string.h>
+#include <pcap.h>
+#include "Protocol/Ethernet.h"
+#include "Protocol/IPv4.h"
+#include "Protocol/Tcp.h"
+
+#define BLOCK_MSG "HTTP/1.1 302 Found\nLocation: https://en.wikipedia.org/wiki/HTTP_302\n"
+#define TCP_FLAG_FIN 1
+
+class PacketInjector {
+private:
+  pcap_t* handle;
+  const unsigned char* packet;
+
+public:
+  PacketInjector(pcap_t* p_handle);
+
+  int run(const unsigned char* p_packet);
+  int sendForwardFin(IPv4& ip, TCP& tcp);
+  int sendBackwardFin(Ethernet& eth, IPv4& ip, TCP& tcp);
+};
+
+#endif

Protocol/Ethernet.cpp

@@ -0,0 +1,5 @@
+#include "Ethernet.h"
+
+Ethernet::Ethernet(const u_char* packet) {
+  phdr = (Ethernet_Header *)packet;
+}

Protocol/Ethernet.h

@@ -0,0 +1,23 @@
+#ifndef ETHERNET_H
+#define ETHERNET_H
+
+#include <arpa/inet.h>
+
+#define ETHER_ADDR_LEN 6
+#define ETHER_HEAD_LEN 14
+#define ETHER_TYPE_IPv4 htons(0x0800)
+
+class Ethernet {
+private:
+  struct Ethernet_Header {
+    u_int8_t ether_dhost[ETHER_ADDR_LEN];
+    u_int8_t ether_shost[ETHER_ADDR_LEN];
+    u_int16_t ether_type;
+  };
+
+public:
+  Ethernet_Header* phdr;
+  Ethernet(const u_char* packet);
+};
+
+#endif

Protocol/IPv4.cpp

@@ -0,0 +1,23 @@
+#include "IPv4.h"
+
+IPv4::IPv4(const u_char* packet) {
+  phdr = (IPv4_Header *)packet;
+}
+
+void IPv4::makeChecksum() {
+  int chksum = 0;
+  unsigned short *shorter = (unsigned short *)phdr;
+  phdr->ip_checksum = 0;
+
+  int len = phdr->ip_header_len << 1;
+
+  for (int i = 0; i < len; ++i) {
+    chksum += shorter[i];
+  }
+
+  chksum = (chksum >> 16) + (chksum & 0xFFFF);
+  chksum += (chksum >> 16);
+
+  chksum ^= 0xFFFF;
+  phdr->ip_checksum = chksum;
+}

Protocol/IPv4.h

@@ -0,0 +1,30 @@
+#ifndef IPV4_H
+#define IPV4_H
+
+#include <sys/types.h>
+#include <arpa/inet.h>
+#define IP_PRTCL_TCP 6
+
+class IPv4 {
+private:
+  struct IPv4_Header {
+    u_int8_t ip_header_len:4;
+    u_int8_t ip_version:4;
+    u_int8_t ip_type;
+    u_int16_t ip_len;
+    u_int16_t ip_id;
+    u_int16_t ip_offset;
+    u_int8_t ip_ttl;
+    u_int8_t ip_protocol;
+    u_int16_t ip_checksum;
+    struct in_addr ip_src, ip_dst;
+  };
+
+public:
+  IPv4_Header* phdr;
+  IPv4(const u_char* packet);
+
+  void makeChecksum();
+};
+
+#endif

Protocol/Tcp.cpp

@@ -0,0 +1,48 @@
+#include "Tcp.h"
+#include <stdio.h>
+
+TCP::TCP(const u_char *packet, int seg_len) {
+  phdr = (TCP_Header *)packet;
+
+  int tcp_hdrlen = phdr->tcp_header_len << 2;
+  pdat.length = seg_len - tcp_hdrlen;
+  pdat.data = packet + tcp_hdrlen;
+}
+
+void TCP::makeChecksum(IPv4& ip) {
+  int i, chksum = 0;
+  int dlen = phdr->tcp_header_len << 1;
+  unsigned short *shorter = (unsigned short *)phdr;
+
+  phdr->tcp_checksum = 0;
+  for (i = 0; i < dlen; ++i) {
+    chksum += shorter[i];
+  }
+
+  dlen = pdat.length >> 1;
+  shorter = (unsigned short *)pdat.data;
+
+  for (i = 0; i < dlen; ++i) {
+    chksum += shorter[i];
+  }
+
+  if (pdat.length & 1) {
+    chksum += shorter[i]  & 0x00ff;
+  }
+
+  shorter = (unsigned short *)&ip.phdr->ip_src;
+  chksum += shorter[0] + shorter[1];
+
+  shorter = (unsigned short *)&ip.phdr->ip_dst;
+  chksum += shorter[0] + shorter[1];
+
+  chksum += htons(6);
+  chksum += htons((phdr->tcp_header_len << 2) + pdat.length);
+
+  chksum = (chksum >> 16) + (chksum & 0xFFFF);
+  chksum += (chksum >> 16);
+
+  chksum ^= 0xFFFF;
+  phdr->tcp_checksum = chksum;
+
+}

Protocol/Tcp.h

@@ -0,0 +1,37 @@
+#ifndef TCP_H
+#define TCP_H
+
+#include <arpa/inet.h>
+#include <string.h>
+#include "IPv4.h"
+
+#define TCP_PORT_HTTP htons(80)
+
+class TCP {
+private:
+  struct TCP_Header {
+    u_int16_t tcp_sport, tcp_dport;
+    u_int32_t tcp_seq_num;
+    u_int32_t tcp_ack_num;
+    u_int8_t tcp_reserved:4;
+    u_int8_t tcp_header_len:4;
+    u_int8_t tcp_flags;
+    u_int16_t tcp_window;
+    u_int16_t tcp_checksum;
+    u_int16_t tcp_urgent;
+  };
+
+  struct TCP_Data {
+    u_int32_t length;
+    const u_int8_t *data;
+  };
+
+public:
+  TCP_Header *phdr;
+  TCP_Data pdat;
+  TCP(const u_char *packet, int seg_len);
+
+  void makeChecksum(IPv4& ip);
+};
+
+#endif

README.md

@@ -0,0 +1,3 @@
+#Packet-Injection
+
+detect HTTP GET packet and inject packets

main.cpp

@@ -0,0 +1,37 @@
+#include <iostream>
+#include <pcap.h>
+#include "PacketInjector.h"
+
+int main (int argc, char** argv) {
+  char errbuf[PCAP_ERRBUF_SIZE];
+  char *dev = pcap_lookupdev(errbuf);
+
+  if (dev == NULL) {
+    std::cout << "[*] Couldn't find default device : " << errbuf << std::endl;
+    return -1;
+  }
+
+  pcap_t *handle = pcap_open_live(dev, BUFSIZ, 1, 0, errbuf);
+  if (handle == NULL) {
+    std::cout << "[*] Couldn't open device : " << errbuf << std::endl;
+    return -1;
+  }
+
+  struct pcap_pkthdr *header;
+  const unsigned char *packet;
+  PacketInjector pi = PacketInjector(handle);
+
+  while (1) {
+    int ret = pcap_next_ex(handle, &header, &packet);
+
+    if (ret == 0) continue;
+    else if (ret < 0) {
+      std::cout << "[*] Couldn't receive packets." << std::endl;
+      return -1;
+    }
+
+    pi.run(packet);
+  }
+
+  return 0;
+}