promiscuous.py

   1 import sys, struct, fcntl
   2 from socket import *
   3 #import socket
   4
   5 SIOCGIFFLAGS = 0x8913
   6 SIOCSIFFLAGS = 0x8914
   7 SIOCGIFHWADDR = 0x8927
   8 SIOCGIFINDEX = 0x8933
   9
  10 SOCK_PACKET = 10
  11 SOL_PACKET = 263
  12
  13 PACKET_ADD_MEMBERSHIP = 1
  14 PACKET_DROP_MEMBERSHIP = 2
  15
  16 PACKET_MR_MULTICAST = 0
  17 PACKET_MR_PROMISC = 1
  18 PACKET_MR_ALLMULTI = 2
  19
  20 ETH_P_ALL = 0x3
  21 ETH_P_IP = 0x800
  22 ETH_P_ARP = 0x806
  23 ETH_P_RARP = 0x8035
  24
  25 #sizes in bytes
  26 ETHER_SIZE = 14
  27 IP_SIZE = 20
  28 IP_OPTIONS = 4
  29
  30 class MySocket(socket):
  31         def __init__(self, family, type, proto=0, _sock=None):
  32                 socket.__init__(self, family, type, proto, _sock)
  33                 self.SIOCGIFFLAGS = None
  34
  35         def promiscuous(self, dev="eth0",on=False ):
  36                 fileno = self.fileno()
  37                 result = fcntl.ioctl(fileno, SIOCGIFFLAGS, struct.pack("16s16x",dev))
  38                 (devname, flags)= struct.unpack("16sH14x", result)
  39                 if on == True:
  40                         if (flags & 256) != 256:
  41                                 print "ON"
  42                                 flags = flags | 256
  43                                 self.SIOCGIFFLAGS = struct.unpack("16sH14x", \
  44                                         fcntl.ioctl(fileno, SIOCSIFFLAGS,struct.pack("16sH14x",devname, flags)) )
  45                 else:
  46                         if (flags & 256) != 0:
  47                                 print "OFF", flags & 256
  48                                 flags = flags ^ 256
  49                                 self.SIOCGIFFLAGS = struct.unpack("16sH14x", \
  50                                         fcntl.ioctl(fileno, SIOCSIFFLAGS,struct.pack("16sH14x",devname, flags)) )
  51
  52         def pass_all_packets(self, dev="eth0"):
  53                 fileno = self.fileno()
  54                 result = struct.unpack("16si12x", fcntl.ioctl(fileno, SIOCGIFINDEX, struct.pack("16s16x",dev)))
  55                 #print result
  56
  57                 #not sure if this line is needed!!!!!!!!!!!!!!!!!!!!!!!1
  58                 #self.setsockopt(SOL_PACKET,PACKET_ADD_MEMBERSHIP, struct.pack("iH10x",result[1],PACKET_MR_PROMISC) )
  59
  60                 #bind socket to an interface and open it for all packets
  61                 self.bind((dev, ETH_P_ALL, PACKET_OTHERHOST, 1))
  62
  63 def get_ether_layer(packet):
  64         a1 = struct.unpack("6B",packet[:6])
  65         a2 = struct.unpack("6B",packet[6:12])
  66         p = struct.unpack("H",packet[12:14])
  67         #convert to ntohs/ntol?????????????????????
  68         return {"dest":(a1[0],a1[1],a1[2],a1[3],a1[4],a1[5]), "src":(a2[0],a2[1],a2[2],a2[3],a2[4],a2[5]),
  69                 "proto":ntohs(p[0]) }
  70
  71 def get_ip_layer(packet):
  72         i = ntohl(struct.unpack("I", packet[14:18])[0])
  73         i2 = ntohl(struct.unpack("I", packet[18:22])[0])
  74         i3 = ntohl(struct.unpack("I", packet[22:26])[0])
  75         i4 = ntohl(struct.unpack("I", packet[26:30])[0])
  76         i5 = ntohl(struct.unpack("I", packet[30:34])[0])
  77
  78         options = None
  79         version = i >> 28 & 0x0F
  80         hdrlen = i >> 24 & 0x0F
  81         if hdrlen > 5:
  82                 i5 = ntohl(struct.unpack("I", packet[34:38])[0])
  83                 print "OPTIONS!!!!!!"
  84                 options = i5
  85         total_length = i  & 0x0000FFFF
  86         ident = i2 & 0xFFFF0000
  87         flags = i2 >> 13 & 3
  88         frag_offset = i2 & 0x1FFF
  89         ttl = i3 >> 24 & 0xFF
  90         proto = i3 >> 16 & 0xFF
  91         chksum = i3 & 0xFFFF
  92
  93         src_ip = [ (i4 >> c*8) & 0xFF for c in range(0,4) ]
  94         src_ip.append(i4)
  95         dst_ip = [ (i5 >> c*8) & 0xFF for c in range(0,4) ]
  96         dst_ip.append(i5)
  97         #src_ip.reverse()
  98         #dst_ip.reverse()
  99
 100         #check checksum, has to be 0xFFFF
 101         sum = 0
 102         for a in [i,i2,i3,i4,i5]:
 103                 sum += (a) & 0xFFFF
 104                 a = a >> 16
 105                 sum += (a) & 0xFFFF
 106         carry = (sum >> 16) & 0xFFFF
 107         sum += carry
 108         sum = sum & 0xFFFF
 109         if sum != 0xFFFF:
 110                 raise "Checksum Error"
 111
 112         return {"version":version, "hdrlen":hdrlen, "total_length":total_length,
 113                 "indent":ident, "flags":flags, "frag_offset":frag_offset,
 114                 "ttl":ttl, "proto":proto, "chksum":chksum, "src_ip":src_ip, "dst_ip":dst_ip,
 115                 "options":options}
 116
 117
 118 #s = MySocket(AF_INET, SOCK_PACKET, ETH_P_ALL)
 119 s = MySocket(PF_PACKET, SOCK_RAW, ETH_P_ALL)
 120 s.promiscuous("wlan0", True)
 121 s.pass_all_packets("wlan0")
 122 #s.bind(("wlan0", ETH_P_ALL, PACKET_OTHERHOST, 1))
 123 while True:
 124         r = s.recv(1024)
 125         #print r
 126         eth = get_ether_layer(r)
 127         print "dest addres: %X:%x:%x:%x:%x:%x" % eth['dest']
 128         print "source hwaddres: %X:%x:%x:%x:%x:%x" % eth['src']
 129         print "proto: 0x%x" % eth['proto']
 130         if eth['proto'] == 0x800:
 131                 ip = get_ip_layer(r)
 132                 print ip
 133                 if ip['proto'] == 0x6:
 134                         print "TCP", ntohl(struct.unpack("I", r[34:38])[0]) >> 16 & 0xFFFF
 135                         print "TCP", ntohl(struct.unpack("I", r[34:38])[0]) & 0xFFFF
 136                         data = ntohl(struct.unpack("I", r[46:50])[0]) >> 28 & 0xF
 137                         print data
 138                         print r[34+data*4:]
 139
 140         print "-"*80