packets

package
v0.0.0-...-3e9091c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2023 License: GPL-3.0 Imports: 23 Imported by: 0

Documentation

Overview

Package packets contains structure declarations for network packets and the main packets queue.

Index

Constants

View Source
const (
	Krb5AsRequestType         = 10
	Krb5Krb5PrincipalNameType = 1
	Krb5CryptDesCbcMd4        = 2
	Krb5CryptDescCbcMd5       = 3
	Krb5CryptRc4Hmac          = 23
)
View Source
const (
	NBNSPort        = 137
	NBNSMinRespSize = 73
)
View Source
const (
	NTLM_SIG_OFFSET  = 0
	NTLM_TYPE_OFFSET = 8

	NTLM_TYPE1_FLAGS_OFFSET   = 12
	NTLM_TYPE1_DOMAIN_OFFSET  = 16
	NTLM_TYPE1_WORKSTN_OFFSET = 24
	NTLM_TYPE1_DATA_OFFSET    = 32
	NTLM_TYPE1_MINSIZE        = 16

	NTLM_TYPE2_TARGET_OFFSET     = 12
	NTLM_TYPE2_FLAGS_OFFSET      = 20
	NTLM_TYPE2_CHALLENGE_OFFSET  = 24
	NTLM_TYPE2_CONTEXT_OFFSET    = 32
	NTLM_TYPE2_TARGETINFO_OFFSET = 40
	NTLM_TYPE2_DATA_OFFSET       = 48
	NTLM_TYPE2_MINSIZE           = 32

	NTLM_TYPE3_LMRESP_OFFSET     = 12
	NTLM_TYPE3_NTRESP_OFFSET     = 20
	NTLM_TYPE3_DOMAIN_OFFSET     = 28
	NTLM_TYPE3_USER_OFFSET       = 36
	NTLM_TYPE3_WORKSTN_OFFSET    = 44
	NTLM_TYPE3_SESSIONKEY_OFFSET = 52
	NTLM_TYPE3_FLAGS_OFFSET      = 60
	NTLM_TYPE3_DATA_OFFSET       = 64
	NTLM_TYPE3_MINSIZE           = 52

	NTLM_BUFFER_LEN_OFFSET    = 0
	NTLM_BUFFER_MAXLEN_OFFSET = 2
	NTLM_BUFFER_OFFSET_OFFSET = 4
	NTLM_BUFFER_SIZE          = 8

	NtlmV1 = 1
	NtlmV2 = 2
)
View Source
const DHCP6OptClientFQDN = 39
View Source
const DHCP6OptDNSDomains = 24
View Source
const DHCP6OptDNSServers = 23
View Source
const IPv6Prefix = "fe80::"

link-local

View Source
const MDNSPort = 5353
View Source
const TeamViewerPort = 5938
View Source
const (
	UPNPPort = 1900
)
View Source
const (
	WSDPort = 3702
)

Variables

View Source
var (
	ErrNoCrypt  = errors.New("No crypt alg found")
	ErrReqData  = errors.New("Failed to extract pnData from as-req")
	ErrNoCipher = errors.New("No encryption type or cipher found")

	Krb5AsReqParam = "application,explicit,tag:10"
)
View Source
var (
	MDNSDestMac = net.HardwareAddr{0x01, 0x00, 0x5e, 0x00, 0x00, 0xfb}
	MDNSDestIP  = net.ParseIP("224.0.0.251")
)
View Source
var (
	MySQLGreeting = []byte{
		0x5b, 0x00, 0x00, 0x00, 0x0a, 0x35, 0x2e, 0x36,
		0x2e, 0x32, 0x38, 0x2d, 0x30, 0x75, 0x62, 0x75,
		0x6e, 0x74, 0x75, 0x30, 0x2e, 0x31, 0x34, 0x2e,
		0x30, 0x34, 0x2e, 0x31, 0x00, 0x2d, 0x00, 0x00,
		0x00, 0x40, 0x3f, 0x59, 0x26, 0x4b, 0x2b, 0x34,
		0x60, 0x00, 0xff, 0xf7, 0x08, 0x02, 0x00, 0x7f,
		0x80, 0x15, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x68, 0x69, 0x59, 0x5f,
		0x52, 0x5f, 0x63, 0x55, 0x60, 0x64, 0x53, 0x52,
		0x00, 0x6d, 0x79, 0x73, 0x71, 0x6c, 0x5f, 0x6e,
		0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x61,
		0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x00,
	}
	MySQLFirstResponseOK = []byte{
		0x07, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02,
		0x00, 0x00, 0x00,
	}
	MySQLSecondResponseOK = []byte{
		0x07, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x02,
		0x00, 0x00, 0x00,
	}
)
View Source
var (
	UPNPDestMac          = net.HardwareAddr{0x01, 0x00, 0x5e, 0x00, 0x00, 0xfb}
	UPNPDestIP           = net.ParseIP("239.255.255.250")
	UPNPDiscoveryPayload = []byte("M-SEARCH * HTTP/1.1\r\n" +
		fmt.Sprintf("Host: %s:%d\r\n", UPNPDestIP, UPNPPort) +
		"Man: ssdp:discover\r\n" +
		"ST: ssdp:all\r\n" +
		"MX: 2\r\n" +
		"\r\n")
)
View Source
var (
	WSDDestIP           = net.ParseIP("239.255.255.250")
	WSDDiscoveryPayload = []byte("<?xml version=\"1.0\" encoding=\"utf-8\" ?>" +
		"<soap:Envelope" +
		" xmlns:soap=\"http://www.w3.org/2003/05/soap-envelope\"" +
		" xmlns:wsa=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\"" +
		" xmlns:wsd=\"http://schemas.xmlsoap.org/ws/2005/04/discovery\"" +
		" xmlns:wsdp=\"http://schemas.xmlsoap.org/ws/2006/02/devprof\">" +
		"<soap:Header>" +
		"<wsa:To>urn:schemas-xmlsoap-org:ws:2005:04:discovery</wsa:To>" +
		"<wsa:Action>http://schemas.xmlsoap.org/ws/2005/04/discovery/Probe</wsa:Action>" +
		"<wsa:MessageID>urn:uuid:05a0036e-dcc8-4db8-98b6-0ceeee60a6d9</wsa:MessageID>" +
		"</soap:Header>" +
		"<soap:Body>" +
		"<wsd:Probe/>" +
		"</soap:Body>" +
		"</env:Envelope>")
)
View Source
var (
	ErrNoCID = errors.New("Unexpected DHCPv6 packet, could not find client id.")
)
View Source
var (
	// NBNS hostname resolution request buffer.
	NBNSRequest = []byte{
		0x82, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0,
		0x0, 0x0, 0x20, 0x43, 0x4B, 0x41, 0x41, 0x41, 0x41,
		0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
		0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
		0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x0,
		0x0, 0x21, 0x0, 0x1,
	}
)
View Source
var SerializationOptions = gopacket.SerializeOptions{
	FixLengths:       true,
	ComputeChecksums: true,
}

Functions

func DHCP6EncodeList

func DHCP6EncodeList(elements []string) (encoded []byte)

func DHCP6For

func DHCP6For(what dhcp6.MessageType, to dhcp6.Packet, duid []byte) (err error, p dhcp6.Packet)

func Dot11InformationElementIDDSSetDecode

func Dot11InformationElementIDDSSetDecode(buf []byte) (channel int, err error)

func Dot11IsDataFor

func Dot11IsDataFor(dot11 *layers.Dot11, station net.HardwareAddr) bool

func Dot11Parse

func Dot11Parse(packet gopacket.Packet) (ok bool, radiotap *layers.RadioTap, dot11 *layers.Dot11)

func Dot11ParseDSSet

func Dot11ParseDSSet(packet gopacket.Packet) (bool, int)

func Dot11ParseEAPOL

func Dot11ParseEAPOL(packet gopacket.Packet, dot11 *layers.Dot11) (ok bool, key *layers.EAPOLKey, apMac net.HardwareAddr, staMac net.HardwareAddr)

func Dot11ParseEncryption

func Dot11ParseEncryption(packet gopacket.Packet, dot11 *layers.Dot11) (bool, string, string, string)

func Dot11ParseIDSSID

func Dot11ParseIDSSID(packet gopacket.Packet) (bool, string)

func Dot11ParseWPS

func Dot11ParseWPS(packet gopacket.Packet, dot11 *layers.Dot11) (ok bool, bssid net.HardwareAddr, info map[string]string)

func MDNSGetMeta

func MDNSGetMeta(pkt gopacket.Packet) map[string]string

func MySQLGetFile

func MySQLGetFile(infile string) []byte

func NBNSGetMeta

func NBNSGetMeta(pkt gopacket.Packet) map[string]string

func NewARP

func NewARP(from net.IP, from_hw net.HardwareAddr, to net.IP, req uint16) (layers.Ethernet, layers.ARP)

func NewARPReply

func NewARPReply(from net.IP, from_hw net.HardwareAddr, to net.IP, to_hw net.HardwareAddr) (error, []byte)

func NewARPRequest

func NewARPRequest(from net.IP, from_hw net.HardwareAddr, to net.IP) (error, []byte)

func NewARPTo

func NewARPTo(from net.IP, from_hw net.HardwareAddr, to net.IP, to_hw net.HardwareAddr, req uint16) (layers.Ethernet, layers.ARP)

func NewDot11AssociationRequest

func NewDot11AssociationRequest(sta net.HardwareAddr, apBSSID net.HardwareAddr, apESSID string, seq uint16) (error, []byte)

func NewDot11Auth

func NewDot11Auth(sta net.HardwareAddr, apBSSID net.HardwareAddr, seq uint16) (error, []byte)

func NewDot11Beacon

func NewDot11Beacon(conf Dot11ApConfig, seq uint16) (error, []byte)

func NewDot11Deauth

func NewDot11Deauth(a1 net.HardwareAddr, a2 net.HardwareAddr, a3 net.HardwareAddr, seq uint16) (error, []byte)

func NewMDNSProbe

func NewMDNSProbe(from net.IP, from_hw net.HardwareAddr) (error, []byte)

func NewTCPSyn

func NewTCPSyn(from net.IP, from_hw net.HardwareAddr, to net.IP, to_hw net.HardwareAddr, srcPort int, dstPort int) (error, []byte)

func NewUDPProbe

func NewUDPProbe(from net.IP, from_hw net.HardwareAddr, to net.IP, port int) (error, []byte)

func Serialize

func Serialize(layers ...gopacket.SerializableLayer) (error, []byte)

func UPNPGetMeta

func UPNPGetMeta(pkt gopacket.Packet) map[string]string

Types

type Activity

type Activity struct {
	IP     net.IP
	MAC    net.HardwareAddr
	Meta   map[string]string
	Source bool
}

type AuthSuite

type AuthSuite struct {
	OUI  []byte // 3 bytes
	Type Dot11AuthType
}

type AuthSuiteSelector

type AuthSuiteSelector struct {
	Count  uint16
	Suites []AuthSuite
}

type CipherSuite

type CipherSuite struct {
	OUI  []byte // 3 bytes
	Type Dot11CipherType
}

type CipherSuiteSelector

type CipherSuiteSelector struct {
	Count  uint16
	Suites []CipherSuite
}

type DHCPv6Layer

type DHCPv6Layer struct {
	Raw []byte
}

func (*DHCPv6Layer) LayerType

func (l *DHCPv6Layer) LayerType() gopacket.LayerType

func (DHCPv6Layer) SerializeTo

type Dot11ApConfig

type Dot11ApConfig struct {
	SSID       string
	BSSID      net.HardwareAddr
	Channel    int
	Encryption bool
}

type Dot11AuthType

type Dot11AuthType uint8
const (
	Dot11AuthMgt Dot11AuthType = 1
	Dot11AuthPsk Dot11AuthType = 2
)

func (Dot11AuthType) String

func (a Dot11AuthType) String() string

type Dot11CipherType

type Dot11CipherType uint8
const (
	Dot11CipherWep    Dot11CipherType = 1
	Dot11CipherTkip   Dot11CipherType = 2
	Dot11CipherWrap   Dot11CipherType = 3
	Dot11CipherCcmp   Dot11CipherType = 4
	Dot11CipherWep104 Dot11CipherType = 5
)

func (Dot11CipherType) String

func (a Dot11CipherType) String() string

type Krb5Address

type Krb5Address struct {
	AddrType    int    `asn1:"explicit,tag:0"`
	Krb5Address []byte `asn1:"explicit,tag:1"`
}

type Krb5EncryptedData

type Krb5EncryptedData struct {
	Etype  int    `asn1:"explicit,tag:0"`
	Kvno   int    `asn1:"optional,explicit,tag:1"`
	Cipher []byte `asn1:"explicit,tag:2"`
}

type Krb5PnData

type Krb5PnData struct {
	Krb5PnDataType  int    `asn1:"explicit,tag:1"`
	Krb5PnDataValue []byte `asn1:"explicit,tag:2"`
}

type Krb5PrincipalName

type Krb5PrincipalName struct {
	NameType   int      `asn1:"explicit,tag:0"`
	NameString []string `asn1:"general,explicit,tag:1"`
}

type Krb5ReqBody

type Krb5ReqBody struct {
	KDCOptions            asn1.BitString    `asn1:"explicit,tag:0"`
	Cname                 Krb5PrincipalName `asn1:"optional,explicit,tag:1"`
	Realm                 string            `asn1:"general,explicit,tag:2"`
	Sname                 Krb5PrincipalName `asn1:"optional,explicit,tag:3"`
	From                  time.Time         `asn1:"generalized,optional,explicit,tag:4"`
	Till                  time.Time         `asn1:"generalized,optional,explicit,tag:5"`
	Rtime                 time.Time         `asn1:"generalized,optional,explicit,tag:6"`
	Nonce                 int               `asn1:"explicit,tag:7"`
	Etype                 []int             `asn1:"explicit,tag:8"`
	Krb5Addresses         []Krb5Address     `asn1:"optional,explicit,tag:9"`
	EncAuthData           Krb5EncryptedData `asn1:"optional,explicit,tag:10"`
	AdditionalKrb5Tickets []Krb5Ticket      `asn1:"optional,explicit,tag:11"`
}

type Krb5Request

type Krb5Request struct {
	Pvno       int          `asn1:"explicit,tag:1"`
	MsgType    int          `asn1:"explicit,tag:2"`
	Krb5PnData []Krb5PnData `asn1:"optional,explicit,tag:3"`
	ReqBody    Krb5ReqBody  `asn1:"explicit,tag:4"`
}

func (Krb5Request) String

func (kdc Krb5Request) String() (string, error)

type Krb5Ticket

type Krb5Ticket struct {
	TktVno  int               `asn1:"explicit,tag:0"`
	Realm   string            `asn1:"general,explicit,tag:1"`
	Sname   Krb5PrincipalName `asn1:"explicit,tag:2"`
	EncPart Krb5EncryptedData `asn1:"explicit,tag:3"`
}

type NTLMChallengeResponse

type NTLMChallengeResponse struct {
	Challenge string
	Response  string
}

func (*NTLMChallengeResponse) Parsed

func (NTLMChallengeResponse) ParsedNtLMv1

func (*NTLMChallengeResponse) ParsedNtLMv2

type NTLMChallengeResponseParsed

type NTLMChallengeResponseParsed struct {
	Type            int
	ServerChallenge string
	User            string
	Domain          string
	LmHash          string
	NtHashOne       string
	NtHashTwo       string
}

func (NTLMChallengeResponseParsed) LcString

func (data NTLMChallengeResponseParsed) LcString() string

type NTLMResponseHeader

type NTLMResponseHeader struct {
	Sig          string
	Type         uint32
	LmLen        uint16
	LmMax        uint16
	LmOffset     uint16
	NtLen        uint16
	NtMax        uint16
	NtOffset     uint16
	DomainLen    uint16
	DomainMax    uint16
	DomainOffset uint16
	UserLen      uint16
	UserMax      uint16
	UserOffset   uint16
	HostLen      uint16
	HostMax      uint16
	HostOffset   uint16
}

type NTLMState

type NTLMState struct {
	sync.Mutex

	Responses map[uint32]string
	Pairs     []NTLMChallengeResponse
}

func NewNTLMState

func NewNTLMState() *NTLMState

func (*NTLMState) AddClientResponse

func (s *NTLMState) AddClientResponse(seq uint32, value string, cb func(data NTLMChallengeResponseParsed))

func (*NTLMState) AddServerResponse

func (s *NTLMState) AddServerResponse(key uint32, value string)

type Queue

type Queue struct {
	sync.RWMutex

	// keep on top because of https://github.com/Asif-Iqbal-Gazi/buttercup-test/issues/500
	Stats      Stats
	Protos     sync.Map
	Traffic    sync.Map
	Activities chan Activity
	// contains filtered or unexported fields
}

func NewQueue

func NewQueue(iface *network.Endpoint) (q *Queue, err error)

func (*Queue) MarshalJSON

func (q *Queue) MarshalJSON() ([]byte, error)

func (*Queue) Send

func (q *Queue) Send(raw []byte) error

func (*Queue) Stop

func (q *Queue) Stop()

func (*Queue) TrackError

func (q *Queue) TrackError()

func (*Queue) TrackPacket

func (q *Queue) TrackPacket(size uint64)

func (*Queue) TrackSent

func (q *Queue) TrackSent(size uint64)

type RSNInfo

type RSNInfo struct {
	Version  uint16
	Group    CipherSuite
	Pairwise CipherSuiteSelector
	AuthKey  AuthSuiteSelector
}

func Dot11InformationElementRSNInfoDecode

func Dot11InformationElementRSNInfoDecode(buf []byte) (rsn RSNInfo, err error)

type Stats

type Stats struct {
	Sent        uint64 `json:"sent"`
	Received    uint64 `json:"received"`
	PktReceived uint64 `json:"pkts_received"`
	Errors      uint64 `json:"errors"`
}

type TeamViewerPacket

type TeamViewerPacket struct {
	Magic       uint16
	Version     string
	CommandCode uint8
	Command     string
}

func ParseTeamViewer

func ParseTeamViewer(data []byte) *TeamViewerPacket

type Traffic

type Traffic struct {
	Sent     uint64 `json:"sent"`
	Received uint64 `json:"received"`
}

type VendorInfo

type VendorInfo struct {
	WPAVersion uint16
	Multicast  CipherSuite
	Unicast    CipherSuiteSelector
	AuthKey    AuthSuiteSelector
}

func Dot11InformationElementVendorInfoDecode

func Dot11InformationElementVendorInfoDecode(buf []byte) (v VendorInfo, err error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL