#!/usr/bin/perl #By i_am_jojo@msn.com, 2005/04 use strict; use warnings; use Net::RawIP; use Net::PcapUtils; use NetPacket::Ethernet; use NetPacket::IP; use NetPacket::TCP; use Socket; use Getopt::Std; use POSIX qw(strftime); my %opts; getopts('ht:p:u:n:', \%opts); print_help() and exit if(defined($opts{'h'})); print_help() and exit if(not defined($opts{'t'}) or not defined($opts{'p'})); die "\tInvalid Target Ipaddress!\n" if(defined($opts{'t'}) and $opts{'t'} !~ m/^\d+.\d+.\d+.\d+$/); die "\tInvalid Service Port!\n" if(defined($opts{'p'}) and $opts{'p'} !~ m/^\d+$/); my $request; if(defined($opts{'u'})) { $request = "GET $opts{'u'} HTTP/1.1\r\n"; $request.= "Accept: text/html; text/plain\r\n"; $request.= "\r\n"; } else { $request = "GET / HTTP/1.1\r\n"; $request.= "Accept: text/html; text/plain\r\n"; $request.= "\r\n"; } my $child = fork(); if($child == 0) { #child process my ($next_packet, %next_header); my ($ip_obj, $tcp_obj); my $counter = 0; my $pkt_descriptor = Net::PcapUtils::open( FILTER => 'ip', PROMISC => 0, DEV => 'eth0', ); die "Net::PcapUtils::open returned: $pkt_descriptor\n" if (!ref($pkt_descriptor)); print strftime '%Y/%m/%d %H:%M:%S, ', localtime and print "begin sniffing ...\n"; while (($next_packet, %next_header) = Net::PcapUtils::next($pkt_descriptor)) { $ip_obj = NetPacket::IP->decode(NetPacket::Ethernet::eth_strip($next_packet)); next if ($ip_obj->{'proto'} != 6); next if (($ip_obj->{'src_ip'} ne $opts{'t'}) and ($ip_obj->{'dest_ip'} ne $opts{'t'})); $tcp_obj = NetPacket::TCP->decode($ip_obj->{'data'}); next if (($tcp_obj->{'src_port'} ne $opts{'p'}) and ($tcp_obj->{'dest_port'} ne $opts{'p'})); $counter++; print "==ID.$counter==", '=' x 60, "\n"; print get_ip_hdr($ip_obj); print get_tcp_hdr($tcp_obj); if($tcp_obj->{'data'}) { my $data; $data = unpack 'a*', $tcp_obj->{'data'}; $data =~ s/[\r][\n]//g; print pretty_table('TCP data', [$data]); } if($counter == 3) { my $a = new Net::RawIP; $a->set({ 'ip' => { 'id' => $ip_obj->{'id'} + 1, 'saddr' => $ip_obj->{'src_ip'}, 'daddr' => $ip_obj->{'dest_ip'} }, 'tcp' => { 'source' => $tcp_obj->{'src_port'}, 'dest' => $tcp_obj->{'dest_port'}, 'seq' => $tcp_obj->{'seqnum'}, 'ack_seq' => $tcp_obj->{'acknum'}, 'window' => $tcp_obj->{'winsize'}, 'data' => $request, 'psh' => 1, 'ack' => 1 } }); $a->send; } last if($counter == 5); } exit; } else { sleep(1); my $trans_serv = getprotobyname('tcp'); my $dest_sockaddr = sockaddr_in($opts{'p'}, inet_aton($opts{'t'})); socket(TCP_SOCK, PF_INET, SOCK_STREAM, $trans_serv); connect(TCP_SOCK, $dest_sockaddr); sleep(1); #close TCP_SOCK; } exit; sub print_help { print < -h print help -t target ipaddr -p service port -u requested url by:i_am_jojo\@msn.com HELP } sub get_ip_hdr { my $ip_obj = shift; my @ip_hdr; push @ip_hdr, [qw(ver tos flags id src_ip proto)]; push @{$ip_hdr[1]}, $ip_obj->{$_} foreach (qw(ver tos flags id src_ip proto)); push @ip_hdr, [qw(hlen len foffset ttl dest_ip cksum)]; push @{$ip_hdr[3]}, $ip_obj->{$_} foreach (qw(hlen len foffset ttl dest_ip cksum)); return pretty_table('IP Header', @ip_hdr); } sub get_tcp_hdr { my $tcp_obj = shift; my @tcp_hdr; push @tcp_hdr, [qw(src_port seqnum hlen flags)]; push @{$tcp_hdr[1]}, $tcp_obj->{$_} foreach (qw(src_port seqnum hlen flags)); push @tcp_hdr, [qw(dest_port acknum reserved winsize)]; push @{$tcp_hdr[3]}, $tcp_obj->{$_} foreach (qw(dest_port acknum reserved winsize)); return pretty_table('TCP Header', @tcp_hdr); } sub pretty_table { # prettyTable($aString, @aList); @aList = ( [...], [...] ); # by i_am_jojo@msn.com my ($title, @data) = @_; my @temp; my @max_length; my $row_length; my $indent = 4; my $the_table; foreach my $col (0..$#{$data[0]}) { push @{$temp[$col]}, $_->[$col] foreach (@data); } $max_length[$_] = length( (sort{length($b) <=> length($a)} @{$data[$_]} )[0]) + 2 foreach (0..$#data); $row_length+= $max_length[$_] foreach (0..$#{$temp[0]}); $row_length+= $#data; $the_table = ' ' x $indent.'+'.'-' x $row_length."+\n"; $the_table.= ' ' x $indent.'| '.$title.' ' x ($row_length - length($title) - 1)."|\n"; foreach my $row (0..$#temp) { $the_table.= ' ' x $indent; $the_table.= '+'.'-' x $max_length[$_] foreach (0.. $#{$temp[0]}); $the_table.= "+\n"; $the_table.= ' ' x $indent; $the_table.= '| '.@{$temp[$row]}[$_].' ' x ($max_length[$_] - length(@{$temp[$row]}[$_]) - 1) foreach (0.. $#{$temp[0]}); $the_table.= "|\n"; } $the_table.= ' ' x $indent; $the_table.= '+'.'-' x $max_length[$_] foreach (0.. $#{$temp[0]}); $the_table.= "+\n"; return $the_table; } #==Output eXample== #>./iamfool.pl -t xxx.xxx.x.xx -p 80 #2005/05/02 21:49:11, begin sniffing ... #==ID.1==================================================== # +-------------------------------------------------+ # | IP Header | # +--------+---------------+---------+--------------+ # | ver | 4 | hlen | 5 | # +--------+---------------+---------+--------------+ # | tos | 0 | len | 60 | # +--------+---------------+---------+--------------+ # | flags | 2 | foffset | 0 | # +--------+---------------+---------+--------------+ # | id | 16649 | ttl | 64 | # +--------+---------------+---------+--------------+ # | src_ip | 218.11.149.14 | dest_ip | xxx.xxx.x.xx | # +--------+---------------+---------+--------------+ # | proto | 6 | cksum | 44477 | # +--------+---------------+---------+--------------+ # +-----------------------------------------+ # | TCP Header | # +----------+-----------+-----------+------+ # | src_port | 32850 | dest_port | 80 | # +----------+-----------+-----------+------+ # | seqnum | 976483812 | acknum | 0 | # +----------+-----------+-----------+------+ # | hlen | 10 | reserved | 0 | # +----------+-----------+-----------+------+ # | flags | 2 | winsize | 5808 | # +----------+-----------+-----------+------+ #==ID.2==================================================== # +-------------------------------------------------+ # | IP Header | # +--------+--------------+---------+---------------+ # | ver | 4 | hlen | 5 | # +--------+--------------+---------+---------------+ # | tos | 0 | len | 64 | # +--------+--------------+---------+---------------+ # | flags | 2 | foffset | 0 | # +--------+--------------+---------+---------------+ # | id | 3931 | ttl | 113 | # +--------+--------------+---------+---------------+ # | src_ip | xxx.xxx.x.xx | dest_ip | 218.11.149.14 | # +--------+--------------+---------+---------------+ # | proto | 6 | cksum | 44647 | # +--------+--------------+---------+---------------+ # +----------------------------------------------+ # | TCP Header | # +----------+-----------+-----------+-----------+ # | src_port | 80 | dest_port | 32850 | # +----------+-----------+-----------+-----------+ # | seqnum | 780872939 | acknum | 976483813 | # +----------+-----------+-----------+-----------+ # | hlen | 11 | reserved | 0 | # +----------+-----------+-----------+-----------+ # | flags | 18 | winsize | 4356 | # +----------+-----------+-----------+-----------+ #==ID.3==================================================== # +-------------------------------------------------+ # | IP Header | # +--------+---------------+---------+--------------+ # | ver | 4 | hlen | 5 | # +--------+---------------+---------+--------------+ # | tos | 0 | len | 52 | # +--------+---------------+---------+--------------+ # | flags | 2 | foffset | 0 | # +--------+---------------+---------+--------------+ # | id | 16651 | ttl | 64 | # +--------+---------------+---------+--------------+ # | src_ip | 218.11.149.14 | dest_ip | xxx.xxx.x.xx | # +--------+---------------+---------+--------------+ # | proto | 6 | cksum | 44483 | # +--------+---------------+---------+--------------+ # +----------------------------------------------+ # | TCP Header | # +----------+-----------+-----------+-----------+ # | src_port | 32850 | dest_port | 80 | # +----------+-----------+-----------+-----------+ # | seqnum | 976483813 | acknum | 780872940 | # +----------+-----------+-----------+-----------+ # | hlen | 8 | reserved | 0 | # +----------+-----------+-----------+-----------+ # | flags | 16 | winsize | 1452 | # +----------+-----------+-----------+-----------+ #==ID.4==================================================== # +-------------------------------------------------+ # | IP Header | # +--------+---------------+---------+--------------+ # | ver | 4 | hlen | 5 | # +--------+---------------+---------+--------------+ # | tos | 16 | len | 89 | # +--------+---------------+---------+--------------+ # | flags | 2 | foffset | 0 | # +--------+---------------+---------+--------------+ # | id | 16652 | ttl | 64 | # +--------+---------------+---------+--------------+ # | src_ip | 218.11.149.14 | dest_ip | xxx.xxx.x.xx | # +--------+---------------+---------+--------------+ # | proto | 6 | cksum | 44429 | # +--------+---------------+---------+--------------+ # +----------------------------------------------+ # | TCP Header | # +----------+-----------+-----------+-----------+ # | src_port | 32850 | dest_port | 80 | # +----------+-----------+-----------+-----------+ # | seqnum | 976483813 | acknum | 780872940 | # +----------+-----------+-----------+-----------+ # | hlen | 5 | reserved | 0 | # +----------+-----------+-----------+-----------+ # | flags | 24 | winsize | 1452 | # +----------+-----------+-----------+-----------+ # +--------------------------------------------+ # | TCP data | # +--------------------------------------------+ # | GET / HTTP/1.1Accept: text/html; text/plai | # +--------------------------------------------+ #==ID.5====================================================# +-------------------------------------------------+ # | IP Header | # +--------+--------------+---------+---------------+ # | ver | 4 | hlen | 5 | # +--------+--------------+---------+---------------+ # | tos | 0 | len | 52 | # +--------+--------------+---------+---------------+ # | flags | 2 | foffset | 0 | # +--------+--------------+---------+---------------+ # | id | 3933 | ttl | 113 | # +--------+--------------+---------+---------------+ # | src_ip | xxx.xxx.x.xx | dest_ip | 218.11.149.14 | # +--------+--------------+---------+---------------+ # | proto | 6 | cksum | 44657 | # +--------+--------------+---------+---------------+ # +----------------------------------------------+ # | TCP Header | # +----------+-----------+-----------+-----------+ # | src_port | 80 | dest_port | 32850 | # +----------+-----------+-----------+-----------+ # | seqnum | 780872940 | acknum | 976483862 | # +----------+-----------+-----------+-----------+ # | hlen | 8 | reserved | 0 | # +----------+-----------+-----------+-----------+ # | flags | 16 | winsize | 4356 | # +----------+-----------+-----------+-----------+ #==End==