#!/usr/bin/perl
#By i_am_jojo@msn.com, 2005/04
use strict;
use warnings;
use Net::RawIP;
use Net::PcapUtils;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use Socket;
use Getopt::Std;
use POSIX qw(strftime);
my %opts;
getopts('ht:p:u:n:', \%opts);
print_help() and exit if(defined($opts{'h'}));
print_help() and exit if(not defined($opts{'t'}) or not defined($opts{
+'p'}));
die "\tInvalid Target Ipaddress!\n"
if(defined($opts{'t'}) and $opts{'t'} !~ m/^\d+.\d+.\d+.\d+$/);
die "\tInvalid Service Port!\n"
if(defined($opts{'p'}) and $opts{'p'} !~ m/^\d+$/);
my $request;
if(defined($opts{'u'})) {
$request = "GET $opts{'u'} HTTP/1.1\r\n";
$request.= "Accept: text/html; text/plain\r\n";
$request.= "\r\n";
} else {
$request = "GET / HTTP/1.1\r\n";
$request.= "Accept: text/html; text/plain\r\n";
$request.= "\r\n";
}
my $child = fork();
if($child == 0) {
#child process
my ($next_packet, %next_header);
my ($ip_obj, $tcp_obj);
my $counter = 0;
my $pkt_descriptor = Net::PcapUtils::open(
FILTER => 'ip',
PROMISC => 0,
DEV => 'eth0',
);
die "Net::PcapUtils::open returned: $pkt_descriptor\n" if (!ref($p
+kt_descriptor));
print strftime '%Y/%m/%d %H:%M:%S, ', localtime and print "begin s
+niffing ...\n";
while (($next_packet, %next_header) = Net::PcapUtils::next($pkt_de
+scriptor)) {
$ip_obj = NetPacket::IP->decode(NetPacket::Ethernet::eth_strip
+($next_packet));
next if ($ip_obj->{'proto'} != 6);
next if (($ip_obj->{'src_ip'} ne $opts{'t'}) and ($ip_obj->{'d
+est_ip'} ne $opts{'t'}));
$tcp_obj = NetPacket::TCP->decode($ip_obj->{'data'});
next if (($tcp_obj->{'src_port'} ne $opts{'p'}) and ($tcp_obj-
+>{'dest_port'} ne $opts{'p'}));
$counter++;
print "==ID.$counter==", '=' x 60, "\n";
print get_ip_hdr($ip_obj);
print get_tcp_hdr($tcp_obj);
if($tcp_obj->{'data'}) {
my $data;
$data = unpack 'a*', $tcp_obj->{'data'};
$data =~ s/[\r][\n]//g;
print pretty_table('TCP data', [$data]);
}
if($counter == 3) {
my $a = new Net::RawIP;
$a->set({
'ip' => {
'id' => $ip_obj->{'id'} + 1,
'saddr' => $ip_obj->{'src_ip'},
'daddr' => $ip_obj->{'dest_ip'}
},
'tcp' => {
'source' => $tcp_obj->{'src_port'},
'dest' => $tcp_obj->{'dest_port'},
'seq' => $tcp_obj->{'seqnum'},
'ack_seq' => $tcp_obj->{'acknum'},
'window' => $tcp_obj->{'winsize'},
'data' => $request,
'psh' => 1,
'ack' => 1
}
});
$a->send;
}
last if($counter == 5);
}
exit;
} else {
sleep(1);
my $trans_serv = getprotobyname('tcp');
my $dest_sockaddr = sockaddr_in($opts{'p'}, inet_aton($opts{'t'}))
+;
socket(TCP_SOCK, PF_INET, SOCK_STREAM, $trans_serv);
connect(TCP_SOCK, $dest_sockaddr);
sleep(1);
#close TCP_SOCK;
}
exit;
sub print_help {
print <<HELP
%./iamFool.pl [-h] <-t,-p,-u,-n>
-h print help
-t target ipaddr
-p service port
-u requested url
by:i_am_jojo\@msn.com
HELP
}
sub get_ip_hdr {
my $ip_obj = shift;
my @ip_hdr;
push @ip_hdr, [qw(ver tos flags id src_ip proto)];
push @{$ip_hdr[1]}, $ip_obj->{$_} foreach (qw(ver tos flags id src
+_ip proto));
push @ip_hdr, [qw(hlen len foffset ttl dest_ip cksum)];
push @{$ip_hdr[3]}, $ip_obj->{$_} foreach (qw(hlen len foffset ttl
+ dest_ip cksum));
return pretty_table('IP Header', @ip_hdr);
}
sub get_tcp_hdr {
my $tcp_obj = shift;
my @tcp_hdr;
push @tcp_hdr, [qw(src_port seqnum hlen flags)];
push @{$tcp_hdr[1]}, $tcp_obj->{$_} foreach (qw(src_port seqnum hl
+en flags));
push @tcp_hdr, [qw(dest_port acknum reserved winsize)];
push @{$tcp_hdr[3]}, $tcp_obj->{$_} foreach (qw(dest_port acknum r
+eserved winsize));
return pretty_table('TCP Header', @tcp_hdr);
}
sub pretty_table {
# prettyTable($aString, @aList); @aList = ( [...], [...] );
# by i_am_jojo@msn.com
my ($title, @data) = @_;
my @temp;
my @max_length;
my $row_length;
my $indent = 4;
my $the_table;
foreach my $col (0..$#{$data[0]}) { push @{$temp[$col]}, $_->[$col
+] foreach (@data); }
$max_length[$_] = length( (sort{length($b) <=> length($a)} @{$data
+[$_]} )[0]) + 2 foreach (0..$#data);
$row_length+= $max_length[$_] foreach (0..$#{$temp[0]});
$row_length+= $#data;
$the_table = ' ' x $indent.'+'.'-' x $row_length."+\n";
$the_table.= ' ' x $indent.'| '.$title.' ' x ($row_length - length
+($title) - 1)."|\n";
foreach my $row (0..$#temp) {
$the_table.= ' ' x $indent;
$the_table.= '+'.'-' x $max_length[$_] foreach (0.. $#{$temp[0
+]});
$the_table.= "+\n";
$the_table.= ' ' x $indent;
$the_table.= '| '.@{$temp[$row]}[$_].' ' x ($max_length[$_] -
+length(@{$temp[$row]}[$_]) - 1) foreach (0.. $#{$temp[0]});
$the_table.= "|\n";
}
$the_table.= ' ' x $indent;
$the_table.= '+'.'-' x $max_length[$_] foreach (0.. $#{$temp[0]});
$the_table.= "+\n";
return $the_table;
}
#==Output eXample==
#>./iamfool.pl -t xxx.xxx.x.xx -p 80
#2005/05/02 21:49:11, begin sniffing ...
#==ID.1====================================================
# +-------------------------------------------------+
# | IP Header |
# +--------+---------------+---------+--------------+
# | ver | 4 | hlen | 5 |
# +--------+---------------+---------+--------------+
# | tos | 0 | len | 60 |
# +--------+---------------+---------+--------------+
# | flags | 2 | foffset | 0 |
# +--------+---------------+---------+--------------+
# | id | 16649 | ttl | 64 |
# +--------+---------------+---------+--------------+
# | src_ip | 218.11.149.14 | dest_ip | xxx.xxx.x.xx |
# +--------+---------------+---------+--------------+
# | proto | 6 | cksum | 44477 |
# +--------+---------------+---------+--------------+
# +-----------------------------------------+
# | TCP Header |
# +----------+-----------+-----------+------+
# | src_port | 32850 | dest_port | 80 |
# +----------+-----------+-----------+------+
# | seqnum | 976483812 | acknum | 0 |
# +----------+-----------+-----------+------+
# | hlen | 10 | reserved | 0 |
# +----------+-----------+-----------+------+
# | flags | 2 | winsize | 5808 |
# +----------+-----------+-----------+------+
#==ID.2====================================================
# +-------------------------------------------------+
# | IP Header |
# +--------+--------------+---------+---------------+
# | ver | 4 | hlen | 5 |
# +--------+--------------+---------+---------------+
# | tos | 0 | len | 64 |
# +--------+--------------+---------+---------------+
# | flags | 2 | foffset | 0 |
# +--------+--------------+---------+---------------+
# | id | 3931 | ttl | 113 |
# +--------+--------------+---------+---------------+
# | src_ip | xxx.xxx.x.xx | dest_ip | 218.11.149.14 |
# +--------+--------------+---------+---------------+
# | proto | 6 | cksum | 44647 |
# +--------+--------------+---------+---------------+
# +----------------------------------------------+
# | TCP Header |
# +----------+-----------+-----------+-----------+
# | src_port | 80 | dest_port | 32850 |
# +----------+-----------+-----------+-----------+
# | seqnum | 780872939 | acknum | 976483813 |
# +----------+-----------+-----------+-----------+
# | hlen | 11 | reserved | 0 |
# +----------+-----------+-----------+-----------+
# | flags | 18 | winsize | 4356 |
# +----------+-----------+-----------+-----------+
#==ID.3====================================================
# +-------------------------------------------------+
# | IP Header |
# +--------+---------------+---------+--------------+
# | ver | 4 | hlen | 5 |
# +--------+---------------+---------+--------------+
# | tos | 0 | len | 52 |
# +--------+---------------+---------+--------------+
# | flags | 2 | foffset | 0 |
# +--------+---------------+---------+--------------+
# | id | 16651 | ttl | 64 |
# +--------+---------------+---------+--------------+
# | src_ip | 218.11.149.14 | dest_ip | xxx.xxx.x.xx |
# +--------+---------------+---------+--------------+
# | proto | 6 | cksum | 44483 |
# +--------+---------------+---------+--------------+
# +----------------------------------------------+
# | TCP Header |
# +----------+-----------+-----------+-----------+
# | src_port | 32850 | dest_port | 80 |
# +----------+-----------+-----------+-----------+
# | seqnum | 976483813 | acknum | 780872940 |
# +----------+-----------+-----------+-----------+
# | hlen | 8 | reserved | 0 |
# +----------+-----------+-----------+-----------+
# | flags | 16 | winsize | 1452 |
# +----------+-----------+-----------+-----------+
#==ID.4====================================================
# +-------------------------------------------------+
# | IP Header |
# +--------+---------------+---------+--------------+
# | ver | 4 | hlen | 5 |
# +--------+---------------+---------+--------------+
# | tos | 16 | len | 89 |
# +--------+---------------+---------+--------------+
# | flags | 2 | foffset | 0 |
# +--------+---------------+---------+--------------+
# | id | 16652 | ttl | 64 |
# +--------+---------------+---------+--------------+
# | src_ip | 218.11.149.14 | dest_ip | xxx.xxx.x.xx |
# +--------+---------------+---------+--------------+
# | proto | 6 | cksum | 44429 |
# +--------+---------------+---------+--------------+
# +----------------------------------------------+
# | TCP Header |
# +----------+-----------+-----------+-----------+
# | src_port | 32850 | dest_port | 80 |
# +----------+-----------+-----------+-----------+
# | seqnum | 976483813 | acknum | 780872940 |
# +----------+-----------+-----------+-----------+
# | hlen | 5 | reserved | 0 |
# +----------+-----------+-----------+-----------+
# | flags | 24 | winsize | 1452 |
# +----------+-----------+-----------+-----------+
# +--------------------------------------------+
# | TCP data |
# +--------------------------------------------+
# | GET / HTTP/1.1Accept: text/html; text/plai |
# +--------------------------------------------+
#==ID.5====================================================# +-----
+--------------------------------------------+
# | IP Header |
# +--------+--------------+---------+---------------+
# | ver | 4 | hlen | 5 |
# +--------+--------------+---------+---------------+
# | tos | 0 | len | 52 |
# +--------+--------------+---------+---------------+
# | flags | 2 | foffset | 0 |
# +--------+--------------+---------+---------------+
# | id | 3933 | ttl | 113 |
# +--------+--------------+---------+---------------+
# | src_ip | xxx.xxx.x.xx | dest_ip | 218.11.149.14 |
# +--------+--------------+---------+---------------+
# | proto | 6 | cksum | 44657 |
# +--------+--------------+---------+---------------+
# +----------------------------------------------+
# | TCP Header |
# +----------+-----------+-----------+-----------+
# | src_port | 80 | dest_port | 32850 |
# +----------+-----------+-----------+-----------+
# | seqnum | 780872940 | acknum | 976483862 |
# +----------+-----------+-----------+-----------+
# | hlen | 8 | reserved | 0 |
# +----------+-----------+-----------+-----------+
# | flags | 16 | winsize | 4356 |
# +----------+-----------+-----------+-----------+
#==End==
|