andreabont/Project-Riddle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

MOD pre

Browse source
This commit is contained in:
Andrea Bontempi 2012-07-06 10:15:18 +02:00
commit 78d3b7ff17
13 changed files with 216 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Breeder.cpp
View file

@ -34,6 +34,7 @@
#include "./commons/classPacket.h"
#include "./commons/classFlow.h"
#include "./commons/libDump.h"
#include "./commons/classFlowMatch.h"
using namespace std;
using namespace boost::program_options;
@ -54,6 +55,10 @@ int main ( int argc, char **argv ) {
cout<<desc<<"\n";
return EXIT_SUCCESS;
}
// TODO
classFlowMatch* match = new classFlowMatch("file.txt");
list<std::string> regularexpressions;
@ -64,7 +69,8 @@ int main ( int argc, char **argv ) {
if ( regularexpressions.empty() ) {
std::cerr<<"ERROR >> You have not selected any protocol!"<<std::endl;
return EXIT_FAILURE;
}
}
while ( 1 ) {
try {

3
CMakeLists.txt
View file

@ -50,4 +50,5 @@ target_link_libraries(pursuer libDump)
target_link_libraries(breeder ${Boost_LIBRARIES})
target_link_libraries(breeder ${CMAKE_THREAD_LIBS_INIT})
target_link_libraries(breeder libNetwork)
target_link_libraries(breeder libDump)
target_link_libraries(breeder libDump)
target_link_libraries(breeder libMatch)

8
Pursuer.cpp
View file

@ -127,14 +127,12 @@ void scribe ( std::list<stream*> *packet_stream ) {
stream *temp = new stream();
temp->factory ( pkg_tcpv4 );
packet_stream->push_back ( temp );
} else {
for ( list<stream*>::iterator it = packet_stream->begin(); it != packet_stream->end(); it++ ) {
// MA LOL !!!!!
if ( ( ( ( *it )->getFirstIpAddress() == pkg_tcpv4->getSenderIp() && ( *it )->getFirstPort() == pkg_tcpv4->getSenderPort() ) &&
( ( *it )->getSecondIpAddress() == pkg_tcpv4->getTargetIp() && ( *it )->getSecondPort() == pkg_tcpv4->getTargetPort() ) ) ||
( ( ( *it )->getFirstIpAddress() == pkg_tcpv4->getTargetIp() && ( *it )->getFirstPort() == pkg_tcpv4->getTargetPort() ) &&
( ( *it )->getSecondIpAddress() == pkg_tcpv4->getSenderIp() && ( *it )->getSecondPort() == pkg_tcpv4->getSenderPort() ) ) ) {
if ( isStream ( it, pkg_tcpv4 ) ) {
if ( pkg_tcpv4->isSYN() ) {
( *it )->factory ( pkg_tcpv4 );

4
commons/CMakeLists.txt
View file

@ -2,6 +2,8 @@ project (commons)
add_library (libNetwork STATIC classMacAddress.h classMacAddress.cpp classPacket.h classPacket.cpp classFlow.h classFlow.cpp)
add_library (libDump STATIC libDump.h libDump.cpp)
add_library (libMatch STATIC classFlowMatch.h classFlowMatch.cpp)
target_link_libraries (libNetwork)
target_link_libraries (libDump)
target_link_libraries (libDump)
target_link_libraries (libMatch)

51
commons/classFlow.cpp
View file

@ -107,6 +107,7 @@ bool libNetwork::stream::addPacket ( libNetwork::TCPv4packet *newPacket ) {
b = 0;
} else if ( newPacket->getSenderPort() == port[1] ) {
// Siamo nel secondo buffer
a = 0;
@ -119,8 +120,48 @@ bool libNetwork::stream::addPacket ( libNetwork::TCPv4packet *newPacket ) {
for ( std::list<libNetwork::TCPv4packet*>::iterator it = packetBuffer[a].begin(); it != packetBuffer[a].end(); it++ ) {
if ( newPacket->getAcknowledgmentNumber() == ( *it )->getSequenceNumber() + ( *it )->getPayloadLength() ) {
if ( newPacket->getAcknowledgmentNumber() == ( *it )->getExpectedAcknowledgmentNumber() ) {
( *it )->public_flag = true;
uint32_t backExpected = ( *it )->getSequenceNumber(); // ripercorri indietro e setta a true il pacchetto che ha atteso ack su questo SN.
bool endFlag = false;
bool foundPacket = true;
// Cerco solo paccetti più vecchi, non ha senso madare un ACK di un pacchetto non ancora ricevuto.
if ( it != packetBuffer[a].begin() ) {
while ( !endFlag && foundPacket ) {
foundPacket = false;
for ( std::list<libNetwork::TCPv4packet*>::iterator it2 = packetBuffer[a].begin(); it2 != it; it2++ ) {
std::cout << "LOLs " << backExpected << std::endl;
if ( ( *it2 )->getExpectedAcknowledgmentNumber() == backExpected ) {
foundPacket = true;
if ( ( *it2 )->public_flag == true ) {
endFlag = true;
break;
}
( *it2 )->public_flag = true;
backExpected = ( *it2 )->getSequenceNumber();
break;
}
}
}
}
break;
}
}
@ -155,12 +196,12 @@ void libNetwork::stream::flushBuffer ( int number ) {
isFound = false;
for ( std::list<libNetwork::TCPv4packet*>::iterator it = packetBuffer[number].begin(); it != packetBuffer[number].end(); it++ ) {
std::cerr << "Cerco " << sequenceNumber[number] << " " << ( *it )->getSequenceNumber() << std::endl;
if ( sequenceNumber[number] == ( *it )->getSequenceNumber() && ( *it )->getPayloadLength() != 0 && ( *it )->public_flag) {
std::cerr << "Packet processato " << number << " - " << ( *it )->getSequenceNumber() << std::endl;
std::cerr << "Cerco " << sequenceNumber[number] << " " << ( *it )->getSequenceNumber() << std::endl;
if ( sequenceNumber[number] == ( *it )->getSequenceNumber() && ( *it )->getPayloadLength() != 0 && ( *it )->public_flag ) {
std::cerr << "Packet processato " << number << " - " << ( *it )->getSequenceNumber() << std::endl;
std::string payload = ( *it )->getPayLoad();
charStream[number] += payload;
sequenceNumber[number] += ( *it )->getPayloadLength(); // unsigned, si azzera come avviene nel tcp.
sequenceNumber[number] += ( *it )->getPayloadLength(); // unsigned, si azzera come avviene nel tcp.
packetBuffer[number].remove ( *it );
isFound = true;
break;

53
commons/classFlowMatch.cpp Normal file
View file

@ -0,0 +1,53 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include <fstream>
#include "classFlowMatch.h"
classFlowMatch::classFlowMatch ( std::string path ) {
std::ifstream config;
config.open ( path.c_str() );
if ( config.is_open() && !config.eof() ) {
std::string line;
while ( getline ( config, line ) ) {
// TODO
}
} else {
// TODO ERROR
}
}

60
commons/classFlowMatch.h Normal file
View file

@ -0,0 +1,60 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.packet
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#ifndef CLASSFLOWMATCH_H
#define CLASSFLOWMATCH_H
#include <map>
#include "./classFlow.h"
class classFlowMatch {
private:
class matchRules {
private:
std::string regex;
int port;
public:
matchRules ( std::string regex_n, int port_n ) {
regex = regex_n;
port = port_n;
}
};
std::map<std::string, matchRules*> rulesMap;
public:
classFlowMatch ( std::string path );
};
#endif // CLASSFLOWMATCH_H

4
commons/classPacket.cpp
View file

@ -387,6 +387,10 @@ uint32_t libNetwork::TCPv4packet::getAcknowledgmentNumber() {
return an;
}
uint32_t libNetwork::TCPv4packet::getExpectedAcknowledgmentNumber() {
return this->getSequenceNumber() + this->getPayloadLength();
}
unsigned int libNetwork::TCPv4packet::getHeaderLength() {
/*
* Sono utilizzati solo i primi 8 bit del byte, necessita traslazione.

21
commons/classPacket.h
View file

@ -191,15 +191,15 @@ namespace libNetwork {
/** Verify checksum **/
bool verifyIPChecksum();
/** Prende i flag del header IP, da processare */
int getFlagsIP();
/** If "Don't Fragment" flag is up */
bool isDF();
/** If "More Fragments" flag is up */
bool isMF();
/** Prende i flag del header IP, da processare */
int getFlagsIP();
/** If "Don't Fragment" flag is up */
bool isDF();
/** If "More Fragments" flag is up */
bool isMF();
/** True se incapsula un pacchetto TCP */
bool isTCP();
@ -234,6 +234,9 @@ namespace libNetwork {
/** Restituisce il numero di acknowledgment */
uint32_t getAcknowledgmentNumber();
/** Restituisce il numero di acknowledgment atteso per confermare il pacchetto presente */
uint32_t getExpectedAcknowledgmentNumber();
/** Ritorna dimensione dell'header TCP in byte */
unsigned int getHeaderLength();

13
libraries/libPursuer.cpp
View file

@ -33,6 +33,7 @@
#include <stdexcept>
#include <fstream>
#include <string>
#include <vector>
#include <ios>
#include "../commons/classPacket.h"
#include "../commons/classMacAddress.h"
@ -46,8 +47,8 @@ void writeout ( libNetwork::stream* stream, bool tofile ) {
char buffer[10];
filename << "flow_";
filename << stream->getTimeEpoch();
filename << "_";
filename << stream->getTimeMillis();
filename << "_";
filename << stream->getTimeMillis();
filename << ".txt";
std::ofstream myfile;
myfile.open ( filename.str().c_str() );
@ -73,3 +74,11 @@ std::string exportFormattedRawFlow ( libNetwork::stream* stream ) {
stdstring << libDump::decodeHexText ( stream->getSecondCharStream() ) << std::endl;
return stdstring.str();
}
bool isStream ( std::list< libNetwork::stream* >::iterator iter, libNetwork::TCPv4packet *pkg ) {
return ( ( ( *iter )->getFirstIpAddress() == pkg->getSenderIp() && ( *iter )->getFirstPort() == pkg->getSenderPort() ) &&
( ( *iter )->getSecondIpAddress() == pkg->getTargetIp() && ( *iter )->getSecondPort() == pkg->getTargetPort() ) ) ||
( ( ( *iter )->getFirstIpAddress() == pkg->getTargetIp() && ( *iter )->getFirstPort() == pkg->getTargetPort() ) &&
( ( *iter )->getSecondIpAddress() == pkg->getSenderIp() && ( *iter )->getSecondPort() == pkg->getSenderPort() ) ) ;
}

12
libraries/libPursuer.cpp~
View file

@ -33,6 +33,7 @@
#include <stdexcept>
#include <fstream>
#include <string>
#include <vector>
#include <ios>
#include "../commons/classPacket.h"
#include "../commons/classMacAddress.h"
@ -46,6 +47,8 @@ void writeout ( libNetwork::stream* stream, bool tofile ) {
char buffer[10];
filename << "flow_";
filename << stream->getTimeEpoch();
filename << "_";
filename << stream->getTimeMillis();
filename << ".txt";
std::ofstream myfile;
myfile.open ( filename.str().c_str() );
@ -53,7 +56,6 @@ void writeout ( libNetwork::stream* stream, bool tofile ) {
myfile << exportFormattedRawFlow ( stream );
myfile.close();
}
} else {
std::cout << stream->exportFlow() << std::endl;
}
}
@ -71,3 +73,11 @@ std::string exportFormattedRawFlow ( libNetwork::stream* stream ) {
stdstring << libDump::decodeHexText ( stream->getSecondCharStream() ) << std::endl;
return stdstring.str();
}
bool isStream ( std::list< libNetwork::stream* >::iterator iter, libNetwork::TCPv4packet *pkg ) {
return ( ( ( *iter )->getFirstIpAddress() == pkg->getSenderIp() && ( *iter )->getFirstPort() == pkg->getSenderPort() ) &&
( ( *iter )->getSecondIpAddress() == pkg->getTargetIp() && ( *iter )->getSecondPort() == pkg->getTargetPort() ) ) ||
( ( ( *iter )->getFirstIpAddress() == pkg->getTargetIp() && ( *iter )->getFirstPort() == pkg->getTargetPort() ) &&
( ( *iter )->getSecondIpAddress() == pkg->getSenderIp() && ( *iter )->getSecondPort() == pkg->getSenderPort() ) ) ;
}

2
libraries/libPursuer.h
View file

@ -31,11 +31,13 @@
#include <list>
#include <string>
#include <list>
#include "../commons/classMacAddress.h"
#include "../commons/classPacket.h"
#include "../commons/classFlow.h"
void writeout ( libNetwork::stream* stream, bool tofile );
std::string exportFormattedRawFlow ( libNetwork::stream* stream );
bool isStream ( std::list< libNetwork::stream* >::iterator iter, libNetwork::TCPv4packet* pkg );
#endif //LIBPURSUER_H

3
libraries/libPursuer.h~
View file

@ -31,12 +31,13 @@
#include <list>
#include <string>
#include <list>
#include "../commons/classMacAddress.h"
#include "../commons/classPacket.h"
#include "../commons/classFlow.h"
std::string decodeHexText ( std::string raw );
void writeout ( libNetwork::stream* stream, bool tofile );
std::string exportFormattedRawFlow ( libNetwork::stream* stream );
bool isStream ( list< libNetwork::stream* >::iterator iter, libNetwork::TCPv4packet* pkg );
#endif //LIBPURSUER_H