andreabont/Project-Riddle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ADD Breeder

Browse source
This commit is contained in:
Andrea Bontempi 2012-06-08 12:52:40 +02:00
commit 9ff22bb227
17 changed files with 1137 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.kdev4/Project-Riddle.kdev4 Normal file
View file

@ -0,0 +1,15 @@
[Buildset]
BuildItems=@Variant(\x00\x00\x00\t\x00\x00\x00\x00\x01\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x00\x1c\x00P\x00r\x00o\x00j\x00e\x00c\x00t\x00-\x00R\x00i\x00d\x00d\x00l\x00e)
[CMake]
BuildDirs=/home/andreabont/Git/Project-Riddle_build
CMakeDir=/usr/share/cmake-2.8/Modules
Current CMake Binary=file:///usr/bin/cmake
CurrentBuildDir=file:///home/andreabont/Git/Project-Riddle_build
CurrentBuildType=Debug
CurrentInstallDir=
Extra Arguments=
ProjectRootRelative=./
[Project]
VersionControlSupport=kdevgit

89
Breeder.cpp Normal file
View file

@ -0,0 +1,89 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include <iostream>
#include <string>
#include <vector>
#include <boost/regex.hpp>
#include <boost/program_options.hpp>
#include "./commons/libPacket.h"
using namespace std;
using namespace boost::program_options;
using namespace libNetwork;
int main(int argc, char **argv) {
options_description desc("Breeder - Network TCP Flux Seletor");
desc.add_options()
("help", "prints this")
("http", "select the http protocol.")
;
variables_map vm;
store(parse_command_line(argc, argv, desc), vm);
notify(vm);
if (vm.count("help"))
{
cout<<desc<<"\n";
return EXIT_SUCCESS;
}
list<std::string> regularexpressions;
if(vm.count("http"))
{
regularexpressions.push_front("HTTP.*");
}
if(regularexpressions.empty())
{
std::cerr<<"ERROR >> You have not selected any protocol!"<<std::endl;
return EXIT_FAILURE;
}
while (1)
{
try
{
string r_flux;
getline(cin,r_flux);
if (cin.eof()) break;
// TODO
}
catch (packet::Overflow)
{
std::cerr<<"Overflow! :-P"<<std::endl;
return EXIT_FAILURE;
}
}
return EXIT_SUCCESS;
}

89
Breeder.cpp~ Normal file
View file

@ -0,0 +1,89 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include <iostream>
#include <string>
#include <vector>
#include <boost/regex.hpp>
#include <boost/program_options.hpp>
#include "./commons/libPacket.h"
using namespace std;
using namespace boost::program_options;
using namespace libNetwork;
int main(int argc, char **argv) {
options_description desc("Breeder - Network TCP Flux Seletor");
desc.add_options()
("help", "prints this")
("http", "select the http protocol.")
;
variables_map vm;
store(parse_command_line(argc, argv, desc), vm);
notify(vm);
if (vm.count("help"))
{
cout<<desc<<"\n";
return EXIT_SUCCESS;
}
list<std::string> regularexpressions;
if(vm.count("http"))
{
regularexpressions.push_front("HTTP.*");
}
if(regularexpressions.empty())
{
std::cerr<<"ERROR >> You have not selected any protocol!"<<std::endl;
return EXIT_FAILURE;
}
while (1)
{
try
{
string r_flux;
getline(cin,r_flux);
if (cin.eof()) break;
}
catch (packet::Overflow)
{
std::cerr<<"Overflow! :-P"<<std::endl;
return EXIT_FAILURE;
}
}
return EXIT_SUCCESS;
}

8
CMakeLists.txt
View file

@ -10,11 +10,13 @@ set(RIDDLE_SRCS ${LIBRARIES_DIR}/libRiddle.cpp ${LIBRARIES_DIR}/libRiddle.h Ridd
set(CIGARETTE_SRCS ${LIBRARIES_DIR}/libCigarette.cpp ${LIBRARIES_DIR}/libCigarette.h Cigarette.cpp)
set(RANGING_SRCS ${LIBRARIES_DIR}/libRanging.h ${LIBRARIES_DIR}/libRanging.cpp Ranging.cpp)
set(PURSUER_SRCS ${LIBRARIES_DIR}/libPursuer.h ${LIBRARIES_DIR}/libPursuer.cpp Pursuer.cpp)
set(BREEDER_SRCS Breeder.cpp)
add_executable(ranging ${RANGING_SRCS})
add_executable(cigarette ${CIGARETTE_SRCS})
add_executable(riddle ${RIDDLE_SRCS})
add_executable(pursuer ${PURSUER_SRCS})
add_executable(breeder ${BREEDER_SRCS})
set(BOOST_LIBS program_options system)
find_package(Boost COMPONENTS ${BOOST_LIBS} REQUIRED)
@ -42,4 +44,8 @@ target_link_libraries(ranging libNetwork)
target_link_libraries(pursuer ${Boost_LIBRARIES})
target_link_libraries(pursuer ${CMAKE_THREAD_LIBS_INIT})
target_link_libraries(pursuer libNetwork)
target_link_libraries(pursuer libNetwork)
target_link_libraries(breeder ${Boost_LIBRARIES})
target_link_libraries(breeder ${CMAKE_THREAD_LIBS_INIT})
target_link_libraries(breeder libNetwork)

51
CMakeLists.txt~ Normal file
View file

@ -0,0 +1,51 @@
cmake_minimum_required(VERSION 2.6)
project(SNIFFER)
add_subdirectory(commons)
add_subdirectory(libraries)
set(LIBRARIES_DIR libraries)
set(RIDDLE_SRCS ${LIBRARIES_DIR}/libRiddle.cpp ${LIBRARIES_DIR}/libRiddle.h Riddle.cpp)
set(CIGARETTE_SRCS ${LIBRARIES_DIR}/libCigarette.cpp ${LIBRARIES_DIR}/libCigarette.h Cigarette.cpp)
set(RANGING_SRCS ${LIBRARIES_DIR}/libRanging.h ${LIBRARIES_DIR}/libRanging.cpp Ranging.cpp)
set(PURSUER_SRCS ${LIBRARIES_DIR}/libPursuer.h ${LIBRARIES_DIR}/libPursuer.cpp Pursuer.cpp)
set(BREEDER_SRCS Breeder.cpp)
add_executable(ranging ${RANGING_SRCS})
add_executable(cigarette ${CIGARETTE_SRCS})
add_executable(riddle ${RIDDLE_SRCS})
add_executable(pursuer ${PURSUER_SRCS})
add_executable(breeder ${BREEDER_SRCS})
set(BOOST_LIBS program_options system)
find_package(Boost COMPONENTS ${BOOST_LIBS} REQUIRED)
find_library(LIBPCAP pcap)
find_package (Threads)
SET(CURSES_NEED_NCURSES TRUE)
find_package(Curses)
target_link_libraries(riddle ${Boost_LIBRARIES})
target_link_libraries(riddle ${LIBPCAP})
target_link_libraries(cigarette libDump)
target_link_libraries(cigarette ${Boost_LIBRARIES})
target_link_libraries(cigarette ${CMAKE_THREAD_LIBS_INIT})
target_link_libraries(cigarette libNetwork)
target_link_libraries(cigarette libDump)
target_link_libraries(ranging ${Boost_LIBRARIES})
target_link_libraries(ranging ${CMAKE_THREAD_LIBS_INIT})
target_link_libraries(ranging ${CURSES_LIBRARY})
target_link_libraries(ranging libNetwork)
target_link_libraries(pursuer ${Boost_LIBRARIES})
target_link_libraries(pursuer ${CMAKE_THREAD_LIBS_INIT})
target_link_libraries(pursuer libNetwork)
target_link_libraries(breeder ${Boost_LIBRARIES})
target_link_libraries(pursuer ${CMAKE_THREAD_LIBS_INIT})
target_link_libraries(breeder libNetwork)

3
Project-Riddle.kdev4 Normal file
View file

@ -0,0 +1,3 @@
[Project]
Manager=KDevCMakeManager
Name=Project-Riddle

17
Pursuer.cpp
View file

@ -57,7 +57,7 @@ int main(int argc, char **argv) {
if (vm.count("help"))
{
cout<<desc<<"\n";
return 1;
return EXIT_SUCCESS;
}
std::list<stream*> packet_stream;
@ -133,7 +133,7 @@ int main(int argc, char **argv) {
}
// Pulizia stream non terminati.
// Regole di pulizia.
for (list<stream*>::iterator it2 = packet_stream.begin(); it2 != packet_stream.end(); it2++)
{
@ -143,7 +143,7 @@ int main(int argc, char **argv) {
writeout((*it2), vm.count("tofile"));
packet_stream.remove(*it2);
packet_stream.erase(it2);
break;
} else if( (*it2)->getBufferLength() > 1024 )
@ -166,6 +166,17 @@ int main(int argc, char **argv) {
}
}
// Esporto fussi non terminati prima dell'uscita.
// Non usare il for, non va d'accordo con gli erase.
while (!packet_stream.empty())
{
list<stream*>::iterator it3 = packet_stream.begin();
writeout((*it3), vm.count("tofile"));
packet_stream.erase(it3);
}
return EXIT_SUCCESS;
}

182
Pursuer.cpp~ Normal file
View file

@ -0,0 +1,182 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include <iostream>
#include <vector>
#include <cstdio>
#include <cstdlib>
#include <string>
#include <boost/asio.hpp>
#include <boost/program_options.hpp>
#include "./libraries/libCigarette.h"
#include "./commons/libAddress.h"
#include "./commons/libPacket.h"
#include "./libraries/libPursuer.h"
using namespace std;
using namespace boost;
using namespace boost::program_options;
using namespace libNetwork;
int main(int argc, char **argv) {
options_description desc("Pursuer - Network TCP Follower");
desc.add_options()
("help", "prints this")
("tofile", "redirect payload to file (a file for each stream)")
;
variables_map vm;
store(parse_command_line(argc, argv, desc), vm);
notify(vm);
if (vm.count("help"))
{
cout<<desc<<"\n";
return 1;
}
std::list<stream*> packet_stream;
string r_packet;
while (1)
{
try
{
getline(cin,r_packet);
if (cin.eof()) break;
packet* pkg = packet::factory(r_packet);
if(pkg->isIPv4())
{
IPv4packet *pkg_ipv4 = dynamic_cast<IPv4packet*>(pkg);
if(pkg_ipv4->isTCP())
{
TCPv4packet *pkg_tcpv4 = dynamic_cast<TCPv4packet*>(pkg);
if(pkg_tcpv4->isSYN() && !pkg_tcpv4->isACK())
{
stream *temp = new stream();
temp->factory(pkg_tcpv4);
packet_stream.push_back(temp);
}
else
{
for (list<stream*>::iterator it = packet_stream.begin(); it != packet_stream.end(); it++)
{
// MA LOL !!!!!
if( ( ( (*it)->getFirstIpAddress() == pkg_tcpv4->getSenderIp() && (*it)->getFirstPort() == pkg_tcpv4->getSenderPort()) &&
( (*it)->getSecondIpAddress() == pkg_tcpv4->getTargetIp() && (*it)->getSecondPort() == pkg_tcpv4->getTargetPort())) ||
( ( (*it)->getFirstIpAddress() == pkg_tcpv4->getTargetIp() && (*it)->getFirstPort() == pkg_tcpv4->getTargetPort()) &&
( (*it)->getSecondIpAddress() == pkg_tcpv4->getSenderIp() && (*it)->getSecondPort() == pkg_tcpv4->getSenderPort())))
{
if(pkg_tcpv4->isSYN())
{
(*it)->factory(pkg_tcpv4);
}
else if(pkg_tcpv4->isRST() || pkg_tcpv4->isFIN())
{
(*it)->flushFirstBuffer();
(*it)->flushSecondBuffer();
writeout((*it), vm.count("tofile"));
packet_stream.remove(*it);
break;
}
else
{
(*it)->addPacket(pkg_tcpv4);
}
break;
}
}
}
}
}
// Regole di pulizia.
for (list<stream*>::iterator it2 = packet_stream.begin(); it2 != packet_stream.end(); it2++)
{
if((*it2)->getFlowLength() > (100*1024*1024) || (*it2)->getTimeEpoch() > pkg->getEpoch() + (10*60))
{
writeout((*it2), vm.count("tofile"));
packet_stream.erase(it2);
break;
} else if( (*it2)->getBufferLength() > 1024 )
{
(*it2)->flushFirstBuffer();
(*it2)->flushSecondBuffer();
}
}
}
catch (packet::Overflow)
{
std::cerr<<"Overflow! :-P"<<std::endl;
return EXIT_FAILURE;
}
}
// Esporto fussi non terminati prima dell'uscita.
// Non usare il for, non va d'accordo con gli erase.
while (!packet_stream.empty())
{
list<stream*>::iterator it3 = packet_stream.begin();
writeout((*it3), vm.count("tofile"));
packet_stream.erase(it3);
}
return EXIT_SUCCESS;
}

1
commons/libDump.cpp
View file

@ -118,3 +118,4 @@ std::string libDump::classicDump(std::string input)
return out.str();
}

129
commons/libDump.cpp~ Normal file
View file

@ -0,0 +1,129 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#define LINE 16
#include <iomanip>
#include <iostream>
#include <string>
#include <sstream>
#include <stdint.h>
#include "libDump.h"
std::string libDump::classicDump(std::string input)
{
std::stringstream out;
int stringlen = input.length();
int stringtodo = input.length();
for(uint16_t address = 0; address < stringlen; address += LINE*2)
{
out << "0x" << std::setfill('0') << std::setw(5) << std::hex << address/2 << " | ";
for(int i = 0; i < LINE*2; i+=2)
{
if(i < stringtodo)
{
out << std::hex << input[address + i];
out << std::hex << input [address + i + 1] << " ";
}
else
{
out << " ";
}
if(i == LINE-2)
{
out << " ";
}
}
out << "| ";
for(int i = 0; i < LINE*2; i+=2)
{
if(i < stringtodo)
{
std::string comp;
comp += (char)input[address + i];
comp += (char)input[address + i + 1];
std::stringstream convert(comp);
int temp;
convert >> std::hex >> temp;
if((temp>32)&&(temp<128))
{
out << (char)temp;
}
else
{
out << ".";
}
}
else
{
out << " ";
}
if(i == LINE-2)
{
out << " ";
}
}
out << std::endl;
stringtodo = stringtodo - LINE*2;
}
return out.str();
}
std::string libDump::classicDump(const unsigned char* input)
{
std::string meta(input);
return libDump::classicDump(meta);
}

43
commons/libDump.h~ Normal file
View file

@ -0,0 +1,43 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#ifndef LIHDUMP_H
#define LIBDUMP_H
#include <iostream>
#include <string>
#include <sstream>
namespace libDump {
std::string classicDump(std::string input);
std::string classicDump(const unsigned char * input);
}
#endif //LIBDUMP_H

4
libraries/libPursuer.cpp
View file

@ -127,6 +127,10 @@ bool stream::factory(libNetwork::TCPv4packet *packet)
}
void stream::factory(std::string packet)
{
}
bool stream::addPacket(libNetwork::TCPv4packet *newPacket)
{

324
libraries/libPursuer.cpp~ Normal file
View file

@ -0,0 +1,324 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include <cstdio>
#include <iostream>
#include <cstdlib>
#include <sstream>
#include <stdexcept>
#include <fstream>
#include <string>
#include <list>
#include <ios>
#include <boost/asio.hpp>
#include <list>
#include "../commons/libPacket.h"
#include "../commons/libAddress.h"
#include "libPursuer.h"
std::string decodeHexText(std::string raw)
{
std::string text;
for(int i = 0; i <= raw.size(); i += 2)
{
std::string comp;
comp += (char)raw[i];
comp += (char)raw[i+1];
std::stringstream convert(comp);
int temp;
convert >> std::hex >> temp;
text += (char)temp;
}
return text;
}
void writeout(stream* stream, bool tofile)
{
if(tofile)
{
std::stringstream filename;
char buffer[10];
filename << "flow_";
filename << stream->getTimeEpoch();
filename << ".txt";
std::ofstream myfile;
myfile.open(filename.str().c_str());
if (myfile.is_open())
{
myfile << stream->exportRawFlow();
myfile.close();
}
} else {
std::cout << stream->exportFlow() << std::endl;
}
}
bool stream::factory(libNetwork::TCPv4packet *packet)
{
if(packet->isSYN())
{
if(!packet->isACK())
{
timeEpoch = packet->getEpoch();
timeMillis = packet->getMillis();
macAddress[0] = packet->getSenderMac();
macAddress[1] = packet->getTargetMac();
ipAddress[0] = packet->getSenderIp();
ipAddress[1] = packet->getTargetIp();
port[0] = packet->getSenderPort();
port[1] = packet->getTargetPort();
sequenceNumber[0] = packet->getSequenceNumber();
sequenceNumber[1] = 0;
flagFirstFIN = false;
flagSecondFIN = false;
delete packet;
return true;
}
else
{
if(sequenceNumber[0] + 1 == packet->getAcknowledgmentNumber())
{
sequenceNumber[1] = packet->getSequenceNumber();
delete packet;
return true;
}
}
}
delete packet;
return false;
}
bool stream::addPacket(libNetwork::TCPv4packet *newPacket)
{
using namespace std;
int a,b;
if(!newPacket->isSYN())
{
if(newPacket->getSenderPort() == port[0])
{
// Siamo nel primo buffer
a = 1;
b = 0;
}
else if(newPacket->getSenderPort() == port[1])
{
// Siamo nel secondo buffer
a = 0;
b = 1;
}
else return false; // Buffer non identificato.
if(newPacket->isACK()) // Se c'è ACK setto il flag sul pacchetto corrispondente, se c'è.
{
for (list<libNetwork::TCPv4packet*>::iterator it = buffer[a].begin(); it != buffer[a].end(); it++)
{
if( (*it)->getSequenceNumber() == newPacket->getAcknowledgmentNumber() - ((*it)->getPayLoad().size()/2))
{
(*it)->public_flag = true;
break;
}
}
}
if(newPacket->getPayLoad().size() != 0) // Salvo il pacchetto solo se ha del payload.
{
buffer[b].push_back(newPacket);
}
return true;
}
return false;
}
void stream::flushBuffer(int number)
{
bool isFound;
do {
isFound = false;
for (std::list<libNetwork::TCPv4packet*>::iterator it = buffer[number].begin(); it != buffer[number].end(); it++)
{
if(sequenceNumber[number] + 1 == (*it)->getSequenceNumber() && (*it)->public_flag)
{
std::string payload = (*it)->getPayLoad();
flow[number] += payload;
sequenceNumber[number] += payload.size()/2; // unsigned, si azzera come avviene nel tcp.
buffer[number].remove(*it);
isFound = true;
break;
}
}
} while (isFound);
}
void stream::flushFirstBuffer()
{
flushBuffer(0);
}
void stream::flushSecondBuffer()
{
flushBuffer(1);
}
std::string stream::exportFlow()
{
std::stringstream stdstring;
stdstring << timeEpoch << "!" << timeMillis << "!";
stdstring << macAddress[0].to_string() << "!" << macAddress[1].to_string() << "!";
stdstring << ipAddress[0].to_string() << "!" << ipAddress[1].to_string() << "!";
stdstring << port[0] << "!" << port[1] << "!";
stdstring << flow[0] << "!" << flow[1];
return stdstring.str();;
}
std::string stream::exportRawFlow()
{
std::stringstream stdstring;
stdstring << ">> Two-way flow between " << ipAddress[0].to_string() << ":" << port[0] << " and " << ipAddress[1].to_string() << ":" << port[1] << std::endl;
stdstring << ">> " << ipAddress[0].to_string() << ":" << port[0] << " -> " << ipAddress[1].to_string() << ":" << port[1] << std::endl;
stdstring << decodeHexText(flow[0]) << std::endl;
stdstring << ">> " << ipAddress[1].to_string() << ":" << port[1] << " -> " << ipAddress[0].to_string() << ":" << port[0] << std::endl;
stdstring << decodeHexText(flow[1]) << std::endl;
return stdstring.str();
}
uint64_t stream::getBufferLength()
{
uint64_t bufferlenght = 0;
for(int i = 0; i <= 1; i++)
{
for (std::list<libNetwork::TCPv4packet*>::iterator it = buffer[i].begin(); it != buffer[i].end(); it++)
{
bufferlenght += (*it)->getPayloadLength();
}
}
return bufferlenght;
}
uint64_t stream::getFlowLength()
{
return (flow[0].length() + flow[1].length())/2;
}
uint64_t stream::getTimeEpoch()
{
return timeEpoch;
}
uint32_t stream::getTimeMillis()
{
return timeMillis;
}
libNetwork::mac_address stream::getFirstMacAddress()
{
return macAddress[0];
}
libNetwork::mac_address stream::getSecondMacAddress()
{
return macAddress[1];
}
boost::asio::ip::address stream::getFirstIpAddress()
{
return ipAddress[0];
}
boost::asio::ip::address stream::getSecondIpAddress()
{
return ipAddress[1];
}
uint16_t stream::getFirstPort()
{
return port[0];
}
uint16_t stream::getSecondPort()
{
return port[1];
}
uint32_t stream::getFirstSN()
{
return sequenceNumber[0];
}
uint32_t stream::getSecondSN()
{
return sequenceNumber[1];
}
bool stream::isFIN()
{
return flagFirstFIN && flagSecondFIN;
}

1
libraries/libPursuer.h
View file

@ -59,6 +59,7 @@ private:
public:
bool factory(libNetwork::TCPv4packet *packet);
void factory(std::string packet);
bool addPacket(libNetwork::TCPv4packet *newPacket);

94
libraries/libPursuer.h~ Normal file
View file

@ -0,0 +1,94 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#ifndef LIBPURSUER_H
#define LIBPURSUER_H
#include <list>
#include <string>
#include <boost/asio.hpp>
#include <boost/concept_check.hpp>
#include "../commons/libAddress.h"
#include "../commons/libPacket.h"
/** Class for managing TCP flow. */
class stream
{
private:
uint64_t timeEpoch;
uint32_t timeMillis;
bool flagFirstFIN;
bool flagSecondFIN;
libNetwork::mac_address macAddress[2];
boost::asio::ip::address ipAddress[2];
uint16_t port[2];
std::list<libNetwork::TCPv4packet*> buffer[2];
uint32_t sequenceNumber[2];
std::string flow[2];
void flushBuffer(int number);
public:
bool factory(libNetwork::TCPv4packet *packet);
bool addPacket(libNetwork::TCPv4packet *newPacket);
void flushFirstBuffer();
void flushSecondBuffer();
uint64_t getTimeEpoch();
uint32_t getTimeMillis();
libNetwork::mac_address getFirstMacAddress();
libNetwork::mac_address getSecondMacAddress();
boost::asio::ip::address getFirstIpAddress();
boost::asio::ip::address getSecondIpAddress();
uint16_t getFirstPort();
uint16_t getSecondPort();
uint32_t getFirstSN();
uint32_t getSecondSN();
/* Ritorna in byte la somma dei payload dei pachetti nel buffer */
uint64_t getBufferLength();
/* Ritorna lunghezza in byte dei due flussi in uscita */
uint64_t getFlowLength();
std::string exportFlow();
std::string exportRawFlow();
bool isFIN();
};
std::string decodeHexText(std::string raw);
void writeout(stream* stream, bool tofile);
#endif //LIBPURSUER_H

2
libraries/libRiddle.cpp
View file

@ -64,7 +64,6 @@ void hexDump(const unsigned char *start, struct pcap_pkthdr header)
std::cout<<" uS: "<<header.ts.tv_usec;
std::cout<<"] Received "<<header.len<<" byte:"<<std::endl;
int index=0;
// TODO
while (header.len>16)
{
memPrint(start,16,index);
@ -73,6 +72,7 @@ void hexDump(const unsigned char *start, struct pcap_pkthdr header)
index+=16;
}
if (header.len>0) memPrint(start,header.len,index);
}
void rawDump(const unsigned char *start, struct pcap_pkthdr header)

90
libraries/libRiddle.cpp~ Normal file
View file

@ -0,0 +1,90 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include <cstdio>
#include <iostream>
#include <cstdlib>
#include <sstream>
#include <stdexcept>
#include "libRiddle.h"
#include "../commons/libDump.h"
// Non mettere using namespace generali in header file.
void pcap_fatal(const char *error_in, const char *error_buffer)
{
std::stringstream ss;
ss<<"Fatal Error in "<<error_in<<": "<<error_buffer;
throw(std::runtime_error(ss.str()));
}
static void memPrint(const unsigned char *start, char len, int index)
{
printf("0x%08x | ",index);
int i;
for (i=0;i<len;i++) printf("%02x ",start[i]);
for (i=0;i<(16-len);i++) printf(" ");
printf("| ");
for (i=0;i<len;i++)
{
if ((start[i]>32)&&(start[i]<128)) printf("%c",start[i]);
else printf(".");
}
printf("\n");
}
void hexDump(const unsigned char *start, struct pcap_pkthdr header)
{
std::cout<<std::endl<<"[TS: "<<header.ts.tv_sec;
std::cout<<" uS: "<<header.ts.tv_usec;
std::cout<<"] Received "<<header.len<<" byte:"<<std::endl;
int index=0;
std::string meta(start);
std::cout << libDump::classicDump(meta);
/*
while (header.len>16)
{
memPrint(start,16,index);
header.len-=16;
start+=16;
index+=16;
}
if (header.len>0) memPrint(start,header.len,index);
*/
}
void rawDump(const unsigned char *start, struct pcap_pkthdr header)
{
std::cout<<header.ts.tv_sec<<"!";
std::cout<<header.ts.tv_usec<<"!";
for (int i=0;i<header.len;i++) printf("%02x",start[i]);
std::cout<<std::endl;
}