Detect specific packet and inject forward or backward
- Detect specific packet : ex) HTTP GET
if (tcp.phdr->tcp_dport == TCP_PORT_HTTP) {
if (tcp.pdat.length && !strncmp((char *)tcp.pdat.data, "GET", 3)) {
char *tmp = strchr((char *)tcp.pdat.data, '\n');
if (tmp) *tmp = '\0';
std::cout << "[*] blocked : " << tcp.pdat.data << std::endl;
injectForward(ip, tcp);
injectBackward(eth, ip, tcp);
}
}- inject forward or backward : ex) HTTP 302 redirect, fin or rst flag packet
int PacketInjector::injectForward(IPv4& ip, TCP& tcp) {
u_int32_t seqtmp = tcp.phdr->tcp_seq_num;
tcp.phdr->tcp_seq_num = htonl(ntohl(seqtmp) + tcp.pdat.length);
int ip_len = setProperty(ip, tcp, TCP_FLAG_RST, "");
int total_len = ETHER_HEAD_LEN + ip_len;
int result = pcap_sendpacket(handle, packet, total_len);
tcp.phdr->tcp_seq_num = seqtmp;
tcp.phdr->tcp_flags ^= TCP_FLAG_RST;
return result;
}int PacketInjector::injectBackward(Ethernet& eth, IPv4& ip, TCP& tcp) {
for (int i = 0; i < ETHER_ADDR_LEN; ++i) {
u_int8_t etmp = eth.phdr->ether_dhost[i];
eth.phdr->ether_dhost[i] = eth.phdr->ether_shost[i];
eth.phdr->ether_shost[i] = etmp;
}
struct in_addr itmp = ip.phdr->ip_dst;
ip.phdr->ip_dst = ip.phdr->ip_src;
ip.phdr->ip_src = itmp;
u_int16_t ptmp = tcp.phdr->tcp_dport;
tcp.phdr->tcp_dport = tcp.phdr->tcp_sport;
tcp.phdr->tcp_sport = ptmp;
u_int32_t atmp = tcp.phdr->tcp_ack_num;
tcp.phdr->tcp_ack_num = htonl(ntohl(tcp.phdr->tcp_seq_num) + tcp.pdat.length);
tcp.phdr->tcp_seq_num = atmp;
int ip_len = setProperty(ip, tcp, TCP_FLAG_FIN, BLOCK_MSG);
int total_len = ETHER_HEAD_LEN + ip_len;
int result = pcap_sendpacket(handle, packet, total_len);
return result;
}