mosers
/
eaas-vde-proxy
Archiviert
1
0
Fork 0
Code Issues Pull-Requests Projekte Releases Wiki Aktivität

Bugfix for demonstration

Quellcode durchsuchen
main
Simon Moser vor 3 Jahren
Ursprung 972be2b000
Commit 1df043661e
Signiert von: mosers
GPG-Schlüssel-ID: 96B3365A234B500C
2 geänderte Dateien mit 64 neuen und 70 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen

110
proxy/main.go
Unescapen Escapen Datei anzeigen

@ -77,6 +77,8 @@ func main() {
log.SetFormatter(&log.TextFormatter{ log.SetFormatter(&log.TextFormatter{
DisableTimestamp: true, DisableTimestamp: true,
}) })
log.Info("Using replacement hostname " + UId)
log.Info("Using generated MAC " + NewMAC.String())
if *logFile != "" { if *logFile != "" {
if f, err := os.OpenFile(*logFile, os.O_WRONLY|os.O_CREATE, 0755); err != nil { if f, err := os.OpenFile(*logFile, os.O_WRONLY|os.O_CREATE, 0755); err != nil {
log.Error("Error opening logFile ", *logFile) log.Error("Error opening logFile ", *logFile)
@ -153,7 +155,8 @@ func pipeForward(prefix string) {
// Handle Ethernet frame // Handle Ethernet frame
log.Debug("Start packet") log.Debug("Start packet")
frame := packet.Layer(layers.LayerTypeEthernet).(*layers.Ethernet) frame := packet.Layer(layers.LayerTypeEthernet).(*layers.Ethernet)
filterMAC(prefix, &frame.DstMAC, &frame.SrcMAC, frame.LayerType()) filterMAC(prefix, &frame.SrcMAC, "src", frame.LayerType())
filterMAC(prefix, &frame.DstMAC, "dst", frame.LayerType())
// Handle IPv4 packet // Handle IPv4 packet
if ipv4layer := packet.Layer(layers.LayerTypeIPv4); ipv4layer != nil { if ipv4layer := packet.Layer(layers.LayerTypeIPv4); ipv4layer != nil {
@ -166,7 +169,8 @@ func pipeForward(prefix string) {
continue continue
} }
filterIP(prefix, &ipv4Packet.DstIP, &ipv4Packet.SrcIP, ipv4Packet.LayerType()) filterIP(prefix, &ipv4Packet.SrcIP, "src", ipv4Packet.LayerType())
filterIP(prefix, &ipv4Packet.DstIP, "dst", ipv4Packet.LayerType())
// Handle ICMP packet (based on IPv4) // Handle ICMP packet (based on IPv4)
if icmpLayer := packet.Layer(layers.LayerTypeICMPv4); icmpLayer != nil { if icmpLayer := packet.Layer(layers.LayerTypeICMPv4); icmpLayer != nil {
@ -191,7 +195,7 @@ func pipeForward(prefix string) {
if (udpPacket.SrcPort == 137 && udpPacket.DstPort == 137) || // NBNS if (udpPacket.SrcPort == 137 && udpPacket.DstPort == 137) || // NBNS
(udpPacket.SrcPort == 138 && udpPacket.DstPort == 138) { // NBDS (udpPacket.SrcPort == 138 && udpPacket.DstPort == 138) { // NBDS
log.Info(prefix, "Filtering NBNS/NBDS payload") log.Debug(prefix, "Filtering NBNS/NBDS payload")
filterPayload(prefix, &udpPacket.Payload) filterPayload(prefix, &udpPacket.Payload)
} }
} }
@ -199,7 +203,7 @@ func pipeForward(prefix string) {
// Drop IPv6 packets // Drop IPv6 packets
if ipv6layer := packet.Layer(layers.LayerTypeIPv6); ipv6layer != nil { if ipv6layer := packet.Layer(layers.LayerTypeIPv6); ipv6layer != nil {
log.Info(prefix, "IPv6 packet dropped") log.Debug(prefix, "IPv6 packet dropped")
continue continue
} }
@ -207,8 +211,10 @@ func pipeForward(prefix string) {
if frame.EthernetType == layers.EthernetTypeARP { if frame.EthernetType == layers.EthernetTypeARP {
arpPacket := packet.Layer(layers.LayerTypeARP).(*layers.ARP) arpPacket := packet.Layer(layers.LayerTypeARP).(*layers.ARP)
log.Debug(prefix, "ARP Type ", arpPacket.Operation) log.Debug(prefix, "ARP Type ", arpPacket.Operation)
filterIP(prefix, &arpPacket.DstProtAddress, &arpPacket.SourceProtAddress, arpPacket.LayerType()) filterIP(prefix, &arpPacket.SourceProtAddress, "src", arpPacket.LayerType())
filterMAC(prefix, &arpPacket.DstHwAddress, &arpPacket.SourceHwAddress, arpPacket.LayerType()) filterIP(prefix, &arpPacket.DstProtAddress, "dst", arpPacket.LayerType())
filterMAC(prefix, &arpPacket.SourceHwAddress, "src", arpPacket.LayerType())
filterMAC(prefix, &arpPacket.DstHwAddress, "dst", arpPacket.LayerType())
} }
log.Debug("End packet") log.Debug("End packet")
@ -263,30 +269,15 @@ func filterPayload(prefix string, payload *[]byte) {
} }
// filterIP checks whether an IP target selected from src and dst equals a given value. If yes, it is changed // filterIP checks whether an IP target selected from src and dst equals a given value. If yes, it is changed
func filterIP(prefix string, dst interface{}, src interface{}, context gopacket.LayerType) { func filterIP(prefix string, addr interface{}, which string, context gopacket.LayerType) {
var target interface{} ip, isIp := addr.(*net.IP)
var condVal net.IP bs, isBs := addr.(*[]byte)
var newVal net.IP
var which string
if prefix == In {
target = dst
which = "dst"
condVal = NewIP
newVal = OldIP
} else if prefix == Out {
target = src
which = "src"
condVal = OldIP
newVal = NewIP
}
ip, isIp := target.(*net.IP)
bs, isBs := target.(*[]byte)
// If no OldIP is set yet, get it from outgoing src field // If no OldIP is set yet, get it from outgoing src field
if OldIP == nil { if OldIP == nil {
if prefix == In { if prefix == In || which == "dst" {
return return
} else if prefix == Out { } else if prefix == Out && which == "src" {
if isIp { if isIp {
if !ip.IsGlobalUnicast() { if !ip.IsGlobalUnicast() {
return return
@ -296,57 +287,50 @@ func filterIP(prefix string, dst interface{}, src interface{}, context gopacket.
OldIP = *bs OldIP = *bs
} }
log.Info("OldIP set to ", OldIP) log.Info("OldIP set to ", OldIP)
condVal = OldIP
} }
} }
if isIp && bytes.Equal(*ip, condVal) { if isIp && bytes.Equal(*ip, OldIP) {
*ip = newVal *ip = NewIP
log.Debugf("%s%s %s IP %s changed to %s", prefix, context, which, condVal, newVal) log.Debugf("%s%s %s IP %s changed to %s", prefix, context, which, OldIP, NewIP)
} } else if isBs && bytes.Equal(*bs, OldIP) {
if isBs && bytes.Equal(*bs, condVal) { *bs = NewIP
*bs = newVal log.Debugf("%s%s %s IP %s changed to %s", prefix, context, which, OldIP, NewIP)
log.Debugf("%s%s %s IP %s changed to %s", prefix, context, which, condVal, newVal) } else if isIp && bytes.Equal(*ip, NewIP) {
*ip = OldIP
log.Debugf("%s%s %s IP %s changed to %s", prefix, context, which, NewIP, OldIP)
} else if isBs && bytes.Equal(*bs, NewIP) {
*bs = OldIP
log.Debugf("%s%s %s IP %s changed to %s", prefix, context, which, NewIP, OldIP)
} }
} }
// filterMAC checks whether a MAC target selected from src and dst equals a given value. If yes, it is changed // filterMAC checks whether a MAC target selected from src and dst equals a given value. If yes, it is changed
func filterMAC(prefix string, dst interface{}, src interface{}, context gopacket.LayerType) { func filterMAC(prefix string, addr interface{}, which string, context gopacket.LayerType) {
// If no OldMAC is set yet, get it from outgoing src field // If no OldMAC is set yet, get it from outgoing src field
// Has to be HardwareAddr because this is used for ethernet frames which call this method first // Has to be HardwareAddr because this is used for ethernet frames which call this method first
if OldMAC == nil { if OldMAC == nil {
if prefix == In { if prefix == In || which == "dst" {
return return
} else if prefix == Out { } else if prefix == Out && which == "src" {
OldMAC = *src.(*net.HardwareAddr) OldMAC = *addr.(*net.HardwareAddr)
log.Info("OldMAC set to ", OldMAC) log.Info("OldMAC set to ", OldMAC)
} }
} }
mac, isMac := addr.(*net.HardwareAddr)
var target interface{} bs, isBs := addr.(*[]byte)
var condVal net.HardwareAddr if isMac && bytes.Equal(*mac, NewMAC) {
var newVal net.HardwareAddr *mac = OldMAC
var which string log.Debugf("%s%s %s MAC %s changed to %s", prefix, context, which, NewMAC, OldMAC)
if prefix == In { } else if isBs && bytes.Equal(*bs, NewMAC) {
target = dst *bs = OldMAC
which = "dst" log.Debugf("%s%s %s MAC %s changed to %s", prefix, context, which, NewMAC, OldMAC)
condVal = NewMAC } else if isMac && bytes.Equal(*mac, OldMAC) {
newVal = OldMAC *mac = NewMAC
} else if prefix == Out { log.Debugf("%s%s %s MAC %s changed to %s", prefix, context, which, OldMAC, NewMAC)
target = src } else if isBs && bytes.Equal(*bs, OldMAC) {
which = "src" *bs = NewMAC
condVal = OldMAC log.Debugf("%s%s %s MAC %s changed to %s", prefix, context, which, OldMAC, NewMAC)
newVal = NewMAC
}
mac, isMac := target.(*net.HardwareAddr)
bs, isBs := target.(*[]byte)
if isMac && bytes.Equal(*mac, condVal) {
*mac = newVal
log.Debugf("%s%s %s MAC %s changed to %s", prefix, context, which, condVal, newVal)
}
if isBs && bytes.Equal(*bs, condVal) {
*bs = newVal
log.Debugf("%s%s %s MAC %s changed to %s", prefix, context, which, condVal, newVal)
} }
} }

24
test-env/envctl
Unescapen Escapen Datei anzeigen

@ -14,7 +14,8 @@ alpine2="$RUN/vm_alpine_2.pid"
win="$RUN/vm_win_*.pid" win="$RUN/vm_win_*.pid"
win1="$RUN/vm_win_1.pid" win1="$RUN/vm_win_1.pid"
win2="$RUN/vm_win_2.pid" win2="$RUN/vm_win_2.pid"
kali="$RUN/vm_kali.pid" kali1="$RUN/vm_kali1.pid"
kali2="$RUN/vm_kali2.pid"
proxy2="$RUN/proxy_2.pid" proxy2="$RUN/proxy_2.pid"
proxy3="$RUN/proxy_3.pid" proxy3="$RUN/proxy_3.pid"
proxies="$RUN/proxy_*.pid" proxies="$RUN/proxy_*.pid"
@ -35,22 +36,31 @@ start)
alpine1 | alpine) alpine1 | alpine)
$qemu -m 512 -nic vde,mac='52:54:00:12:34:56',sock=$RUN/sw_proxy1.sock -hda alpine1.qcow2 -daemonize -vnc :1 -pidfile $alpine1 $qemu -m 512 -nic vde,mac='52:54:00:12:34:56',sock=$RUN/sw_proxy1.sock -hda alpine1.qcow2 -daemonize -vnc :1 -pidfile $alpine1
;;& ;;&
alpine2 | alpine) alpine1b | alpine)
$qemu -m 512 -nic vde,mac='52:54:00:12:34:56',sock=$RUN/sw_proxy2.sock -hda alpine1b.qcow2 -daemonize -vnc :12 -pidfile $alpine2
;;&
alpine2 )
$qemu -m 512 -nic vde,mac='52:54:00:12:34:66',sock=$RUN/sw_proxy2.sock -hda alpine2.qcow2 -daemonize -vnc :2 -pidfile $alpine2 $qemu -m 512 -nic vde,mac='52:54:00:12:34:66',sock=$RUN/sw_proxy2.sock -hda alpine2.qcow2 -daemonize -vnc :2 -pidfile $alpine2
;;& ;;&
win1 | win | vms | all) win1 | win | vms )
$qemu -vga cirrus -smp 1 -net nic,model=rtl8139 -net vde,sock=$RUN/sw_proxy1.sock -soundhw sb16 -m 128 -usb -usbdevice tablet -drive file=images/win98.raw,format=raw,index=0,media=disk -cdrom images/Win98SE.iso -daemonize -vnc :1 -pidfile $win1 $qemu -vga cirrus -smp 1 -net nic,model=rtl8139 -net vde,sock=$RUN/sw_proxy1.sock -soundhw sb16 -m 128 -usb -usbdevice tablet -drive file=images/win98.raw,format=raw,index=0,media=disk -cdrom images/Win98SE.iso -daemonize -vnc :1 -pidfile $win1
;;& ;;&
win2 | win | vms | all) win0 | win | vms )
$qemu -vga cirrus -smp 1 -net nic,model=rtl8139,macaddr='52:54:00:12:34:66' -net vde,sock=$RUN/sw_proxy1.sock -soundhw sb16 -m 128 -usb -usbdevice tablet -drive file=images/win98-0.raw,format=raw,index=0,media=disk -cdrom images/Win98SE.iso -daemonize -vnc :1 -pidfile $win1
;;&
win2 | win | vms )
$qemu -vga cirrus -smp 1 -net nic,model=rtl8139,macaddr='52:54:00:12:34:66' -net vde,sock=$RUN/sw_proxy2.sock -soundhw sb16 -m 128 -usb -usbdevice tablet -drive file=images/win98-2.raw,format=raw,index=0,media=disk -cdrom images/Win98SE.iso -daemonize -vnc :2 -pidfile $win2 $qemu -vga cirrus -smp 1 -net nic,model=rtl8139,macaddr='52:54:00:12:34:66' -net vde,sock=$RUN/sw_proxy2.sock -soundhw sb16 -m 128 -usb -usbdevice tablet -drive file=images/win98-2.raw,format=raw,index=0,media=disk -cdrom images/Win98SE.iso -daemonize -vnc :2 -pidfile $win2
;;& ;;&
kali | vms | all) kali1 | kalis | vms | all)
$qemu -m 1024 -nic user -nic vde,mac='52:54:00:12:34:76',sock=$RUN/sw_proxy3.sock -hda kali.qcow2 -daemonize -vnc :3 -pidfile $kali $qemu -m 1024 -nic user -nic vde,mac='52:54:00:12:34:76',sock=$RUN/sw_proxy1.sock -hda kali1.qcow2 -daemonize -vnc :1 -pidfile $kali1
;;&
kali2 | kalis | vms | all)
$qemu -m 1024 -nic user -nic vde,mac='52:54:00:12:34:76',sock=$RUN/sw_proxy2.sock -hda kali2.qcow2 -daemonize -vnc :2 -pidfile $kali2
;;& ;;&
proxy2 | proxies | all) proxy2 | proxies | all)
$proxy -sproxy $RUN/sw_proxy2.sock -passthrough -logfile $RUN/proxy_2.log -pidfile $proxy2 & $proxy -sproxy $RUN/sw_proxy2.sock -passthrough -logfile $RUN/proxy_2.log -pidfile $proxy2 &
;;& ;;&
proxy3 | proxies | all) proxy3 | proxies )
$proxy -sproxy $RUN/sw_proxy3.sock -passthrough -logfile $RUN/proxy_3.log -pidfile $proxy3 & $proxy -sproxy $RUN/sw_proxy3.sock -passthrough -logfile $RUN/proxy_3.log -pidfile $proxy3 &
;; ;;
*) *)