|
|
@ -4,53 +4,12 @@
|
|
|
|
|
|
|
|
|
|
|
|
![overview](README.assets/overview.png)
|
|
|
|
![overview](README.assets/overview.png)
|
|
|
|
|
|
|
|
|
|
|
|
## Pseudocode
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```python
|
|
|
|
|
|
|
|
class vde_proxy:
|
|
|
|
|
|
|
|
def handle_frame(frame):
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
frame.mac = self.new_mac
|
|
|
|
|
|
|
|
except NameError:
|
|
|
|
|
|
|
|
self.new_mac = random_mac()
|
|
|
|
|
|
|
|
self.new_ip = do_dhcp(new_mac)
|
|
|
|
|
|
|
|
finally:
|
|
|
|
|
|
|
|
frame.mac = self.new_mac
|
|
|
|
|
|
|
|
frame.packet = handle_packet(frame.packet)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def handle_packet(packet):
|
|
|
|
|
|
|
|
protocols = {
|
|
|
|
|
|
|
|
"ip" : handle_ip,
|
|
|
|
|
|
|
|
"arp": handle_arp,
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return protocols[packet.protocol](packet)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def handle_ip(packet):
|
|
|
|
|
|
|
|
# Todo: Check DHCP lease and get new one if necessary
|
|
|
|
|
|
|
|
packet.ip = self.new_ip
|
|
|
|
|
|
|
|
if is_dhcp(packet):
|
|
|
|
|
|
|
|
packet = handle_dhcp(packet)
|
|
|
|
|
|
|
|
return packet
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def handle_arp(packet):
|
|
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def handle_dhcp(packet):
|
|
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def do_dhcp(mac):
|
|
|
|
|
|
|
|
# Do DHCP
|
|
|
|
|
|
|
|
return ip
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Problematic protocols
|
|
|
|
## Problematic protocols
|
|
|
|
|
|
|
|
|
|
|
|
Important:
|
|
|
|
Important:
|
|
|
|
|
|
|
|
|
|
|
|
* DHCP
|
|
|
|
* DHCP
|
|
|
|
* ARP
|
|
|
|
* ARP (implemented)
|
|
|
|
|
|
|
|
|
|
|
|
Nice to have:
|
|
|
|
Nice to have:
|
|
|
|
|
|
|
|
|
|
|
@ -67,8 +26,34 @@ Keep in mind:
|
|
|
|
### Go:
|
|
|
|
### Go:
|
|
|
|
|
|
|
|
|
|
|
|
* gopacket (~libpcap): https://github.com/google/gopacket / https://pkg.go.dev/github.com/google/gopacket
|
|
|
|
* gopacket (~libpcap): https://github.com/google/gopacket / https://pkg.go.dev/github.com/google/gopacket
|
|
|
|
* (Link layer frame modification: https://github.com/mdlayher/ethernet / https://pkg.go.dev/github.com/mdlayher/ethernet)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Rust:
|
|
|
|
## Binaries
|
|
|
|
|
|
|
|
### envctl - control VMs, network etc
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
$ ./envctl
|
|
|
|
|
|
|
|
Usage: envctl {start|stop|restart} {all|network|vms|alpine|alpine1|alpine2|kali|proxy2|proxy3|proxies}
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
* https://docs.rs/etherparse/0.9.0/etherparse
|
|
|
|
### proxy - main binary
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
$ ./proxy -help
|
|
|
|
|
|
|
|
Usage of ./proxy:
|
|
|
|
|
|
|
|
-log int
|
|
|
|
|
|
|
|
allowed: 5 (debug), 4 (info), 3 (warning), 2 (error), 1 (fatal) (default 4)
|
|
|
|
|
|
|
|
-logfile string
|
|
|
|
|
|
|
|
Location to write output to
|
|
|
|
|
|
|
|
-newip string
|
|
|
|
|
|
|
|
IP after change (default "10.0.0.15")
|
|
|
|
|
|
|
|
-newmac string
|
|
|
|
|
|
|
|
MAC after change
|
|
|
|
|
|
|
|
-oldip string
|
|
|
|
|
|
|
|
IP before change
|
|
|
|
|
|
|
|
-oldmac string
|
|
|
|
|
|
|
|
MAC before change
|
|
|
|
|
|
|
|
-passthrough
|
|
|
|
|
|
|
|
Whether to pass every traffic through
|
|
|
|
|
|
|
|
-pidfile string
|
|
|
|
|
|
|
|
Location to write the pid to
|
|
|
|
|
|
|
|
-proxy string
|
|
|
|
|
|
|
|
Number of the proxy switch (default "1")
|
|
|
|
|
|
|
|
```
|
|
|
|