Author: Steve Kemp Description: Include to fix segfault on some architectures. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315969 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/msgsnarf.c +++ b/msgsnarf.c @@ -23,6 +23,7 @@ #include #include #include +#include #include "buf.h" #include "decode.h" --- a/sshow.c +++ b/sshow.c @@ -15,6 +15,7 @@ #include #include +#include #include #include Author: Steve Kemp Description: mailsnarf does not parse mail correctly. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=149330 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/mailsnarf.c +++ b/mailsnarf.c @@ -178,7 +178,7 @@ if (smtp->state != SMTP_DATA) { while ((i = buf_index(&buf, "\r\n", 2)) >= 0) { line = buf_tok(&buf, NULL, i + 2); - line->base[line->end] = '\0'; + line->base[line->end-1] = '\0'; p = buf_ptr(line); if (strncasecmp(p, "RSET", 4) == 0) { Author: Joseph Battaglia and Joshua Krage Description: Allow the reading of saved PCAP capture files. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=153462 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298604 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/dsniff.8 +++ b/dsniff.8 @@ -10,7 +10,7 @@ .nf .fi \fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i -\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR] +\fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR] [\fB-t \fItrigger[,...]\fR]] [\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR] .SH DESCRIPTION @@ -45,6 +45,9 @@ Do not resolve IP addresses to hostnames. .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Rather than processing the contents of packets observed upon the network +process the given PCAP capture file. .IP "\fB-s \fIsnaplen\fR" Analyze at most the first \fIsnaplen\fR bytes of each TCP connection, rather than the default of 1024. --- a/dsniff.c +++ b/dsniff.c @@ -46,8 +46,9 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n" - " [-t trigger[,...]] [-r|-w savefile] [expression]\n"); + "Usage: dsniff [-cdmn] [-i interface | -p pcapfile] [-s snaplen]\n" + " [-f services] [-t trigger[,...]] [-r|-w savefile]\n" + " [expression]\n"); exit(1); } @@ -79,7 +80,7 @@ services = savefile = triggers = NULL; - while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) { + while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) { switch (c) { case 'c': Opt_client = 1; @@ -99,6 +100,9 @@ case 'n': Opt_dns = 0; break; + case 'p': + nids_params.filename = optarg; + break; case 'r': Opt_read = 1; savefile = optarg; @@ -168,10 +172,23 @@ else nids_register_tcp(trigger_tcp); if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } } - else warnx("listening on %s", nids_params.device); nids_run(); --- a/filesnarf.8 +++ b/filesnarf.8 @@ -9,7 +9,7 @@ .na .nf .fi -\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -18,6 +18,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching files. --- a/filesnarf.c +++ b/filesnarf.c @@ -51,7 +51,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n"); + "Usage: filesnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -464,11 +464,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:vh?V")) != -1) { + while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; case 'v': Opt_invert = 1; break; @@ -498,11 +501,24 @@ nids_register_ip(decode_udp_nfs); nids_register_tcp(decode_tcp_nfs); - if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); --- a/mailsnarf.8 +++ b/mailsnarf.8 @@ -9,7 +9,7 @@ .na .nf .fi -\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -19,6 +19,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching messages. --- a/mailsnarf.c +++ b/mailsnarf.c @@ -59,7 +59,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n"); + "Usage: mailsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -344,11 +344,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:vh?V")) != -1) { + while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; case 'v': Opt_invert = 1; break; @@ -378,10 +381,23 @@ nids_register_tcp(sniff_pop_session); if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); --- a/msgsnarf.8 +++ b/msgsnarf.8 @@ -9,7 +9,7 @@ .na .nf .fi -\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -19,6 +19,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching messages. --- a/msgsnarf.c +++ b/msgsnarf.c @@ -45,7 +45,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n"); + "Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -633,11 +633,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:hv?V")) != -1) { + while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; case 'v': Opt_invert = 1; break; @@ -666,11 +669,24 @@ nids_register_tcp(sniff_msgs); - if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); --- a/sshow.8 +++ b/sshow.8 @@ -9,7 +9,7 @@ .na .nf .fi -\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR] +\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR] .SH DESCRIPTION .ad .fi @@ -28,6 +28,8 @@ Enable verbose debugging output. .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP "\fIexpression\fR" Specify a tcpdump(8) filter expression to select traffic to sniff. .SH "SEE ALSO" --- a/sshow.c +++ b/sshow.c @@ -82,7 +82,7 @@ static void usage(void) { - fprintf(stderr, "Usage: sshow [-d] [-i interface]\n"); + fprintf(stderr, "Usage: sshow [-d] [-i interface | -p pcapfile]\n"); exit(1); } @@ -616,7 +616,7 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "di:h?")) != -1) { + while ((c = getopt(argc, argv, "di:p:h?")) != -1) { switch (c) { case 'd': debug++; @@ -624,6 +624,9 @@ case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; default: usage(); break; @@ -652,11 +655,24 @@ nids_register_tcp(process_event); - if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); --- a/urlsnarf.8 +++ b/urlsnarf.8 @@ -9,7 +9,7 @@ .na .nf .fi -\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -21,6 +21,9 @@ .IP \fB-n\fR Do not resolve IP addresses to hostnames. .IP "\fB-i \fIinterface\fR" +Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching URLs. --- a/urlsnarf.c +++ b/urlsnarf.c @@ -41,7 +41,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n"); + "Usage: urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -201,11 +201,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:nvh?V")) != -1) { + while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; case 'n': Opt_dns = 0; break; @@ -238,8 +241,24 @@ nids_register_tcp(sniff_http_client); - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); --- a/webspy.8 +++ b/webspy.8 @@ -9,7 +9,7 @@ .na .nf .fi -\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR +\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR .SH DESCRIPTION .ad .fi @@ -20,6 +20,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fIhost\fR Specify the web client to spy on. .SH "SEE ALSO" --- a/webspy.c +++ b/webspy.c @@ -42,7 +42,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: %s [-i interface] host\n", progname); + "Usage: %s [-i interface | -p pcapfile] host\n", progname); exit(1); } @@ -184,11 +184,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:h?V")) != -1) { + while ((c = getopt(argc, argv, "i:p:h?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; default: usage(); } @@ -216,7 +219,13 @@ nids_register_tcp(sniff_http_client); - warnx("listening on %s", nids_params.device); + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + nids_run(); Author: Steve Kemp Description: Work with multiple interfaces. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242369 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/arp.c +++ b/arp.c @@ -39,7 +39,7 @@ #ifdef BSD int -arp_cache_lookup(in_addr_t ip, struct ether_addr *ether) +arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf) { int mib[6]; size_t len; @@ -91,7 +91,7 @@ #endif int -arp_cache_lookup(in_addr_t ip, struct ether_addr *ether) +arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* lif) { int sock; struct arpreq ar; @@ -99,7 +99,7 @@ memset((char *)&ar, 0, sizeof(ar)); #ifdef __linux__ - strncpy(ar.arp_dev, "eth0", sizeof(ar.arp_dev)); /* XXX - *sigh* */ + strncpy(ar.arp_dev, lif, strlen(lif)); #endif sin = (struct sockaddr_in *)&ar.arp_pa; sin->sin_family = AF_INET; --- a/arp.h +++ b/arp.h @@ -11,6 +11,6 @@ #ifndef _ARP_H_ #define _ARP_H_ -int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether); +int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf); #endif /* _ARP_H_ */ --- a/arpspoof.c +++ b/arpspoof.c @@ -113,7 +113,7 @@ int i = 0; do { - if (arp_cache_lookup(ip, mac) == 0) + if (arp_cache_lookup(ip, mac, intf) == 0) return (1); #ifdef __linux__ /* XXX - force the kernel to arp. feh. */ Author: Steve Kemp Description: Compile under AMD64. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=254002 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/configure +++ b/configure @@ -2667,15 +2667,62 @@ echo "$ac_t""no" 1>&6 fi +echo $ac_n "checking for __dn_expand in -lresolv""... $ac_c" 1>&6 +echo "configure:2672: checking for __dn_expand in -lresolv" >&5 +ac_lib_var=`echo resolv'_'__dn_expand | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lresolv $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo resolv | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + for ac_func in dirname strlcpy strlcat strsep do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2674: checking for $ac_func" >&5 +echo "configure:2721: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2728,12 +2775,12 @@ for ac_func in MD5Update do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2732: checking for $ac_func" >&5 +echo "configure:2779: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2788,12 +2835,12 @@ for ac_func in warnx do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2792: checking for $ac_func" >&5 +echo "configure:2839: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2848,12 +2895,12 @@ for ac_func in ether_ntoa do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2852: checking for $ac_func" >&5 +echo "configure:2899: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2927: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2912,7 +2959,7 @@ fi echo $ac_n "checking for Berkeley DB with 1.85 compatibility""... $ac_c" 1>&6 -echo "configure:2916: checking for Berkeley DB with 1.85 compatibility" >&5 +echo "configure:2963: checking for Berkeley DB with 1.85 compatibility" >&5 # Check whether --with-db or --without-db was given. if test "${with_db+set}" = set; then withval="$with_db" @@ -3015,7 +3062,7 @@ echo $ac_n "checking for libpcap""... $ac_c" 1>&6 -echo "configure:3019: checking for libpcap" >&5 +echo "configure:3066: checking for libpcap" >&5 # Check whether --with-libpcap or --without-libpcap was given. if test "${with_libpcap+set}" = set; then withval="$with_libpcap" @@ -3063,7 +3110,7 @@ echo $ac_n "checking for libnet""... $ac_c" 1>&6 -echo "configure:3067: checking for libnet" >&5 +echo "configure:3114: checking for libnet" >&5 # Check whether --with-libnet or --without-libnet was given. if test "${with_libnet+set}" = set; then withval="$with_libnet" @@ -3110,7 +3157,7 @@ echo $ac_n "checking for libnids""... $ac_c" 1>&6 -echo "configure:3114: checking for libnids" >&5 +echo "configure:3161: checking for libnids" >&5 # Check whether --with-libnids or --without-libnids was given. if test "${with_libnids+set}" = set; then withval="$with_libnids" @@ -3152,9 +3199,9 @@ save_cppflags="$CPPFLAGS" CPPFLAGS="$NIDSINC" echo $ac_n "checking whether libnids version is good""... $ac_c" 1>&6 -echo "configure:3156: checking whether libnids version is good" >&5 +echo "configure:3203: checking whether libnids version is good" >&5 cat > conftest.$ac_ext < EOF @@ -3173,7 +3220,7 @@ echo $ac_n "checking for OpenSSL""... $ac_c" 1>&6 -echo "configure:3177: checking for OpenSSL" >&5 +echo "configure:3224: checking for OpenSSL" >&5 # Check whether --with-openssl or --without-openssl was given. if test "${with_openssl+set}" = set; then withval="$with_openssl" --- a/configure.in +++ b/configure.in @@ -57,6 +57,7 @@ AC_CHECK_LIB(nsl, gethostbyname) dnl XXX - feh, everything except OpenBSD sux. AC_CHECK_LIB(resolv, dn_expand) +AC_CHECK_LIB(resolv, __dn_expand) AC_REPLACE_FUNCS(dirname strlcpy strlcat strsep) needmd5=no AC_CHECK_FUNCS(MD5Update, , [needmd5=yes]) Author: Steve Kemp Description: urlsnarf: zero-pad date. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298605 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/urlsnarf.c +++ b/urlsnarf.c @@ -68,7 +68,7 @@ t->tm_hour - gmt.tm_hour); tz = hours * 60 + t->tm_min - gmt.tm_min; - len = strftime(tstr, sizeof(tstr), "%e/%b/%Y:%X", t); + len = strftime(tstr, sizeof(tstr), "%d/%b/%Y:%X", t); if (len < 0 || len > sizeof(tstr) - 5) return (NULL); Author: Faidon Liambotis Description: Use libnet v1.1 instead of v1.0 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/arpspoof.c +++ b/arpspoof.c @@ -27,7 +27,7 @@ extern char *ether_ntoa(struct ether_addr *); -static struct libnet_link_int *llif; +static libnet_t *l; static struct ether_addr spoof_mac, target_mac; static in_addr_t spoof_ip, target_ip; static char *intf; @@ -41,47 +41,49 @@ } static int -arp_send(struct libnet_link_int *llif, char *dev, - int op, u_char *sha, in_addr_t spa, u_char *tha, in_addr_t tpa) +arp_send(libnet_t *l, int op, u_int8_t *sha, + in_addr_t spa, u_int8_t *tha, in_addr_t tpa) { - char ebuf[128]; - u_char pkt[60]; - + int retval; + if (sha == NULL && - (sha = (u_char *)libnet_get_hwaddr(llif, dev, ebuf)) == NULL) { + (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) { return (-1); } if (spa == 0) { - if ((spa = libnet_get_ipaddr(llif, dev, ebuf)) == 0) + if ((spa = libnet_get_ipaddr4(l)) == -1) return (-1); - spa = htonl(spa); /* XXX */ } if (tha == NULL) tha = "\xff\xff\xff\xff\xff\xff"; - libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, pkt); + libnet_autobuild_arp(op, sha, (u_int8_t *)&spa, + tha, (u_int8_t *)&tpa, l); + libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0); - libnet_build_arp(ARPHRD_ETHER, ETHERTYPE_IP, ETHER_ADDR_LEN, 4, - op, sha, (u_char *)&spa, tha, (u_char *)&tpa, - NULL, 0, pkt + ETH_H); - fprintf(stderr, "%s ", ether_ntoa((struct ether_addr *)sha)); if (op == ARPOP_REQUEST) { fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n", ether_ntoa((struct ether_addr *)tha), - libnet_host_lookup(tpa, 0), - libnet_host_lookup(spa, 0)); + libnet_addr2name4(tpa, LIBNET_DONT_RESOLVE), + libnet_addr2name4(spa, LIBNET_DONT_RESOLVE)); } else { fprintf(stderr, "%s 0806 42: arp reply %s is-at ", ether_ntoa((struct ether_addr *)tha), - libnet_host_lookup(spa, 0)); + libnet_addr2name4(spa, LIBNET_DONT_RESOLVE)); fprintf(stderr, "%s\n", ether_ntoa((struct ether_addr *)sha)); } - return (libnet_write_link_layer(llif, dev, pkt, sizeof(pkt)) == sizeof(pkt)); + retval = libnet_write(l); + if (retval) + fprintf(stderr, "%s", libnet_geterror(l)); + + libnet_clear_packet(l); + + return retval; } #ifdef __linux__ @@ -119,7 +121,7 @@ /* XXX - force the kernel to arp. feh. */ arp_force(ip); #else - arp_send(llif, intf, ARPOP_REQUEST, NULL, 0, NULL, ip); + arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip); #endif sleep(1); } @@ -136,9 +138,9 @@ if (arp_find(spoof_ip, &spoof_mac)) { for (i = 0; i < 3; i++) { /* XXX - on BSD, requires ETHERSPOOF kernel. */ - arp_send(llif, intf, ARPOP_REPLY, - (u_char *)&spoof_mac, spoof_ip, - (target_ip ? (u_char *)&target_mac : NULL), + arp_send(l, ARPOP_REPLY, + (u_int8_t *)&spoof_mac, spoof_ip, + (target_ip ? (u_int8_t *)&target_mac : NULL), target_ip); sleep(1); } @@ -151,7 +153,8 @@ { extern char *optarg; extern int optind; - char ebuf[PCAP_ERRBUF_SIZE]; + char pcap_ebuf[PCAP_ERRBUF_SIZE]; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; int c; intf = NULL; @@ -163,7 +166,7 @@ intf = optarg; break; case 't': - if ((target_ip = libnet_name_resolve(optarg, 1)) == -1) + if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) usage(); break; default: @@ -176,26 +179,26 @@ if (argc != 1) usage(); - if ((spoof_ip = libnet_name_resolve(argv[0], 1)) == -1) + if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); - if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL) - errx(1, "%s", ebuf); + if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL) + errx(1, "%s", pcap_ebuf); - if ((llif = libnet_open_link_interface(intf, ebuf)) == 0) - errx(1, "%s", ebuf); + if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL) + errx(1, "%s", libnet_ebuf); if (target_ip != 0 && !arp_find(target_ip, &target_mac)) errx(1, "couldn't arp for host %s", - libnet_host_lookup(target_ip, 0)); + libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE)); signal(SIGHUP, cleanup); signal(SIGINT, cleanup); signal(SIGTERM, cleanup); for (;;) { - arp_send(llif, intf, ARPOP_REPLY, NULL, spoof_ip, - (target_ip ? (u_char *)&target_mac : NULL), + arp_send(l, ARPOP_REPLY, NULL, spoof_ip, + (target_ip ? (u_int8_t *)&target_mac : NULL), target_ip); sleep(2); } --- a/dnsspoof.c +++ b/dnsspoof.c @@ -38,7 +38,7 @@ pcap_t *pcap_pd = NULL; int pcap_off = -1; -int lnet_sock = -1; +libnet_t *l; u_long lnet_ip = -1; static void @@ -90,19 +90,18 @@ dns_init(char *dev, char *filename) { FILE *f; - struct libnet_link_int *llif; + libnet_t *l; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; struct dnsent *de; char *ip, *name, buf[1024]; - if ((llif = libnet_open_link_interface(dev, buf)) == NULL) - errx(1, "%s", buf); + if ((l = libnet_init(LIBNET_LINK, dev, libnet_ebuf)) == NULL) + errx(1, "%s", libnet_ebuf); - if ((lnet_ip = libnet_get_ipaddr(llif, dev, buf)) == -1) - errx(1, "%s", buf); + if ((lnet_ip = libnet_get_ipaddr4(l)) == -1) + errx(1, "%s", libnet_geterror(l)); - lnet_ip = htonl(lnet_ip); - - libnet_close_link_interface(llif); + libnet_destroy(l); SLIST_INIT(&dns_entries); @@ -180,7 +179,7 @@ static void dns_spoof(u_char *u, const struct pcap_pkthdr *pkthdr, const u_char *pkt) { - struct libnet_ip_hdr *ip; + struct libnet_ipv4_hdr *ip; struct libnet_udp_hdr *udp; HEADER *dns; char name[MAXHOSTNAMELEN]; @@ -189,7 +188,7 @@ in_addr_t dst; u_short type, class; - ip = (struct libnet_ip_hdr *)(pkt + pcap_off); + ip = (struct libnet_ipv4_hdr *)(pkt + pcap_off); udp = (struct libnet_udp_hdr *)(pkt + pcap_off + (ip->ip_hl * 4)); dns = (HEADER *)(udp + 1); p = (u_char *)(dns + 1); @@ -212,7 +211,7 @@ if (class != C_IN) return; - p = buf + IP_H + UDP_H + dnslen; + p = buf + dnslen; if (type == T_A) { if ((dst = dns_lookup_a(name)) == -1) @@ -234,38 +233,38 @@ anslen += 12; } else return; - - libnet_build_ip(UDP_H + dnslen + anslen, 0, libnet_get_prand(PRu16), - 0, 64, IPPROTO_UDP, ip->ip_dst.s_addr, - ip->ip_src.s_addr, NULL, 0, buf); - - libnet_build_udp(ntohs(udp->uh_dport), ntohs(udp->uh_sport), - NULL, dnslen + anslen, buf + IP_H); - memcpy(buf + IP_H + UDP_H, (u_char *)dns, dnslen); + memcpy(buf, (u_char *)dns, dnslen); - dns = (HEADER *)(buf + IP_H + UDP_H); + dns = (HEADER *)buf; dns->qr = dns->ra = 1; if (type == T_PTR) dns->aa = 1; dns->ancount = htons(1); dnslen += anslen; + + libnet_clear_packet(l); + libnet_build_udp(ntohs(udp->uh_dport), ntohs(udp->uh_sport), + LIBNET_UDP_H + dnslen, 0, + (u_int8_t *)buf, dnslen, l, 0); + + libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_UDP_H + dnslen, 0, + libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_UDP, 0, + ip->ip_dst.s_addr, ip->ip_src.s_addr, NULL, 0, l, 0); - libnet_do_checksum(buf, IPPROTO_UDP, UDP_H + dnslen); - - if (libnet_write_ip(lnet_sock, buf, IP_H + UDP_H + dnslen) < 0) + if (libnet_write(l) < 0) warn("write"); fprintf(stderr, "%s.%d > %s.%d: %d+ %s? %s\n", - libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(udp->uh_sport), - libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(udp->uh_dport), + libnet_addr2name4(ip->ip_src.s_addr, 0), ntohs(udp->uh_sport), + libnet_addr2name4(ip->ip_dst.s_addr, 0), ntohs(udp->uh_dport), ntohs(dns->id), type == T_A ? "A" : "PTR", name); } static void cleanup(int sig) { - libnet_close_raw_sock(lnet_sock); + libnet_destroy(l); pcap_close(pcap_pd); exit(0); } @@ -276,6 +275,7 @@ extern char *optarg; extern int optind; char *p, *dev, *hosts, buf[1024]; + char ebuf[LIBNET_ERRBUF_SIZE]; int i; dev = hosts = NULL; @@ -306,7 +306,7 @@ strlcpy(buf, p, sizeof(buf)); } else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s", - libnet_host_lookup(lnet_ip, 0)); + libnet_addr2name4(lnet_ip, LIBNET_DONT_RESOLVE)); if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL) errx(1, "couldn't initialize sniffing"); @@ -314,10 +314,10 @@ if ((pcap_off = pcap_dloff(pcap_pd)) < 0) errx(1, "couldn't determine link layer offset"); - if ((lnet_sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1) + if ((l = libnet_init(LIBNET_RAW4, dev, ebuf)) == NULL) errx(1, "couldn't initialize sending"); - libnet_seed_prand(); + libnet_seed_prand(l); signal(SIGHUP, cleanup); signal(SIGINT, cleanup); --- a/filesnarf.c +++ b/filesnarf.c @@ -134,8 +134,8 @@ int fd; warnx("%s.%d > %s.%d: %s (%d@%d)", - libnet_host_lookup(addr->daddr, 0), addr->dest, - libnet_host_lookup(addr->saddr, 0), addr->source, + libnet_addr2name4(addr->daddr, LIBNET_DONT_RESOLVE), addr->dest, + libnet_addr2name4(addr->saddr, LIBNET_DONT_RESOLVE), addr->source, ma->filename, len, ma->offset); if ((fd = open(ma->filename, O_WRONLY|O_CREAT, 0644)) >= 0) { @@ -353,7 +353,7 @@ } static void -decode_udp_nfs(struct libnet_ip_hdr *ip) +decode_udp_nfs(struct libnet_ipv4_hdr *ip) { static struct tuple4 addr; struct libnet_udp_hdr *udp; --- a/macof.c +++ b/macof.c @@ -48,8 +48,8 @@ static void gen_mac(u_char *mac) { - *((in_addr_t *)mac) = libnet_get_prand(PRu32); - *((u_short *)(mac + 4)) = libnet_get_prand(PRu16); + *((in_addr_t *)mac) = libnet_get_prand(LIBNET_PRu32); + *((u_short *)(mac + 4)) = libnet_get_prand(LIBNET_PRu16); } int @@ -59,22 +59,23 @@ extern int optind; int c, i; struct libnet_link_int *llif; - char ebuf[PCAP_ERRBUF_SIZE]; + char pcap_ebuf[PCAP_ERRBUF_SIZE]; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; u_char sha[ETHER_ADDR_LEN], tha[ETHER_ADDR_LEN]; in_addr_t src, dst; u_short sport, dport; u_int32_t seq; - u_char pkt[ETH_H + IP_H + TCP_H]; + libnet_t *l; while ((c = getopt(argc, argv, "vs:d:e:x:y:i:n:h?V")) != -1) { switch (c) { case 'v': break; case 's': - Src = libnet_name_resolve(optarg, 0); + Src = libnet_name2addr4(l, optarg, 0); break; case 'd': - Dst = libnet_name_resolve(optarg, 0); + Dst = libnet_name2addr4(l, optarg, 0); break; case 'e': Tha = (u_char *)ether_aton(optarg); @@ -101,13 +102,13 @@ if (argc != 0) usage(); - if (!Intf && (Intf = pcap_lookupdev(ebuf)) == NULL) - errx(1, "%s", ebuf); + if (!Intf && (Intf = pcap_lookupdev(pcap_ebuf)) == NULL) + errx(1, "%s", pcap_ebuf); - if ((llif = libnet_open_link_interface(Intf, ebuf)) == 0) - errx(1, "%s", ebuf); + if ((l = libnet_init(LIBNET_LINK, Intf, libnet_ebuf)) == NULL) + errx(1, "%s", libnet_ebuf); - libnet_seed_prand(); + libnet_seed_prand(l); for (i = 0; i != Repeat; i++) { @@ -117,39 +118,39 @@ else memcpy(tha, Tha, sizeof(tha)); if (Src != 0) src = Src; - else src = libnet_get_prand(PRu32); + else src = libnet_get_prand(LIBNET_PRu32); if (Dst != 0) dst = Dst; - else dst = libnet_get_prand(PRu32); + else dst = libnet_get_prand(LIBNET_PRu32); if (Sport != 0) sport = Sport; - else sport = libnet_get_prand(PRu16); + else sport = libnet_get_prand(LIBNET_PRu16); if (Dport != 0) dport = Dport; - else dport = libnet_get_prand(PRu16); + else dport = libnet_get_prand(LIBNET_PRu16); - seq = libnet_get_prand(PRu32); - - libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, pkt); - - libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 64, - IPPROTO_TCP, src, dst, NULL, 0, pkt + ETH_H); + seq = libnet_get_prand(LIBNET_PRu32); libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512, - 0, NULL, 0, pkt + ETH_H + IP_H); + 0, 0, LIBNET_TCP_H, NULL, 0, l, 0); - libnet_do_checksum(pkt + ETH_H, IPPROTO_IP, IP_H); - libnet_do_checksum(pkt + ETH_H, IPPROTO_TCP, TCP_H); + libnet_build_ipv4(LIBNET_TCP_H, 0, + libnet_get_prand(LIBNET_PRu16), 0, 64, + IPPROTO_TCP, 0, src, dst, NULL, 0, l, 0); - if (libnet_write_link_layer(llif, Intf, pkt, sizeof(pkt)) < 0) + libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, l, 0); + + if (libnet_write(l) < 0) errx(1, "write"); + libnet_clear_packet(l); + fprintf(stderr, "%s ", ether_ntoa((struct ether_addr *)sha)); fprintf(stderr, "%s %s.%d > %s.%d: S %u:%u(0) win 512\n", ether_ntoa((struct ether_addr *)tha), - libnet_host_lookup(Src, 0), sport, - libnet_host_lookup(Dst, 0), dport, seq, seq); + libnet_addr2name4(Src, 0), sport, + libnet_addr2name4(Dst, 0), dport, seq, seq); } exit(0); } --- a/record.c +++ b/record.c @@ -65,8 +65,8 @@ tm = localtime(&rec->time); strftime(tstr, sizeof(tstr), "%x %X", tm); - srcp = libnet_host_lookup(rec->src, Opt_dns); - dstp = libnet_host_lookup(rec->dst, Opt_dns); + srcp = libnet_addr2name4(rec->src, Opt_dns); + dstp = libnet_addr2name4(rec->dst, Opt_dns); if ((pr = getprotobynumber(rec->proto)) == NULL) protop = "unknown"; --- a/sshmitm.c +++ b/sshmitm.c @@ -389,7 +389,7 @@ if (argc < 1) usage(); - if ((ip = libnet_name_resolve(argv[0], 1)) == -1) + if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1) usage(); if (argc == 2 && (rport = atoi(argv[1])) == 0) --- a/tcpkill.c +++ b/tcpkill.c @@ -39,17 +39,18 @@ static void tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt) { - struct libnet_ip_hdr *ip; + struct libnet_ipv4_hdr *ip; struct libnet_tcp_hdr *tcp; - u_char ctext[64], buf[IP_H + TCP_H]; + u_char ctext[64]; u_int32_t seq, win; - int i, *sock, len; + int i, len; + libnet_t *l; - sock = (int *)user; + l = (libnet_t *)user; pkt += pcap_off; len = pcap->caplen - pcap_off; - ip = (struct libnet_ip_hdr *)pkt; + ip = (struct libnet_ipv4_hdr *)pkt; if (ip->ip_p != IPPROTO_TCP) return; @@ -57,34 +58,31 @@ if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST)) return; - libnet_build_ip(TCP_H, 0, 0, 0, 64, IPPROTO_TCP, - ip->ip_dst.s_addr, ip->ip_src.s_addr, - NULL, 0, buf); - - libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport), - 0, 0, TH_RST, 0, 0, NULL, 0, buf + IP_H); - seq = ntohl(tcp->th_ack); win = ntohs(tcp->th_win); snprintf(ctext, sizeof(ctext), "%s:%d > %s:%d:", - libnet_host_lookup(ip->ip_src.s_addr, 0), + libnet_addr2name4(ip->ip_src.s_addr, LIBNET_DONT_RESOLVE), ntohs(tcp->th_sport), - libnet_host_lookup(ip->ip_dst.s_addr, 0), + libnet_addr2name4(ip->ip_dst.s_addr, LIBNET_DONT_RESOLVE), ntohs(tcp->th_dport)); - ip = (struct libnet_ip_hdr *)buf; - tcp = (struct libnet_tcp_hdr *)(ip + 1); - for (i = 0; i < Opt_severity; i++) { - ip->ip_id = libnet_get_prand(PRu16); seq += (i * win); - tcp->th_seq = htonl(seq); - libnet_do_checksum(buf, IPPROTO_TCP, TCP_H); + libnet_clear_packet(l); + + libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport), + seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, + NULL, 0, l, 0); + + libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0, + libnet_get_prand(LIBNET_PRu16), 0, 64, + IPPROTO_TCP, 0, ip->ip_dst.s_addr, + ip->ip_src.s_addr, NULL, 0, l, 0); - if (libnet_write_ip(*sock, buf, sizeof(buf)) < 0) - warn("write_ip"); + if (libnet_write(l) < 0) + warn("write"); fprintf(stderr, "%s R %lu:%lu(0) win 0\n", ctext, seq, seq); } @@ -95,8 +93,10 @@ { extern char *optarg; extern int optind; - int c, sock; + int c; char *p, *intf, *filter, ebuf[PCAP_ERRBUF_SIZE]; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; + libnet_t *l; pcap_t *pd; intf = NULL; @@ -136,14 +136,14 @@ if ((pcap_off = pcap_dloff(pd)) < 0) errx(1, "couldn't determine link layer offset"); - if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1) + if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL) errx(1, "couldn't initialize sending"); - libnet_seed_prand(); + libnet_seed_prand(l); warnx("listening on %s [%s]", intf, filter); - pcap_loop(pd, -1, tcp_kill_cb, (u_char *)&sock); + pcap_loop(pd, -1, tcp_kill_cb, (u_char *)l); /* NOTREACHED */ --- a/tcpnice.c +++ b/tcpnice.c @@ -41,107 +41,106 @@ } static void -send_tcp_window_advertisement(int sock, struct libnet_ip_hdr *ip, +send_tcp_window_advertisement(libnet_t *l, struct libnet_ipv4_hdr *ip, struct libnet_tcp_hdr *tcp) { int len; ip->ip_hl = 5; - ip->ip_len = htons(IP_H + TCP_H); - ip->ip_id = libnet_get_prand(PRu16); - memcpy(buf, (u_char *)ip, IP_H); + ip->ip_len = htons(LIBNET_IPV4_H + LIBNET_TCP_H); + ip->ip_id = libnet_get_prand(LIBNET_PRu16); + memcpy(buf, (u_char *)ip, LIBNET_IPV4_H); tcp->th_off = 5; tcp->th_win = htons(MIN_WIN); - memcpy(buf + IP_H, (u_char *)tcp, TCP_H); + memcpy(buf + LIBNET_IPV4_H, (u_char *)tcp, LIBNET_TCP_H); - libnet_do_checksum(buf, IPPROTO_TCP, TCP_H); + libnet_do_checksum(l, buf, IPPROTO_TCP, LIBNET_TCP_H); - len = IP_H + TCP_H; + len = LIBNET_IPV4_H + LIBNET_TCP_H; - if (libnet_write_ip(sock, buf, len) != len) + if (libnet_write_raw_ipv4(l, buf, len) != len) warn("write"); fprintf(stderr, "%s:%d > %s:%d: . ack %lu win %d\n", - libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport), - libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport), + libnet_addr2name4(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport), + libnet_addr2name4(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport), ntohl(tcp->th_ack), 1); } static void -send_icmp_source_quench(int sock, struct libnet_ip_hdr *ip) +send_icmp_source_quench(libnet_t *l, struct libnet_ipv4_hdr *ip) { - struct libnet_icmp_hdr *icmp; + struct libnet_icmpv4_hdr *icmp; int len; len = (ip->ip_hl * 4) + 8; - libnet_build_ip(ICMP_ECHO_H + len, 0, libnet_get_prand(PRu16), - 0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr, - ip->ip_src.s_addr, NULL, 0, buf); - - icmp = (struct libnet_icmp_hdr *)(buf + IP_H); + icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H); icmp->icmp_type = ICMP_SOURCEQUENCH; icmp->icmp_code = 0; - memcpy((u_char *)icmp + ICMP_ECHO_H, (u_char *)ip, len); + memcpy((u_char *)icmp + LIBNET_ICMPV4_ECHO_H, (u_char *)ip, len); - libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_ECHO_H + len); + len += LIBNET_ICMPV4_ECHO_H; - len += (IP_H + ICMP_ECHO_H); + libnet_build_ipv4(LIBNET_IPV4_H + len, 0, + libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP, + 0, ip->ip_dst.s_addr, ip->ip_src.s_addr, + (u_int8_t *) icmp, len, l, 0); - if (libnet_write_ip(sock, buf, len) != len) + if (libnet_write(l) != len) warn("write"); fprintf(stderr, "%s > %s: icmp: source quench\n", - libnet_host_lookup(ip->ip_dst.s_addr, 0), - libnet_host_lookup(ip->ip_src.s_addr, 0)); + libnet_addr2name4(ip->ip_dst.s_addr, 0), + libnet_addr2name4(ip->ip_src.s_addr, 0)); } static void -send_icmp_frag_needed(int sock, struct libnet_ip_hdr *ip) +send_icmp_frag_needed(libnet_t *l, struct libnet_ipv4_hdr *ip) { - struct libnet_icmp_hdr *icmp; + struct libnet_icmpv4_hdr *icmp; int len; len = (ip->ip_hl * 4) + 8; - libnet_build_ip(ICMP_MASK_H + len, 4, libnet_get_prand(PRu16), - 0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr, - ip->ip_src.s_addr, NULL, 0, buf); - - icmp = (struct libnet_icmp_hdr *)(buf + IP_H); + icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H); icmp->icmp_type = ICMP_UNREACH; icmp->icmp_code = ICMP_UNREACH_NEEDFRAG; icmp->hun.frag.pad = 0; icmp->hun.frag.mtu = htons(MIN_MTU); - memcpy((u_char *)icmp + ICMP_MASK_H, (u_char *)ip, len); + memcpy((u_char *)icmp + LIBNET_ICMPV4_MASK_H, (u_char *)ip, len); - libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_MASK_H + len); - - len += (IP_H + ICMP_MASK_H); + len += LIBNET_ICMPV4_MASK_H; + + libnet_build_ipv4(LIBNET_IPV4_H + len, 4, + libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP, + 0, ip->ip_dst.s_addr, ip->ip_src.s_addr, + (u_int8_t *) icmp, len, l, 0); - if (libnet_write_ip(sock, buf, len) != len) + if (libnet_write(l) != len) warn("write"); fprintf(stderr, "%s > %s: icmp: ", - libnet_host_lookup(ip->ip_dst.s_addr, 0), - libnet_host_lookup(ip->ip_src.s_addr, 0)); + libnet_addr2name4(ip->ip_dst.s_addr, 0), + libnet_addr2name4(ip->ip_src.s_addr, 0)); fprintf(stderr, "%s unreachable - need to frag (mtu %d)\n", - libnet_host_lookup(ip->ip_src.s_addr, 0), MIN_MTU); + libnet_addr2name4(ip->ip_src.s_addr, 0), MIN_MTU); } static void tcp_nice_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt) { - struct libnet_ip_hdr *ip; + struct libnet_ipv4_hdr *ip; struct libnet_tcp_hdr *tcp; - int *sock, len; + int len; + libnet_t *l; - sock = (int *)user; + l = (libnet_t *)user; pkt += pcap_off; len = pcap->caplen - pcap_off; - ip = (struct libnet_ip_hdr *)pkt; + ip = (struct libnet_ipv4_hdr *)pkt; if (ip->ip_p != IPPROTO_TCP) return; @@ -151,11 +150,11 @@ if (ntohs(ip->ip_len) > (ip->ip_hl << 2) + (tcp->th_off << 2)) { if (Opt_icmp) - send_icmp_source_quench(*sock, ip); + send_icmp_source_quench(l, ip); if (Opt_win) - send_tcp_window_advertisement(*sock, ip, tcp); + send_tcp_window_advertisement(l, ip, tcp); if (Opt_pmtu) - send_icmp_frag_needed(*sock, ip); + send_icmp_frag_needed(l, ip); } } @@ -164,8 +163,10 @@ { extern char *optarg; extern int optind; - int c, sock; + int c; char *intf, *filter, ebuf[PCAP_ERRBUF_SIZE]; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; + libnet_t *l; pcap_t *pd; intf = NULL; @@ -209,14 +210,14 @@ if ((pcap_off = pcap_dloff(pd)) < 0) errx(1, "couldn't determine link layer offset"); - if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1) + if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL) errx(1, "couldn't initialize sending"); - libnet_seed_prand(); + libnet_seed_prand(l); warnx("listening on %s [%s]", intf, filter); - pcap_loop(pd, -1, tcp_nice_cb, (u_char *)&sock); + pcap_loop(pd, -1, tcp_nice_cb, (u_char *)l); /* NOTREACHED */ --- a/tcp_raw.c +++ b/tcp_raw.c @@ -119,7 +119,7 @@ } struct iovec * -tcp_raw_input(struct libnet_ip_hdr *ip, struct libnet_tcp_hdr *tcp, int len) +tcp_raw_input(struct libnet_ipv4_hdr *ip, struct libnet_tcp_hdr *tcp, int len) { struct tha tha; struct tcp_conn *conn; @@ -131,7 +131,7 @@ /* Verify TCP checksum. */ cksum = tcp->th_sum; - libnet_do_checksum((u_char *) ip, IPPROTO_TCP, len); + libnet_do_checksum(NULL, (u_char *) ip, IPPROTO_TCP, len); if (cksum != tcp->th_sum) return (NULL); --- a/tcp_raw.h +++ b/tcp_raw.h @@ -15,7 +15,7 @@ u_short sport, u_short dport, u_char *buf, int len); -struct iovec *tcp_raw_input(struct libnet_ip_hdr *ip, +struct iovec *tcp_raw_input(struct libnet_ipv4_hdr *ip, struct libnet_tcp_hdr *tcp, int len); void tcp_raw_timeout(int timeout, tcp_raw_callback_t callback); --- a/trigger.c +++ b/trigger.c @@ -276,7 +276,7 @@ } void -trigger_ip(struct libnet_ip_hdr *ip) +trigger_ip(struct libnet_ipv4_hdr *ip) { struct trigger *t, tr; u_char *buf; @@ -305,7 +305,7 @@ /* libnids needs a nids_register_udp()... */ void -trigger_udp(struct libnet_ip_hdr *ip) +trigger_udp(struct libnet_ipv4_hdr *ip) { struct trigger *t, tr; struct libnet_udp_hdr *udp; @@ -437,7 +437,7 @@ } void -trigger_tcp_raw(struct libnet_ip_hdr *ip) +trigger_tcp_raw(struct libnet_ipv4_hdr *ip) { struct trigger *t, tr; struct libnet_tcp_hdr *tcp; --- a/trigger.h +++ b/trigger.h @@ -24,10 +24,10 @@ int trigger_set_tcp(int port, char *name); int trigger_set_rpc(int program, char *name); -void trigger_ip(struct libnet_ip_hdr *ip); -void trigger_udp(struct libnet_ip_hdr *ip); +void trigger_ip(struct libnet_ipv4_hdr *ip); +void trigger_udp(struct libnet_ipv4_hdr *ip); void trigger_tcp(struct tcp_stream *ts, void **conn_save); -void trigger_tcp_raw(struct libnet_ip_hdr *ip); +void trigger_tcp_raw(struct libnet_ipv4_hdr *ip); void trigger_tcp_raw_timeout(int signal); void trigger_rpc(int program, int proto, int port); --- a/urlsnarf.c +++ b/urlsnarf.c @@ -145,14 +145,14 @@ if (user == NULL) user = "-"; if (vhost == NULL) - vhost = libnet_host_lookup(addr->daddr, Opt_dns); + vhost = libnet_addr2name4(addr->daddr, Opt_dns); if (referer == NULL) referer = "-"; if (agent == NULL) agent = "-"; printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n", - libnet_host_lookup(addr->saddr, Opt_dns), + libnet_addr2name4(addr->saddr, Opt_dns), user, timestamp(), req, vhost, uri, referer, agent); } fflush(stdout); --- a/webmitm.c +++ b/webmitm.c @@ -242,7 +242,7 @@ word = buf_tok(&msg, "/", 1); vhost = buf_strdup(word); } - ssin.sin_addr.s_addr = libnet_name_resolve(vhost, 1); + ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1); free(vhost); if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) || @@ -510,7 +510,7 @@ argv += optind; if (argc == 1) { - if ((static_host = libnet_name_resolve(argv[0], 1)) == -1) + if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1) usage(); } else if (argc != 0) usage(); --- a/webspy.c +++ b/webspy.c @@ -126,7 +126,7 @@ if (auth == NULL) auth = ""; if (vhost == NULL) - vhost = libnet_host_lookup(addr->daddr, 0); + vhost = libnet_addr2name4(addr->daddr, 0); snprintf(cmd, sizeof(cmd), "openURL(http://%s%s%s%s)", auth, *auth ? "@" : "", vhost, uri); @@ -205,7 +205,7 @@ cmdtab[0] = cmd; cmdtab[1] = NULL; - if ((host = libnet_name_resolve(argv[0], 1)) == -1) + if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1) errx(1, "unknown host"); if ((dpy = XOpenDisplay(NULL)) == NULL) Author: Description: Fix FTBFS with openssl. --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/ssh.c +++ b/ssh.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include Author: Description: Fix FTBFS: ./sshow.c:226: error: 'CLK_TCK' undeclared. --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/sshow.c +++ b/sshow.c @@ -217,6 +217,7 @@ { clock_t delay; int payload; + long CLK_TCK= sysconf(_SC_CLK_TCK); delay = add_history(session, 0, cipher_size, plain_range); @@ -265,6 +266,7 @@ clock_t delay; int skip; range string_range; + long CLK_TCK= sysconf(_SC_CLK_TCK); delay = add_history(session, 1, cipher_size, plain_range); Author: Hilko Bengen Description: Escape user, vhost, uri, referer, agent strings in log. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372536 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/urlsnarf.c +++ b/urlsnarf.c @@ -84,6 +84,43 @@ return (tstr); } +static char * +escape_log_entry(char *string) +{ + char *out; + unsigned char *c, *o; + size_t len; + + if (!string) + return NULL; + + /* Determine needed length */ + for (c = string, len = 0; *c; c++) { + if ((*c < 32) || (*c >= 128)) + len += 4; + else if ((*c == '"') || (*c =='\\')) + len += 2; + else + len++; + } + out = malloc(len+1); + if (!out) + return NULL; + for (c = string, o = out; *c; c++, o++) { + if ((*c < 32) || (*c >= 128)) { + snprintf(o, 5, "\\x%02x", *c); + o += 3; + } else if ((*c == '"') || ((*c =='\\'))) { + *(o++) = '\\'; + *o = *c; + } else { + *o = *c; + } + } + out[len]='\0'; + return out; +} + static int process_http_request(struct tuple4 *addr, u_char *data, int len) { @@ -142,18 +179,26 @@ buf_tok(NULL, NULL, i); } } - if (user == NULL) - user = "-"; - if (vhost == NULL) - vhost = libnet_addr2name4(addr->daddr, Opt_dns); - if (referer == NULL) - referer = "-"; - if (agent == NULL) - agent = "-"; - + user = escape_log_entry(user); + vhost = escape_log_entry(vhost); + uri = escape_log_entry(uri); + referer = escape_log_entry(referer); + agent = escape_log_entry(agent); + printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n", libnet_addr2name4(addr->saddr, Opt_dns), - user, timestamp(), req, vhost, uri, referer, agent); + (user?user:"-"), + timestamp(), req, + (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)), + uri, + (referer?referer:"-"), + (agent?agent:"-")); + + free(user); + free(vhost); + free(uri); + free(referer); + free(agent); } fflush(stdout); Author: Luciano Bello Description: Avoid the "implicit declaration of function 'str*'" warning --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/arp.c +++ b/arp.c @@ -34,6 +34,7 @@ #include #include #include +#include #include "arp.h" --- a/buf.c +++ b/buf.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "buf.h" --- a/decode_nntp.c +++ b/decode_nntp.c @@ -15,6 +15,7 @@ #include #include +#include #include "base64.h" #include "decode.h" --- a/decode_pop.c +++ b/decode_pop.c @@ -14,6 +14,7 @@ #include #include +#include #include "base64.h" #include "options.h" --- a/decode_rlogin.c +++ b/decode_rlogin.c @@ -14,6 +14,8 @@ #include #include +#include +#include #include "options.h" #include "decode.h" --- a/decode_smb.c +++ b/decode_smb.c @@ -15,6 +15,7 @@ #include #include +#include #include "decode.h" --- a/decode_smtp.c +++ b/decode_smtp.c @@ -14,6 +14,7 @@ #include #include +#include #include "base64.h" #include "options.h" --- a/decode_sniffer.c +++ b/decode_sniffer.c @@ -15,6 +15,8 @@ #include #include +#include +#include #include "base64.h" #include "decode.h" --- a/decode_socks.c +++ b/decode_socks.c @@ -14,6 +14,7 @@ #include #include +#include #include "decode.h" --- a/decode_tds.c +++ b/decode_tds.c @@ -18,6 +18,7 @@ #include #include +#include #include "decode.h" --- a/decode_telnet.c +++ b/decode_telnet.c @@ -14,6 +14,7 @@ #include #include +#include #include "options.h" #include "decode.h" --- a/decode_x11.c +++ b/decode_x11.c @@ -14,6 +14,8 @@ #include #include +#include +#include #include "decode.h" --- a/dnsspoof.c +++ b/dnsspoof.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include --- a/magic.c +++ b/magic.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include --- /dev/null +++ b/missing/strlcat.h @@ -0,0 +1 @@ +size_t strlcat(char *dst, const char *src, size_t siz); --- /dev/null +++ b/missing/strlcpy.h @@ -0,0 +1 @@ +size_t strlcpy(char *dst, const char *src, size_t siz); --- a/sshmitm.c +++ b/sshmitm.c @@ -24,6 +24,7 @@ #include #include #include +#include #include "buf.h" #include "record.h" Author: Luciano Bello Description: avoid the "implicit declaration of function 'ntohs'" warning --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/decode_aim.c +++ b/decode_aim.c @@ -14,6 +14,7 @@ #include #include +#include #include "hex.h" #include "buf.h" --- a/decode_mmxp.c +++ b/decode_mmxp.c @@ -21,6 +21,7 @@ #include #include +#include #include "buf.h" #include "decode.h" --- a/decode_pptp.c +++ b/decode_pptp.c @@ -16,6 +16,7 @@ #include #include +#include #include "buf.h" #include "decode.h" --- a/decode_tds.c +++ b/decode_tds.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "decode.h" --- a/decode_vrrp.c +++ b/decode_vrrp.c @@ -15,6 +15,7 @@ #include #include +#include #include "buf.h" #include "decode.h" --- a/ssh.c +++ b/ssh.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include "hex.h" Author: Luciano Bello Description: distinguish between pop versions --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/decode.c +++ b/decode.c @@ -63,7 +63,8 @@ { "http", decode_http }, { "ospf", decode_ospf }, { "poppass", decode_poppass }, - { "pop", decode_pop }, + { "pop2", decode_pop }, + { "pop3", decode_pop }, { "nntp", decode_nntp }, { "smb", decode_smb }, { "imap", decode_imap }, --- a/dsniff.services +++ b/dsniff.services @@ -10,8 +10,8 @@ ospf 89/ip http 98/tcp poppass 106/tcp -pop 109/tcp -pop 110/tcp +pop2 109/tcp +pop3 110/tcp portmap 111/tcp portmap -111/tcp portmap 111/udp Author: Luciano Bello Description: According to /usr/include/time.h, CLK_TCK is the "obsolete POSIX.1-1988 name" for CLOCKS_PER_SEC. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420944 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/sshow.c +++ b/sshow.c @@ -224,7 +224,7 @@ if (debug) printf("- %s -> %s: DATA (%s bytes, %.2f seconds)\n", s_saddr(ts), s_daddr(ts), s_range(plain_range), - (float)delay / CLK_TCK); + (float)delay / CLOCKS_PER_SEC); if (debug > 1) print_data(&ts->server, cipher_size); @@ -273,7 +273,7 @@ if (debug) printf("- %s <- %s: DATA (%s bytes, %.2f seconds)\n", s_saddr(ts), s_daddr(ts), s_range(plain_range), - (float)delay / CLK_TCK); + (float)delay / CLOCKS_PER_SEC); if (debug > 1) print_data(&ts->client, cipher_size); @@ -302,7 +302,7 @@ if (session->state == 1 && #ifdef USE_TIMING - now - get_history(session, 2)->timestamp >= CLK_TCK && + now - get_history(session, 2)->timestamp >= CLOCKS_PER_SEC && #endif session->protocol == 1 && (session->history.directions & 7) == 5 && Author: Gleb Paharenko Description: Workaround to this Debian bug Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420129 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/dsniff.c +++ b/dsniff.c @@ -70,6 +70,80 @@ { } + +static int get_all_ifaces(struct ifreq **, int *); +static unsigned int get_addr_from_ifreq(struct ifreq *); + +int all_local_ipaddrs_chksum_disable() +{ + struct ifreq *ifaces; + int ifaces_count; + int i, ind = 0; + struct nids_chksum_ctl *ctlp; + unsigned int tmp; + + if (!get_all_ifaces(&ifaces, &ifaces_count)) + return -1; + ctlp = + (struct nids_chksum_ctl *) malloc(ifaces_count * + sizeof(struct + nids_chksum_ctl)); + if (!ctlp) + return -1; + for (i = 0; i < ifaces_count; i++) { + tmp = get_addr_from_ifreq(ifaces + i); + if (tmp) { + ctlp[ind].netaddr = tmp; + ctlp[ind].mask = inet_addr("255.255.255.255"); + ctlp[ind].action = NIDS_DONT_CHKSUM; + ind++; + } + } + free(ifaces); + nids_register_chksum_ctl(ctlp, ind); +} + +/* helper functions for Example 2 */ +unsigned int get_addr_from_ifreq(struct ifreq *iface) +{ + if (iface->ifr_addr.sa_family == AF_INET) + return ((struct sockaddr_in *) &(iface->ifr_addr))-> + sin_addr.s_addr; + return 0; +} + +static int get_all_ifaces(struct ifreq **ifaces, int *count) +{ + int ifaces_size = 8 * sizeof(struct ifreq); + struct ifconf param; + int sock; + unsigned int i; + + *ifaces = malloc(ifaces_size); + sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP); + if (sock <= 0) + return 0; + for (;;) { + param.ifc_len = ifaces_size; + param.ifc_req = *ifaces; + if (ioctl(sock, SIOCGIFCONF, ¶m)) + goto err; + if (param.ifc_len < ifaces_size) + break; + free(*ifaces); + ifaces_size *= 2; + ifaces = malloc(ifaces_size); + } + *count = param.ifc_len / sizeof(struct ifreq); + close(sock); + return 1; + err: + close(sock); + return 0; +} + + + int main(int argc, char *argv[]) { @@ -189,6 +263,8 @@ warnx("using %s", nids_params.filename); } } + + all_local_ipaddrs_chksum_disable(); nids_run(); Author: Luciano Bello Description: Fix for DOS y TDS decoder. Patch provided by Hilko Bengen. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609988 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/decode_tds.c +++ b/decode_tds.c @@ -144,6 +144,11 @@ len > sizeof(*th) && len >= ntohs(th->size); buf += ntohs(th->size), len -= ntohs(th->size)) { + if (th->size != 8) { + /* wrong header length */ + break; + } + if (th->type == 2) { /* Version 4.x, 5.0 */ if (len < sizeof(*th) + sizeof(*tl)) Author: Piotr Engelking Description: Disable the filtering packets with incorrect checksum. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372536 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/urlsnarf.c +++ b/urlsnarf.c @@ -245,6 +245,7 @@ extern char *optarg; extern int optind; int c; + struct nids_chksum_ctl chksum_ctl; while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) { switch (c) { @@ -305,6 +306,12 @@ } } + chksum_ctl.netaddr = 0; + chksum_ctl.mask = 0; + chksum_ctl.action = NIDS_DONT_CHKSUM; + + nids_register_chksum_ctl(&chksum_ctl, 1); + nids_run(); /* NOTREACHED */ Author: Steve Kemp Description: Missing openssl includes in sshcrypto.c. This patch was through diff.gz and now is implemented as a dpatch. --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/sshcrypto.c +++ b/sshcrypto.c @@ -14,6 +14,8 @@ #include #include +#include +#include #include #include >From b05e27ba9b0ba9ef00ad2183933652e08d8c89af Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Sat, 29 Oct 2011 20:48:55 +0200 Subject: [PATCH] rewrite and modernize POP decoder Signed-off-by: Stefan Tomanek --- decode_pop.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++----------- 1 files changed, 77 insertions(+), 19 deletions(-) --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/decode_pop.c +++ b/decode_pop.c @@ -6,6 +6,8 @@ * Copyright (c) 2000 Dug Song * * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $ + * + * Rewritten by Stefan Tomanek 2011 */ #include "config.h" @@ -45,32 +47,88 @@ decode_pop(u_char *buf, int len, u_char *obuf, int olen) { char *p; + char *s; + int n; int i, j; + char *user; + char *password; + enum { + NONE, + AUTHPLAIN, + AUTHLOGIN, + USERPASS + } mode = NONE; + obuf[0] = '\0'; for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) { - if (strncasecmp(p, "AUTH PLAIN", 10) == 0 || - strncasecmp(p, "AUTH LOGIN", 10) == 0) { - strlcat(obuf, p, olen); - strlcat(obuf, "\n", olen); - - /* Decode SASL auth. */ - for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) { - strlcat(obuf, p, olen); - j = base64_pton(p, p, strlen(p)); - p[j] = '\0'; - strlcat(obuf, " [", olen); - strlcat(obuf, p, olen); - strlcat(obuf, "]\n", olen); + if (mode == NONE) { + user = NULL; + password = NULL; + if (strncasecmp(p, "AUTH PLAIN", 10) == 0) { + mode = AUTHPLAIN; + continue; + } + if (strncasecmp(p, "AUTH LOGIN", 10) == 0) { + mode = AUTHLOGIN; + continue; + } + if (strncasecmp(p, "USER ", 5) == 0) { + mode = USERPASS; + /* the traditional login cuts right to the case, + * so no continue here + */ } } - /* Save regular POP2, POP3 auth info. */ - else if (strncasecmp(p, "USER ", 5) == 0 || - strncasecmp(p, "PASS ", 5) == 0 || - strncasecmp(p, "HELO ", 5) == 0) { - strlcat(obuf, p, olen); - strlcat(obuf, "\n", olen); + printf("(%d) %s\n", mode, p); + if (mode == USERPASS) { + if (strncasecmp(p, "USER ", 5) == 0) { + user = &p[5]; + } else if (strncasecmp(p, "PASS ", 5) == 0) { + password = &p[5]; + } + } + + if (mode == AUTHPLAIN) { + j = base64_pton(p, p, strlen(p)); + p[j] = '\0'; + n = 0; + s = p; + /* p consists of three parts, divided by \0 */ + while (s <= &p[j] && n<=3) { + if (n == 0) { + /* we do not process this portion yet */ + } else if (n == 1) { + user = s; + } else if (n == 2) { + password = s; + } + n++; + while (*s) s++; + s++; + } + } + + if (mode == AUTHLOGIN) { + j = base64_pton(p, p, strlen(p)); + p[j] = '\0'; + if (! user) { + user = p; + } else { + password = p; + /* got everything we need :-) */ + } + } + + if (user && password) { + strlcat(obuf, "\nusername [", olen); + strlcat(obuf, user, olen); + strlcat(obuf, "] password [", olen); + strlcat(obuf, password, olen); + strlcat(obuf, "]\n", olen); + + mode = NONE; } } return (strlen(obuf)); Author: Steve Kemp Description: Adapt to Debian directory structure. --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/Makefile.in +++ b/Makefile.in @@ -11,7 +11,7 @@ install_prefix = prefix = @prefix@ exec_prefix = @exec_prefix@ -libdir = @libdir@ +libdir = $(prefix)/share/dsniff sbindir = @sbindir@ mandir = @mandir@ @@ -37,8 +37,7 @@ X11INC = @X_CFLAGS@ X11LIB = @X_LIBS@ @X_PRE_LIBS@ -lXmu -lX11 @X_EXTRA_LIBS@ -INCS = -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \ - -I$(srcdir)/missing +INCS = -I. $(X11INC) -I$(srcdir)/missing LIBS = @LIBS@ -L$(srcdir) -lmissing INSTALL = @INSTALL@ --- a/dnsspoof.8 +++ b/dnsspoof.8 @@ -31,7 +31,7 @@ address queries on the LAN with an answer of the local machine's IP address. .SH FILES -.IP \fI/usr/local/lib/dnsspoof.hosts\fR +.IP \fI/usr/share/dsniff/dnsspoof.hosts\fR Sample hosts file. .SH "SEE ALSO" dsniff(8), hosts(5) --- a/dsniff.8 +++ b/dsniff.8 @@ -68,9 +68,9 @@ On a hangup signal \fBdsniff\fR will dump its current trigger table to \fIdsniff.services\fR. .SH FILES -.IP \fI/usr/local/lib/dsniff.services\fR +.IP \fI/usr/share/dsniff/dsniff.services\fR Default trigger table -.IP \fI/usr/local/lib/dsniff.magic\fR +.IP \fI/usr/share/dsniff/dsniff.magic\fR Network protocol magic .SH "SEE ALSO" arpspoof(8), libnids(3), services(5), magic(5) --- a/pathnames.h +++ b/pathnames.h @@ -12,7 +12,7 @@ #define PATHNAMES_H #ifndef DSNIFF_LIBDIR -#define DSNIFF_LIBDIR "/usr/local/lib/" +#define DSNIFF_LIBDIR "/usr/share/dsniff/" #endif #define DSNIFF_SERVICES "dsniff.services" Author: Description: Correctly 0 out the c struct. --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/msgsnarf.c +++ b/msgsnarf.c @@ -584,6 +584,7 @@ if (i == 0) { if ((c = malloc(sizeof(*c))) == NULL) nids_params.no_mem("sniff_msgs"); + memset(c, 0, sizeof(*c)); c->ip = ts->addr.saddr; c->nick = strdup("unknown"); SLIST_INSERT_HEAD(&client_list, c, next); Author: Joerg Dorchain Description: Add tcpkill support for handle ppp interfaces. --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/pcaputil.c +++ b/pcaputil.c @@ -52,6 +52,9 @@ case DLT_NULL: offset = 4; break; + case DLT_LINUX_SLL: /* e.g. ppp */ + offset = 16; + break; default: warnx("unsupported datalink type"); break; Author: Hilko Bengen Description: urlsnarf: use timestamps from pcap file if available. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573365 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/urlsnarf.c +++ b/urlsnarf.c @@ -36,6 +36,7 @@ u_short Opt_dns = 1; int Opt_invert = 0; regex_t *pregex = NULL; +time_t tt = 0; static void usage(void) @@ -57,9 +58,12 @@ { static char tstr[32], sign; struct tm *t, gmt; - time_t tt = time(NULL); int days, hours, tz, len; + if (!nids_params.filename) { + tt = time(NULL); + } + gmt = *gmtime(&tt); t = localtime(&tt); @@ -312,9 +316,48 @@ nids_register_chksum_ctl(&chksum_ctl, 1); - nids_run(); - - /* NOTREACHED */ + pcap_t *p; + char pcap_errbuf[PCAP_ERRBUF_SIZE]; + if (nids_params.filename == NULL) { + /* adapted from libnids.c:open_live() */ + if (strcmp(nids_params.device, "all") == 0) + nids_params.device = "any"; + p = pcap_open_live(nids_params.device, 16384, + (nids_params.promisc != 0), + 0, pcap_errbuf); + if (!p) { + fprintf(stderr, "pcap_open_live(): %s\n", + pcap_errbuf); + exit(1); + } + } + else { + p = pcap_open_offline(nids_params.filename, + pcap_errbuf); + if (!p) { + fprintf(stderr, "pcap_open_offline(%s): %s\n", + nids_params.filename, pcap_errbuf); + } + } + + struct pcap_pkthdr *h; + u_char *d; + int rc; + while ((rc = pcap_next_ex(p, &h, &d)) == 1) { + tt = h->ts.tv_sec; + nids_pcap_handler(NULL, h, d); + } + switch (rc) { + case(-2): /* end of pcap file */ + case(0): /* timeout on live capture */ + break; + case(-1): + default: + fprintf(stderr, "rc = %i\n", rc); + pcap_perror(p, "pcap_read_ex()"); + exit(1); + break; + } exit(0); } Description: Fix build with OpenSSL 1.1.0 Author: Christoph Biedl --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/ssh.c +++ b/ssh.c @@ -234,7 +234,10 @@ u_char *p, cipher, cookie[8], msg[1024]; u_int32_t num; int i; - + + const BIGNUM *servkey_e, *servkey_n; + const BIGNUM *hostkey_e, *hostkey_n; + /* Generate anti-spoofing cookie. */ RAND_bytes(cookie, sizeof(cookie)); @@ -243,11 +246,13 @@ *p++ = SSH_SMSG_PUBLIC_KEY; /* type */ memcpy(p, cookie, 8); p += 8; /* cookie */ num = 768; PUTLONG(num, p); /* servkey bits */ - put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */ - put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */ + RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL); + put_bn(servkey_e, &p); /* servkey exponent */ + put_bn(servkey_n, &p); /* servkey modulus */ num = 1024; PUTLONG(num, p); /* hostkey bits */ - put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */ - put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */ + RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL); + put_bn(hostkey_e, &p); /* hostkey exponent */ + put_bn(hostkey_n, &p); /* hostkey modulus */ num = 0; PUTLONG(num, p); /* protocol flags */ num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */ num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */ @@ -298,7 +303,7 @@ SKIP(p, i, 4); /* Decrypt session key. */ - if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) { + if (BN_cmp(servkey_n, hostkey_n) > 0) { rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey); rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey); } @@ -318,8 +323,8 @@ BN_clear_free(enckey); /* Derive real session key using session id. */ - if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, - ssh->ctx->servkey->n)) == NULL) { + if ((p = ssh_session_id(cookie, hostkey_n, + servkey_n)) == NULL) { warn("ssh_session_id"); return (-1); } @@ -328,10 +333,8 @@ } /* Set cipher. */ if (cipher == SSH_CIPHER_3DES) { - ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->encrypt = des3_encrypt; - ssh->decrypt = des3_decrypt; + warnx("cipher 3des no longer supported"); + return (-1); } else if (cipher == SSH_CIPHER_BLOWFISH) { ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey)); @@ -357,7 +360,10 @@ u_char *p, cipher, cookie[8], msg[1024]; u_int32_t num; int i; - + + BIGNUM *servkey_n, *servkey_e; + BIGNUM *hostkey_n, *hostkey_e; + /* Get public key. */ if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { warn("SSH_recv"); @@ -379,21 +385,23 @@ /* Get servkey. */ ssh->ctx->servkey = RSA_new(); - ssh->ctx->servkey->n = BN_new(); - ssh->ctx->servkey->e = BN_new(); + servkey_n = BN_new(); + servkey_e = BN_new(); + RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL); SKIP(p, i, 4); - get_bn(ssh->ctx->servkey->e, &p, &i); - get_bn(ssh->ctx->servkey->n, &p, &i); + get_bn(servkey_e, &p, &i); + get_bn(servkey_n, &p, &i); /* Get hostkey. */ ssh->ctx->hostkey = RSA_new(); - ssh->ctx->hostkey->n = BN_new(); - ssh->ctx->hostkey->e = BN_new(); + hostkey_n = BN_new(); + hostkey_e = BN_new(); + RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL); SKIP(p, i, 4); - get_bn(ssh->ctx->hostkey->e, &p, &i); - get_bn(ssh->ctx->hostkey->n, &p, &i); + get_bn(hostkey_e, &p, &i); + get_bn(hostkey_n, &p, &i); /* Get cipher, auth masks. */ SKIP(p, i, 4); @@ -405,8 +413,8 @@ RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey)); /* Obfuscate with session id. */ - if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, - ssh->ctx->servkey->n)) == NULL) { + if ((p = ssh_session_id(cookie, hostkey_n, + servkey_n)) == NULL) { warn("ssh_session_id"); return (-1); } @@ -422,7 +430,7 @@ else BN_add_word(bn, ssh->sesskey[i]); } /* Encrypt session key. */ - if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) { + if (BN_cmp(servkey_n, hostkey_n) < 0) { rsa_public_encrypt(bn, bn, ssh->ctx->servkey); rsa_public_encrypt(bn, bn, ssh->ctx->hostkey); } @@ -470,10 +478,8 @@ ssh->decrypt = blowfish_decrypt; } else if (cipher == SSH_CIPHER_3DES) { - ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->encrypt = des3_encrypt; - ssh->decrypt = des3_decrypt; + warnx("cipher 3des no longer supported"); + return (-1); } /* Get server response. */ if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { --- a/sshcrypto.c +++ b/sshcrypto.c @@ -28,10 +28,12 @@ u_char iv[8]; }; +#if 0 struct des3_state { des_key_schedule k1, k2, k3; des_cblock iv1, iv2, iv3; }; +#endif void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) @@ -39,10 +41,12 @@ u_char *inbuf, *outbuf; int len, ilen, olen; - if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) + const BIGNUM *n, *e; + RSA_get0_key(key, &n, &e, NULL); + if (BN_num_bits(e) < 2 || !BN_is_odd(e)) errx(1, "rsa_public_encrypt() exponent too small or not odd"); - olen = BN_num_bytes(key->n); + olen = BN_num_bytes(n); outbuf = malloc(olen); ilen = BN_num_bytes(in); @@ -71,7 +75,9 @@ u_char *inbuf, *outbuf; int len, ilen, olen; - olen = BN_num_bytes(key->n); + const BIGNUM *n; + RSA_get0_key(key, &n, NULL, NULL); + olen = BN_num_bytes(n); outbuf = malloc(olen); ilen = BN_num_bytes(in); @@ -146,6 +152,7 @@ swap_bytes(dst, dst, len); } +#if 0 /* XXX - SSH1's weirdo 3DES... */ void * des3_init(u_char *sesskey, int len) @@ -194,3 +201,4 @@ des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT); des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT); } +#endif Description: Fix minor spelling error in source code Author: Marcos Fouces --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/remote.c +++ b/remote.c @@ -652,7 +652,7 @@ if (remote_command_count > 0) { fprintf (stderr, - "%s: the `-id' option must preceed all `-remote' options.\n", + "%s: the `-id' option must precede all `-remote' options.\n", progname); usage (); exit (-1); >From 8fbf0ac15e5fe2df427e3e028f9aa8d96788986a Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Sun, 6 Nov 2011 22:44:54 +0100 Subject: [PATCH 1/3] arpspoof: add -r switch to poison both directions Signed-off-by: Stefan Tomanek --- arpspoof.8 | 5 ++++- arpspoof.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 51 insertions(+), 13 deletions(-) --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/arpspoof.8 +++ b/arpspoof.8 @@ -9,7 +9,7 @@ .na .nf .fi -\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] \fIhost\fR +\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR .SH DESCRIPTION .ad .fi @@ -26,6 +26,9 @@ .IP "\fB-t \fItarget\fR" Specify a particular host to ARP poison (if not specified, all hosts on the LAN). +.IP "\fB\-r\fR" +Poison both hosts (host and target) to capture traffic in both directions. +(only valid in conjuntion with \-t) .IP \fIhost\fR Specify the host you wish to intercept packets for (usually the local gateway). --- a/arpspoof.c +++ b/arpspoof.c @@ -7,6 +7,8 @@ * Copyright (c) 1999 Dug Song * * $Id: arpspoof.c,v 1.5 2001/03/15 08:32:58 dugsong Exp $ + * + * Improved 2011 by Stefan Tomanek */ #include "config.h" @@ -31,12 +33,13 @@ static struct ether_addr spoof_mac, target_mac; static in_addr_t spoof_ip, target_ip; static char *intf; +static int poison_reverse; static void usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: arpspoof [-i interface] [-t target] host\n"); + "Usage: arpspoof [-i interface] [-t target] [-r] host\n"); exit(1); } @@ -133,18 +136,30 @@ static void cleanup(int sig) { + int fw = arp_find(spoof_ip, &spoof_mac); + int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac); int i; - - if (arp_find(spoof_ip, &spoof_mac)) { - for (i = 0; i < 3; i++) { - /* XXX - on BSD, requires ETHERSPOOF kernel. */ + + fprintf(stderr, "Cleaning up and re-arping targets...\n"); + for (i = 0; i < 5; i++) { + /* XXX - on BSD, requires ETHERSPOOF kernel. */ + if (fw) { arp_send(l, ARPOP_REPLY, (u_int8_t *)&spoof_mac, spoof_ip, (target_ip ? (u_int8_t *)&target_mac : NULL), target_ip); + /* we have to wait a moment before sending the next packet */ + sleep(1); + } + if (bw) { + arp_send(l, ARPOP_REPLY, + (u_int8_t *)&target_mac, target_ip, + (u_int8_t *)&spoof_mac, + spoof_ip); sleep(1); } } + exit(0); } @@ -156,11 +171,12 @@ char pcap_ebuf[PCAP_ERRBUF_SIZE]; char libnet_ebuf[LIBNET_ERRBUF_SIZE]; int c; - + intf = NULL; spoof_ip = target_ip = 0; - - while ((c = getopt(argc, argv, "i:t:h?V")) != -1) { + poison_reverse = 0; + + while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) { switch (c) { case 'i': intf = optarg; @@ -169,6 +185,9 @@ if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) usage(); break; + case 'r': + poison_reverse = 1; + break; default: usage(); } @@ -178,7 +197,12 @@ if (argc != 1) usage(); - + + if (poison_reverse && !target_ip) { + errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t)."); + usage(); + } + if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); @@ -191,18 +215,29 @@ if (target_ip != 0 && !arp_find(target_ip, &target_mac)) errx(1, "couldn't arp for host %s", libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE)); - + + if (poison_reverse) { + if (!arp_find(spoof_ip, &spoof_mac)) { + errx(1, "couldn't arp for spoof host %s", + libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE)); + } + } + signal(SIGHUP, cleanup); signal(SIGINT, cleanup); signal(SIGTERM, cleanup); - + for (;;) { arp_send(l, ARPOP_REPLY, NULL, spoof_ip, (target_ip ? (u_int8_t *)&target_mac : NULL), target_ip); + if (poison_reverse) { + arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip); + } + sleep(2); } /* NOTREACHED */ - + exit(0); } Description: [PATCH 2/3] arpspoof: allow use of of multiple targets. Last hunk modified by João Salavisa in order to fix a bug with "-t" option of arpspoof. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706766 fo more information. Author: Stefan Tomanek --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/arpspoof.8 +++ b/arpspoof.8 @@ -25,7 +25,7 @@ Specify the interface to use. .IP "\fB-t \fItarget\fR" Specify a particular host to ARP poison (if not specified, all hosts -on the LAN). +on the LAN). Repeat to specify multiple hosts. .IP "\fB\-r\fR" Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with \-t) --- a/arpspoof.c +++ b/arpspoof.c @@ -29,9 +29,14 @@ extern char *ether_ntoa(struct ether_addr *); +struct host { + in_addr_t ip; + struct ether_addr mac; +}; + static libnet_t *l; -static struct ether_addr spoof_mac, target_mac; -static in_addr_t spoof_ip, target_ip; +static struct host spoof = {0}; +static struct host *targets; static char *intf; static int poison_reverse; @@ -133,30 +138,46 @@ return (0); } +static int arp_find_all() { + struct host *target = targets; + while(target->ip) { + if (arp_find(target->ip, &target->mac)) { + return 1; + } + target++; + } + + return 0; +} + static void cleanup(int sig) { - int fw = arp_find(spoof_ip, &spoof_mac); - int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac); + int fw = arp_find(spoof.ip, &spoof.mac); + int bw = poison_reverse && targets[0].ip && arp_find_all(); int i; fprintf(stderr, "Cleaning up and re-arping targets...\n"); for (i = 0; i < 5; i++) { - /* XXX - on BSD, requires ETHERSPOOF kernel. */ - if (fw) { - arp_send(l, ARPOP_REPLY, - (u_int8_t *)&spoof_mac, spoof_ip, - (target_ip ? (u_int8_t *)&target_mac : NULL), - target_ip); - /* we have to wait a moment before sending the next packet */ - sleep(1); - } - if (bw) { - arp_send(l, ARPOP_REPLY, - (u_int8_t *)&target_mac, target_ip, - (u_int8_t *)&spoof_mac, - spoof_ip); - sleep(1); + struct host *target = targets; + while(target->ip) { + /* XXX - on BSD, requires ETHERSPOOF kernel. */ + if (fw) { + arp_send(l, ARPOP_REPLY, + (u_int8_t *)&spoof.mac, spoof.ip, + (target->ip ? (u_int8_t *)&target->mac : NULL), + target->ip); + /* we have to wait a moment before sending the next packet */ + sleep(1); + } + if (bw) { + arp_send(l, ARPOP_REPLY, + (u_int8_t *)&target->mac, target->ip, + (u_int8_t *)&spoof.mac, + spoof.ip); + sleep(1); + } + target++; } } @@ -171,10 +192,15 @@ char pcap_ebuf[PCAP_ERRBUF_SIZE]; char libnet_ebuf[LIBNET_ERRBUF_SIZE]; int c; + int n_targets; + spoof.ip = 0; intf = NULL; - spoof_ip = target_ip = 0; poison_reverse = 0; + n_targets = 0; + + /* allocate enough memory for target list */ + targets = calloc( argc+1, sizeof(struct host) ); while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) { switch (c) { @@ -182,7 +208,7 @@ intf = optarg; break; case 't': - if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) + if ((targets[n_targets++].ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) usage(); break; case 'r': @@ -198,12 +224,12 @@ if (argc != 1) usage(); - if (poison_reverse && !target_ip) { + if (poison_reverse && !n_targets) { errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t)."); usage(); } - if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) + if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL) @@ -211,15 +237,19 @@ if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL) errx(1, "%s", libnet_ebuf); - - if (target_ip != 0 && !arp_find(target_ip, &target_mac)) - errx(1, "couldn't arp for host %s", - libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE)); + + struct host *target = targets; + while(target->ip) { + if (target->ip != 0 && !arp_find(target->ip, &target->mac)) + errx(1, "couldn't arp for host %s", + libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE)); + target++; + } if (poison_reverse) { - if (!arp_find(spoof_ip, &spoof_mac)) { + if (!arp_find(spoof.ip, &spoof.mac)) { errx(1, "couldn't arp for spoof host %s", - libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE)); + libnet_addr2name4(spoof.ip, LIBNET_DONT_RESOLVE)); } } @@ -228,12 +258,20 @@ signal(SIGTERM, cleanup); for (;;) { - arp_send(l, ARPOP_REPLY, NULL, spoof_ip, - (target_ip ? (u_int8_t *)&target_mac : NULL), - target_ip); - if (poison_reverse) { - arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip); + if (!n_targets) { + arp_send(l, ARPOP_REPLY, my_ha, spoof.ip, brd_ha, 0, my_ha); + } else { + struct host *target = targets; + while(target->ip) { + arp_send(l, ARPOP_REPLY, NULL, spoof.ip, + (target->ip ? (u_int8_t *)&target->mac : NULL), + target->ip); + if (poison_reverse) { + arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip); + } + target++; } + } sleep(2); } >From 21773ccf18a5fc49d35e510a8797b0a1e83858c4 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Sun, 20 Nov 2011 21:32:53 +0100 Subject: [PATCH 3/3] arpspoof: allow selection of source hw address In certain networks, sending with the wrong hardware source address can jeopardize the network connection of the host running arpspoof. This patch makes it possible to specify whether arpspoof should use the own hardware address or the one of the real host when resetting the arp table of the target systems; it is also possible to use both. Signed-off-by: Stefan Tomanek --- arpspoof.8 | 9 +++++- arpspoof.c | 90 ++++++++++++++++++++++++++++++++++++++++++----------------- 2 files changed, 72 insertions(+), 27 deletions(-) --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/arpspoof.8 +++ b/arpspoof.8 @@ -9,7 +9,7 @@ .na .nf .fi -\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR +\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-c \fIown|host|both\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR .SH DESCRIPTION .ad .fi @@ -23,6 +23,13 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to use. +.IP "\fB-c \fIown|host|both\fR" +Specify which hardware address t use when restoring the arp configuration; +while cleaning up, packets can be send with the own address as well as with +the address of the host. Sending packets with a fake hw address can disrupt +connectivity with certain switch/ap/bridge configurations, however it works +more reliably than using the own address, which is the default way arpspoof +cleans up afterwards. .IP "\fB-t \fItarget\fR" Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts. --- a/arpspoof.c +++ b/arpspoof.c @@ -40,37 +40,36 @@ static char *intf; static int poison_reverse; +static uint8_t *my_ha = NULL; +static uint8_t *brd_ha = "\xff\xff\xff\xff\xff\xff"; + +static int cleanup_src_own = 1; +static int cleanup_src_host = 0; + static void usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: arpspoof [-i interface] [-t target] [-r] host\n"); + "Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host\n"); exit(1); } static int -arp_send(libnet_t *l, int op, u_int8_t *sha, - in_addr_t spa, u_int8_t *tha, in_addr_t tpa) +arp_send(libnet_t *l, int op, + u_int8_t *sha, in_addr_t spa, + u_int8_t *tha, in_addr_t tpa, + u_int8_t *me) { int retval; - if (sha == NULL && - (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) { - return (-1); - } - if (spa == 0) { - if ((spa = libnet_get_ipaddr4(l)) == -1) - return (-1); - } - if (tha == NULL) - tha = "\xff\xff\xff\xff\xff\xff"; - + if (!me) me = sha; + libnet_autobuild_arp(op, sha, (u_int8_t *)&spa, tha, (u_int8_t *)&tpa, l); - libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0); + libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0); fprintf(stderr, "%s ", - ether_ntoa((struct ether_addr *)sha)); + ether_ntoa((struct ether_addr *)me)); if (op == ARPOP_REQUEST) { fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n", @@ -129,7 +128,7 @@ /* XXX - force the kernel to arp. feh. */ arp_force(ip); #else - arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip); + arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip, NULL); #endif sleep(1); } @@ -156,17 +155,23 @@ int fw = arp_find(spoof.ip, &spoof.mac); int bw = poison_reverse && targets[0].ip && arp_find_all(); int i; + int rounds = (cleanup_src_own*5 + cleanup_src_host*5); fprintf(stderr, "Cleaning up and re-arping targets...\n"); - for (i = 0; i < 5; i++) { + for (i = 0; i < rounds; i++) { struct host *target = targets; while(target->ip) { + uint8_t *src_ha = NULL; + if (cleanup_src_own && (i%2 || !cleanup_src_host)) { + src_ha = my_ha; + } /* XXX - on BSD, requires ETHERSPOOF kernel. */ if (fw) { arp_send(l, ARPOP_REPLY, (u_int8_t *)&spoof.mac, spoof.ip, - (target->ip ? (u_int8_t *)&target->mac : NULL), - target->ip); + (target->ip ? (u_int8_t *)&target->mac : brd_ha), + target->ip, + src_ha); /* we have to wait a moment before sending the next packet */ sleep(1); } @@ -174,7 +179,8 @@ arp_send(l, ARPOP_REPLY, (u_int8_t *)&target->mac, target->ip, (u_int8_t *)&spoof.mac, - spoof.ip); + spoof.ip, + src_ha); sleep(1); } target++; @@ -193,6 +199,7 @@ char libnet_ebuf[LIBNET_ERRBUF_SIZE]; int c; int n_targets; + char *cleanup_src = NULL; spoof.ip = 0; intf = NULL; @@ -202,7 +209,7 @@ /* allocate enough memory for target list */ targets = calloc( argc+1, sizeof(struct host) ); - while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) { + while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) { switch (c) { case 'i': intf = optarg; @@ -214,6 +221,9 @@ case 'r': poison_reverse = 1; break; + case 'c': + cleanup_src = optarg; + break; default: usage(); } @@ -229,6 +239,29 @@ usage(); } + if (!cleanup_src || strcmp(cleanup_src, "own")==0) { /* default! */ + /* only use our own hw address when cleaning up, + * not jeopardizing any bridges on the way to our + * target + */ + cleanup_src_own = 1; + cleanup_src_host = 0; + } else if (strcmp(cleanup_src, "host")==0) { + /* only use the target hw address when cleaning up; + * this can screw up some bridges and scramble access + * for our own host, however it resets the arp table + * more reliably + */ + cleanup_src_own = 0; + cleanup_src_host = 1; + } else if (strcmp(cleanup_src, "both")==0) { + cleanup_src_own = 1; + cleanup_src_host = 1; + } else { + errx(1, "Invalid parameter to -c: use 'own' (default), 'host' or 'both'."); + usage(); + } + if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); @@ -253,6 +286,10 @@ } } + if ((my_ha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) { + errx(1, "Unable to determine own mac address"); + } + signal(SIGHUP, cleanup); signal(SIGINT, cleanup); signal(SIGTERM, cleanup); @@ -263,11 +300,12 @@ } else { struct host *target = targets; while(target->ip) { - arp_send(l, ARPOP_REPLY, NULL, spoof.ip, - (target->ip ? (u_int8_t *)&target->mac : NULL), - target->ip); + arp_send(l, ARPOP_REPLY, my_ha, spoof.ip, + (target->ip ? (u_int8_t *)&target->mac : brd_ha), + target->ip, + my_ha); if (poison_reverse) { - arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip); + arp_send(l, ARPOP_REPLY, my_ha, target->ip, (uint8_t *)&spoof.mac, spoof.ip, my_ha); } target++; } Description: fixes possible segmentation faults of arpspoof, sshmitm, webmitm and webspy if any non-resolving hostname is passed. Issue was introduced by dsniff-2.4-libnet_11.patch; libnet_name_resolve() was replaced by libnet_name2addr4() while there must be the structure libnet_t passed additionally. And if that structure is not initialized using libnet_init() and the passed name can't be resolved (like "192.168.2."), it causes a snprintf() to NULL and thus the segmentation fault. Note that macof isn't affected as no resolving was involved here ever. Author: Robert Scheck Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1009879 Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-libnet_name2addr4.patch --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/sshmitm.c +++ b/sshmitm.c @@ -45,6 +45,8 @@ struct sockaddr_in csin, ssin; int sig_pipe[2]; +static libnet_t *l; + static void usage(void) { @@ -364,6 +366,7 @@ u_long ip; u_short lport, rport; int c; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; lport = rport = 22; @@ -390,12 +393,15 @@ if (argc < 1) usage(); - if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1) - usage(); - if (argc == 2 && (rport = atoi(argv[1])) == 0) usage(); + if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL) + errx(1, "%s", libnet_ebuf); + + if ((ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) + usage(); + record_init(NULL); mitm_init(lport, ip, rport); --- a/webmitm.c +++ b/webmitm.c @@ -47,6 +47,8 @@ int do_ssl, sig_pipe[2]; in_addr_t static_host = 0; +static libnet_t *l; + extern int decode_http(char *, int, char *, int); static void @@ -242,7 +244,7 @@ word = buf_tok(&msg, "/", 1); vhost = buf_strdup(word); } - ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1); + ssin.sin_addr.s_addr = libnet_name2addr4(l, vhost, LIBNET_RESOLVE); free(vhost); if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) || @@ -496,6 +498,7 @@ extern char *optarg; extern int optind; int c; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; while ((c = getopt(argc, argv, "dh?V")) != -1) { switch (c) { @@ -509,8 +512,11 @@ argc -= optind; argv += optind; + if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL) + errx(1, "%s", libnet_ebuf); + if (argc == 1) { - if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1) + if ((static_host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); } else if (argc != 0) usage(); --- a/webspy.c +++ b/webspy.c @@ -33,6 +33,7 @@ extern int mozilla_remote_commands (Display *, Window, char **); char *expected_mozilla_version = "4.7"; char *progname = "webspy"; +static libnet_t *l; Display *dpy; char cmd[2048], *cmdtab[2]; @@ -183,6 +184,7 @@ extern char *optarg; extern int optind; int c; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; while ((c = getopt(argc, argv, "i:p:h?V")) != -1) { switch (c) { @@ -205,7 +207,10 @@ cmdtab[0] = cmd; cmdtab[1] = NULL; - if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1) + if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL) + errx(1, "%s", libnet_ebuf); + + if ((host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) errx(1, "unknown host"); if ((dpy = XOpenDisplay(NULL)) == NULL) --- a/arpspoof.c +++ b/arpspoof.c @@ -208,6 +208,10 @@ /* allocate enough memory for target list */ targets = calloc( argc+1, sizeof(struct host) ); + + if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL) + errx(1, "%s", libnet_ebuf); + while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) { switch (c) { @@ -265,6 +269,8 @@ if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); + libnet_destroy(l); + if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL) errx(1, "%s", pcap_ebuf); Description: Corrects the incorrect bit-shift in pntohl(), the left-shift should be 8 bits, not 18. Author: Matthew Boyle Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-pntohl_shift.patch Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=714958 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=850496 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/decode.h +++ b/decode.h @@ -35,7 +35,7 @@ (u_short)*((u_char *)p+0)<<8)) #define pntohl(p) ((u_int32_t)*((u_char *)p+3)<<0| \ - (u_int32_t)*((u_char *)p+2)<<18| \ + (u_int32_t)*((u_char *)p+2)<<8| \ (u_int32_t)*((u_char *)p+1)<<16| \ (u_int32_t)*((u_char *)p+0)<<24) Description: Adds a clock fix. It was improved by Robert Scheck to work with older Linux kernel versions, too. Author: Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-sysconf_clocks.patch --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/sshow.c +++ b/sshow.c @@ -217,7 +217,9 @@ { clock_t delay; int payload; - long CLK_TCK= sysconf(_SC_CLK_TCK); +#if defined(_SC_CLK_TCK) + long CLK_TCK = sysconf(_SC_CLK_TCK); +#endif delay = add_history(session, 0, cipher_size, plain_range); @@ -266,7 +268,9 @@ clock_t delay; int skip; range string_range; - long CLK_TCK= sysconf(_SC_CLK_TCK); +#if defined(_SC_CLK_TCK) + long CLK_TCK = sysconf(_SC_CLK_TCK); +#endif delay = add_history(session, 1, cipher_size, plain_range); Descrition: avoids xdrs being used without being initialised first. Without this patch dsniff segfaults when decoding RPC packets on x86_64. Author: Matthew Boyle Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-rpc_segfault.patch --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/rpc.c +++ b/rpc.c @@ -125,6 +125,9 @@ return (0); } } + else + return (0); + stat = xdr_getpos(&xdrs); xdr_destroy(&xdrs); Description: improves 18_sshcrypto.patch - Replace all des_ methods and structs with DES_ equivalents. - Remove openssl/des_old.h include. - Register dependencies on OpenSSL, glib20 and gettext. Author: jca Origin: OpenBSD --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/sshcrypto.c +++ b/sshcrypto.c @@ -30,8 +30,8 @@ #if 0 struct des3_state { - des_key_schedule k1, k2, k3; - des_cblock iv1, iv2, iv3; + DES_key_schedule k1, k2, k3; + DES_cblock iv1, iv2, iv3; }; #endif @@ -162,13 +162,13 @@ if ((state = malloc(sizeof(*state))) == NULL) err(1, "malloc"); - des_set_key((void *)sesskey, state->k1); - des_set_key((void *)(sesskey + 8), state->k2); + DES_set_key((void *)sesskey, &state->k1); + DES_set_key((void *)(sesskey + 8), &state->k2); if (len <= 16) - des_set_key((void *)sesskey, state->k3); + DES_set_key((void *)sesskey, &state->k3); else - des_set_key((void *)(sesskey + 16), state->k3); + DES_set_key((void *)(sesskey + 16), &state->k3); memset(state->iv1, 0, 8); memset(state->iv2, 0, 8); @@ -184,9 +184,9 @@ estate = (struct des3_state *)state; memcpy(estate->iv1, estate->iv2, 8); - des_ncbc_encrypt(src, dst, len, estate->k1, &estate->iv1, DES_ENCRYPT); - des_ncbc_encrypt(dst, dst, len, estate->k2, &estate->iv2, DES_DECRYPT); - des_ncbc_encrypt(dst, dst, len, estate->k3, &estate->iv3, DES_ENCRYPT); + DES_ncbc_encrypt(src, dst, len, &estate->k1, &estate->iv1, DES_ENCRYPT); + DES_ncbc_encrypt(dst, dst, len, &estate->k2, &estate->iv2, DES_DECRYPT); + DES_ncbc_encrypt(dst, dst, len, &estate->k3, &estate->iv3, DES_ENCRYPT); } void @@ -197,8 +197,8 @@ dstate = (struct des3_state *)state; memcpy(dstate->iv1, dstate->iv2, 8); - des_ncbc_encrypt(src, dst, len, dstate->k3, &dstate->iv3, DES_DECRYPT); - des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT); - des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT); + DES_ncbc_encrypt(src, dst, len, &dstate->k3, &dstate->iv3, DES_DECRYPT); + DES_ncbc_encrypt(dst, dst, len, &dstate->k2, &dstate->iv2, DES_ENCRYPT); + DES_ncbc_encrypt(dst, dst, len, &dstate->k1, &dstate->iv1, DES_DECRYPT); } #endif Description: Fix parallel FTBFS problems * Add libmissing.a as a dependency to each of the PROGS to ensure it is built before them. * Ensure mount.h is created before decode_mountd.o gets built. * Ensure nfs_prot.h is created before filesnarf.o gets built. Author: Lukas Schwaighofer Author: Adrian Bunk Bug-Debian: https://bugs.debian.org/860611 Bug-Debian: https://bugs.debian.org/869086 --- a/Makefile.in +++ b/Makefile.in @@ -75,16 +75,28 @@ .c.o: $(CC) $(CFLAGS) $(INCS) -c $(srcdir)/$*.c -all: libmissing.a $(PROGS) +all: $(PROGS) -mount.c: mount.x +mount.h: mount.x rpcgen -h mount.x -o mount.h + +mount.c: mount.x rpcgen -c mount.x -o mount.c -nfs_prot.c: nfs_prot.x +mount.o: mount.h + +decode_mountd.o: mount.h + +nfs_prot.h: nfs_prot.x rpcgen -h nfs_prot.x -o nfs_prot.h + +nfs_prot.c: nfs_prot.x rpcgen -c nfs_prot.x -o nfs_prot.c +nfs_prot.o: nfs_prot.h + +filesnarf.o: nfs_prot.h + $(LIBOBJS): $(CC) $(CFLAGS) $(INCS) -c $(srcdir)/missing/$*.c @@ -92,49 +104,49 @@ ar -cr $@ $(LIBOBJS) $(RANLIB) $@ -dsniff: $(HDRS) $(SRCS) $(OBJS) +dsniff: $(HDRS) $(SRCS) $(OBJS) libmissing.a $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB) -arpspoof: arpspoof.o arp.o +arpspoof: arpspoof.o arp.o libmissing.a $(CC) $(LDFLAGS) -o $@ arpspoof.o arp.o $(LIBS) $(PCAPLIB) $(LNETLIB) -dnsspoof: dnsspoof.o pcaputil.o +dnsspoof: dnsspoof.o pcaputil.o libmissing.a $(CC) $(LDFLAGS) -o $@ dnsspoof.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB) -filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o +filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o libmissing.a $(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) -macof: macof.o +macof: macof.o libmissing.a $(CC) $(LDFLAGS) -o $@ macof.o $(LIBS) $(PCAPLIB) $(LNETLIB) -mailsnarf: mailsnarf.o buf.o pcaputil.o +mailsnarf: mailsnarf.o buf.o pcaputil.o libmissing.a $(CC) $(LDFLAGS) -o $@ mailsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) -msgsnarf: msgsnarf.o buf.o pcaputil.o +msgsnarf: msgsnarf.o buf.o pcaputil.o libmissing.a $(CC) $(LDFLAGS) -o $@ msgsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) -sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o +sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o libmissing.a $(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) -sshow: sshow.o pcaputil.o +sshow: sshow.o pcaputil.o libmissing.a $(CC) $(LDFLAGS) -o $@ sshow.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) -tcpkill: tcpkill.o pcaputil.o +tcpkill: tcpkill.o pcaputil.o libmissing.a $(CC) $(LDFLAGS) -o $@ tcpkill.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB) -tcpnice: tcpnice.o pcaputil.o +tcpnice: tcpnice.o pcaputil.o libmissing.a $(CC) $(LDFLAGS) -o $@ tcpnice.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB) -tcphijack: tcphijack.o pcaputil.o +tcphijack: tcphijack.o pcaputil.o libmissing.a $(CC) $(LDFLAGS) -o $@ tcphijack.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB) -urlsnarf: urlsnarf.o base64.o buf.o pcaputil.o +urlsnarf: urlsnarf.o base64.o buf.o pcaputil.o libmissing.a $(CC) $(LDFLAGS) -o $@ urlsnarf.o base64.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) -webmitm: webmitm.o base64.o buf.o decode_http.o record.o +webmitm: webmitm.o base64.o buf.o decode_http.o record.o libmissing.a $(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) -webspy: webspy.o base64.o buf.o remote.o +webspy: webspy.o base64.o buf.o remote.o libmissing.a $(CC) $(LDFLAGS) -o $@ webspy.o base64.o buf.o remote.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(X11LIB) install: Descrition: import CPPFLAGS in order to build an ELF binary that that uses fortified libc functions. Now it is built with all default Debian compiler flags. Author: Marcos Fouces --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/Makefile.in +++ b/Makefile.in @@ -11,12 +11,13 @@ install_prefix = prefix = @prefix@ exec_prefix = @exec_prefix@ -libdir = $(prefix)/share/dsniff +libdir = @libdir@ sbindir = @sbindir@ mandir = @mandir@ CC = @CC@ CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\" +CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ PCAPINC = @PCAPINC@ @@ -37,7 +38,8 @@ X11INC = @X_CFLAGS@ X11LIB = @X_LIBS@ @X_PRE_LIBS@ -lXmu -lX11 @X_EXTRA_LIBS@ -INCS = -I. $(X11INC) -I$(srcdir)/missing +INCS = -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \ + -I$(srcdir)/missing LIBS = @LIBS@ -L$(srcdir) -lmissing INSTALL = @INSTALL@ @@ -73,7 +75,7 @@ CONFIGS = dsniff.magic dsniff.services dnsspoof.hosts .c.o: - $(CC) $(CFLAGS) $(INCS) -c $(srcdir)/$*.c + $(CC) $(CFLAGS) $(CPPFLAGS) $(INCS) -c $(srcdir)/$*.c all: $(PROGS) @@ -98,7 +100,7 @@ filesnarf.o: nfs_prot.h $(LIBOBJS): - $(CC) $(CFLAGS) $(INCS) -c $(srcdir)/missing/$*.c + $(CC) $(CFLAGS) $(CPPFLAGS) $(INCS) -c $(srcdir)/missing/$*.c libmissing.a: $(LIBOBJS) ar -cr $@ $(LIBOBJS) Description: fix implicit declarations compiler warning * switch to C99 uint64_t, remove now unnecessary xdr_u_int64_t function * include missing string.h for memset Author: Lukas Schwaighofer --- a/filesnarf.c +++ b/filesnarf.c @@ -55,30 +55,6 @@ exit(1); } -/* XXX - for nfs_prot_xdr.c */ -bool_t -xdr_u_int64_t(XDR *xdrs, u_int64_t *nump) -{ - int i = 1; - u_char *p = (u_char *)nump; - - if (*(char *)&i == 1) { /* endian haack. */ - if (xdr_u_long(xdrs, (u_long *)(p + 4))) - return (xdr_u_long(xdrs, (u_long *)p)); - } - else { - if (xdr_u_long(xdrs, (u_long *)p)) - return (xdr_u_long(xdrs, (u_long *)(p + 4))); - } - return (FALSE); -} - -bool_t -xdr_int64_t(XDR *xdrs, int64_t *nump) -{ - return (xdr_u_int64_t(xdrs, (u_int64_t *)nump)); -} - static void fh_map_init(void) { --- a/nfs_prot.x +++ b/nfs_prot.x @@ -190,7 +190,7 @@ /* * Basic data types */ -typedef u_int64_t uint64; +typedef uint64_t uint64; typedef int64_t int64; typedef unsigned int uint32; typedef int int32; --- a/sshcrypto.c +++ b/sshcrypto.c @@ -20,6 +20,7 @@ #include #include #include +#include #include "sshcrypto.h"