From 8c9b23a1171556300f3d3a6c0e537f639a8b7b52 Mon Sep 17 00:00:00 2001 From: liaozhiyuan Date: Thu, 28 Apr 2022 10:18:42 +0800 Subject: [PATCH 1/2] add tcp close --- src/flowsynth.py | 49 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) diff --git a/src/flowsynth.py b/src/flowsynth.py index e80e1ff..3e44562 100755 --- a/src/flowsynth.py +++ b/src/flowsynth.py @@ -443,8 +443,10 @@ def __init__(self, flowdecl = None): parser_bailout("A dst_mac ({}) was explicitly set, but it doesn't appear to be valid.".format(dmac)) - self.to_server_seq = random.randint(10000, 99999) - self.to_client_seq = random.randint(10000, 99999) + # self.to_server_seq = random.randint(10000, 99999) + # self.to_client_seq = random.randint(10000, 99999) + self.to_server_seq = 100 + self.to_client_seq = 200 self.to_server_ack = 0 self.to_client_ack = 0 self.tcp_server_bytes = 0 @@ -562,13 +564,50 @@ def format_port(port): return port except ValueError: raise SynSyntaxError("Invalid Syntax. %s is not a valid port" % port) + def render_fni(self,eventid): + event = self.timeline[eventid] + pkts = [] + payload = bytearray() + if self.l4_proto == Flow.PROTO_TCP: + src_port = int(self.src_port) + dst_port = int(self.dst_port) + + lyr_eth = Ether(src = self.src_mac, dst = self.dst_mac) + lyr_ip = IP(src = self.src_host, dst = self.dst_host) + lyr_tcp = TCP(flags='FA', seq=self.to_server_seq, ack=self.to_client_seq, sport = src_port, dport = dst_port) / Raw(payload) + pkt = lyr_eth / lyr_ip / lyr_tcp + pkts.append(pkt) + + lyr_eth = Ether(src = self.dst_mac, dst = self.src_mac) + lyr_ip = IP(src = self.dst_host, dst = self.src_host) + lyr_tcp = TCP(flags='FA', seq=self.to_client_seq, ack=self.to_server_seq, sport = dst_port, dport = src_port) / Raw(payload) + pkt = lyr_eth / lyr_ip / lyr_tcp + pkts.append(pkt) + + lyr_eth = Ether(src = self.dst_mac, dst = self.src_mac) + lyr_ip = IP(src = self.dst_host, dst = self.src_host) + lyr_tcp = TCP(flags='A', seq=self.to_client_seq + 1, ack=self.to_server_seq + 1, sport = dst_port, dport = src_port) / Raw(payload) + pkt = lyr_eth / lyr_ip / lyr_tcp + pkts.append(pkt) + + lyr_eth = Ether(src = self.src_mac, dst = self.dst_mac) + lyr_ip = IP(src = self.src_host, dst = self.dst_host) + lyr_tcp = TCP(flags='A', seq=self.to_server_seq + 1, ack=self.to_client_seq + 1, sport = src_port, dport = dst_port) / Raw(payload) + pkt = lyr_eth / lyr_ip / lyr_tcp + pkts.append(pkt) + elif self.l4_proto == Flow.PROTO_UDP: + pass + return pkts def render(self, eventid): """ render a specific eventid """ event = self.timeline[eventid] pkts = [] - + ##finish flow + if event.get('attributes', False).get('close',False) is True: + pkts = self.render_fni(eventid) + return pkts #get the payload hasPayload = False payload = bytearray() @@ -971,8 +1010,8 @@ def autogen_handshake(flowdecl): parent_flow = COMPILER_FLOWS[flowdecl['name']] - client_isn = 10 #random.randint(10000, 99999) - server_isn = 100 #random.randint(10000, 99999) + client_isn = 10000 #random.randint(10000, 99999) + server_isn = 1000000 #random.randint(10000, 99999) #send syn eventdecl = {} From 80b6a3f8a96f34f80b78ba20a6d9396e4798bb25 Mon Sep 17 00:00:00 2001 From: liaozhiyuan Date: Thu, 28 Apr 2022 10:54:08 +0800 Subject: [PATCH 2/2] add README.md --- README.md | 6 +++++- src/flowsynth.py | 14 ++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index cd55388..19f95e4 100644 --- a/README.md +++ b/README.md @@ -158,6 +158,7 @@ Data can be transferred between hosts using two methods. The example below outli my_connection > (content:"GET / HTTP/1.1\x0d\x0aHost:google.com\x0d\x0aUser-Agent: DogBot\x0d\x0a\x0d\x0a";); my_connection < (content:"HTTP/1.1 200 OK\x0d\x0aContent-Length: 300\x0d\x0a\x0d\x0aWelcome to Google.com!";); + my_connection > ( close; ); In this example, the flow *my_connection* must have been previously declared. A single packet with the content specified will be transmitted from the client to the server. The following method is also accepted, however, this may change in the future as the syntax is formalized.: @@ -181,7 +182,7 @@ The following event attributes are currently supported: + tcp.flags.syn + tcp.flags.ack + tcp.flags.rst - ++ close ##### Content Attribute ##### The *content* attribute is used to specify the payload of a packet. Content attributes must be enclosed in double quotes. UTF-8 is supported and arbitrary bytes can be expressed with the "\xHH" notation where "HH" is the hexidecimal representation of the byte. For example, a carriage return (ASCII 0x0D) followed by a line feed (ASCII 0x0A) can be defined like this: *\x0D\x0A*. This translation takes place during the render phase. @@ -214,6 +215,9 @@ The *tcp.flags.ack* attribute tells Flowsynth to force the packet to be an ACK p ##### tcp.flags.rst Attribute ##### The *tcp.flags.rst* attribute tells Flowsynth to force the packet to be a RST packet. +#### close Attribute #### +The close attribute tells Flowsynth to close a tcp connection with Four-Way Wavehand + ## Authors ### + Will Urbanski (will dot urbanski at gmail dot com) diff --git a/src/flowsynth.py b/src/flowsynth.py index 3e44562..01061c0 100755 --- a/src/flowsynth.py +++ b/src/flowsynth.py @@ -443,10 +443,8 @@ def __init__(self, flowdecl = None): parser_bailout("A dst_mac ({}) was explicitly set, but it doesn't appear to be valid.".format(dmac)) - # self.to_server_seq = random.randint(10000, 99999) - # self.to_client_seq = random.randint(10000, 99999) - self.to_server_seq = 100 - self.to_client_seq = 200 + self.to_server_seq = random.randint(10000, 99999) + self.to_client_seq = random.randint(10000, 99999) self.to_server_ack = 0 self.to_client_ack = 0 self.tcp_server_bytes = 0 @@ -571,25 +569,25 @@ def render_fni(self,eventid): if self.l4_proto == Flow.PROTO_TCP: src_port = int(self.src_port) dst_port = int(self.dst_port) - + #FNI ACK to server lyr_eth = Ether(src = self.src_mac, dst = self.dst_mac) lyr_ip = IP(src = self.src_host, dst = self.dst_host) lyr_tcp = TCP(flags='FA', seq=self.to_server_seq, ack=self.to_client_seq, sport = src_port, dport = dst_port) / Raw(payload) pkt = lyr_eth / lyr_ip / lyr_tcp pkts.append(pkt) - + #FNI ACK to client lyr_eth = Ether(src = self.dst_mac, dst = self.src_mac) lyr_ip = IP(src = self.dst_host, dst = self.src_host) lyr_tcp = TCP(flags='FA', seq=self.to_client_seq, ack=self.to_server_seq, sport = dst_port, dport = src_port) / Raw(payload) pkt = lyr_eth / lyr_ip / lyr_tcp pkts.append(pkt) - + #ACK lyr_eth = Ether(src = self.dst_mac, dst = self.src_mac) lyr_ip = IP(src = self.dst_host, dst = self.src_host) lyr_tcp = TCP(flags='A', seq=self.to_client_seq + 1, ack=self.to_server_seq + 1, sport = dst_port, dport = src_port) / Raw(payload) pkt = lyr_eth / lyr_ip / lyr_tcp pkts.append(pkt) - + #ACK lyr_eth = Ether(src = self.src_mac, dst = self.dst_mac) lyr_ip = IP(src = self.src_host, dst = self.dst_host) lyr_tcp = TCP(flags='A', seq=self.to_server_seq + 1, ack=self.to_client_seq + 1, sport = src_port, dport = dst_port) / Raw(payload)