Permalink
Browse files

initial import into git

  • Loading branch information...
0 parents commit d70d8a6b8790b85a8b1c6a58b207aec41ceec86c Federico Marani committed Oct 2, 2010
Showing with 3,509 additions and 0 deletions.
  1. +341 −0 COPYING
  2. +341 −0 LICENSE
  3. +23 −0 Makefile
  4. +65 −0 README
  5. +21 −0 byteorder.h
  6. +54 −0 common.h
  7. +175 −0 filters/smbstructs.h
  8. +364 −0 filters/smbxfers.c
  9. +43 −0 filters/smbxfers.h
  10. +135 −0 list-queue.c
  11. +50 −0 list-queue.h
  12. +104 −0 listener.c
  13. +66 −0 listener.h
  14. +401 −0 listeners/arphijack.c
  15. +132 −0 listeners/sniff.c
  16. +358 −0 streamassembler.c
  17. +89 −0 streamassembler.h
  18. +65 −0 streamstructs.h
  19. +141 −0 sxd.c
  20. +133 −0 test/testdroppedpkts.c
  21. +63 −0 test/testlistener.c
  22. +149 −0 test/testtcp.c
  23. +185 −0 video.c
  24. +11 −0 video.h
341 COPYING

Large diffs are not rendered by default.

Oops, something went wrong.
341 LICENSE

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -0,0 +1,23 @@
+opt = -O2 -DEXTENDED_INFOS
+
+
+all:
+ echo "write a target.. example: make sxd"
+
+testlistener: test/testlistener.c listener.h listener.c list-queue.h list-queue.c listeners/*.c
+ gcc -lpthread -lpcap -I. test/testlistener.c listener.c list-queue.c listeners/*.c -o test/testlistener $(opt)
+
+testlistener-clean:
+ rm -f test/testlistener
+
+testtcp: filters/smbstructs.h filters/smbxfers.c filters/smbxfers.h streamassembler.c streamassembler.h streamstructs.h list-queue.c list-queue.h test/testtcp.c byteorder.h
+ gcc -lpthread -lpcap -I. filters/smbxfers.c streamassembler.c list-queue.c test/testtcp.c -o test/testtcp $(opt)
+
+testtcp-clean:
+ rm -f test/testtcp
+
+sxd: listener.h listener.c list-queue.h list-queue.c listeners/sniff.c filters/smbstructs.h filters/smbxfers.c filters/smbxfers.h streamassembler.c streamassembler.h streamstructs.h list-queue.c list-queue.h sxd.c
+ gcc -I. -lpthread -lpcap listener.c listeners/sniff.c filters/smbxfers.c streamassembler.c list-queue.c sxd.c -o sxd $(opt)
+
+sxd-clean:
+ rm -f sxd
65 README
@@ -0,0 +1,65 @@
+SXD - SXD Xfer Dump (aka Samba Xfer Dump)
+-----------------------------------------
+
+SXD is a particular kind of sniffer/protocol analyzer, it catch packets in a customizable manner and try to enqueue it in a connection..., after all checks, the packet is passed to a filter that will write the file on disk or do whatever it like...
+
+In listeners/ there is the code for catching packets, that can be normal sniffing, or arp hijacking, etc...
+In filters/ there is the code that analyze the application protocol, used for file transfer.
+
+To compile, just do:
+- make sxd
+
+It requires pthread and pcap...
+
+Developed on RH9 (Linux 2.6.0-test9) / Fedora core 1 (UML)
+
+
+LICENSE
+-------
+Copyright (C) 2003-2004 Federico Marani <flagz@users.sourceforge.net>
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version
+2 of the License, or (at your option) any later version.
+
+The author IS NOT RESPONSIBLE for any use of this program,
+express or implied, use it AT YOUR OWN RISK.
+
+See LICENSE for details...
+
+
+TODO
+----
+- Make a listener using diverter socket: useful in gateways, etc..
+- ncurses interface
+- graphical interface (?)
+- Add more filters.... (http, gnutella, dc, ftp)
+
+
+
+Make your own filter
+--------------------
+
+Making a filter is not so hard, you have to add function prototypes in streamassembler.h and add initialization stuff in filter_init() in streamassembler.c, and, obviously, your own filter under filters/...:), and edit Makefile adding your .c file to gcc line of make sxd.
+A filter need almost two functions, the isInteresting() used for ask to the filter if the data is interesting for the filter and pktin() for pass to the filter the data along with other infos, like syncronization state and direction of the stream. (see struct filter...)
+
+Now it support only SMB transfer (only read transfer) but will be extended...
+
+
+Make your own listener
+----------------------
+
+Making a listener is similar to a filter, you have to add function prototypes in listener.h and add initialization stuff in listener_init() in listener.c, and, obviously, your own listener under listeners/...:), and edit Makefile adding your .c file to gcc line of make sxd.
+Listeners can be of two types: CONCURRENT and WAIT
+CONCURRENT: this listener is activated CONCURRENTLY with the stream assembler, when the packet arrive, it have to be queued to pktqueue, and the stream assembler will get it...
+WAIT: the main function of the listener is activated and waited for termination, after that, concurrently with the stream assembler, it's activated the enqueue function of the listener that enqueue already captured packets.
+
+The CONCURRENT listener has one function, the main function, that will catch packets and call pktqueue_append to append packets to the queue.
+The WAIT listener has two functions, the main that listen for packets, and the enqueue function that, after the termination of main, will enqueue packets with pktqueue_append()...
+
+Now it support only normal sniff but, in nearly future, will be added something like an hijacker, because without something like it, the program is useless because we lose packets and, consequently, pieces of files...
+
+
+--------------------------------------
+by flagz <flagz@users.sourceforge.net>
@@ -0,0 +1,21 @@
+/* Original code from the Linux C library */
+/* This code is under the original GNU C library license (GPL) */
+
+#ifndef _BYTESEX_H
+#define _BYTESEX_H
+
+#if defined(__i386__) \
+ || defined(__alpha__) \
+ || (defined(__mips__) && (defined(MIPSEL) || defined (__MIPSEL__)))
+#define BYTE_ORDER_LITTLE_ENDIAN
+#elif defined(__mc68000__) \
+ || defined (__sparc__) \
+ || defined (__sparc) \
+ || defined (__PPC__) \
+ || (defined(__mips__) && (defined(MIPSEB) || defined (__MIPSEB__)))
+#define BYTE_ORDER_BIG_ENDIAN
+#else
+# error can not find the byte order for this architecture, fix bytesex.h
+#endif
+
+#endif /* _BYTESEX_H */
@@ -0,0 +1,54 @@
+/* sxd -- SXD Xfer Dump
+ * Copyright (C) 2003 Federico Marani <flagz@users.sourceforge.net>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * $Id: common.h,v 1.1 2004/04/13 09:17:08 flagz Exp $
+ */
+
+
+#ifndef _COMMON_H
+#define _COMMON_H
+
+/* Convert MAC address to string */
+char *mac2string(struct ether_addr *eth, char *str) {
+ sprintf(str,"%02X:%02X:%02X:%02X:%02X:%02X",
+ eth->ether_addr_octet[0],
+ eth->ether_addr_octet[1],
+ eth->ether_addr_octet[2],
+ eth->ether_addr_octet[3],
+ eth->ether_addr_octet[4],
+ eth->ether_addr_octet[5]);
+ return str;
+}
+
+/* Convert IP address to string */
+char *ipv4addr_tostr(char *s, void *addr)
+{
+ unsigned char *x = addr;
+
+ sprintf(s, "%u.%u.%u.%u", x[0], x[1], x[2], x[3]);
+ return s;
+}
+
+
+// TCP SPECIFIC FUNCTIONS
+/* Convert TCP flags to string */
+char *tcp_strflags(char *s, unsigned int flags)
+{
+ char *ftab = "FSRPAYXY", *p = s;
+ int bit = 0;
+
+ while(bit < 8) {
+ if (flags & (1 << bit))
+ *p++ = ftab[bit];
+ bit++;
+ }
+ *p = '\0';
+ return s;
+}
+
+#endif /* _COMMON_H */
@@ -0,0 +1,175 @@
+/* sxd -- SXD Xfer Dump
+ * Copyright (C) 2003 Federico Marani <flagz@users.sourceforge.net>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * $Id: smbstructs.h,v 1.1.1.1 2004/02/06 11:57:52 flagz Exp $
+ */
+
+#ifndef _SMBSTRUCTS_H
+#define _SMBSTRUCTS_H
+
+#include <stdlib.h> // needed for compilation of structs...
+
+
+// NetBIOS / SMB structures
+#define NetBIOSHdrLen 4
+struct NetBIOSHdr {
+ u_int8_t nbtype;
+ u_int8_t flags;
+ u_int16_t len;
+} __attribute__((packed));
+
+#define SMBHdrLen 32
+struct SMBHdr {
+ u_int8_t head;
+ char magicnum[3];
+ u_int8_t com;
+ u_int8_t errclass;
+ u_int8_t :8;
+ u_int16_t errcode;
+ u_int8_t flags;
+ u_int16_t flags2; //FIXME: Used also as flags
+ u_int32_t :32;
+ u_int32_t :32;
+ u_int32_t :32;
+ u_int16_t tid;
+ u_int16_t pid;
+ u_int16_t uid;
+ u_int16_t mid;
+} __attribute__((packed)); //PACKED because compiler wrong-align...
+
+
+// smb structures used in xfers...
+#define SMBOpenAndXReqLen 33
+struct SMBOpenAndXReq {
+ u_int8_t wordcount;
+ u_int8_t andxcommand;
+ u_int8_t :8;
+ u_int16_t andxoffset;
+ u_int16_t flags;
+ u_int16_t desaccess;
+ u_int16_t searchattr;
+ u_int16_t fileattr;
+ u_int32_t ctime;
+ u_int16_t openfunc;
+ u_int32_t allocsize;
+ u_int64_t :64;
+ u_int16_t bytecount;
+ /* file name follows */
+} __attribute__((packed));
+
+#define SMBOpenAndXResLen 33
+struct SMBOpenAndXRes {
+ u_int8_t wordcount;
+ u_int8_t andxcommand;
+ u_int8_t :8;
+ u_int16_t andxoffset;
+ u_int16_t fid;
+ u_int16_t fileattr;
+ u_int32_t mtime;
+ u_int32_t filesize;
+ u_int16_t grantedaccess;
+ u_int16_t filetype;
+ u_int16_t ipcstate;
+ u_int16_t action;
+ u_int32_t server_fid;
+ u_int16_t :16;
+ u_int16_t bytecount;
+} __attribute__((packed));
+
+
+// Instead of OpenAndX, win2000 and > use CreateAndX
+#define SMBCreateAndXReqLen 52
+struct SMBCreateAndXReq {
+ u_int8_t wordcount;
+ u_int8_t andxcommand;
+ u_int8_t :8;
+ u_int16_t andxoffset;
+ u_int8_t :8;
+ u_int16_t filenamelen;
+ u_int32_t createflags;
+ u_int32_t rootfid;
+ u_int32_t accessmask;
+ u_int64_t allocationsize;
+ u_int32_t fileattrib;
+ u_int32_t shareaccess;
+ u_int32_t disposition;
+ u_int32_t createopts;
+ u_int32_t impersonalization;
+ u_int8_t securityflags;
+ u_int16_t bytecount;
+ u_int8_t :8;
+ /* file name follows */
+} __attribute__((packed));
+
+#define SMBCreateAndXResLen 71
+struct SMBCreateAndXRes {
+ u_int8_t wordcount;
+ u_int8_t andxcommand;
+ u_int8_t :8;
+ u_int16_t andxoffset;
+ u_int8_t oplocklevel;
+ u_int16_t fid;
+ u_int32_t createaction;
+ u_int64_t created;
+ u_int64_t lastaccess;
+ u_int64_t lastwrite;
+ u_int64_t change;
+ u_int32_t fileattr;
+ u_int64_t allocsize;
+ u_int64_t eof;
+ u_int16_t filetype;
+ u_int16_t ipcstate;
+ u_int8_t is_a_directory;
+ u_int16_t bytecount;
+} __attribute__((packed));
+
+
+
+
+#define SMBReadAndXReqLen 23
+struct SMBReadAndXReq {
+ u_int8_t wordcount;
+ u_int8_t andxcommand;
+ u_int8_t :8;
+ u_int16_t andxoffset;
+ u_int16_t fid;
+ u_int32_t offset;
+ u_int16_t maxbytecount;
+ u_int16_t minbytecount;
+ u_int32_t :32;
+ u_int16_t remaining;
+ u_int16_t bytecount;
+} __attribute__((packed));
+
+#define SMBReadAndXResLen 27
+struct SMBReadAndXRes {
+ u_int8_t wordcount;
+ u_int8_t andxcommand;
+ u_int8_t :8;
+ u_int16_t andxoffset;
+ u_int16_t remaining;
+ u_int16_t datacompactionmode;
+ u_int16_t :16;
+ u_int16_t datalength;
+ u_int16_t dataoffset;
+ u_int32_t :32;
+ u_int32_t :32;
+ u_int16_t :16;
+ u_int16_t bytecount;
+} __attribute__((packed));
+
+#define SMBCloseReqLen 9
+struct SMBCloseReq {
+ u_int8_t wordcount;
+ u_int16_t fid;
+ u_int32_t lastwrite;
+ u_int16_t bytecount;
+} __attribute__((packed));
+
+
+#endif /* _SMBSTRUCTS_H */
Oops, something went wrong.

0 comments on commit d70d8a6

Please sign in to comment.