An essential set of modules for working with packets using the Scapy Library in Python. Highly geared around 802.11, but still useful for Ethernet.
Import for lib/chan_freq.py This class is for channel/frequency specific tasks
- twoFour(val)
"""Converts the 2.4GHz frequency to its decimal-based counterpart""" print(chanFreq.twoFour(2412))
- twoFourRev(val)
"""Channel to Frequency converter for 2.4 GHz""" print(chanFreq.twoFourRev(4))
- fiveEight(val):
"""Frequency to Channel converter for 5.8 GHz""" print(chanFreq.fiveEight(5200))
- fiveEightRev(val):
python """Channel to Frequency converter for 5.8 GHz""" print(fiveEightrev(val):
Import for lib/converter.py Class for simple conversions
- symString(packet, field)
"""Shows the symblic string for a given field""" for i in range(200): p[0].FCfield = i print str(i) + '--' + conv.symString(p[0][Dot11], 'FCfield')
Import for lib/drivers.py This class identifies the given offsets for drivers
-
drivers(val)
"""Returns the numeric driver offset for a given driver""" print drv.drivers('ath9k')
Import for lib/handlers.py This class provides useful scapy frame handlers
- crtlC()
"""Handles what happens when crtl + c occurs Tries to deal with unexpected situations in which the collected lists are at risk of being lost """
- metaDisplay(orderHigh = True):
"""Returns self.metaCounts and self.metaSums as sorted lists The default is to return based on the value order of highest to lowest This is useful with regards to 802.11 in general. If a NIC is in range: - The RSSI for a given frame, at a particular point in space, relative to the location of the device in earshot can be considered the relative volume of the conversation. - The quantity of frames can be considered a metric of how chatty a given NIC is. - The sum of bytes transferred can be a metric in ratio to quantity, and other such things. Logarithmic graphing helps in this respect. """
- mpTraffic(macX, macY, verbose = False):
"""Packet handler to follow a given pair of MAC addresses Uses macPair as a boolean wrapper to determine if both MACs were seen """
- mpTrafficCap(macX, macY, q, verbose = False):
"""Packet handler to follow a given pair of MAC addresses Captures self.mpTrafficList """
- solo(macX, verbose = False):
"""Packet handler to follow a given pair of MAC addresses"""
- soloCap(macX, q, verbose = False):
"""Packet handler to follow a given pair of MAC addresses Captures self.soloList """
- crtlC()
Import for lib/subtypes.py This class is for naming of subtypes where symStrings doesn't work
-
mgmtSubtype
"""Returns Management Frame Subtypes""" print sType.mgmtSubtype(5)
-
ctrlSubtype
"""Returns Control Frame Subtypes""" print sType.ctrlSubtype(11)
-
dataSubtype
"""Returns Data Frame Subtypes""" print sType.dataSubtype(8)
Import for lib/utils.py Class to deal with packet specific options
- byteRip
"""Take a packet and grab a grouping of bytes, based on what you want byteRip can accept a scapy object or a scapy object in str() format Allowing byteRip to accept str() format allows for byte insertion Example of scapy object definition: - stream = Dot11WEP() Example of scapy object in str() format - stream = str(Dot11WEP()) chop is the concept of removing the qty based upon the order compress is the concept of removing unwanted spaces order is concept of give me first <qty> bytes or gives me last <qty> bytes output deals with how the user wishes the stream to be returned qty is how many bytes to remove """
- endSwap
"""Takes an object and reverse Endians the bytes Useful for crc32 within 802.11: Autodetection logic built in for the following situations: Will take the stryng '0xaabbcc' and return string '0xccbbaa' Will take the integer 12345 and return integer 14640 Will take the bytestream string of 'aabbcc' and return string 'ccbbaa' """ print pt.endSwap('0xaabbcc') print pt.endSwap(12345) print pt.endSwap('aabbcc')
- fcsGen
"""Return the FCS for a given frame MODIFYING THIS PROBABLY BREAKS OTHER THINGS Where objFrame is the frame x = hexstr(objFrame, onlyhex = 1).replace(' ', '').lower() crc32(binascii.unhexlify(x.replace(' ', ''))) """
- macFilter(mac, pkt):
""" Combo whitelist and blacklist for given MAC address """
- macPair(macX, macY, pkt):
"""Pair up the MAC addresses, and follow them macX is weighted before macY, allowing the user to have a ranked format For fastest results, use macX as the quietest MAC """
- symStryngs(self, scpObj, fld, maxInt = 254):
"""Iterator to show the available opcodes for a given scapy object Returns a list object by default of 0-253 for the opcode """
- byteRip
- lib/nic.py
- Generates a tap interface
"""Generates a tap interface By default, will create tap0 unless an integer parameter is added to Tap() """ ## Create interface of tap3 import packetEssentials as PE nTap = PE.lib.nic.Tap(3)
- lib/unifier.py
- A singular point of contact for tracking purposes
- Useful for passing around a Class with its associated objects
## Keep track of wlan0mon using ath9k import packetEssentials as PE nUni = PE.lib.unifier.Unify('wlan0mon') print nUni.offset print nUni.nic