|
@@ -3,18 +3,56 @@
|
|
|
|
|
|
#define macaddr "08:00:27:e8:9d:d4"
|
|
|
|
|
|
+//Definitions for parsing packet data
|
|
|
+#define ETHER_ADDR_LEN 6
|
|
|
+#define ETHER_HDR_LEN 2*ETHER_ADDR_LEN + 2
|
|
|
+#define RECORD_HDR 5
|
|
|
+#define CLIENT_HELLO_HDR 4
|
|
|
+#define CLIENT_HELLO_RAND 32
|
|
|
+
|
|
|
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
|
|
|
|
|
|
+//TODO: look for slitheen tag. The ClientHello message starts at offset 0x4d of packet after TCP 3-way handshake and has flag [P.].
|
|
|
+//For now, write *all* clientHello msgs to a file
|
|
|
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet){
|
|
|
pcap_t *handle;
|
|
|
char errbuf[BUFSIZ];
|
|
|
char *writedev = args;
|
|
|
int i;
|
|
|
+ unsigned char *p;
|
|
|
+ FILE *fp;
|
|
|
|
|
|
handle = pcap_open_live(writedev, BUFSIZ, 1, 1000, errbuf);
|
|
|
if (handle == NULL){
|
|
|
fprintf(stderr, "Couldn't open device %s: %s\n", writedev, errbuf);
|
|
|
}
|
|
|
+ /* check for clientHello */
|
|
|
+ p = packet;
|
|
|
+ p += ETHER_HDR_LEN; //skip ethernet header
|
|
|
+ p += (p[0] & 0x0f)*4; //skip IP header
|
|
|
+ p += 12; //skip first part of TCP header
|
|
|
+ p += (p[0] >> 4)*4 - 12; //skip rest of TCP header
|
|
|
+ //check for handshake message
|
|
|
+ if (p[0] == 0x16){
|
|
|
+ p += RECORD_HDR;
|
|
|
+ if (p[0] == 0x01){
|
|
|
+ p += CLIENT_HELLO_HDR;
|
|
|
+ p += 2; //dunno what these are
|
|
|
+ //now pointing to hello random :D
|
|
|
+ fp = fopen("tags", "wb");
|
|
|
+ if (fp == NULL) {
|
|
|
+ perror("fopen");
|
|
|
+ exit(1);
|
|
|
+ }
|
|
|
+ //Write ClientHello random nonce to file
|
|
|
+ for(i=0; i< 32; i++){
|
|
|
+ fprintf(fp, "%02x ", tag[i]);
|
|
|
+ }
|
|
|
+ printf("\n");
|
|
|
+ //fwrite(tag, CLIENT_HELLO_RAND, 1, fp);
|
|
|
+ fclose(fp);
|
|
|
+ }
|
|
|
+ }
|
|
|
|
|
|
if((pcap_inject(handle, packet, header->len)) < 0 ){
|
|
|
fprintf(stderr, "Error: %s\n", pcap_geterr(handle));
|