debian/0000755000000000000000000000000012246445375007202 5ustar debian/control0000644000000000000000000000315211725563545010607 0ustar Source: dsniff Section: net Priority: extra Maintainer: William Vera Standards-Version: 3.9.3 Build-Depends: libdb-dev (>= 4.7), libpcap0.8-dev, libnids-dev, libssl-dev, libxmu-dev, libnet1-dev, debhelper (>= 8.0.0) Homepage: http://www.monkey.org/~dugsong/dsniff/ Package: dsniff Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, openssl Recommends: libx11-6 Description: Various tools to sniff network traffic for cleartext insecurities This package contains several tools to listen to and create network traffic: . * arpspoof - Send out unrequested (and possibly forged) arp replies. * dnsspoof - forge replies to arbitrary DNS address / pointer queries on the Local Area Network. * dsniff - password sniffer for several protocols. * filesnarf - saves selected files sniffed from NFS traffic. * macof - flood the local network with random MAC addresses. * mailsnarf - sniffs mail on the LAN and stores it in mbox format. * msgsnarf - record selected messages from different Instant Messengers. * sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic. * sshow - SSH traffic analyser. * tcpkill - kills specified in-progress TCP connections. * tcpnice - slow down specified TCP connections via "active" traffic shaping. * urlsnarf - output selected URLs sniffed from HTTP traffic in CLF. * webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies. * webspy - sends URLs sniffed from a client to your local browser (requires libx11-6 installed). . Please do not abuse this software. debian/watch0000644000000000000000000000016011575655413010230 0ustar version=3 opts="dversionmangle=s/.debian//" \ http://www.monkey.org/~dugsong/dsniff/beta/dsniff-(.+)\.tar\.gz debian/docs0000644000000000000000000000000711575606017010046 0ustar README debian/README.source0000644000000000000000000000353511602077640011356 0ustar This package uses quilt to manage all modifications to the upstream source. Changes are stored in the source package as diffs in debian/patches and applied during the build. To configure quilt to use debian/patches instead of patches, you want either to export QUILT_PATCHES=debian/patches in your environment or use this snippet in your ~/.quiltrc: for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then export QUILT_PATCHES=debian/patches break fi done To get the fully patched source after unpacking the source package, cd to the root level of the source package and run: quilt push -a The last patch listed in debian/patches/series will become the current patch. To add a new set of changes, first run quilt push -a, and then run: quilt new where is a descriptive name for the patch, used as the filename in debian/patches. Then, for every file that will be modified by this patch, run: quilt add before editing those files. You must tell quilt with quilt add what files will be part of the patch before making changes or quilt will not work properly. After editing the files, run: quilt refresh to save the results as a patch. Alternately, if you already have an external patch and you just want to add it to the build system, run quilt push -a and then: quilt import -P /path/to/patch quilt push -a (add -p 0 to quilt import if needed). as above is the filename to use in debian/patches. The last quilt push -a will apply the patch to make sure it works properly. To remove an existing patch from the list of patches that will be applied, run: quilt delete You may need to run quilt pop -a to unapply patches first before running this command. debian/changelog0000644000000000000000000002507312246445374011062 0ustar dsniff (2.4b1+debian-22.1) unstable; urgency=low * Non-maintainer upload. * Fix TDS decoder patch (Closes: #712648). -- Andrew Shadura Sat, 30 Nov 2013 21:29:23 +0100 dsniff (2.4b1+debian-22) unstable; urgency=low * Acknowledge NMU. + Thanks Hilko Bengen * Bump standards to 3.9.3. * Added a patches: + Fix POP decoder in dsniff (Closes: #647583). + Add both communication partners in arpspoof (Closes: #650749). + Allow multiple targets to be imitated simultaniously (Closes: #650751). + arpspoof: allow the selection of source hw address (Closes: #650752). + Thanks Stefan Tomanek. -- William Vera Tue, 06 Mar 2012 22:42:43 -0600 dsniff (2.4b1+debian-21.1) unstable; urgency=low * Non-maintainer upload. * Updated urlsnarf timestamp patch (Closes: #636202) -- Hilko Bengen Tue, 06 Sep 2011 10:15:26 +0200 dsniff (2.4b1+debian-21) unstable; urgency=low * Changed patch system to quilt from dpatch. * Updated debian/README.source for quilt. * Removed lintian override. * Cleanup the debian/rules. * Build-Depend changed to libdb-dev (>= 4.7) (Closes: #548478). * Added urlsnarf patch (Closes: #573365). + Thanks Hilko Bengen. -- William Vera Wed, 15 Jun 2011 00:43:02 -0500 dsniff (2.4b1+debian-20) unstable; urgency=low * New maintainer (Closes: #626602). * Acknowledge NMU. * Bump standards to 3.9.2. * Removed debian/dsniff.override.lintian. * Added Debian source format. * Added watch file. * Added "Homepage" in debian/control. * Added a description for patches: + 08_openssl-0.9.8.dpatch and 09_sysconf_clocks.dpatch. * Fixed: urlsnarf always shows the current time. (Closes: #415734). + Thanks Barry deFreese. * Added tcpkill support for handle ppp interfaces. (Closes: #572516). + Thanks Joerg Dorchain. * Switch to dpkg-source 3.0 (quilt) format -- William Vera Tue, 14 Jun 2011 06:21:40 -0500 dsniff (2.4b1+debian-19.1) unstable; urgency=low * Non-maintainer upload. * Build-depend on libdb-dev (Closes: #621105) -- Ondřej Surý Fri, 13 May 2011 11:24:37 +0200 dsniff (2.4b1+debian-19) unstable; urgency=low * Standards-Version: 3.9.1 * DoS in TDS decoder fixed (closes: #609988). * Some lintian cleaning. -- Luciano Bello Tue, 18 Jan 2011 11:37:21 -0300 dsniff (2.4b1+debian-18) unstable; urgency=low * Swiching to db4.6 (closes:#442643) -- Luciano Bello Sat, 27 Sep 2008 21:50:54 -0300 dsniff (2.4b1+debian-17) unstable; urgency=low * The 'Now works' release * obsolete_time.dpatch: CLK_TCK updated to CLOCKS_PER_SEC (closes:#420944). * pop_with_version.dpatch: dsniff.services distinguish between pop versions. * checksum_libnids.dpatch: Workaround to #420129, because libnids does not trigger the tcp_callback callback for event that come from the client side. -- Luciano Bello Fri, 10 Aug 2007 19:56:39 -0300 dsniff (2.4b1+debian-16) experimental; urgency=low * Urlsnarf sanitizes the sniffed output (Closes:#400624). * The Uploaders field in ~/debian/control added. * The Recommends field in ~/debian/control added. * The long description cosmetic improvement. -- Luciano Bello Fri, 8 Dec 2006 18:31:05 -0300 dsniff (2.4b1+debian-15) unstable; urgency=low * New mainteiner (Closes:#390822). * Disable the filtering packets with incorrect checksum (Closes:#372536), thanks to Piotr Engelking. * No depends from xlibs and all the other X stuff. The webspy run dependencies are being ignored (Closes:#146246). Please, read README.Debian. * Source without CVS directories (reason of the +debian in the upstream version). -- Luciano Bello Wed, 18 Oct 2006 23:05:04 -0300 dsniff (2.4b1-14) unstable; urgency=low * Fixed arspoof libnet v1.1 bug, thanks to Krzysztof Burghardt. (Closes: #355933) * Fixed macof libnet v1.1 bug, thanks to Florian Weimer. (Closes: #366798) * Switched from libdb4.2 to libdb4.3. * Updated Standards-Version to 3.7.2, no changes needed. * Changed my e-mail address to my debian.org one. -- Faidon Liambotis Fri, 9 Jun 2006 14:13:30 +0300 dsniff (2.4b1-13) unstable; urgency=low * Fix FTBFS with OpenSSL 0.9.8. (Closes: #337267) -- Faidon Liambotis Thu, 3 Nov 2005 20:29:48 +0200 dsniff (2.4b1-12) unstable; urgency=low * Build-Depend on new libnids1.20 package. (Closes: #318678) * Adapt 01_time.h.dpatch to patch msgsnarf too. (Closes: #315969) * 03_pcap_read_dump.dpatch: expand read pcap dump file to all passive sniffers. Thanks to Joshua Krage for this patch. (Closes: #298604) * Removed obsolete dependency on debmake. * Replaced build-dependency on xlibs-dev with libxmu-dev. -- Faidon Liambotis Sat, 6 Aug 2005 12:17:00 +0000 dsniff (2.4b1-11) unstable; urgency=low * New co-maintainer: Faidon Liambotis, added to Uploaders. * Changes from Faidon: * Now using debhelper and dpatch. * Split changes to multiple dpatches with appropriate descriptions. * patches/07_libnet_1.1: now depending on libnet1 (v1.1) * Updated Standard-Versions to 3.6.2.1. -- Steve Kemp Thu, 23 Jun 2005 04:32:34 +0000 dsniff (2.4b1-10) unstable; urgency=low * Applied patch from Joshua Krage to zero-pad "urlsnarf" output. (Closes: #298605) -- Steve Kemp Mon, 1 May 2005 22:58:27 +0000 dsniff (2.4b1-9) unstable; urgency=low * Updated to depend upon the newer version of libnids 1.20 -- Steve Kemp Mon, 28 Feb 2005 04:26:27 +0000 dsniff (2.4b1-8) unstable; urgency=high * Updated to depend upon the newer version of libnids 1.19 -- Steve Kemp Sun, 12 Dec 2004 15:52:34 +0000 dsniff (2.4b1-7) unstable; urgency=high * Explicitly Build-Depend upon libpcap0.8-dev (Fixes: #238551) Failed to work correctly on PPC (Fixes: #277089) Links to two different pcap library versions. * Patch dsniff to allow the reading of saved PCAP capture files instead of sniffing the network. Updated manpage too. (Closes: #153462) * Urgency set to high to importance of failure to work. -- Steve Kemp Mon, 18 Oct 2004 21:27:01 +0000 dsniff (2.4b1-6) unstable; urgency=low * Apply configure patch to correct build upon amd64. (Closes: #254002) Thanks to Andreas Jochens for this. Patch submitted upstream too. -- Steve Kemp Tue, 6 Jul 2004 21:38:56 +0000 dsniff (2.4b1-5) unstable; urgency=low * Updated build dependecies to fix the FTBFS on ia64 and Alpha. (Closes: #249845) -- Steve Kemp Sun, 23 May 2004 02:09:42 +0000 dsniff (2.4b1-4) unstable; urgency=low * Verified lintian and linda clean. * Stop using NMU version numbers. (Closes: #230881) * Use a current version of libdb2 instead of the older version. (Closes: #215241) * Work correctly with multiple devices. (Closes: #242369) Thanks to terpstra@debian.org for the patch. -- Steve Kemp Tue, 18 May 2004 16:07:12 +0000 dsniff (2.4b1-3.6) unstable; urgency=low * Depend correctly on libnids 1.18 - not just build depend upon the -dev package. -- Steve Kemp Wed, 7 Jan 2003 20:15:17 +0000 dsniff (2.4b1-3.5) unstable; urgency=low * Updated to depend upon a more recent copy of libnids. -- Steve Kemp Wed, 7 Jan 2003 19:51:21 +0000 dsniff (2.4b1-3.4) unstable; urgency=low * Fixed typo in the packages extended description. (Closes: #219170). Thanks to James Troup -- Steve Kemp Wed, 5 Nov 2003 14:52:04 +0000 dsniff (2.4b1-3.3) unstable; urgency=low * Updated standars version to 3.6.1 (no change) * Applied patch to prevent mail sniffing corruption. (Closes: #149330). Thanks to Guillaume Morin -- Steve Kemp Thu, 16 Oct 2003 10:21:56 +0000 dsniff (2.4b1-3.2) unstable; urgency=low * New maintainer. * Updated standards version. -- Steve Kemp Sat, 15 Nov 2003 15:53:26 +0100 dsniff (2.4b1-3.1) unstable; urgency=low * NMU * Compiled against libpcap0.7 (Closes: #156214) (Closes: #161746) * Moved out to non-us -- Samuele Giovanni Tonon Thu, 7 Nov 2002 00:19:33 +0100 dsniff (2.4b1-3) unstable; urgency=low * Fixed dependency problem (Closes: #118887) * Addition of sshow in control file (Closes: #118888) * Some small lintian-cleanness-fixes. -- Robert van der Meulen Sun, 25 Nov 2001 15:18:32 +0100 dsniff (2.4b1-2) unstable; urgency=low * Fixed build depends (Closes: #108964) * Fixed arm build failure (Closes: #90829) * Fixed sparc build failure (Closes: #84003) -- Robert van der Meulen Fri, 17 Aug 2001 12:53:55 +0200 dsniff (2.4b1-1) unstable; urgency=low * New upstream version * Fixed manpage (Closes: #90558) * Fixed build depends (Closes: #108866) -- Robert van der Meulen Thu, 16 Aug 2001 17:23:59 +0200 dsniff (2.3-3) unstable; urgency=low * Fixed more build-depends stuffstuff (Closes: #88139) -- Robert van der Meulen Fri, 2 Mar 2001 21:27:08 +0100 dsniff (2.3-2.1) unstable; urgency=low * Bug Party NMU! * Added Build-Depends: libdb2-dev, libnids-dev, libpcap-dev, libssl096-dev, xlibs-dev, libnet-dev, netkit-rpc, debmake (closes: #84195, #84485). * Created a real description from the README (closes: #82201). -- Peter Palfrader Sat, 24 Feb 2001 21:01:01 +0000 dsniff (2.3-2) unstable; urgency=low * Moved to non-US because of libssl096 Depends:. (closes: #81110) -- Robert van der Meulen Tue, 9 Jan 2001 22:46:18 +0100 dsniff (2.3-1) unstable; urgency=low * New upstream version. -- Robert van der Meulen Tue, 19 Dec 2000 15:30:37 +0100 dsniff (2.2-4) unstable; urgency=low * Dependency was still wrong in -3. Fixed. (closes: #79514) -- Robert van der Meulen Thu, 14 Dec 2000 15:04:26 +0100 dsniff (2.2-3) unstable; urgency=low * fixed dependencies; dsniff now depends on libnids1 (dynamic library) -- Robert van der Meulen Sun, 10 Dec 2000 19:52:20 +0100 dsniff (2.2-2) unstable; urgency=low * 'new maintainer' (actually, real maintainer :) ) -- Robert van der Meulen Sat, 9 Dec 2000 21:56:01 +0100 dsniff (2.2-1) unstable; urgency=low * Initial release. -- David M. Zendzian Sun, 23 Jul 2000 19:05:38 -0700 debian/README.Debian0000644000000000000000000000057211575606017011243 0ustar dsniff for Debian ----------------- Dsniff should depend on libx11-6 because webspy use it. But forcing to the user to install a lot of X stuff in a server for one (and maybe useless, in certain environments) binary. If you want to use webspy, please run this command before: apt-get install libx11-6 -- Luciano Bello , Thu, 02 Nov 2006 17:16:58 -0300 debian/source/0000755000000000000000000000000011575642102010471 5ustar debian/source/format0000644000000000000000000000001411576035204011677 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000313111575606017011127 0ustar This package was debianized by Robert van der Meulen on Sat, 9 Dec 2000 14:05:38 -0700. It was downloaded from http://www.monkey.org/~dugsong/dsniff/ Copyright: Copyright (c) 1999, 2000 Dug Song All rights reserved, all wrongs reversed. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/patches/0000755000000000000000000000000012246445221010617 5ustar debian/patches/22_handlepp.patch0000644000000000000000000000061311577472416013752 0ustar Author: Joerg Dorchain Description: Add tcpkill support for handle ppp interfaces. --- a/pcaputil.c 2011-06-19 17:13:44.419999392 -0500 +++ b/pcaputil.c 2011-06-19 17:15:41.607999368 -0500 @@ -52,6 +52,9 @@ case DLT_NULL: offset = 4; break; + case DLT_LINUX_SLL: /* e.g. ppp */ + offset = 16; + break; default: warnx("unsupported datalink type"); break; debian/patches/15_checksum_libnids.patch0000644000000000000000000000400511577472406015465 0ustar Author: Gleb Paharenko Description: Workaround to #420129. --- a/dsniff.c 2011-06-19 17:15:01.071999376 -0500 +++ b/dsniff.c 2011-06-19 17:15:33.707999369 -0500 @@ -70,6 +70,80 @@ { } + +static int get_all_ifaces(struct ifreq **, int *); +static unsigned int get_addr_from_ifreq(struct ifreq *); + +int all_local_ipaddrs_chksum_disable() +{ + struct ifreq *ifaces; + int ifaces_count; + int i, ind = 0; + struct nids_chksum_ctl *ctlp; + unsigned int tmp; + + if (!get_all_ifaces(&ifaces, &ifaces_count)) + return -1; + ctlp = + (struct nids_chksum_ctl *) malloc(ifaces_count * + sizeof(struct + nids_chksum_ctl)); + if (!ctlp) + return -1; + for (i = 0; i < ifaces_count; i++) { + tmp = get_addr_from_ifreq(ifaces + i); + if (tmp) { + ctlp[ind].netaddr = tmp; + ctlp[ind].mask = inet_addr("255.255.255.255"); + ctlp[ind].action = NIDS_DONT_CHKSUM; + ind++; + } + } + free(ifaces); + nids_register_chksum_ctl(ctlp, ind); +} + +/* helper functions for Example 2 */ +unsigned int get_addr_from_ifreq(struct ifreq *iface) +{ + if (iface->ifr_addr.sa_family == AF_INET) + return ((struct sockaddr_in *) &(iface->ifr_addr))-> + sin_addr.s_addr; + return 0; +} + +static int get_all_ifaces(struct ifreq **ifaces, int *count) +{ + int ifaces_size = 8 * sizeof(struct ifreq); + struct ifconf param; + int sock; + unsigned int i; + + *ifaces = malloc(ifaces_size); + sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP); + if (sock <= 0) + return 0; + for (;;) { + param.ifc_len = ifaces_size; + param.ifc_req = *ifaces; + if (ioctl(sock, SIOCGIFCONF, ¶m)) + goto err; + if (param.ifc_len < ifaces_size) + break; + free(*ifaces); + ifaces_size *= 2; + ifaces = malloc(ifaces_size); + } + *count = param.ifc_len / sizeof(struct ifreq); + close(sock); + return 1; + err: + close(sock); + return 0; +} + + + int main(int argc, char *argv[]) { @@ -189,6 +263,8 @@ warnx("using %s", nids_params.filename); } } + + all_local_ipaddrs_chksum_disable(); nids_run(); debian/patches/21_msgsnarf_segfault.patch0000644000000000000000000000067511577472414015676 0ustar Author: Description: Correctly 0 out the c struct. --- a/msgsnarf.c 2011-06-19 17:15:01.091999376 -0500 +++ b/msgsnarf.c 2011-06-19 17:15:39.739999369 -0500 @@ -584,6 +584,7 @@ if (i == 0) { if ((c = malloc(sizeof(*c))) == NULL) nids_params.no_mem("sniff_msgs"); + memset(c, 0, sizeof(*c)); c->ip = ts->addr.saddr; c->nick = strdup("unknown"); SLIST_INSERT_HEAD(&client_list, c, next); debian/patches/09_sysconf_clocks.patch0000644000000000000000000000102611577472365015210 0ustar Author: Description: Fix FTBFS: ./sshow.c:226: error: 'CLK_TCK' undeclared. --- a/sshow.c 2011-06-19 17:15:01.099999376 -0500 +++ b/sshow.c 2011-06-19 17:15:16.175999374 -0500 @@ -217,6 +217,7 @@ { clock_t delay; int payload; + long CLK_TCK= sysconf(_SC_CLK_TCK); delay = add_history(session, 0, cipher_size, plain_range); @@ -265,6 +266,7 @@ clock_t delay; int skip; range string_range; + long CLK_TCK= sysconf(_SC_CLK_TCK); delay = add_history(session, 1, cipher_size, plain_range); debian/patches/08_checksum.patch0000644000000000000000000000124611577472367013775 0ustar Author: Piotr Engelking Description: Disable the filtering packets with incorrect checksum (Closes: #372536). --- a/urlsnarf.c 2011-06-19 17:15:10.559999375 -0500 +++ b/urlsnarf.c 2011-06-19 17:15:18.023999373 -0500 @@ -200,6 +200,7 @@ extern char *optarg; extern int optind; int c; + struct nids_chksum_ctl chksum_ctl; while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) { switch (c) { @@ -260,6 +261,12 @@ } } + chksum_ctl.netaddr = 0; + chksum_ctl.mask = 0; + chksum_ctl.action = NIDS_DONT_CHKSUM; + + nids_register_chksum_ctl(&chksum_ctl, 1); + nids_run(); /* NOTREACHED */ debian/patches/16_TDS_decoder.patch0000644000000000000000000000066112246445215014273 0ustar Author: Luciano Bello Description: Patch provided by Hilko Bengen. #609988. --- a/decode_tds.c +++ b/decode_tds.c @@ -144,6 +144,11 @@ len > sizeof(*th) && len >= ntohs(th->size); buf += ntohs(th->size), len -= ntohs(th->size)) { + if (th->size != 8) { + /* wrong header length */ + break; + } + if (th->type == 2) { /* Version 4.x, 5.0 */ if (len < sizeof(*th) + sizeof(*tl)) debian/patches/04_multiple_intf.patch0000644000000000000000000000272511577472351015036 0ustar Author: Steve Kemp Description: Work with multiple interfaces, Closes #242369. --- a/arp.c 2011-06-19 17:14:13.607999387 -0500 +++ b/arp.c 2011-06-19 17:15:04.587999376 -0500 @@ -39,7 +39,7 @@ #ifdef BSD int -arp_cache_lookup(in_addr_t ip, struct ether_addr *ether) +arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf) { int mib[6]; size_t len; @@ -91,7 +91,7 @@ #endif int -arp_cache_lookup(in_addr_t ip, struct ether_addr *ether) +arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* lif) { int sock; struct arpreq ar; @@ -99,7 +99,7 @@ memset((char *)&ar, 0, sizeof(ar)); #ifdef __linux__ - strncpy(ar.arp_dev, "eth0", sizeof(ar.arp_dev)); /* XXX - *sigh* */ + strncpy(ar.arp_dev, lif, strlen(lif)); #endif sin = (struct sockaddr_in *)&ar.arp_pa; sin->sin_family = AF_INET; --- a/arp.h 2011-06-19 17:14:13.003999387 -0500 +++ b/arp.h 2011-06-19 17:15:04.587999376 -0500 @@ -11,6 +11,6 @@ #ifndef _ARP_H_ #define _ARP_H_ -int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether); +int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf); #endif /* _ARP_H_ */ --- a/arpspoof.c 2011-06-19 17:14:13.311999387 -0500 +++ b/arpspoof.c 2011-06-19 17:15:04.591999376 -0500 @@ -113,7 +113,7 @@ int i = 0; do { - if (arp_cache_lookup(ip, mac) == 0) + if (arp_cache_lookup(ip, mac, intf) == 0) return (1); #ifdef __linux__ /* XXX - force the kernel to arp. feh. */ debian/patches/10_urlsnarf_escape.patch0000644000000000000000000000362111577472372015333 0ustar Author: Hilko Bengen Description: Escape user, vhost, uri, referer, agent strings in log (Closes: #372536). --- a/urlsnarf.c 2011-06-19 17:15:18.023999373 -0500 +++ b/urlsnarf.c 2011-06-19 17:15:21.627999373 -0500 @@ -84,6 +84,43 @@ return (tstr); } +static char * +escape_log_entry(char *string) +{ + char *out; + unsigned char *c, *o; + size_t len; + + if (!string) + return NULL; + + /* Determine needed length */ + for (c = string, len = 0; *c; c++) { + if ((*c < 32) || (*c >= 128)) + len += 4; + else if ((*c == '"') || (*c =='\\')) + len += 2; + else + len++; + } + out = malloc(len+1); + if (!out) + return NULL; + for (c = string, o = out; *c; c++, o++) { + if ((*c < 32) || (*c >= 128)) { + snprintf(o, 5, "\\x%02x", *c); + o += 3; + } else if ((*c == '"') || ((*c =='\\'))) { + *(o++) = '\\'; + *o = *c; + } else { + *o = *c; + } + } + out[len]='\0'; + return out; +} + static int process_http_request(struct tuple4 *addr, u_char *data, int len) { @@ -142,18 +179,26 @@ buf_tok(NULL, NULL, i); } } - if (user == NULL) - user = "-"; - if (vhost == NULL) - vhost = libnet_addr2name4(addr->daddr, Opt_dns); - if (referer == NULL) - referer = "-"; - if (agent == NULL) - agent = "-"; - + user = escape_log_entry(user); + vhost = escape_log_entry(vhost); + uri = escape_log_entry(uri); + referer = escape_log_entry(referer); + agent = escape_log_entry(agent); + printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n", libnet_addr2name4(addr->saddr, Opt_dns), - user, timestamp(), req, vhost, uri, referer, agent); + (user?user:"-"), + timestamp(), req, + (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)), + uri, + (referer?referer:"-"), + (agent?agent:"-")); + + free(user); + free(vhost); + free(uri); + free(referer); + free(agent); } fflush(stdout); debian/patches/14_obsolete_time.patch0000644000000000000000000000213111577472404015004 0ustar Author: Luciano Bello Description: According to /usr/include/time.h, CLK_TCK is the "obsolete POSIX.1-1988 name" for CLOCKS_PER_SEC. Closes #420944 --- a/sshow.c 2011-06-19 17:15:16.175999374 -0500 +++ b/sshow.c 2011-06-19 17:15:31.875999369 -0500 @@ -224,7 +224,7 @@ if (debug) printf("- %s -> %s: DATA (%s bytes, %.2f seconds)\n", s_saddr(ts), s_daddr(ts), s_range(plain_range), - (float)delay / CLK_TCK); + (float)delay / CLOCKS_PER_SEC); if (debug > 1) print_data(&ts->server, cipher_size); @@ -273,7 +273,7 @@ if (debug) printf("- %s <- %s: DATA (%s bytes, %.2f seconds)\n", s_saddr(ts), s_daddr(ts), s_range(plain_range), - (float)delay / CLK_TCK); + (float)delay / CLOCKS_PER_SEC); if (debug > 1) print_data(&ts->client, cipher_size); @@ -302,7 +302,7 @@ if (session->state == 1 && #ifdef USE_TIMING - now - get_history(session, 2)->timestamp >= CLK_TCK && + now - get_history(session, 2)->timestamp >= CLOCKS_PER_SEC && #endif session->protocol == 1 && (session->history.directions & 7) == 5 && debian/patches/09_sshcrypto.patch0000644000000000000000000000066211577472370014225 0ustar Author: Steve Kemp Description: Missing openssl includes in sshcrypto.c. This patch was through diff.gz and now is implemented as a dpatch. --- a/sshcrypto.c 2011-06-19 17:13:57.971999389 -0500 +++ b/sshcrypto.c 2011-06-19 17:15:19.847999373 -0500 @@ -14,6 +14,8 @@ #include #include +#include +#include #include #include debian/patches/11_string_header.patch0000644000000000000000000000776211577472376015014 0ustar Author: Luciano Bello Description: Aviod the "implicit declaration of function 'str*'" warning --- a/arp.c 2011-06-19 17:15:04.587999376 -0500 +++ b/arp.c 2011-06-19 17:15:23.487999372 -0500 @@ -34,6 +34,7 @@ #include #include #include +#include #include "arp.h" --- a/buf.c 2011-06-19 17:13:56.463999389 -0500 +++ b/buf.c 2011-06-19 17:15:23.487999372 -0500 @@ -17,6 +17,7 @@ #include #include #include +#include #include "buf.h" --- a/decode_nntp.c 2011-06-19 17:13:53.631999390 -0500 +++ b/decode_nntp.c 2011-06-19 17:15:23.491999372 -0500 @@ -15,6 +15,7 @@ #include #include +#include #include "base64.h" #include "decode.h" --- a/decode_pop.c 2011-06-19 17:13:54.911999390 -0500 +++ b/decode_pop.c 2011-06-19 17:15:23.495999372 -0500 @@ -14,6 +14,7 @@ #include #include +#include #include "base64.h" #include "options.h" --- a/decode_rlogin.c 2011-06-19 17:13:54.431999390 -0500 +++ b/decode_rlogin.c 2011-06-19 17:15:23.495999372 -0500 @@ -14,6 +14,8 @@ #include #include +#include +#include #include "options.h" #include "decode.h" --- a/decode_smb.c 2011-06-19 17:13:55.103999390 -0500 +++ b/decode_smb.c 2011-06-19 17:15:23.499999372 -0500 @@ -15,6 +15,7 @@ #include #include +#include #include "decode.h" --- a/decode_smtp.c 2011-06-19 17:13:54.003999391 -0500 +++ b/decode_smtp.c 2011-06-19 17:15:23.503999372 -0500 @@ -14,6 +14,7 @@ #include #include +#include #include "base64.h" #include "options.h" --- a/decode_sniffer.c 2011-06-19 17:13:56.075999390 -0500 +++ b/decode_sniffer.c 2011-06-19 17:15:23.503999372 -0500 @@ -15,6 +15,8 @@ #include #include +#include +#include #include "base64.h" #include "decode.h" --- a/decode_socks.c 2011-06-19 17:13:55.271999391 -0500 +++ b/decode_socks.c 2011-06-19 17:15:23.507999372 -0500 @@ -14,6 +14,7 @@ #include #include +#include #include "decode.h" --- a/decode_tds.c 2011-06-19 17:13:55.899999390 -0500 +++ b/decode_tds.c 2011-06-19 17:15:23.511999372 -0500 @@ -18,6 +18,7 @@ #include #include +#include #include "decode.h" --- a/decode_telnet.c 2011-06-19 17:13:55.491999391 -0500 +++ b/decode_telnet.c 2011-06-19 17:15:23.515999372 -0500 @@ -14,6 +14,7 @@ #include #include +#include #include "options.h" #include "decode.h" --- a/decode_x11.c 2011-06-19 17:13:53.823999390 -0500 +++ b/decode_x11.c 2011-06-19 17:15:23.515999372 -0500 @@ -14,6 +14,8 @@ #include #include +#include +#include #include "decode.h" --- a/dnsspoof.c 2011-06-19 17:15:10.515999375 -0500 +++ b/dnsspoof.c 2011-06-19 17:15:23.519999372 -0500 @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include --- a/magic.c 2011-06-19 17:13:55.703999390 -0500 +++ b/magic.c 2011-06-19 17:15:23.523999372 -0500 @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ b/missing/strlcat.h 2011-06-19 17:15:23.527999372 -0500 @@ -0,0 +1 @@ +size_t strlcat(char *dst, const char *src, size_t siz); --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ b/missing/strlcpy.h 2011-06-19 17:15:23.531999372 -0500 @@ -0,0 +1 @@ +size_t strlcpy(char *dst, const char *src, size_t siz); --- a/sshmitm.c 2011-06-19 17:15:10.527999375 -0500 +++ b/sshmitm.c 2011-06-19 17:15:23.531999372 -0500 @@ -24,6 +24,7 @@ #include #include #include +#include #include "buf.h" #include "record.h" debian/patches/0003-arpspoof-allow-selection-of-source-hw-address.patch0000644000000000000000000001527311730171467023124 0ustar >From 21773ccf18a5fc49d35e510a8797b0a1e83858c4 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Sun, 20 Nov 2011 21:32:53 +0100 Subject: [PATCH 3/3] arpspoof: allow selection of source hw address In certain networks, sending with the wrong hardware source address can jeopardize the network connection of the host running arpspoof. This patch makes it possible to specify whether arpspoof should use the own hardware address or the one of the real host when resetting the arp table of the target systems; it is also possible to use both. Signed-off-by: Stefan Tomanek --- arpspoof.8 | 9 +++++- arpspoof.c | 90 ++++++++++++++++++++++++++++++++++++++++++----------------- 2 files changed, 72 insertions(+), 27 deletions(-) --- a/arpspoof.8 2012-03-14 13:33:30.000000000 -0600 +++ b/arpspoof.8 2012-03-14 13:36:18.898055700 -0600 @@ -9,7 +9,7 @@ .na .nf .fi -\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR +\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-c \fIown|host|both\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR .SH DESCRIPTION .ad .fi @@ -23,6 +23,13 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to use. +.IP "\fB-c \fIown|host|both\fR" +Specify which hardware address t use when restoring the arp configuration; +while cleaning up, packets can be send with the own address as well as with +the address of the host. Sending packets with a fake hw address can disrupt +connectivity with certain switch/ap/bridge configurations, however it works +more reliably than using the own address, which is the default way arpspoof +cleans up afterwards. .IP "\fB-t \fItarget\fR" Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts. --- a/arpspoof.c 2012-03-14 13:33:30.000000000 -0600 +++ b/arpspoof.c 2012-03-14 13:34:11.134060364 -0600 @@ -40,37 +40,36 @@ static char *intf; static int poison_reverse; +static uint8_t *my_ha = NULL; +static uint8_t *brd_ha = "\xff\xff\xff\xff\xff\xff"; + +static int cleanup_src_own = 1; +static int cleanup_src_host = 0; + static void usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: arpspoof [-i interface] [-t target] [-r] host\n"); + "Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host\n"); exit(1); } static int -arp_send(libnet_t *l, int op, u_int8_t *sha, - in_addr_t spa, u_int8_t *tha, in_addr_t tpa) +arp_send(libnet_t *l, int op, + u_int8_t *sha, in_addr_t spa, + u_int8_t *tha, in_addr_t tpa, + u_int8_t *me) { int retval; - if (sha == NULL && - (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) { - return (-1); - } - if (spa == 0) { - if ((spa = libnet_get_ipaddr4(l)) == -1) - return (-1); - } - if (tha == NULL) - tha = "\xff\xff\xff\xff\xff\xff"; - + if (!me) me = sha; + libnet_autobuild_arp(op, sha, (u_int8_t *)&spa, tha, (u_int8_t *)&tpa, l); - libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0); + libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0); fprintf(stderr, "%s ", - ether_ntoa((struct ether_addr *)sha)); + ether_ntoa((struct ether_addr *)me)); if (op == ARPOP_REQUEST) { fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n", @@ -129,7 +128,7 @@ /* XXX - force the kernel to arp. feh. */ arp_force(ip); #else - arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip); + arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip, NULL); #endif sleep(1); } @@ -156,17 +155,23 @@ int fw = arp_find(spoof.ip, &spoof.mac); int bw = poison_reverse && targets[0].ip && arp_find_all(); int i; + int rounds = (cleanup_src_own*5 + cleanup_src_host*5); fprintf(stderr, "Cleaning up and re-arping targets...\n"); - for (i = 0; i < 5; i++) { + for (i = 0; i < rounds; i++) { struct host *target = targets; while(target->ip) { + uint8_t *src_ha = NULL; + if (cleanup_src_own && (i%2 || !cleanup_src_host)) { + src_ha = my_ha; + } /* XXX - on BSD, requires ETHERSPOOF kernel. */ if (fw) { arp_send(l, ARPOP_REPLY, (u_int8_t *)&spoof.mac, spoof.ip, - (target->ip ? (u_int8_t *)&target->mac : NULL), - target->ip); + (target->ip ? (u_int8_t *)&target->mac : brd_ha), + target->ip, + src_ha); /* we have to wait a moment before sending the next packet */ sleep(1); } @@ -174,7 +179,8 @@ arp_send(l, ARPOP_REPLY, (u_int8_t *)&target->mac, target->ip, (u_int8_t *)&spoof.mac, - spoof.ip); + spoof.ip, + src_ha); sleep(1); } target++; @@ -193,6 +199,7 @@ char libnet_ebuf[LIBNET_ERRBUF_SIZE]; int c; int n_targets; + char *cleanup_src = NULL; spoof.ip = 0; intf = NULL; @@ -202,7 +209,7 @@ /* allocate enough memory for target list */ targets = calloc( argc+1, sizeof(struct host) ); - while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) { + while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) { switch (c) { case 'i': intf = optarg; @@ -214,6 +221,9 @@ case 'r': poison_reverse = 1; break; + case 'c': + cleanup_src = optarg; + break; default: usage(); } @@ -229,6 +239,29 @@ usage(); } + if (!cleanup_src || strcmp(cleanup_src, "own")==0) { /* default! */ + /* only use our own hw address when cleaning up, + * not jeopardizing any bridges on the way to our + * target + */ + cleanup_src_own = 1; + cleanup_src_host = 0; + } else if (strcmp(cleanup_src, "host")==0) { + /* only use the target hw address when cleaning up; + * this can screw up some bridges and scramble access + * for our own host, however it resets the arp table + * more reliably + */ + cleanup_src_own = 0; + cleanup_src_host = 1; + } else if (strcmp(cleanup_src, "both")==0) { + cleanup_src_own = 1; + cleanup_src_host = 1; + } else { + errx(1, "Invalid parameter to -c: use 'own' (default), 'host' or 'both'."); + usage(); + } + if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); @@ -253,6 +286,10 @@ } } + if ((my_ha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) { + errx(1, "Unable to determine own mac address"); + } + signal(SIGHUP, cleanup); signal(SIGINT, cleanup); signal(SIGTERM, cleanup); @@ -260,11 +297,12 @@ for (;;) { struct host *target = targets; while(target->ip) { - arp_send(l, ARPOP_REPLY, NULL, spoof.ip, - (target->ip ? (u_int8_t *)&target->mac : NULL), - target->ip); + arp_send(l, ARPOP_REPLY, my_ha, spoof.ip, + (target->ip ? (u_int8_t *)&target->mac : brd_ha), + target->ip, + my_ha); if (poison_reverse) { - arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip); + arp_send(l, ARPOP_REPLY, my_ha, target->ip, (uint8_t *)&spoof.mac, spoof.ip, my_ha); } target++; } debian/patches/07_libnet_1.1.patch0000644000000000000000000006403111577472361014021 0ustar Author: Faidon Liambotis Description: Use libnet v1.1 instead of v1.0 --- a/arpspoof.c 2011-06-19 17:15:04.591999376 -0500 +++ b/arpspoof.c 2011-06-19 17:15:10.511999375 -0500 @@ -27,7 +27,7 @@ extern char *ether_ntoa(struct ether_addr *); -static struct libnet_link_int *llif; +static libnet_t *l; static struct ether_addr spoof_mac, target_mac; static in_addr_t spoof_ip, target_ip; static char *intf; @@ -41,47 +41,49 @@ } static int -arp_send(struct libnet_link_int *llif, char *dev, - int op, u_char *sha, in_addr_t spa, u_char *tha, in_addr_t tpa) +arp_send(libnet_t *l, int op, u_int8_t *sha, + in_addr_t spa, u_int8_t *tha, in_addr_t tpa) { - char ebuf[128]; - u_char pkt[60]; - + int retval; + if (sha == NULL && - (sha = (u_char *)libnet_get_hwaddr(llif, dev, ebuf)) == NULL) { + (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) { return (-1); } if (spa == 0) { - if ((spa = libnet_get_ipaddr(llif, dev, ebuf)) == 0) + if ((spa = libnet_get_ipaddr4(l)) == -1) return (-1); - spa = htonl(spa); /* XXX */ } if (tha == NULL) tha = "\xff\xff\xff\xff\xff\xff"; - libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, pkt); + libnet_autobuild_arp(op, sha, (u_int8_t *)&spa, + tha, (u_int8_t *)&tpa, l); + libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0); - libnet_build_arp(ARPHRD_ETHER, ETHERTYPE_IP, ETHER_ADDR_LEN, 4, - op, sha, (u_char *)&spa, tha, (u_char *)&tpa, - NULL, 0, pkt + ETH_H); - fprintf(stderr, "%s ", ether_ntoa((struct ether_addr *)sha)); if (op == ARPOP_REQUEST) { fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n", ether_ntoa((struct ether_addr *)tha), - libnet_host_lookup(tpa, 0), - libnet_host_lookup(spa, 0)); + libnet_addr2name4(tpa, LIBNET_DONT_RESOLVE), + libnet_addr2name4(spa, LIBNET_DONT_RESOLVE)); } else { fprintf(stderr, "%s 0806 42: arp reply %s is-at ", ether_ntoa((struct ether_addr *)tha), - libnet_host_lookup(spa, 0)); + libnet_addr2name4(spa, LIBNET_DONT_RESOLVE)); fprintf(stderr, "%s\n", ether_ntoa((struct ether_addr *)sha)); } - return (libnet_write_link_layer(llif, dev, pkt, sizeof(pkt)) == sizeof(pkt)); + retval = libnet_write(l); + if (retval) + fprintf(stderr, "%s", libnet_geterror(l)); + + libnet_clear_packet(l); + + return retval; } #ifdef __linux__ @@ -119,7 +121,7 @@ /* XXX - force the kernel to arp. feh. */ arp_force(ip); #else - arp_send(llif, intf, ARPOP_REQUEST, NULL, 0, NULL, ip); + arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip); #endif sleep(1); } @@ -136,9 +138,9 @@ if (arp_find(spoof_ip, &spoof_mac)) { for (i = 0; i < 3; i++) { /* XXX - on BSD, requires ETHERSPOOF kernel. */ - arp_send(llif, intf, ARPOP_REPLY, - (u_char *)&spoof_mac, spoof_ip, - (target_ip ? (u_char *)&target_mac : NULL), + arp_send(l, ARPOP_REPLY, + (u_int8_t *)&spoof_mac, spoof_ip, + (target_ip ? (u_int8_t *)&target_mac : NULL), target_ip); sleep(1); } @@ -151,7 +153,8 @@ { extern char *optarg; extern int optind; - char ebuf[PCAP_ERRBUF_SIZE]; + char pcap_ebuf[PCAP_ERRBUF_SIZE]; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; int c; intf = NULL; @@ -163,7 +166,7 @@ intf = optarg; break; case 't': - if ((target_ip = libnet_name_resolve(optarg, 1)) == -1) + if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) usage(); break; default: @@ -176,26 +179,26 @@ if (argc != 1) usage(); - if ((spoof_ip = libnet_name_resolve(argv[0], 1)) == -1) + if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); - if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL) - errx(1, "%s", ebuf); + if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL) + errx(1, "%s", pcap_ebuf); - if ((llif = libnet_open_link_interface(intf, ebuf)) == 0) - errx(1, "%s", ebuf); + if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL) + errx(1, "%s", libnet_ebuf); if (target_ip != 0 && !arp_find(target_ip, &target_mac)) errx(1, "couldn't arp for host %s", - libnet_host_lookup(target_ip, 0)); + libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE)); signal(SIGHUP, cleanup); signal(SIGINT, cleanup); signal(SIGTERM, cleanup); for (;;) { - arp_send(llif, intf, ARPOP_REPLY, NULL, spoof_ip, - (target_ip ? (u_char *)&target_mac : NULL), + arp_send(l, ARPOP_REPLY, NULL, spoof_ip, + (target_ip ? (u_int8_t *)&target_mac : NULL), target_ip); sleep(2); } --- a/dnsspoof.c 2011-06-19 17:14:04.651999389 -0500 +++ b/dnsspoof.c 2011-06-19 17:15:10.515999375 -0500 @@ -38,7 +38,7 @@ pcap_t *pcap_pd = NULL; int pcap_off = -1; -int lnet_sock = -1; +libnet_t *l; u_long lnet_ip = -1; static void @@ -90,19 +90,18 @@ dns_init(char *dev, char *filename) { FILE *f; - struct libnet_link_int *llif; + libnet_t *l; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; struct dnsent *de; char *ip, *name, buf[1024]; - if ((llif = libnet_open_link_interface(dev, buf)) == NULL) - errx(1, "%s", buf); + if ((l = libnet_init(LIBNET_LINK, dev, libnet_ebuf)) == NULL) + errx(1, "%s", libnet_ebuf); - if ((lnet_ip = libnet_get_ipaddr(llif, dev, buf)) == -1) - errx(1, "%s", buf); + if ((lnet_ip = libnet_get_ipaddr4(l)) == -1) + errx(1, "%s", libnet_geterror(l)); - lnet_ip = htonl(lnet_ip); - - libnet_close_link_interface(llif); + libnet_destroy(l); SLIST_INIT(&dns_entries); @@ -180,7 +179,7 @@ static void dns_spoof(u_char *u, const struct pcap_pkthdr *pkthdr, const u_char *pkt) { - struct libnet_ip_hdr *ip; + struct libnet_ipv4_hdr *ip; struct libnet_udp_hdr *udp; HEADER *dns; char name[MAXHOSTNAMELEN]; @@ -189,7 +188,7 @@ in_addr_t dst; u_short type, class; - ip = (struct libnet_ip_hdr *)(pkt + pcap_off); + ip = (struct libnet_ipv4_hdr *)(pkt + pcap_off); udp = (struct libnet_udp_hdr *)(pkt + pcap_off + (ip->ip_hl * 4)); dns = (HEADER *)(udp + 1); p = (u_char *)(dns + 1); @@ -212,7 +211,7 @@ if (class != C_IN) return; - p = buf + IP_H + UDP_H + dnslen; + p = buf + dnslen; if (type == T_A) { if ((dst = dns_lookup_a(name)) == -1) @@ -234,38 +233,38 @@ anslen += 12; } else return; - - libnet_build_ip(UDP_H + dnslen + anslen, 0, libnet_get_prand(PRu16), - 0, 64, IPPROTO_UDP, ip->ip_dst.s_addr, - ip->ip_src.s_addr, NULL, 0, buf); - - libnet_build_udp(ntohs(udp->uh_dport), ntohs(udp->uh_sport), - NULL, dnslen + anslen, buf + IP_H); - memcpy(buf + IP_H + UDP_H, (u_char *)dns, dnslen); + memcpy(buf, (u_char *)dns, dnslen); - dns = (HEADER *)(buf + IP_H + UDP_H); + dns = (HEADER *)buf; dns->qr = dns->ra = 1; if (type == T_PTR) dns->aa = 1; dns->ancount = htons(1); dnslen += anslen; + + libnet_clear_packet(l); + libnet_build_udp(ntohs(udp->uh_dport), ntohs(udp->uh_sport), + LIBNET_UDP_H + dnslen, 0, + (u_int8_t *)buf, dnslen, l, 0); + + libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_UDP_H + dnslen, 0, + libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_UDP, 0, + ip->ip_dst.s_addr, ip->ip_src.s_addr, NULL, 0, l, 0); - libnet_do_checksum(buf, IPPROTO_UDP, UDP_H + dnslen); - - if (libnet_write_ip(lnet_sock, buf, IP_H + UDP_H + dnslen) < 0) + if (libnet_write(l) < 0) warn("write"); fprintf(stderr, "%s.%d > %s.%d: %d+ %s? %s\n", - libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(udp->uh_sport), - libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(udp->uh_dport), + libnet_addr2name4(ip->ip_src.s_addr, 0), ntohs(udp->uh_sport), + libnet_addr2name4(ip->ip_dst.s_addr, 0), ntohs(udp->uh_dport), ntohs(dns->id), type == T_A ? "A" : "PTR", name); } static void cleanup(int sig) { - libnet_close_raw_sock(lnet_sock); + libnet_destroy(l); pcap_close(pcap_pd); exit(0); } @@ -276,6 +275,7 @@ extern char *optarg; extern int optind; char *p, *dev, *hosts, buf[1024]; + char ebuf[LIBNET_ERRBUF_SIZE]; int i; dev = hosts = NULL; @@ -306,7 +306,7 @@ strlcpy(buf, p, sizeof(buf)); } else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s", - libnet_host_lookup(lnet_ip, 0)); + libnet_addr2name4(lnet_ip, LIBNET_DONT_RESOLVE)); if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL) errx(1, "couldn't initialize sniffing"); @@ -314,10 +314,10 @@ if ((pcap_off = pcap_dloff(pcap_pd)) < 0) errx(1, "couldn't determine link layer offset"); - if ((lnet_sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1) + if ((l = libnet_init(LIBNET_RAW4, dev, ebuf)) == NULL) errx(1, "couldn't initialize sending"); - libnet_seed_prand(); + libnet_seed_prand(l); signal(SIGHUP, cleanup); signal(SIGINT, cleanup); --- a/filesnarf.c 2011-06-19 17:15:01.075999376 -0500 +++ b/filesnarf.c 2011-06-19 17:15:10.519999375 -0500 @@ -134,8 +134,8 @@ int fd; warnx("%s.%d > %s.%d: %s (%d@%d)", - libnet_host_lookup(addr->daddr, 0), addr->dest, - libnet_host_lookup(addr->saddr, 0), addr->source, + libnet_addr2name4(addr->daddr, LIBNET_DONT_RESOLVE), addr->dest, + libnet_addr2name4(addr->saddr, LIBNET_DONT_RESOLVE), addr->source, ma->filename, len, ma->offset); if ((fd = open(ma->filename, O_WRONLY|O_CREAT, 0644)) >= 0) { @@ -353,7 +353,7 @@ } static void -decode_udp_nfs(struct libnet_ip_hdr *ip) +decode_udp_nfs(struct libnet_ipv4_hdr *ip) { static struct tuple4 addr; struct libnet_udp_hdr *udp; --- a/macof.c 2011-06-19 17:14:04.959999389 -0500 +++ b/macof.c 2011-06-19 17:15:10.523999375 -0500 @@ -48,8 +48,8 @@ static void gen_mac(u_char *mac) { - *((in_addr_t *)mac) = libnet_get_prand(PRu32); - *((u_short *)(mac + 4)) = libnet_get_prand(PRu16); + *((in_addr_t *)mac) = libnet_get_prand(LIBNET_PRu32); + *((u_short *)(mac + 4)) = libnet_get_prand(LIBNET_PRu16); } int @@ -59,22 +59,23 @@ extern int optind; int c, i; struct libnet_link_int *llif; - char ebuf[PCAP_ERRBUF_SIZE]; + char pcap_ebuf[PCAP_ERRBUF_SIZE]; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; u_char sha[ETHER_ADDR_LEN], tha[ETHER_ADDR_LEN]; in_addr_t src, dst; u_short sport, dport; u_int32_t seq; - u_char pkt[ETH_H + IP_H + TCP_H]; + libnet_t *l; while ((c = getopt(argc, argv, "vs:d:e:x:y:i:n:h?V")) != -1) { switch (c) { case 'v': break; case 's': - Src = libnet_name_resolve(optarg, 0); + Src = libnet_name2addr4(l, optarg, 0); break; case 'd': - Dst = libnet_name_resolve(optarg, 0); + Dst = libnet_name2addr4(l, optarg, 0); break; case 'e': Tha = (u_char *)ether_aton(optarg); @@ -101,13 +102,13 @@ if (argc != 0) usage(); - if (!Intf && (Intf = pcap_lookupdev(ebuf)) == NULL) - errx(1, "%s", ebuf); + if (!Intf && (Intf = pcap_lookupdev(pcap_ebuf)) == NULL) + errx(1, "%s", pcap_ebuf); - if ((llif = libnet_open_link_interface(Intf, ebuf)) == 0) - errx(1, "%s", ebuf); + if ((l = libnet_init(LIBNET_LINK, Intf, libnet_ebuf)) == NULL) + errx(1, "%s", libnet_ebuf); - libnet_seed_prand(); + libnet_seed_prand(l); for (i = 0; i != Repeat; i++) { @@ -117,39 +118,39 @@ else memcpy(tha, Tha, sizeof(tha)); if (Src != 0) src = Src; - else src = libnet_get_prand(PRu32); + else src = libnet_get_prand(LIBNET_PRu32); if (Dst != 0) dst = Dst; - else dst = libnet_get_prand(PRu32); + else dst = libnet_get_prand(LIBNET_PRu32); if (Sport != 0) sport = Sport; - else sport = libnet_get_prand(PRu16); + else sport = libnet_get_prand(LIBNET_PRu16); if (Dport != 0) dport = Dport; - else dport = libnet_get_prand(PRu16); + else dport = libnet_get_prand(LIBNET_PRu16); - seq = libnet_get_prand(PRu32); - - libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, pkt); - - libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 64, - IPPROTO_TCP, src, dst, NULL, 0, pkt + ETH_H); + seq = libnet_get_prand(LIBNET_PRu32); libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512, - 0, NULL, 0, pkt + ETH_H + IP_H); + 0, 0, LIBNET_TCP_H, NULL, 0, l, 0); - libnet_do_checksum(pkt + ETH_H, IPPROTO_IP, IP_H); - libnet_do_checksum(pkt + ETH_H, IPPROTO_TCP, TCP_H); + libnet_build_ipv4(LIBNET_TCP_H, 0, + libnet_get_prand(LIBNET_PRu16), 0, 64, + IPPROTO_TCP, 0, src, dst, NULL, 0, l, 0); - if (libnet_write_link_layer(llif, Intf, pkt, sizeof(pkt)) < 0) + libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, l, 0); + + if (libnet_write(l) < 0) errx(1, "write"); + libnet_clear_packet(l); + fprintf(stderr, "%s ", ether_ntoa((struct ether_addr *)sha)); fprintf(stderr, "%s %s.%d > %s.%d: S %u:%u(0) win 512\n", ether_ntoa((struct ether_addr *)tha), - libnet_host_lookup(Src, 0), sport, - libnet_host_lookup(Dst, 0), dport, seq, seq); + libnet_addr2name4(Src, 0), sport, + libnet_addr2name4(Dst, 0), dport, seq, seq); } exit(0); } --- a/record.c 2011-06-19 17:14:06.627999389 -0500 +++ b/record.c 2011-06-19 17:15:10.523999375 -0500 @@ -65,8 +65,8 @@ tm = localtime(&rec->time); strftime(tstr, sizeof(tstr), "%x %X", tm); - srcp = libnet_host_lookup(rec->src, Opt_dns); - dstp = libnet_host_lookup(rec->dst, Opt_dns); + srcp = libnet_addr2name4(rec->src, Opt_dns); + dstp = libnet_addr2name4(rec->dst, Opt_dns); if ((pr = getprotobynumber(rec->proto)) == NULL) protop = "unknown"; --- a/sshmitm.c 2011-06-19 17:14:05.687999389 -0500 +++ b/sshmitm.c 2011-06-19 17:15:10.527999375 -0500 @@ -389,7 +389,7 @@ if (argc < 1) usage(); - if ((ip = libnet_name_resolve(argv[0], 1)) == -1) + if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1) usage(); if (argc == 2 && (rport = atoi(argv[1])) == 0) --- a/tcpkill.c 2011-06-19 17:14:05.823999389 -0500 +++ b/tcpkill.c 2011-06-19 17:15:10.535999375 -0500 @@ -39,17 +39,18 @@ static void tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt) { - struct libnet_ip_hdr *ip; + struct libnet_ipv4_hdr *ip; struct libnet_tcp_hdr *tcp; - u_char ctext[64], buf[IP_H + TCP_H]; + u_char ctext[64]; u_int32_t seq, win; - int i, *sock, len; + int i, len; + libnet_t *l; - sock = (int *)user; + l = (libnet_t *)user; pkt += pcap_off; len = pcap->caplen - pcap_off; - ip = (struct libnet_ip_hdr *)pkt; + ip = (struct libnet_ipv4_hdr *)pkt; if (ip->ip_p != IPPROTO_TCP) return; @@ -57,34 +58,31 @@ if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST)) return; - libnet_build_ip(TCP_H, 0, 0, 0, 64, IPPROTO_TCP, - ip->ip_dst.s_addr, ip->ip_src.s_addr, - NULL, 0, buf); - - libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport), - 0, 0, TH_RST, 0, 0, NULL, 0, buf + IP_H); - seq = ntohl(tcp->th_ack); win = ntohs(tcp->th_win); snprintf(ctext, sizeof(ctext), "%s:%d > %s:%d:", - libnet_host_lookup(ip->ip_src.s_addr, 0), + libnet_addr2name4(ip->ip_src.s_addr, LIBNET_DONT_RESOLVE), ntohs(tcp->th_sport), - libnet_host_lookup(ip->ip_dst.s_addr, 0), + libnet_addr2name4(ip->ip_dst.s_addr, LIBNET_DONT_RESOLVE), ntohs(tcp->th_dport)); - ip = (struct libnet_ip_hdr *)buf; - tcp = (struct libnet_tcp_hdr *)(ip + 1); - for (i = 0; i < Opt_severity; i++) { - ip->ip_id = libnet_get_prand(PRu16); seq += (i * win); - tcp->th_seq = htonl(seq); - libnet_do_checksum(buf, IPPROTO_TCP, TCP_H); + libnet_clear_packet(l); + + libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport), + seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, + NULL, 0, l, 0); + + libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0, + libnet_get_prand(LIBNET_PRu16), 0, 64, + IPPROTO_TCP, 0, ip->ip_dst.s_addr, + ip->ip_src.s_addr, NULL, 0, l, 0); - if (libnet_write_ip(*sock, buf, sizeof(buf)) < 0) - warn("write_ip"); + if (libnet_write(l) < 0) + warn("write"); fprintf(stderr, "%s R %lu:%lu(0) win 0\n", ctext, seq, seq); } @@ -95,8 +93,10 @@ { extern char *optarg; extern int optind; - int c, sock; + int c; char *p, *intf, *filter, ebuf[PCAP_ERRBUF_SIZE]; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; + libnet_t *l; pcap_t *pd; intf = NULL; @@ -136,14 +136,14 @@ if ((pcap_off = pcap_dloff(pd)) < 0) errx(1, "couldn't determine link layer offset"); - if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1) + if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL) errx(1, "couldn't initialize sending"); - libnet_seed_prand(); + libnet_seed_prand(l); warnx("listening on %s [%s]", intf, filter); - pcap_loop(pd, -1, tcp_kill_cb, (u_char *)&sock); + pcap_loop(pd, -1, tcp_kill_cb, (u_char *)l); /* NOTREACHED */ --- a/tcpnice.c 2011-06-19 17:14:04.547999389 -0500 +++ b/tcpnice.c 2011-06-19 17:15:10.539999375 -0500 @@ -41,107 +41,106 @@ } static void -send_tcp_window_advertisement(int sock, struct libnet_ip_hdr *ip, +send_tcp_window_advertisement(libnet_t *l, struct libnet_ipv4_hdr *ip, struct libnet_tcp_hdr *tcp) { int len; ip->ip_hl = 5; - ip->ip_len = htons(IP_H + TCP_H); - ip->ip_id = libnet_get_prand(PRu16); - memcpy(buf, (u_char *)ip, IP_H); + ip->ip_len = htons(LIBNET_IPV4_H + LIBNET_TCP_H); + ip->ip_id = libnet_get_prand(LIBNET_PRu16); + memcpy(buf, (u_char *)ip, LIBNET_IPV4_H); tcp->th_off = 5; tcp->th_win = htons(MIN_WIN); - memcpy(buf + IP_H, (u_char *)tcp, TCP_H); + memcpy(buf + LIBNET_IPV4_H, (u_char *)tcp, LIBNET_TCP_H); - libnet_do_checksum(buf, IPPROTO_TCP, TCP_H); + libnet_do_checksum(l, buf, IPPROTO_TCP, LIBNET_TCP_H); - len = IP_H + TCP_H; + len = LIBNET_IPV4_H + LIBNET_TCP_H; - if (libnet_write_ip(sock, buf, len) != len) + if (libnet_write_raw_ipv4(l, buf, len) != len) warn("write"); fprintf(stderr, "%s:%d > %s:%d: . ack %lu win %d\n", - libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport), - libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport), + libnet_addr2name4(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport), + libnet_addr2name4(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport), ntohl(tcp->th_ack), 1); } static void -send_icmp_source_quench(int sock, struct libnet_ip_hdr *ip) +send_icmp_source_quench(libnet_t *l, struct libnet_ipv4_hdr *ip) { - struct libnet_icmp_hdr *icmp; + struct libnet_icmpv4_hdr *icmp; int len; len = (ip->ip_hl * 4) + 8; - libnet_build_ip(ICMP_ECHO_H + len, 0, libnet_get_prand(PRu16), - 0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr, - ip->ip_src.s_addr, NULL, 0, buf); - - icmp = (struct libnet_icmp_hdr *)(buf + IP_H); + icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H); icmp->icmp_type = ICMP_SOURCEQUENCH; icmp->icmp_code = 0; - memcpy((u_char *)icmp + ICMP_ECHO_H, (u_char *)ip, len); + memcpy((u_char *)icmp + LIBNET_ICMPV4_ECHO_H, (u_char *)ip, len); - libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_ECHO_H + len); + len += LIBNET_ICMPV4_ECHO_H; - len += (IP_H + ICMP_ECHO_H); + libnet_build_ipv4(LIBNET_IPV4_H + len, 0, + libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP, + 0, ip->ip_dst.s_addr, ip->ip_src.s_addr, + (u_int8_t *) icmp, len, l, 0); - if (libnet_write_ip(sock, buf, len) != len) + if (libnet_write(l) != len) warn("write"); fprintf(stderr, "%s > %s: icmp: source quench\n", - libnet_host_lookup(ip->ip_dst.s_addr, 0), - libnet_host_lookup(ip->ip_src.s_addr, 0)); + libnet_addr2name4(ip->ip_dst.s_addr, 0), + libnet_addr2name4(ip->ip_src.s_addr, 0)); } static void -send_icmp_frag_needed(int sock, struct libnet_ip_hdr *ip) +send_icmp_frag_needed(libnet_t *l, struct libnet_ipv4_hdr *ip) { - struct libnet_icmp_hdr *icmp; + struct libnet_icmpv4_hdr *icmp; int len; len = (ip->ip_hl * 4) + 8; - libnet_build_ip(ICMP_MASK_H + len, 4, libnet_get_prand(PRu16), - 0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr, - ip->ip_src.s_addr, NULL, 0, buf); - - icmp = (struct libnet_icmp_hdr *)(buf + IP_H); + icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H); icmp->icmp_type = ICMP_UNREACH; icmp->icmp_code = ICMP_UNREACH_NEEDFRAG; icmp->hun.frag.pad = 0; icmp->hun.frag.mtu = htons(MIN_MTU); - memcpy((u_char *)icmp + ICMP_MASK_H, (u_char *)ip, len); + memcpy((u_char *)icmp + LIBNET_ICMPV4_MASK_H, (u_char *)ip, len); - libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_MASK_H + len); - - len += (IP_H + ICMP_MASK_H); + len += LIBNET_ICMPV4_MASK_H; + + libnet_build_ipv4(LIBNET_IPV4_H + len, 4, + libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP, + 0, ip->ip_dst.s_addr, ip->ip_src.s_addr, + (u_int8_t *) icmp, len, l, 0); - if (libnet_write_ip(sock, buf, len) != len) + if (libnet_write(l) != len) warn("write"); fprintf(stderr, "%s > %s: icmp: ", - libnet_host_lookup(ip->ip_dst.s_addr, 0), - libnet_host_lookup(ip->ip_src.s_addr, 0)); + libnet_addr2name4(ip->ip_dst.s_addr, 0), + libnet_addr2name4(ip->ip_src.s_addr, 0)); fprintf(stderr, "%s unreachable - need to frag (mtu %d)\n", - libnet_host_lookup(ip->ip_src.s_addr, 0), MIN_MTU); + libnet_addr2name4(ip->ip_src.s_addr, 0), MIN_MTU); } static void tcp_nice_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt) { - struct libnet_ip_hdr *ip; + struct libnet_ipv4_hdr *ip; struct libnet_tcp_hdr *tcp; - int *sock, len; + int len; + libnet_t *l; - sock = (int *)user; + l = (libnet_t *)user; pkt += pcap_off; len = pcap->caplen - pcap_off; - ip = (struct libnet_ip_hdr *)pkt; + ip = (struct libnet_ipv4_hdr *)pkt; if (ip->ip_p != IPPROTO_TCP) return; @@ -151,11 +150,11 @@ if (ntohs(ip->ip_len) > (ip->ip_hl << 2) + (tcp->th_off << 2)) { if (Opt_icmp) - send_icmp_source_quench(*sock, ip); + send_icmp_source_quench(l, ip); if (Opt_win) - send_tcp_window_advertisement(*sock, ip, tcp); + send_tcp_window_advertisement(l, ip, tcp); if (Opt_pmtu) - send_icmp_frag_needed(*sock, ip); + send_icmp_frag_needed(l, ip); } } @@ -164,8 +163,10 @@ { extern char *optarg; extern int optind; - int c, sock; + int c; char *intf, *filter, ebuf[PCAP_ERRBUF_SIZE]; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; + libnet_t *l; pcap_t *pd; intf = NULL; @@ -209,14 +210,14 @@ if ((pcap_off = pcap_dloff(pd)) < 0) errx(1, "couldn't determine link layer offset"); - if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1) + if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL) errx(1, "couldn't initialize sending"); - libnet_seed_prand(); + libnet_seed_prand(l); warnx("listening on %s [%s]", intf, filter); - pcap_loop(pd, -1, tcp_nice_cb, (u_char *)&sock); + pcap_loop(pd, -1, tcp_nice_cb, (u_char *)l); /* NOTREACHED */ --- a/tcp_raw.c 2011-06-19 17:14:06.375999389 -0500 +++ b/tcp_raw.c 2011-06-19 17:15:10.543999375 -0500 @@ -119,7 +119,7 @@ } struct iovec * -tcp_raw_input(struct libnet_ip_hdr *ip, struct libnet_tcp_hdr *tcp, int len) +tcp_raw_input(struct libnet_ipv4_hdr *ip, struct libnet_tcp_hdr *tcp, int len) { struct tha tha; struct tcp_conn *conn; @@ -131,7 +131,7 @@ /* Verify TCP checksum. */ cksum = tcp->th_sum; - libnet_do_checksum((u_char *) ip, IPPROTO_TCP, len); + libnet_do_checksum(NULL, (u_char *) ip, IPPROTO_TCP, len); if (cksum != tcp->th_sum) return (NULL); --- a/tcp_raw.h 2011-06-19 17:14:05.079999389 -0500 +++ b/tcp_raw.h 2011-06-19 17:15:10.547999375 -0500 @@ -15,7 +15,7 @@ u_short sport, u_short dport, u_char *buf, int len); -struct iovec *tcp_raw_input(struct libnet_ip_hdr *ip, +struct iovec *tcp_raw_input(struct libnet_ipv4_hdr *ip, struct libnet_tcp_hdr *tcp, int len); void tcp_raw_timeout(int timeout, tcp_raw_callback_t callback); --- a/trigger.c 2011-06-19 17:14:05.483999389 -0500 +++ b/trigger.c 2011-06-19 17:15:10.551999375 -0500 @@ -276,7 +276,7 @@ } void -trigger_ip(struct libnet_ip_hdr *ip) +trigger_ip(struct libnet_ipv4_hdr *ip) { struct trigger *t, tr; u_char *buf; @@ -305,7 +305,7 @@ /* libnids needs a nids_register_udp()... */ void -trigger_udp(struct libnet_ip_hdr *ip) +trigger_udp(struct libnet_ipv4_hdr *ip) { struct trigger *t, tr; struct libnet_udp_hdr *udp; @@ -437,7 +437,7 @@ } void -trigger_tcp_raw(struct libnet_ip_hdr *ip) +trigger_tcp_raw(struct libnet_ipv4_hdr *ip) { struct trigger *t, tr; struct libnet_tcp_hdr *tcp; --- a/trigger.h 2011-06-19 17:14:04.371999389 -0500 +++ b/trigger.h 2011-06-19 17:15:10.555999375 -0500 @@ -24,10 +24,10 @@ int trigger_set_tcp(int port, char *name); int trigger_set_rpc(int program, char *name); -void trigger_ip(struct libnet_ip_hdr *ip); -void trigger_udp(struct libnet_ip_hdr *ip); +void trigger_ip(struct libnet_ipv4_hdr *ip); +void trigger_udp(struct libnet_ipv4_hdr *ip); void trigger_tcp(struct tcp_stream *ts, void **conn_save); -void trigger_tcp_raw(struct libnet_ip_hdr *ip); +void trigger_tcp_raw(struct libnet_ipv4_hdr *ip); void trigger_tcp_raw_timeout(int signal); void trigger_rpc(int program, int proto, int port); --- a/urlsnarf.c 2011-06-19 17:15:08.631999375 -0500 +++ b/urlsnarf.c 2011-06-19 17:15:10.559999375 -0500 @@ -145,14 +145,14 @@ if (user == NULL) user = "-"; if (vhost == NULL) - vhost = libnet_host_lookup(addr->daddr, Opt_dns); + vhost = libnet_addr2name4(addr->daddr, Opt_dns); if (referer == NULL) referer = "-"; if (agent == NULL) agent = "-"; printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n", - libnet_host_lookup(addr->saddr, Opt_dns), + libnet_addr2name4(addr->saddr, Opt_dns), user, timestamp(), req, vhost, uri, referer, agent); } fflush(stdout); --- a/webmitm.c 2011-06-19 17:14:07.231999387 -0500 +++ b/webmitm.c 2011-06-19 17:15:10.559999375 -0500 @@ -242,7 +242,7 @@ word = buf_tok(&msg, "/", 1); vhost = buf_strdup(word); } - ssin.sin_addr.s_addr = libnet_name_resolve(vhost, 1); + ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1); free(vhost); if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) || @@ -510,7 +510,7 @@ argv += optind; if (argc == 1) { - if ((static_host = libnet_name_resolve(argv[0], 1)) == -1) + if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1) usage(); } else if (argc != 0) usage(); --- a/webspy.c 2011-06-19 17:15:01.111999376 -0500 +++ b/webspy.c 2011-06-19 17:15:10.563999375 -0500 @@ -126,7 +126,7 @@ if (auth == NULL) auth = ""; if (vhost == NULL) - vhost = libnet_host_lookup(addr->daddr, 0); + vhost = libnet_addr2name4(addr->daddr, 0); snprintf(cmd, sizeof(cmd), "openURL(http://%s%s%s%s)", auth, *auth ? "@" : "", vhost, uri); @@ -205,7 +205,7 @@ cmdtab[0] = cmd; cmdtab[1] = NULL; - if ((host = libnet_name_resolve(argv[0], 1)) == -1) + if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1) errx(1, "unknown host"); if ((dpy = XOpenDisplay(NULL)) == NULL) debian/patches/12_arpa_inet_header.patch0000644000000000000000000000301311577472400015416 0ustar Author: Luciano Bello Description: aviod the "implicit declaration of function 'ntohs'" warning --- a/decode_aim.c 2011-06-19 17:13:50.503999391 -0500 +++ b/decode_aim.c 2011-06-19 17:15:27.267999371 -0500 @@ -14,6 +14,7 @@ #include #include +#include #include "hex.h" #include "buf.h" --- a/decode_mmxp.c 2011-06-19 17:13:50.323999391 -0500 +++ b/decode_mmxp.c 2011-06-19 17:15:27.271999371 -0500 @@ -21,6 +21,7 @@ #include #include +#include #include "buf.h" #include "decode.h" --- a/decode_pptp.c 2011-06-19 17:13:50.687999391 -0500 +++ b/decode_pptp.c 2011-06-19 17:15:27.275999371 -0500 @@ -16,6 +16,7 @@ #include #include +#include #include "buf.h" #include "decode.h" --- a/decode_tds.c 2011-06-19 17:15:23.511999372 -0500 +++ b/decode_tds.c 2011-06-19 17:15:27.275999371 -0500 @@ -19,6 +19,7 @@ #include #include #include +#include #include "decode.h" --- a/decode_vrrp.c 2011-06-19 17:13:51.243999390 -0500 +++ b/decode_vrrp.c 2011-06-19 17:15:27.287999371 -0500 @@ -15,6 +15,7 @@ #include #include +#include #include "buf.h" #include "decode.h" --- a/ssh.c 2011-06-19 17:15:14.343999374 -0500 +++ b/ssh.c 2011-06-19 17:15:27.291999371 -0500 @@ -23,6 +23,7 @@ #include #include #include +#include #include #include "hex.h" debian/patches/23_urlsnarf_timestamp.patch0000644000000000000000000000337611631353056016075 0ustar Author: Hilko Bengen Description: urlsnarf: use timestamps from pcap file if available. Closes: #573365 --- a/urlsnarf.c 2011-06-19 17:15:21.627999373 -0500 +++ b/urlsnarf.c 2011-06-19 17:15:43.411999368 -0500 @@ -36,6 +36,7 @@ u_short Opt_dns = 1; int Opt_invert = 0; regex_t *pregex = NULL; +time_t tt = 0; static void usage(void) @@ -57,9 +58,12 @@ timestamp(void) { static char tstr[32], sign; struct tm *t, gmt; - time_t tt = time(NULL); int days, hours, tz, len; + if (!nids_params.filename) { + tt = time(NULL); + } + gmt = *gmtime(&tt); t = localtime(&tt); @@ -312,9 +316,48 @@ main(int argc, char *argv[]) nids_register_chksum_ctl(&chksum_ctl, 1); - nids_run(); - - /* NOTREACHED */ + pcap_t *p; + char pcap_errbuf[PCAP_ERRBUF_SIZE]; + if (nids_params.filename == NULL) { + /* adapted from libnids.c:open_live() */ + if (strcmp(nids_params.device, "all") == 0) + nids_params.device = "any"; + p = pcap_open_live(nids_params.device, 16384, + (nids_params.promisc != 0), + 0, pcap_errbuf); + if (!p) { + fprintf(stderr, "pcap_open_live(): %s\n", + pcap_errbuf); + exit(1); + } + } + else { + p = pcap_open_offline(nids_params.filename, + pcap_errbuf); + if (!p) { + fprintf(stderr, "pcap_open_offline(%s): %s\n", + nids_params.filename, pcap_errbuf); + } + } + + struct pcap_pkthdr *h; + u_char *d; + int rc; + while ((rc = pcap_next_ex(p, &h, &d)) == 1) { + tt = h->ts.tv_sec; + nids_pcap_handler(NULL, h, d); + } + switch (rc) { + case(-2): /* end of pcap file */ + case(0): /* timeout on live capture */ + break; + case(-1): + default: + fprintf(stderr, "rc = %i\n", rc); + pcap_perror(p, "pcap_read_ex()"); + exit(1); + break; + } exit(0); } debian/patches/series0000644000000000000000000000131511730171176012036 0ustar 01_time.h.patch 02_mailsnarf_corrupt.patch 03_pcap_read_dump.patch 04_multiple_intf.patch 05_amd64_fix.patch 06_urlsnarf_zeropad.patch 07_libnet_1.1.patch 08_openssl-0.9.8.patch 09_sysconf_clocks.patch 08_checksum.patch 09_sshcrypto.patch 10_urlsnarf_escape.patch 11_string_header.patch 12_arpa_inet_header.patch 13_pop_with_version.patch 14_obsolete_time.patch 15_checksum_libnids.patch 16_TDS_decoder.patch 20_debian_dirs.patch 21_msgsnarf_segfault.patch 22_handlepp.patch 23_urlsnarf_timestamp.patch 0001-rewrite-and-modernize-POP-decoder.patch 0001-arpspoof-add-r-switch-to-poison-both-directions.patch 0002-arpspoof-allow-use-of-of-multiple-targets.patch 0003-arpspoof-allow-selection-of-source-hw-address.patch debian/patches/08_openssl-0.9.8.patch0000644000000000000000000000050211577472363014316 0ustar Author: Description: Fix FTBFS with openssl. --- a/ssh.c 2011-06-19 17:14:01.359999389 -0500 +++ b/ssh.c 2011-06-19 17:15:14.343999374 -0500 @@ -16,6 +16,7 @@ #include #include #include +#include #include #include debian/patches/0002-arpspoof-allow-use-of-of-multiple-targets.patch0000644000000000000000000001245611730170310022261 0ustar >From 25c761ebb1a8001d05da8b3dba36e96ac07ad586 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Mon, 7 Nov 2011 17:40:50 +0100 Subject: [PATCH 2/3] arpspoof: allow use of of multiple targets Signed-off-by: Stefan Tomanek --- arpspoof.8 | 2 +- arpspoof.c | 102 ++++++++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 69 insertions(+), 35 deletions(-) --- a/arpspoof.8 2012-03-14 13:24:27.000000000 -0600 +++ b/arpspoof.8 2012-03-14 13:25:55.782078436 -0600 @@ -25,7 +25,7 @@ Specify the interface to use. .IP "\fB-t \fItarget\fR" Specify a particular host to ARP poison (if not specified, all hosts -on the LAN). +on the LAN). Repeat to specify multiple hosts. .IP "\fB\-r\fR" Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with \-t) --- a/arpspoof.c 2012-03-14 13:24:27.626081655 -0600 +++ b/arpspoof.c 2012-03-14 13:24:27.646081654 -0600 @@ -29,9 +29,14 @@ extern char *ether_ntoa(struct ether_addr *); +struct host { + in_addr_t ip; + struct ether_addr mac; +}; + static libnet_t *l; -static struct ether_addr spoof_mac, target_mac; -static in_addr_t spoof_ip, target_ip; +static struct host spoof = {0}; +static struct host *targets; static char *intf; static int poison_reverse; @@ -133,30 +138,46 @@ return (0); } +static int arp_find_all() { + struct host *target = targets; + while(target->ip) { + if (arp_find(target->ip, &target->mac)) { + return 1; + } + target++; + } + + return 0; +} + static void cleanup(int sig) { - int fw = arp_find(spoof_ip, &spoof_mac); - int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac); + int fw = arp_find(spoof.ip, &spoof.mac); + int bw = poison_reverse && targets[0].ip && arp_find_all(); int i; fprintf(stderr, "Cleaning up and re-arping targets...\n"); for (i = 0; i < 5; i++) { - /* XXX - on BSD, requires ETHERSPOOF kernel. */ - if (fw) { - arp_send(l, ARPOP_REPLY, - (u_int8_t *)&spoof_mac, spoof_ip, - (target_ip ? (u_int8_t *)&target_mac : NULL), - target_ip); - /* we have to wait a moment before sending the next packet */ - sleep(1); - } - if (bw) { - arp_send(l, ARPOP_REPLY, - (u_int8_t *)&target_mac, target_ip, - (u_int8_t *)&spoof_mac, - spoof_ip); - sleep(1); + struct host *target = targets; + while(target->ip) { + /* XXX - on BSD, requires ETHERSPOOF kernel. */ + if (fw) { + arp_send(l, ARPOP_REPLY, + (u_int8_t *)&spoof.mac, spoof.ip, + (target->ip ? (u_int8_t *)&target->mac : NULL), + target->ip); + /* we have to wait a moment before sending the next packet */ + sleep(1); + } + if (bw) { + arp_send(l, ARPOP_REPLY, + (u_int8_t *)&target->mac, target->ip, + (u_int8_t *)&spoof.mac, + spoof.ip); + sleep(1); + } + target++; } } @@ -171,10 +192,15 @@ char pcap_ebuf[PCAP_ERRBUF_SIZE]; char libnet_ebuf[LIBNET_ERRBUF_SIZE]; int c; + int n_targets; + spoof.ip = 0; intf = NULL; - spoof_ip = target_ip = 0; poison_reverse = 0; + n_targets = 0; + + /* allocate enough memory for target list */ + targets = calloc( argc+1, sizeof(struct host) ); while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) { switch (c) { @@ -182,7 +208,7 @@ intf = optarg; break; case 't': - if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) + if ((targets[n_targets++].ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) usage(); break; case 'r': @@ -198,12 +224,12 @@ if (argc != 1) usage(); - if (poison_reverse && !target_ip) { + if (poison_reverse && !n_targets) { errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t)."); usage(); } - if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) + if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL) @@ -211,15 +237,19 @@ if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL) errx(1, "%s", libnet_ebuf); - - if (target_ip != 0 && !arp_find(target_ip, &target_mac)) - errx(1, "couldn't arp for host %s", - libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE)); + + struct host *target = targets; + while(target->ip) { + if (target->ip != 0 && !arp_find(target->ip, &target->mac)) + errx(1, "couldn't arp for host %s", + libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE)); + target++; + } if (poison_reverse) { - if (!arp_find(spoof_ip, &spoof_mac)) { + if (!arp_find(spoof.ip, &spoof.mac)) { errx(1, "couldn't arp for spoof host %s", - libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE)); + libnet_addr2name4(spoof.ip, LIBNET_DONT_RESOLVE)); } } @@ -228,11 +258,15 @@ signal(SIGTERM, cleanup); for (;;) { - arp_send(l, ARPOP_REPLY, NULL, spoof_ip, - (target_ip ? (u_int8_t *)&target_mac : NULL), - target_ip); - if (poison_reverse) { - arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip); + struct host *target = targets; + while(target->ip) { + arp_send(l, ARPOP_REPLY, NULL, spoof.ip, + (target->ip ? (u_int8_t *)&target->mac : NULL), + target->ip); + if (poison_reverse) { + arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip); + } + target++; } sleep(2); debian/patches/0001-rewrite-and-modernize-POP-decoder.patch0000644000000000000000000000622111730164241020466 0ustar >From b05e27ba9b0ba9ef00ad2183933652e08d8c89af Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Sat, 29 Oct 2011 20:48:55 +0200 Subject: [PATCH] rewrite and modernize POP decoder Signed-off-by: Stefan Tomanek --- decode_pop.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++----------- 1 files changed, 77 insertions(+), 19 deletions(-) diff --git a/decode_pop.c b/decode_pop.c index 04044f5..767da41 100644 --- a/decode_pop.c +++ b/decode_pop.c @@ -6,6 +6,8 @@ * Copyright (c) 2000 Dug Song * * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $ + * + * Rewritten by Stefan Tomanek 2011 */ #include "config.h" @@ -45,32 +47,88 @@ int decode_pop(u_char *buf, int len, u_char *obuf, int olen) { char *p; + char *s; + int n; int i, j; + char *user; + char *password; + enum { + NONE, + AUTHPLAIN, + AUTHLOGIN, + USERPASS + } mode = NONE; + obuf[0] = '\0'; for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) { - if (strncasecmp(p, "AUTH PLAIN", 10) == 0 || - strncasecmp(p, "AUTH LOGIN", 10) == 0) { - strlcat(obuf, p, olen); - strlcat(obuf, "\n", olen); - - /* Decode SASL auth. */ - for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) { - strlcat(obuf, p, olen); - j = base64_pton(p, p, strlen(p)); - p[j] = '\0'; - strlcat(obuf, " [", olen); - strlcat(obuf, p, olen); - strlcat(obuf, "]\n", olen); + if (mode == NONE) { + user = NULL; + password = NULL; + if (strncasecmp(p, "AUTH PLAIN", 10) == 0) { + mode = AUTHPLAIN; + continue; + } + if (strncasecmp(p, "AUTH LOGIN", 10) == 0) { + mode = AUTHLOGIN; + continue; + } + if (strncasecmp(p, "USER ", 5) == 0) { + mode = USERPASS; + /* the traditional login cuts right to the case, + * so no continue here + */ } } - /* Save regular POP2, POP3 auth info. */ - else if (strncasecmp(p, "USER ", 5) == 0 || - strncasecmp(p, "PASS ", 5) == 0 || - strncasecmp(p, "HELO ", 5) == 0) { - strlcat(obuf, p, olen); - strlcat(obuf, "\n", olen); + printf("(%d) %s\n", mode, p); + if (mode == USERPASS) { + if (strncasecmp(p, "USER ", 5) == 0) { + user = &p[5]; + } else if (strncasecmp(p, "PASS ", 5) == 0) { + password = &p[5]; + } + } + + if (mode == AUTHPLAIN) { + j = base64_pton(p, p, strlen(p)); + p[j] = '\0'; + n = 0; + s = p; + /* p consists of three parts, divided by \0 */ + while (s <= &p[j] && n<=3) { + if (n == 0) { + /* we do not process this portion yet */ + } else if (n == 1) { + user = s; + } else if (n == 2) { + password = s; + } + n++; + while (*s) s++; + s++; + } + } + + if (mode == AUTHLOGIN) { + j = base64_pton(p, p, strlen(p)); + p[j] = '\0'; + if (! user) { + user = p; + } else { + password = p; + /* got everything we need :-) */ + } + } + + if (user && password) { + strlcat(obuf, "\nusername [", olen); + strlcat(obuf, user, olen); + strlcat(obuf, "] password [", olen); + strlcat(obuf, password, olen); + strlcat(obuf, "]\n", olen); + + mode = NONE; } } return (strlen(obuf)); -- 1.7.5.4 debian/patches/13_pop_with_version.patch0000644000000000000000000000135211577472402015551 0ustar Author: Luciano Bello Description: distinguish between pop versions --- a/decode.c 2011-06-19 17:13:48.679999392 -0500 +++ b/decode.c 2011-06-19 17:15:29.771999369 -0500 @@ -63,7 +63,8 @@ { "http", decode_http }, { "ospf", decode_ospf }, { "poppass", decode_poppass }, - { "pop", decode_pop }, + { "pop2", decode_pop }, + { "pop3", decode_pop }, { "nntp", decode_nntp }, { "smb", decode_smb }, { "imap", decode_imap }, --- a/dsniff.services 2011-06-19 17:13:48.883999392 -0500 +++ b/dsniff.services 2011-06-19 17:15:29.799999369 -0500 @@ -10,8 +10,8 @@ ospf 89/ip http 98/tcp poppass 106/tcp -pop 109/tcp -pop 110/tcp +pop2 109/tcp +pop3 110/tcp portmap 111/tcp portmap -111/tcp portmap 111/udp debian/patches/02_mailsnarf_corrupt.patch0000644000000000000000000000076211577472344015714 0ustar Author: Steve Kemp Description: mailsnarf does not parse mail correctly, Closes #149330. --- a/mailsnarf.c 2011-06-19 17:14:23.839999384 -0500 +++ b/mailsnarf.c 2011-06-19 17:14:59.327999376 -0500 @@ -178,7 +178,7 @@ if (smtp->state != SMTP_DATA) { while ((i = buf_index(&buf, "\r\n", 2)) >= 0) { line = buf_tok(&buf, NULL, i + 2); - line->base[line->end] = '\0'; + line->base[line->end-1] = '\0'; p = buf_ptr(line); if (strncasecmp(p, "RSET", 4) == 0) { debian/patches/01_time.h.patch0000644000000000000000000000114211577472342013334 0ustar Author: Steve Kemp Description: Include to fix segfault on some architectures. Closes #315969 --- a/msgsnarf.c 2011-06-19 17:14:25.023999385 -0500 +++ b/msgsnarf.c 2011-06-19 17:14:56.475999377 -0500 @@ -23,6 +23,7 @@ #include #include #include +#include #include "buf.h" #include "decode.h" --- a/sshow.c 2011-06-19 17:14:24.843999385 -0500 +++ b/sshow.c 2011-06-19 17:14:56.475999377 -0500 @@ -15,6 +15,7 @@ #include #include +#include #include #include debian/patches/0001-arpspoof-add-r-switch-to-poison-both-directions.patch0000644000000000000000000001062311730165201023347 0ustar >From 8fbf0ac15e5fe2df427e3e028f9aa8d96788986a Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Sun, 6 Nov 2011 22:44:54 +0100 Subject: [PATCH 1/3] arpspoof: add -r switch to poison both directions Signed-off-by: Stefan Tomanek --- arpspoof.8 | 5 ++++- arpspoof.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 51 insertions(+), 13 deletions(-) diff --git a/arpspoof.8 b/arpspoof.8 index a05b5d3..544e06c 100644 --- a/arpspoof.8 +++ b/arpspoof.8 @@ -9,7 +9,7 @@ intercept packets on a switched LAN .na .nf .fi -\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] \fIhost\fR +\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR .SH DESCRIPTION .ad .fi @@ -26,6 +26,9 @@ Specify the interface to use. .IP "\fB-t \fItarget\fR" Specify a particular host to ARP poison (if not specified, all hosts on the LAN). +.IP "\fB\-r\fR" +Poison both hosts (host and target) to capture traffic in both directions. +(only valid in conjuntion with \-t) .IP \fIhost\fR Specify the host you wish to intercept packets for (usually the local gateway). diff --git a/arpspoof.c b/arpspoof.c index 7cdbbf8..f51b699 100644 --- a/arpspoof.c +++ b/arpspoof.c @@ -7,6 +7,8 @@ * Copyright (c) 1999 Dug Song * * $Id: arpspoof.c,v 1.5 2001/03/15 08:32:58 dugsong Exp $ + * + * Improved 2011 by Stefan Tomanek */ #include "config.h" @@ -31,12 +33,13 @@ static libnet_t *l; static struct ether_addr spoof_mac, target_mac; static in_addr_t spoof_ip, target_ip; static char *intf; +static int poison_reverse; static void usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: arpspoof [-i interface] [-t target] host\n"); + "Usage: arpspoof [-i interface] [-t target] [-r] host\n"); exit(1); } @@ -133,18 +136,30 @@ arp_find(in_addr_t ip, struct ether_addr *mac) static void cleanup(int sig) { + int fw = arp_find(spoof_ip, &spoof_mac); + int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac); int i; - - if (arp_find(spoof_ip, &spoof_mac)) { - for (i = 0; i < 3; i++) { - /* XXX - on BSD, requires ETHERSPOOF kernel. */ + + fprintf(stderr, "Cleaning up and re-arping targets...\n"); + for (i = 0; i < 5; i++) { + /* XXX - on BSD, requires ETHERSPOOF kernel. */ + if (fw) { arp_send(l, ARPOP_REPLY, (u_int8_t *)&spoof_mac, spoof_ip, (target_ip ? (u_int8_t *)&target_mac : NULL), target_ip); + /* we have to wait a moment before sending the next packet */ + sleep(1); + } + if (bw) { + arp_send(l, ARPOP_REPLY, + (u_int8_t *)&target_mac, target_ip, + (u_int8_t *)&spoof_mac, + spoof_ip); sleep(1); } } + exit(0); } @@ -156,11 +171,12 @@ main(int argc, char *argv[]) char pcap_ebuf[PCAP_ERRBUF_SIZE]; char libnet_ebuf[LIBNET_ERRBUF_SIZE]; int c; - + intf = NULL; spoof_ip = target_ip = 0; - - while ((c = getopt(argc, argv, "i:t:h?V")) != -1) { + poison_reverse = 0; + + while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) { switch (c) { case 'i': intf = optarg; @@ -169,6 +185,9 @@ main(int argc, char *argv[]) if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) usage(); break; + case 'r': + poison_reverse = 1; + break; default: usage(); } @@ -178,7 +197,12 @@ main(int argc, char *argv[]) if (argc != 1) usage(); - + + if (poison_reverse && !target_ip) { + errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t)."); + usage(); + } + if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); @@ -191,18 +215,29 @@ main(int argc, char *argv[]) if (target_ip != 0 && !arp_find(target_ip, &target_mac)) errx(1, "couldn't arp for host %s", libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE)); - + + if (poison_reverse) { + if (!arp_find(spoof_ip, &spoof_mac)) { + errx(1, "couldn't arp for spoof host %s", + libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE)); + } + } + signal(SIGHUP, cleanup); signal(SIGINT, cleanup); signal(SIGTERM, cleanup); - + for (;;) { arp_send(l, ARPOP_REPLY, NULL, spoof_ip, (target_ip ? (u_int8_t *)&target_mac : NULL), target_ip); + if (poison_reverse) { + arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip); + } + sleep(2); } /* NOTREACHED */ - + exit(0); } -- 1.7.5.4 debian/patches/06_urlsnarf_zeropad.patch0000644000000000000000000000072211577472355015544 0ustar Author: Steve Kemp Description: urlsnarf: zero-pad date, Closes #298605. --- a/urlsnarf.c 2011-06-19 17:15:01.103999376 -0500 +++ b/urlsnarf.c 2011-06-19 17:15:08.631999375 -0500 @@ -68,7 +68,7 @@ t->tm_hour - gmt.tm_hour); tz = hours * 60 + t->tm_min - gmt.tm_min; - len = strftime(tstr, sizeof(tstr), "%e/%b/%Y:%X", t); + len = strftime(tstr, sizeof(tstr), "%d/%b/%Y:%X", t); if (len < 0 || len > sizeof(tstr) - 5) return (NULL); debian/patches/03_pcap_read_dump.patch0000644000000000000000000003642711577472347015140 0ustar Author: Joseph Battaglia and Joshua Krage Description: Allow the reading of saved PCAP capture files. Closes #153462 Closes #298604 --- a/dsniff.8 2011-06-19 17:14:20.847999386 -0500 +++ b/dsniff.8 2011-06-19 17:15:01.067999376 -0500 @@ -10,7 +10,7 @@ .nf .fi \fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i -\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR] +\fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR] [\fB-t \fItrigger[,...]\fR]] [\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR] .SH DESCRIPTION @@ -45,6 +45,9 @@ Do not resolve IP addresses to hostnames. .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Rather than processing the contents of packets observed upon the network +process the given PCAP capture file. .IP "\fB-s \fIsnaplen\fR" Analyze at most the first \fIsnaplen\fR bytes of each TCP connection, rather than the default of 1024. --- a/dsniff.c 2011-06-19 17:14:20.303999384 -0500 +++ b/dsniff.c 2011-06-19 17:15:01.071999376 -0500 @@ -46,8 +46,9 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n" - " [-t trigger[,...]] [-r|-w savefile] [expression]\n"); + "Usage: dsniff [-cdmn] [-i interface | -p pcapfile] [-s snaplen]\n" + " [-f services] [-t trigger[,...]] [-r|-w savefile]\n" + " [expression]\n"); exit(1); } @@ -79,7 +80,7 @@ services = savefile = triggers = NULL; - while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) { + while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) { switch (c) { case 'c': Opt_client = 1; @@ -99,6 +100,9 @@ case 'n': Opt_dns = 0; break; + case 'p': + nids_params.filename = optarg; + break; case 'r': Opt_read = 1; savefile = optarg; @@ -168,10 +172,23 @@ else nids_register_tcp(trigger_tcp); if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } } - else warnx("listening on %s", nids_params.device); nids_run(); --- a/filesnarf.8 2011-06-19 17:14:22.343999384 -0500 +++ b/filesnarf.8 2011-06-19 17:15:01.071999376 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -18,6 +18,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching files. --- a/filesnarf.c 2011-06-19 17:14:22.155999384 -0500 +++ b/filesnarf.c 2011-06-19 17:15:01.075999376 -0500 @@ -51,7 +51,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n"); + "Usage: filesnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -464,11 +464,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:vh?V")) != -1) { + while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; case 'v': Opt_invert = 1; break; @@ -498,11 +501,24 @@ nids_register_ip(decode_udp_nfs); nids_register_tcp(decode_tcp_nfs); - if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); --- a/mailsnarf.8 2011-06-19 17:14:21.099999386 -0500 +++ b/mailsnarf.8 2011-06-19 17:15:01.079999376 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -19,6 +19,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching messages. --- a/mailsnarf.c 2011-06-19 17:14:59.327999376 -0500 +++ b/mailsnarf.c 2011-06-19 17:15:01.083999376 -0500 @@ -59,7 +59,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n"); + "Usage: mailsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -344,11 +344,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:vh?V")) != -1) { + while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; case 'v': Opt_invert = 1; break; @@ -378,10 +381,23 @@ nids_register_tcp(sniff_pop_session); if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); --- a/msgsnarf.8 2011-06-19 17:14:21.771999384 -0500 +++ b/msgsnarf.8 2011-06-19 17:15:01.087999376 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -19,6 +19,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching messages. --- a/msgsnarf.c 2011-06-19 17:14:56.475999377 -0500 +++ b/msgsnarf.c 2011-06-19 17:15:01.091999376 -0500 @@ -45,7 +45,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n"); + "Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -633,11 +633,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:hv?V")) != -1) { + while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; case 'v': Opt_invert = 1; break; @@ -666,11 +669,24 @@ nids_register_tcp(sniff_msgs); - if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); --- a/sshow.8 2011-06-19 17:14:18.839999384 -0500 +++ b/sshow.8 2011-06-19 17:15:01.095999376 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR] +\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR] .SH DESCRIPTION .ad .fi @@ -28,6 +28,8 @@ Enable verbose debugging output. .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP "\fIexpression\fR" Specify a tcpdump(8) filter expression to select traffic to sniff. .SH "SEE ALSO" --- a/sshow.c 2011-06-19 17:14:56.475999377 -0500 +++ b/sshow.c 2011-06-19 17:15:01.099999376 -0500 @@ -82,7 +82,7 @@ static void usage(void) { - fprintf(stderr, "Usage: sshow [-d] [-i interface]\n"); + fprintf(stderr, "Usage: sshow [-d] [-i interface | -p pcapfile]\n"); exit(1); } @@ -616,7 +616,7 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "di:h?")) != -1) { + while ((c = getopt(argc, argv, "di:p:h?")) != -1) { switch (c) { case 'd': debug++; @@ -624,6 +624,9 @@ case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; default: usage(); break; @@ -652,11 +655,24 @@ nids_register_tcp(process_event); - if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); --- a/urlsnarf.8 2011-06-19 17:14:19.727999384 -0500 +++ b/urlsnarf.8 2011-06-19 17:15:01.099999376 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -21,6 +21,9 @@ .IP \fB-n\fR Do not resolve IP addresses to hostnames. .IP "\fB-i \fIinterface\fR" +Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching URLs. --- a/urlsnarf.c 2011-06-19 17:14:19.323999384 -0500 +++ b/urlsnarf.c 2011-06-19 17:15:01.103999376 -0500 @@ -41,7 +41,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n"); + "Usage: urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -201,11 +201,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:nvh?V")) != -1) { + while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; case 'n': Opt_dns = 0; break; @@ -238,8 +241,24 @@ nids_register_tcp(sniff_http_client); - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); --- a/webspy.8 2011-06-19 17:14:18.319999386 -0500 +++ b/webspy.8 2011-06-19 17:15:01.107999376 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR +\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR .SH DESCRIPTION .ad .fi @@ -20,6 +20,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-p \fIpcapfile\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fIhost\fR Specify the web client to spy on. .SH "SEE ALSO" --- a/webspy.c 2011-06-19 17:14:21.395999384 -0500 +++ b/webspy.c 2011-06-19 17:15:01.111999376 -0500 @@ -42,7 +42,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: %s [-i interface] host\n", progname); + "Usage: %s [-i interface | -p pcapfile] host\n", progname); exit(1); } @@ -184,11 +184,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:h?V")) != -1) { + while ((c = getopt(argc, argv, "i:p:h?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'p': + nids_params.filename = optarg; + break; default: usage(); } @@ -216,7 +219,13 @@ nids_register_tcp(sniff_http_client); - warnx("listening on %s", nids_params.device); + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + nids_run(); debian/patches/20_debian_dirs.patch0000644000000000000000000000351711577472412014422 0ustar Author: Steve Kemp Description: Adapt to Debian directory structure. --- a/Makefile.in 2011-06-19 17:13:45.651999392 -0500 +++ b/Makefile.in 2011-06-19 17:15:37.407999368 -0500 @@ -11,7 +11,7 @@ install_prefix = prefix = @prefix@ exec_prefix = @exec_prefix@ -libdir = @libdir@ +libdir = $(prefix)/share/dsniff sbindir = @sbindir@ mandir = @mandir@ @@ -37,8 +37,7 @@ X11INC = @X_CFLAGS@ X11LIB = @X_LIBS@ @X_PRE_LIBS@ -lXmu -lX11 @X_EXTRA_LIBS@ -INCS = -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \ - -I$(srcdir)/missing +INCS = -I. $(X11INC) -I$(srcdir)/missing LIBS = @LIBS@ -L$(srcdir) -lmissing INSTALL = @INSTALL@ --- a/dnsspoof.8 2011-06-19 17:13:46.019999392 -0500 +++ b/dnsspoof.8 2011-06-19 17:15:37.423999369 -0500 @@ -31,7 +31,7 @@ address queries on the LAN with an answer of the local machine's IP address. .SH FILES -.IP \fI/usr/local/lib/dnsspoof.hosts\fR +.IP \fI/usr/share/dsniff/dnsspoof.hosts\fR Sample hosts file. .SH "SEE ALSO" dsniff(8), hosts(5) --- a/dsniff.8 2011-06-19 17:15:01.067999376 -0500 +++ b/dsniff.8 2011-06-19 17:15:37.427999369 -0500 @@ -68,9 +68,9 @@ On a hangup signal \fBdsniff\fR will dump its current trigger table to \fIdsniff.services\fR. .SH FILES -.IP \fI/usr/local/lib/dsniff.services\fR +.IP \fI/usr/share/dsniff/dsniff.services\fR Default trigger table -.IP \fI/usr/local/lib/dsniff.magic\fR +.IP \fI/usr/share/dsniff/dsniff.magic\fR Network protocol magic .SH "SEE ALSO" arpspoof(8), libnids(3), services(5), magic(5) --- a/pathnames.h 2011-06-19 17:13:46.219999392 -0500 +++ b/pathnames.h 2011-06-19 17:15:37.431999369 -0500 @@ -12,7 +12,7 @@ #define PATHNAMES_H #ifndef DSNIFF_LIBDIR -#define DSNIFF_LIBDIR "/usr/local/lib/" +#define DSNIFF_LIBDIR "/usr/share/dsniff/" #endif #define DSNIFF_SERVICES "dsniff.services" debian/patches/05_amd64_fix.patch0000644000000000000000000001663311577472353013752 0ustar Author: Steve Kemp Description: Compile under AMD64, Closes #254002. --- a/configure 2011-06-19 17:14:11.327999387 -0500 +++ b/configure 2011-06-19 17:15:06.667999375 -0500 @@ -2667,15 +2667,62 @@ echo "$ac_t""no" 1>&6 fi +echo $ac_n "checking for __dn_expand in -lresolv""... $ac_c" 1>&6 +echo "configure:2672: checking for __dn_expand in -lresolv" >&5 +ac_lib_var=`echo resolv'_'__dn_expand | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lresolv $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo resolv | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + for ac_func in dirname strlcpy strlcat strsep do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2674: checking for $ac_func" >&5 +echo "configure:2721: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2728,12 +2775,12 @@ for ac_func in MD5Update do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2732: checking for $ac_func" >&5 +echo "configure:2779: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2788,12 +2835,12 @@ for ac_func in warnx do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2792: checking for $ac_func" >&5 +echo "configure:2839: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2848,12 +2895,12 @@ for ac_func in ether_ntoa do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2852: checking for $ac_func" >&5 +echo "configure:2899: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2927: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2912,7 +2959,7 @@ fi echo $ac_n "checking for Berkeley DB with 1.85 compatibility""... $ac_c" 1>&6 -echo "configure:2916: checking for Berkeley DB with 1.85 compatibility" >&5 +echo "configure:2963: checking for Berkeley DB with 1.85 compatibility" >&5 # Check whether --with-db or --without-db was given. if test "${with_db+set}" = set; then withval="$with_db" @@ -3015,7 +3062,7 @@ echo $ac_n "checking for libpcap""... $ac_c" 1>&6 -echo "configure:3019: checking for libpcap" >&5 +echo "configure:3066: checking for libpcap" >&5 # Check whether --with-libpcap or --without-libpcap was given. if test "${with_libpcap+set}" = set; then withval="$with_libpcap" @@ -3063,7 +3110,7 @@ echo $ac_n "checking for libnet""... $ac_c" 1>&6 -echo "configure:3067: checking for libnet" >&5 +echo "configure:3114: checking for libnet" >&5 # Check whether --with-libnet or --without-libnet was given. if test "${with_libnet+set}" = set; then withval="$with_libnet" @@ -3110,7 +3157,7 @@ echo $ac_n "checking for libnids""... $ac_c" 1>&6 -echo "configure:3114: checking for libnids" >&5 +echo "configure:3161: checking for libnids" >&5 # Check whether --with-libnids or --without-libnids was given. if test "${with_libnids+set}" = set; then withval="$with_libnids" @@ -3152,9 +3199,9 @@ save_cppflags="$CPPFLAGS" CPPFLAGS="$NIDSINC" echo $ac_n "checking whether libnids version is good""... $ac_c" 1>&6 -echo "configure:3156: checking whether libnids version is good" >&5 +echo "configure:3203: checking whether libnids version is good" >&5 cat > conftest.$ac_ext < EOF @@ -3173,7 +3220,7 @@ echo $ac_n "checking for OpenSSL""... $ac_c" 1>&6 -echo "configure:3177: checking for OpenSSL" >&5 +echo "configure:3224: checking for OpenSSL" >&5 # Check whether --with-openssl or --without-openssl was given. if test "${with_openssl+set}" = set; then withval="$with_openssl" --- a/configure.in 2011-06-19 17:14:11.195999387 -0500 +++ b/configure.in 2011-06-19 17:15:06.683999375 -0500 @@ -57,6 +57,7 @@ AC_CHECK_LIB(nsl, gethostbyname) dnl XXX - feh, everything except OpenBSD sux. AC_CHECK_LIB(resolv, dn_expand) +AC_CHECK_LIB(resolv, __dn_expand) AC_REPLACE_FUNCS(dirname strlcpy strlcat strsep) needmd5=no AC_CHECK_FUNCS(MD5Update, , [needmd5=yes]) debian/rules0000755000000000000000000000030411602101133010227 0ustar #!/usr/bin/make -f # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 #export DH_OPTIONS=-v %: dh $@ override_dh_auto_install: $(MAKE) install prefix=$(CURDIR)/debian/dsniff/usr debian/compat0000644000000000000000000000000211575606017010374 0ustar 8