hollalinux
/
slackbuilds
mirror of https://github.com/SlackBuildsOrg/slackbuilds.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

network/dsniff: Update to the latest debian patches. 

Thanks to USUARIONUEVO for the report

Signed-off-by: Matteo Bernardini <ponce@slackbuilds.org>
This commit is contained in:
Matteo Bernardini 2021-02-18 18:49:06 +01:00 committed by Robby Workman
parent e46aa14cab
commit f706b0bc33
41 changed files with 4114 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
network/dsniff/dsniff.SlackBuild
View File

@ -73,11 +73,9 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
zcat $CWD/dsniff_2.4b1+debian-18.diff.gz | patch -p1
for i in debian/patches/*.dpatch; do
patch -N < "$i"
done
sed -i 's|${CC-cc} -E|${CC-cc} -O2 -E|g' configure
for i in $CWD/patches/*.patch; do patch -p1 < $i; done
autoreconf -fi
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
@ -87,6 +85,7 @@ CXXFLAGS="$SLKCFLAGS" \
--mandir=/usr/man \
--sysconfdir=/etc \
--localstatedir=/var \
--with-libtirpc \
--build=$ARCH-slackware-linux
make

BIN
network/dsniff/dsniff_2.4b1+debian-18.diff.gz
View File

Binary file not shown.

26
network/dsniff/patches/01_time.h.patch Normal file
View File

@ -0,0 +1,26 @@
Author: Steve Kemp <skx@debian.org>
Description: Include <time.h> to fix segfault on some architectures.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315969
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/msgsnarf.c
+++ b/msgsnarf.c
@@ -23,6 +23,7 @@
#include <nids.h>
#include <pcap.h>
#include <pcaputil.h>
+#include <time.h>
#include "buf.h"
#include "decode.h"
--- a/sshow.c
+++ b/sshow.c
@@ -15,6 +15,7 @@
#include <sys/types.h>
#include <sys/times.h>
+#include <time.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>

17
network/dsniff/patches/02_mailsnarf_corrupt.patch Normal file
View File

@ -0,0 +1,17 @@
Author: Steve Kemp <skx@debian.org>
Description: mailsnarf does not parse mail correctly.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=149330
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/mailsnarf.c
+++ b/mailsnarf.c
@@ -178,7 +178,7 @@
if (smtp->state != SMTP_DATA) {
while ((i = buf_index(&buf, "\r\n", 2)) >= 0) {
line = buf_tok(&buf, NULL, i + 2);
- line->base[line->end] = '\0';
+ line->base[line->end-1] = '\0';
p = buf_ptr(line);
if (strncasecmp(p, "RSET", 4) == 0) {

534
network/dsniff/patches/03_pcap_read_dump.patch Normal file
View File

@ -0,0 +1,534 @@
Author: Joseph Battaglia <sephail@sephail.net> and Joshua Krage <jkrage@guisarme.us>
Description: Allow the reading of saved PCAP capture files.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=153462
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298604
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/dsniff.8
+++ b/dsniff.8
@@ -10,7 +10,7 @@
.nf
.fi
\fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i
-\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
+\fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
[\fB-t \fItrigger[,...]\fR]]
[\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR]
.SH DESCRIPTION
@@ -45,6 +45,9 @@
Do not resolve IP addresses to hostnames.
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Rather than processing the contents of packets observed upon the network
+process the given PCAP capture file.
.IP "\fB-s \fIsnaplen\fR"
Analyze at most the first \fIsnaplen\fR bytes of each TCP connection,
rather than the default of 1024.
--- a/dsniff.c
+++ b/dsniff.c
@@ -46,8 +46,9 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n"
- " [-t trigger[,...]] [-r|-w savefile] [expression]\n");
+ "Usage: dsniff [-cdmn] [-i interface | -p pcapfile] [-s snaplen]\n"
+ " [-f services] [-t trigger[,...]] [-r|-w savefile]\n"
+ " [expression]\n");
exit(1);
}
@@ -79,7 +80,7 @@
services = savefile = triggers = NULL;
- while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) {
switch (c) {
case 'c':
Opt_client = 1;
@@ -99,6 +100,9 @@
case 'n':
Opt_dns = 0;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'r':
Opt_read = 1;
savefile = optarg;
@@ -168,10 +172,23 @@
else nids_register_tcp(trigger_tcp);
if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
}
- else warnx("listening on %s", nids_params.device);
nids_run();
--- a/filesnarf.8
+++ b/filesnarf.8
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -18,6 +18,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
files.
--- a/filesnarf.c
+++ b/filesnarf.c
@@ -51,7 +51,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: filesnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -464,11 +464,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -498,11 +501,24 @@
nids_register_ip(decode_udp_nfs);
nids_register_tcp(decode_tcp_nfs);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- a/mailsnarf.8
+++ b/mailsnarf.8
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -19,6 +19,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
messages.
--- a/mailsnarf.c
+++ b/mailsnarf.c
@@ -59,7 +59,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: mailsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -344,11 +344,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -378,10 +381,23 @@
nids_register_tcp(sniff_pop_session);
if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- a/msgsnarf.8
+++ b/msgsnarf.8
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -19,6 +19,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
messages.
--- a/msgsnarf.c
+++ b/msgsnarf.c
@@ -45,7 +45,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -633,11 +633,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:hv?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -666,11 +669,24 @@
nids_register_tcp(sniff_msgs);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- a/sshow.8
+++ b/sshow.8
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR]
+\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR]
.SH DESCRIPTION
.ad
.fi
@@ -28,6 +28,8 @@
Enable verbose debugging output.
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP "\fIexpression\fR"
Specify a tcpdump(8) filter expression to select traffic to sniff.
.SH "SEE ALSO"
--- a/sshow.c
+++ b/sshow.c
@@ -82,7 +82,7 @@
static void
usage(void)
{
- fprintf(stderr, "Usage: sshow [-d] [-i interface]\n");
+ fprintf(stderr, "Usage: sshow [-d] [-i interface | -p pcapfile]\n");
exit(1);
}
@@ -616,7 +616,7 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "di:h?")) != -1) {
+ while ((c = getopt(argc, argv, "di:p:h?")) != -1) {
switch (c) {
case 'd':
debug++;
@@ -624,6 +624,9 @@
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
default:
usage();
break;
@@ -652,11 +655,24 @@
nids_register_tcp(process_event);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- a/urlsnarf.8
+++ b/urlsnarf.8
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -21,6 +21,9 @@
.IP \fB-n\fR
Do not resolve IP addresses to hostnames.
.IP "\fB-i \fIinterface\fR"
+Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
URLs.
--- a/urlsnarf.c
+++ b/urlsnarf.c
@@ -41,7 +41,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -201,11 +201,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'n':
Opt_dns = 0;
break;
@@ -238,8 +241,24 @@
nids_register_tcp(sniff_http_client);
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- a/webspy.8
+++ b/webspy.8
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR
+\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR
.SH DESCRIPTION
.ad
.fi
@@ -20,6 +20,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fIhost\fR
Specify the web client to spy on.
.SH "SEE ALSO"
--- a/webspy.c
+++ b/webspy.c
@@ -42,7 +42,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: %s [-i interface] host\n", progname);
+ "Usage: %s [-i interface | -p pcapfile] host\n", progname);
exit(1);
}
@@ -184,11 +184,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
default:
usage();
}
@@ -216,7 +219,13 @@
nids_register_tcp(sniff_http_client);
- warnx("listening on %s", nids_params.device);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+
nids_run();

56
network/dsniff/patches/04_multiple_intf.patch Normal file
View File

@ -0,0 +1,56 @@
Author: Steve Kemp <skx@debian.org>
Description: Work with multiple interfaces.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242369
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/arp.c
+++ b/arp.c
@@ -39,7 +39,7 @@
#ifdef BSD
int
-arp_cache_lookup(in_addr_t ip, struct ether_addr *ether)
+arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf)
{
int mib[6];
size_t len;
@@ -91,7 +91,7 @@
#endif
int
-arp_cache_lookup(in_addr_t ip, struct ether_addr *ether)
+arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* lif)
{
int sock;
struct arpreq ar;
@@ -99,7 +99,7 @@
memset((char *)&ar, 0, sizeof(ar));
#ifdef __linux__
- strncpy(ar.arp_dev, "eth0", sizeof(ar.arp_dev)); /* XXX - *sigh* */
+ strncpy(ar.arp_dev, lif, strlen(lif));
#endif
sin = (struct sockaddr_in *)&ar.arp_pa;
sin->sin_family = AF_INET;
--- a/arp.h
+++ b/arp.h
@@ -11,6 +11,6 @@
#ifndef _ARP_H_
#define _ARP_H_
-int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether);
+int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf);
#endif /* _ARP_H_ */
--- a/arpspoof.c
+++ b/arpspoof.c
@@ -113,7 +113,7 @@
int i = 0;
do {
- if (arp_cache_lookup(ip, mac) == 0)
+ if (arp_cache_lookup(ip, mac, intf) == 0)
return (1);
#ifdef __linux__
/* XXX - force the kernel to arp. feh. */

221
network/dsniff/patches/05_amd64_fix.patch Normal file
View File

@ -0,0 +1,221 @@
Author: Steve Kemp <skx@debian.org>
Description: Compile under AMD64.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=254002
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/configure
+++ b/configure
@@ -2667,15 +2667,62 @@
echo "$ac_t""no" 1>&6
fi
+echo $ac_n "checking for __dn_expand in -lresolv""... $ac_c" 1>&6
+echo "configure:2672: checking for __dn_expand in -lresolv" >&5
+ac_lib_var=`echo resolv'_'__dn_expand | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lresolv $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 2680 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char __dn_expand();
+
+int main() {
+__dn_expand()
+; return 0; }
+EOF
+if { (eval echo configure:2691: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_lib=HAVE_LIB`echo resolv | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ LIBS="-lresolv $LIBS"
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+
for ac_func in dirname strlcpy strlcat strsep
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2674: checking for $ac_func" >&5
+echo "configure:2721: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 2679 "configure"
+#line 2726 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -2698,7 +2745,7 @@
; return 0; }
EOF
-if { (eval echo configure:2702: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -2728,12 +2775,12 @@
for ac_func in MD5Update
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2732: checking for $ac_func" >&5
+echo "configure:2779: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 2737 "configure"
+#line 2784 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -2756,7 +2803,7 @@
; return 0; }
EOF
-if { (eval echo configure:2760: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -2788,12 +2835,12 @@
for ac_func in warnx
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2792: checking for $ac_func" >&5
+echo "configure:2839: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 2797 "configure"
+#line 2844 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -2816,7 +2863,7 @@
; return 0; }
EOF
-if { (eval echo configure:2820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -2848,12 +2895,12 @@
for ac_func in ether_ntoa
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2852: checking for $ac_func" >&5
+echo "configure:2899: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 2857 "configure"
+#line 2904 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -2876,7 +2923,7 @@
; return 0; }
EOF
-if { (eval echo configure:2880: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2927: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -2912,7 +2959,7 @@
fi
echo $ac_n "checking for Berkeley DB with 1.85 compatibility""... $ac_c" 1>&6
-echo "configure:2916: checking for Berkeley DB with 1.85 compatibility" >&5
+echo "configure:2963: checking for Berkeley DB with 1.85 compatibility" >&5
# Check whether --with-db or --without-db was given.
if test "${with_db+set}" = set; then
withval="$with_db"
@@ -3015,7 +3062,7 @@
echo $ac_n "checking for libpcap""... $ac_c" 1>&6
-echo "configure:3019: checking for libpcap" >&5
+echo "configure:3066: checking for libpcap" >&5
# Check whether --with-libpcap or --without-libpcap was given.
if test "${with_libpcap+set}" = set; then
withval="$with_libpcap"
@@ -3063,7 +3110,7 @@
echo $ac_n "checking for libnet""... $ac_c" 1>&6
-echo "configure:3067: checking for libnet" >&5
+echo "configure:3114: checking for libnet" >&5
# Check whether --with-libnet or --without-libnet was given.
if test "${with_libnet+set}" = set; then
withval="$with_libnet"
@@ -3110,7 +3157,7 @@
echo $ac_n "checking for libnids""... $ac_c" 1>&6
-echo "configure:3114: checking for libnids" >&5
+echo "configure:3161: checking for libnids" >&5
# Check whether --with-libnids or --without-libnids was given.
if test "${with_libnids+set}" = set; then
withval="$with_libnids"
@@ -3152,9 +3199,9 @@
save_cppflags="$CPPFLAGS"
CPPFLAGS="$NIDSINC"
echo $ac_n "checking whether libnids version is good""... $ac_c" 1>&6
-echo "configure:3156: checking whether libnids version is good" >&5
+echo "configure:3203: checking whether libnids version is good" >&5
cat > conftest.$ac_ext <<EOF
-#line 3158 "configure"
+#line 3205 "configure"
#include "confdefs.h"
#include <nids.h>
EOF
@@ -3173,7 +3220,7 @@
echo $ac_n "checking for OpenSSL""... $ac_c" 1>&6
-echo "configure:3177: checking for OpenSSL" >&5
+echo "configure:3224: checking for OpenSSL" >&5
# Check whether --with-openssl or --without-openssl was given.
if test "${with_openssl+set}" = set; then
withval="$with_openssl"
--- a/configure.in
+++ b/configure.in
@@ -57,6 +57,7 @@
AC_CHECK_LIB(nsl, gethostbyname)
dnl XXX - feh, everything except OpenBSD sux.
AC_CHECK_LIB(resolv, dn_expand)
+AC_CHECK_LIB(resolv, __dn_expand)
AC_REPLACE_FUNCS(dirname strlcpy strlcat strsep)
needmd5=no
AC_CHECK_FUNCS(MD5Update, , [needmd5=yes])

17
network/dsniff/patches/06_urlsnarf_zeropad.patch Normal file
View File

@ -0,0 +1,17 @@
Author: Steve Kemp <skx@debian.org>
Description: urlsnarf: zero-pad date.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298605
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/urlsnarf.c
+++ b/urlsnarf.c
@@ -68,7 +68,7 @@
t->tm_hour - gmt.tm_hour);
tz = hours * 60 + t->tm_min - gmt.tm_min;
- len = strftime(tstr, sizeof(tstr), "%e/%b/%Y:%X", t);
+ len = strftime(tstr, sizeof(tstr), "%d/%b/%Y:%X", t);
if (len < 0 || len > sizeof(tstr) - 5)
return (NULL);

906
network/dsniff/patches/07_libnet_1.1.patch Normal file
View File

@ -0,0 +1,906 @@
Author: Faidon Liambotis <paravoid@debian.org>
Description: Use libnet v1.1 instead of v1.0
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/arpspoof.c
+++ b/arpspoof.c
@@ -27,7 +27,7 @@
extern char *ether_ntoa(struct ether_addr *);
-static struct libnet_link_int *llif;
+static libnet_t *l;
static struct ether_addr spoof_mac, target_mac;
static in_addr_t spoof_ip, target_ip;
static char *intf;
@@ -41,47 +41,49 @@
}
static int
-arp_send(struct libnet_link_int *llif, char *dev,
- int op, u_char *sha, in_addr_t spa, u_char *tha, in_addr_t tpa)
+arp_send(libnet_t *l, int op, u_int8_t *sha,
+ in_addr_t spa, u_int8_t *tha, in_addr_t tpa)
{
- char ebuf[128];
- u_char pkt[60];
-
+ int retval;
+
if (sha == NULL &&
- (sha = (u_char *)libnet_get_hwaddr(llif, dev, ebuf)) == NULL) {
+ (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
return (-1);
}
if (spa == 0) {
- if ((spa = libnet_get_ipaddr(llif, dev, ebuf)) == 0)
+ if ((spa = libnet_get_ipaddr4(l)) == -1)
return (-1);
- spa = htonl(spa); /* XXX */
}
if (tha == NULL)
tha = "\xff\xff\xff\xff\xff\xff";
- libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, pkt);
+ libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
+ tha, (u_int8_t *)&tpa, l);
+ libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0);
- libnet_build_arp(ARPHRD_ETHER, ETHERTYPE_IP, ETHER_ADDR_LEN, 4,
- op, sha, (u_char *)&spa, tha, (u_char *)&tpa,
- NULL, 0, pkt + ETH_H);
-
fprintf(stderr, "%s ",
ether_ntoa((struct ether_addr *)sha));
if (op == ARPOP_REQUEST) {
fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
ether_ntoa((struct ether_addr *)tha),
- libnet_host_lookup(tpa, 0),
- libnet_host_lookup(spa, 0));
+ libnet_addr2name4(tpa, LIBNET_DONT_RESOLVE),
+ libnet_addr2name4(spa, LIBNET_DONT_RESOLVE));
}
else {
fprintf(stderr, "%s 0806 42: arp reply %s is-at ",
ether_ntoa((struct ether_addr *)tha),
- libnet_host_lookup(spa, 0));
+ libnet_addr2name4(spa, LIBNET_DONT_RESOLVE));
fprintf(stderr, "%s\n",
ether_ntoa((struct ether_addr *)sha));
}
- return (libnet_write_link_layer(llif, dev, pkt, sizeof(pkt)) == sizeof(pkt));
+ retval = libnet_write(l);
+ if (retval)
+ fprintf(stderr, "%s", libnet_geterror(l));
+
+ libnet_clear_packet(l);
+
+ return retval;
}
#ifdef __linux__
@@ -119,7 +121,7 @@
/* XXX - force the kernel to arp. feh. */
arp_force(ip);
#else
- arp_send(llif, intf, ARPOP_REQUEST, NULL, 0, NULL, ip);
+ arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip);
#endif
sleep(1);
}
@@ -136,9 +138,9 @@
if (arp_find(spoof_ip, &spoof_mac)) {
for (i = 0; i < 3; i++) {
/* XXX - on BSD, requires ETHERSPOOF kernel. */
- arp_send(llif, intf, ARPOP_REPLY,
- (u_char *)&spoof_mac, spoof_ip,
- (target_ip ? (u_char *)&target_mac : NULL),
+ arp_send(l, ARPOP_REPLY,
+ (u_int8_t *)&spoof_mac, spoof_ip,
+ (target_ip ? (u_int8_t *)&target_mac : NULL),
target_ip);
sleep(1);
}
@@ -151,7 +153,8 @@
{
extern char *optarg;
extern int optind;
- char ebuf[PCAP_ERRBUF_SIZE];
+ char pcap_ebuf[PCAP_ERRBUF_SIZE];
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
int c;
intf = NULL;
@@ -163,7 +166,7 @@
intf = optarg;
break;
case 't':
- if ((target_ip = libnet_name_resolve(optarg, 1)) == -1)
+ if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
usage();
break;
default:
@@ -176,26 +179,26 @@
if (argc != 1)
usage();
- if ((spoof_ip = libnet_name_resolve(argv[0], 1)) == -1)
+ if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
- if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL)
- errx(1, "%s", ebuf);
+ if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
+ errx(1, "%s", pcap_ebuf);
- if ((llif = libnet_open_link_interface(intf, ebuf)) == 0)
- errx(1, "%s", ebuf);
+ if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
if (target_ip != 0 && !arp_find(target_ip, &target_mac))
errx(1, "couldn't arp for host %s",
- libnet_host_lookup(target_ip, 0));
+ libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
signal(SIGHUP, cleanup);
signal(SIGINT, cleanup);
signal(SIGTERM, cleanup);
for (;;) {
- arp_send(llif, intf, ARPOP_REPLY, NULL, spoof_ip,
- (target_ip ? (u_char *)&target_mac : NULL),
+ arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
+ (target_ip ? (u_int8_t *)&target_mac : NULL),
target_ip);
sleep(2);
}
--- a/dnsspoof.c
+++ b/dnsspoof.c
@@ -38,7 +38,7 @@
pcap_t *pcap_pd = NULL;
int pcap_off = -1;
-int lnet_sock = -1;
+libnet_t *l;
u_long lnet_ip = -1;
static void
@@ -90,19 +90,18 @@
dns_init(char *dev, char *filename)
{
FILE *f;
- struct libnet_link_int *llif;
+ libnet_t *l;
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
struct dnsent *de;
char *ip, *name, buf[1024];
- if ((llif = libnet_open_link_interface(dev, buf)) == NULL)
- errx(1, "%s", buf);
+ if ((l = libnet_init(LIBNET_LINK, dev, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
- if ((lnet_ip = libnet_get_ipaddr(llif, dev, buf)) == -1)
- errx(1, "%s", buf);
+ if ((lnet_ip = libnet_get_ipaddr4(l)) == -1)
+ errx(1, "%s", libnet_geterror(l));
- lnet_ip = htonl(lnet_ip);
-
- libnet_close_link_interface(llif);
+ libnet_destroy(l);
SLIST_INIT(&dns_entries);
@@ -180,7 +179,7 @@
static void
dns_spoof(u_char *u, const struct pcap_pkthdr *pkthdr, const u_char *pkt)
{
- struct libnet_ip_hdr *ip;
+ struct libnet_ipv4_hdr *ip;
struct libnet_udp_hdr *udp;
HEADER *dns;
char name[MAXHOSTNAMELEN];
@@ -189,7 +188,7 @@
in_addr_t dst;
u_short type, class;
- ip = (struct libnet_ip_hdr *)(pkt + pcap_off);
+ ip = (struct libnet_ipv4_hdr *)(pkt + pcap_off);
udp = (struct libnet_udp_hdr *)(pkt + pcap_off + (ip->ip_hl * 4));
dns = (HEADER *)(udp + 1);
p = (u_char *)(dns + 1);
@@ -212,7 +211,7 @@
if (class != C_IN)
return;
- p = buf + IP_H + UDP_H + dnslen;
+ p = buf + dnslen;
if (type == T_A) {
if ((dst = dns_lookup_a(name)) == -1)
@@ -234,38 +233,38 @@
anslen += 12;
}
else return;
-
- libnet_build_ip(UDP_H + dnslen + anslen, 0, libnet_get_prand(PRu16),
- 0, 64, IPPROTO_UDP, ip->ip_dst.s_addr,
- ip->ip_src.s_addr, NULL, 0, buf);
-
- libnet_build_udp(ntohs(udp->uh_dport), ntohs(udp->uh_sport),
- NULL, dnslen + anslen, buf + IP_H);
- memcpy(buf + IP_H + UDP_H, (u_char *)dns, dnslen);
+ memcpy(buf, (u_char *)dns, dnslen);
- dns = (HEADER *)(buf + IP_H + UDP_H);
+ dns = (HEADER *)buf;
dns->qr = dns->ra = 1;
if (type == T_PTR) dns->aa = 1;
dns->ancount = htons(1);
dnslen += anslen;
+
+ libnet_clear_packet(l);
+ libnet_build_udp(ntohs(udp->uh_dport), ntohs(udp->uh_sport),
+ LIBNET_UDP_H + dnslen, 0,
+ (u_int8_t *)buf, dnslen, l, 0);
+
+ libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_UDP_H + dnslen, 0,
+ libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_UDP, 0,
+ ip->ip_dst.s_addr, ip->ip_src.s_addr, NULL, 0, l, 0);
- libnet_do_checksum(buf, IPPROTO_UDP, UDP_H + dnslen);
-
- if (libnet_write_ip(lnet_sock, buf, IP_H + UDP_H + dnslen) < 0)
+ if (libnet_write(l) < 0)
warn("write");
fprintf(stderr, "%s.%d > %s.%d: %d+ %s? %s\n",
- libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(udp->uh_sport),
- libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(udp->uh_dport),
+ libnet_addr2name4(ip->ip_src.s_addr, 0), ntohs(udp->uh_sport),
+ libnet_addr2name4(ip->ip_dst.s_addr, 0), ntohs(udp->uh_dport),
ntohs(dns->id), type == T_A ? "A" : "PTR", name);
}
static void
cleanup(int sig)
{
- libnet_close_raw_sock(lnet_sock);
+ libnet_destroy(l);
pcap_close(pcap_pd);
exit(0);
}
@@ -276,6 +275,7 @@
extern char *optarg;
extern int optind;
char *p, *dev, *hosts, buf[1024];
+ char ebuf[LIBNET_ERRBUF_SIZE];
int i;
dev = hosts = NULL;
@@ -306,7 +306,7 @@
strlcpy(buf, p, sizeof(buf));
}
else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s",
- libnet_host_lookup(lnet_ip, 0));
+ libnet_addr2name4(lnet_ip, LIBNET_DONT_RESOLVE));
if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL)
errx(1, "couldn't initialize sniffing");
@@ -314,10 +314,10 @@
if ((pcap_off = pcap_dloff(pcap_pd)) < 0)
errx(1, "couldn't determine link layer offset");
- if ((lnet_sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
+ if ((l = libnet_init(LIBNET_RAW4, dev, ebuf)) == NULL)
errx(1, "couldn't initialize sending");
- libnet_seed_prand();
+ libnet_seed_prand(l);
signal(SIGHUP, cleanup);
signal(SIGINT, cleanup);
--- a/filesnarf.c
+++ b/filesnarf.c
@@ -134,8 +134,8 @@
int fd;
warnx("%s.%d > %s.%d: %s (%d@%d)",
- libnet_host_lookup(addr->daddr, 0), addr->dest,
- libnet_host_lookup(addr->saddr, 0), addr->source,
+ libnet_addr2name4(addr->daddr, LIBNET_DONT_RESOLVE), addr->dest,
+ libnet_addr2name4(addr->saddr, LIBNET_DONT_RESOLVE), addr->source,
ma->filename, len, ma->offset);
if ((fd = open(ma->filename, O_WRONLY|O_CREAT, 0644)) >= 0) {
@@ -353,7 +353,7 @@
}
static void
-decode_udp_nfs(struct libnet_ip_hdr *ip)
+decode_udp_nfs(struct libnet_ipv4_hdr *ip)
{
static struct tuple4 addr;
struct libnet_udp_hdr *udp;
--- a/macof.c
+++ b/macof.c
@@ -48,8 +48,8 @@
static void
gen_mac(u_char *mac)
{
- *((in_addr_t *)mac) = libnet_get_prand(PRu32);
- *((u_short *)(mac + 4)) = libnet_get_prand(PRu16);
+ *((in_addr_t *)mac) = libnet_get_prand(LIBNET_PRu32);
+ *((u_short *)(mac + 4)) = libnet_get_prand(LIBNET_PRu16);
}
int
@@ -59,22 +59,23 @@
extern int optind;
int c, i;
struct libnet_link_int *llif;
- char ebuf[PCAP_ERRBUF_SIZE];
+ char pcap_ebuf[PCAP_ERRBUF_SIZE];
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
u_char sha[ETHER_ADDR_LEN], tha[ETHER_ADDR_LEN];
in_addr_t src, dst;
u_short sport, dport;
u_int32_t seq;
- u_char pkt[ETH_H + IP_H + TCP_H];
+ libnet_t *l;
while ((c = getopt(argc, argv, "vs:d:e:x:y:i:n:h?V")) != -1) {
switch (c) {
case 'v':
break;
case 's':
- Src = libnet_name_resolve(optarg, 0);
+ Src = libnet_name2addr4(l, optarg, 0);
break;
case 'd':
- Dst = libnet_name_resolve(optarg, 0);
+ Dst = libnet_name2addr4(l, optarg, 0);
break;
case 'e':
Tha = (u_char *)ether_aton(optarg);
@@ -101,13 +102,13 @@
if (argc != 0)
usage();
- if (!Intf && (Intf = pcap_lookupdev(ebuf)) == NULL)
- errx(1, "%s", ebuf);
+ if (!Intf && (Intf = pcap_lookupdev(pcap_ebuf)) == NULL)
+ errx(1, "%s", pcap_ebuf);
- if ((llif = libnet_open_link_interface(Intf, ebuf)) == 0)
- errx(1, "%s", ebuf);
+ if ((l = libnet_init(LIBNET_LINK, Intf, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
- libnet_seed_prand();
+ libnet_seed_prand(l);
for (i = 0; i != Repeat; i++) {
@@ -117,39 +118,39 @@
else memcpy(tha, Tha, sizeof(tha));
if (Src != 0) src = Src;
- else src = libnet_get_prand(PRu32);
+ else src = libnet_get_prand(LIBNET_PRu32);
if (Dst != 0) dst = Dst;
- else dst = libnet_get_prand(PRu32);
+ else dst = libnet_get_prand(LIBNET_PRu32);
if (Sport != 0) sport = Sport;
- else sport = libnet_get_prand(PRu16);
+ else sport = libnet_get_prand(LIBNET_PRu16);
if (Dport != 0) dport = Dport;
- else dport = libnet_get_prand(PRu16);
+ else dport = libnet_get_prand(LIBNET_PRu16);
- seq = libnet_get_prand(PRu32);
-
- libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, pkt);
-
- libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 64,
- IPPROTO_TCP, src, dst, NULL, 0, pkt + ETH_H);
+ seq = libnet_get_prand(LIBNET_PRu32);
libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512,
- 0, NULL, 0, pkt + ETH_H + IP_H);
+ 0, 0, LIBNET_TCP_H, NULL, 0, l, 0);
- libnet_do_checksum(pkt + ETH_H, IPPROTO_IP, IP_H);
- libnet_do_checksum(pkt + ETH_H, IPPROTO_TCP, TCP_H);
+ libnet_build_ipv4(LIBNET_TCP_H, 0,
+ libnet_get_prand(LIBNET_PRu16), 0, 64,
+ IPPROTO_TCP, 0, src, dst, NULL, 0, l, 0);
- if (libnet_write_link_layer(llif, Intf, pkt, sizeof(pkt)) < 0)
+ libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, l, 0);
+
+ if (libnet_write(l) < 0)
errx(1, "write");
+ libnet_clear_packet(l);
+
fprintf(stderr, "%s ",
ether_ntoa((struct ether_addr *)sha));
fprintf(stderr, "%s %s.%d > %s.%d: S %u:%u(0) win 512\n",
ether_ntoa((struct ether_addr *)tha),
- libnet_host_lookup(Src, 0), sport,
- libnet_host_lookup(Dst, 0), dport, seq, seq);
+ libnet_addr2name4(Src, 0), sport,
+ libnet_addr2name4(Dst, 0), dport, seq, seq);
}
exit(0);
}
--- a/record.c
+++ b/record.c
@@ -65,8 +65,8 @@
tm = localtime(&rec->time);
strftime(tstr, sizeof(tstr), "%x %X", tm);
- srcp = libnet_host_lookup(rec->src, Opt_dns);
- dstp = libnet_host_lookup(rec->dst, Opt_dns);
+ srcp = libnet_addr2name4(rec->src, Opt_dns);
+ dstp = libnet_addr2name4(rec->dst, Opt_dns);
if ((pr = getprotobynumber(rec->proto)) == NULL)
protop = "unknown";
--- a/sshmitm.c
+++ b/sshmitm.c
@@ -389,7 +389,7 @@
if (argc < 1)
usage();
- if ((ip = libnet_name_resolve(argv[0], 1)) == -1)
+ if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1)
usage();
if (argc == 2 && (rport = atoi(argv[1])) == 0)
--- a/tcpkill.c
+++ b/tcpkill.c
@@ -39,17 +39,18 @@
static void
tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt)
{
- struct libnet_ip_hdr *ip;
+ struct libnet_ipv4_hdr *ip;
struct libnet_tcp_hdr *tcp;
- u_char ctext[64], buf[IP_H + TCP_H];
+ u_char ctext[64];
u_int32_t seq, win;
- int i, *sock, len;
+ int i, len;
+ libnet_t *l;
- sock = (int *)user;
+ l = (libnet_t *)user;
pkt += pcap_off;
len = pcap->caplen - pcap_off;
- ip = (struct libnet_ip_hdr *)pkt;
+ ip = (struct libnet_ipv4_hdr *)pkt;
if (ip->ip_p != IPPROTO_TCP)
return;
@@ -57,34 +58,31 @@
if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST))
return;
- libnet_build_ip(TCP_H, 0, 0, 0, 64, IPPROTO_TCP,
- ip->ip_dst.s_addr, ip->ip_src.s_addr,
- NULL, 0, buf);
-
- libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),
- 0, 0, TH_RST, 0, 0, NULL, 0, buf + IP_H);
-
seq = ntohl(tcp->th_ack);
win = ntohs(tcp->th_win);
snprintf(ctext, sizeof(ctext), "%s:%d > %s:%d:",
- libnet_host_lookup(ip->ip_src.s_addr, 0),
+ libnet_addr2name4(ip->ip_src.s_addr, LIBNET_DONT_RESOLVE),
ntohs(tcp->th_sport),
- libnet_host_lookup(ip->ip_dst.s_addr, 0),
+ libnet_addr2name4(ip->ip_dst.s_addr, LIBNET_DONT_RESOLVE),
ntohs(tcp->th_dport));
- ip = (struct libnet_ip_hdr *)buf;
- tcp = (struct libnet_tcp_hdr *)(ip + 1);
-
for (i = 0; i < Opt_severity; i++) {
- ip->ip_id = libnet_get_prand(PRu16);
seq += (i * win);
- tcp->th_seq = htonl(seq);
- libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
+ libnet_clear_packet(l);
+
+ libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),
+ seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H,
+ NULL, 0, l, 0);
+
+ libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0,
+ libnet_get_prand(LIBNET_PRu16), 0, 64,
+ IPPROTO_TCP, 0, ip->ip_dst.s_addr,
+ ip->ip_src.s_addr, NULL, 0, l, 0);
- if (libnet_write_ip(*sock, buf, sizeof(buf)) < 0)
- warn("write_ip");
+ if (libnet_write(l) < 0)
+ warn("write");
fprintf(stderr, "%s R %lu:%lu(0) win 0\n", ctext, seq, seq);
}
@@ -95,8 +93,10 @@
{
extern char *optarg;
extern int optind;
- int c, sock;
+ int c;
char *p, *intf, *filter, ebuf[PCAP_ERRBUF_SIZE];
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ libnet_t *l;
pcap_t *pd;
intf = NULL;
@@ -136,14 +136,14 @@
if ((pcap_off = pcap_dloff(pd)) < 0)
errx(1, "couldn't determine link layer offset");
- if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
+ if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL)
errx(1, "couldn't initialize sending");
- libnet_seed_prand();
+ libnet_seed_prand(l);
warnx("listening on %s [%s]", intf, filter);
- pcap_loop(pd, -1, tcp_kill_cb, (u_char *)&sock);
+ pcap_loop(pd, -1, tcp_kill_cb, (u_char *)l);
/* NOTREACHED */
--- a/tcpnice.c
+++ b/tcpnice.c
@@ -41,107 +41,106 @@
}
static void
-send_tcp_window_advertisement(int sock, struct libnet_ip_hdr *ip,
+send_tcp_window_advertisement(libnet_t *l, struct libnet_ipv4_hdr *ip,
struct libnet_tcp_hdr *tcp)
{
int len;
ip->ip_hl = 5;
- ip->ip_len = htons(IP_H + TCP_H);
- ip->ip_id = libnet_get_prand(PRu16);
- memcpy(buf, (u_char *)ip, IP_H);
+ ip->ip_len = htons(LIBNET_IPV4_H + LIBNET_TCP_H);
+ ip->ip_id = libnet_get_prand(LIBNET_PRu16);
+ memcpy(buf, (u_char *)ip, LIBNET_IPV4_H);
tcp->th_off = 5;
tcp->th_win = htons(MIN_WIN);
- memcpy(buf + IP_H, (u_char *)tcp, TCP_H);
+ memcpy(buf + LIBNET_IPV4_H, (u_char *)tcp, LIBNET_TCP_H);
- libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
+ libnet_do_checksum(l, buf, IPPROTO_TCP, LIBNET_TCP_H);
- len = IP_H + TCP_H;
+ len = LIBNET_IPV4_H + LIBNET_TCP_H;
- if (libnet_write_ip(sock, buf, len) != len)
+ if (libnet_write_raw_ipv4(l, buf, len) != len)
warn("write");
fprintf(stderr, "%s:%d > %s:%d: . ack %lu win %d\n",
- libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport),
- libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport),
+ libnet_addr2name4(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport),
+ libnet_addr2name4(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport),
ntohl(tcp->th_ack), 1);
}
static void
-send_icmp_source_quench(int sock, struct libnet_ip_hdr *ip)
+send_icmp_source_quench(libnet_t *l, struct libnet_ipv4_hdr *ip)
{
- struct libnet_icmp_hdr *icmp;
+ struct libnet_icmpv4_hdr *icmp;
int len;
len = (ip->ip_hl * 4) + 8;
- libnet_build_ip(ICMP_ECHO_H + len, 0, libnet_get_prand(PRu16),
- 0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr,
- ip->ip_src.s_addr, NULL, 0, buf);
-
- icmp = (struct libnet_icmp_hdr *)(buf + IP_H);
+ icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H);
icmp->icmp_type = ICMP_SOURCEQUENCH;
icmp->icmp_code = 0;
- memcpy((u_char *)icmp + ICMP_ECHO_H, (u_char *)ip, len);
+ memcpy((u_char *)icmp + LIBNET_ICMPV4_ECHO_H, (u_char *)ip, len);
- libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_ECHO_H + len);
+ len += LIBNET_ICMPV4_ECHO_H;
- len += (IP_H + ICMP_ECHO_H);
+ libnet_build_ipv4(LIBNET_IPV4_H + len, 0,
+ libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP,
+ 0, ip->ip_dst.s_addr, ip->ip_src.s_addr,
+ (u_int8_t *) icmp, len, l, 0);
- if (libnet_write_ip(sock, buf, len) != len)
+ if (libnet_write(l) != len)
warn("write");
fprintf(stderr, "%s > %s: icmp: source quench\n",
- libnet_host_lookup(ip->ip_dst.s_addr, 0),
- libnet_host_lookup(ip->ip_src.s_addr, 0));
+ libnet_addr2name4(ip->ip_dst.s_addr, 0),
+ libnet_addr2name4(ip->ip_src.s_addr, 0));
}
static void
-send_icmp_frag_needed(int sock, struct libnet_ip_hdr *ip)
+send_icmp_frag_needed(libnet_t *l, struct libnet_ipv4_hdr *ip)
{
- struct libnet_icmp_hdr *icmp;
+ struct libnet_icmpv4_hdr *icmp;
int len;
len = (ip->ip_hl * 4) + 8;
- libnet_build_ip(ICMP_MASK_H + len, 4, libnet_get_prand(PRu16),
- 0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr,
- ip->ip_src.s_addr, NULL, 0, buf);
-
- icmp = (struct libnet_icmp_hdr *)(buf + IP_H);
+ icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H);
icmp->icmp_type = ICMP_UNREACH;
icmp->icmp_code = ICMP_UNREACH_NEEDFRAG;
icmp->hun.frag.pad = 0;
icmp->hun.frag.mtu = htons(MIN_MTU);
- memcpy((u_char *)icmp + ICMP_MASK_H, (u_char *)ip, len);
+ memcpy((u_char *)icmp + LIBNET_ICMPV4_MASK_H, (u_char *)ip, len);
- libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_MASK_H + len);
-
- len += (IP_H + ICMP_MASK_H);
+ len += LIBNET_ICMPV4_MASK_H;
+
+ libnet_build_ipv4(LIBNET_IPV4_H + len, 4,
+ libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP,
+ 0, ip->ip_dst.s_addr, ip->ip_src.s_addr,
+ (u_int8_t *) icmp, len, l, 0);
- if (libnet_write_ip(sock, buf, len) != len)
+ if (libnet_write(l) != len)
warn("write");
fprintf(stderr, "%s > %s: icmp: ",
- libnet_host_lookup(ip->ip_dst.s_addr, 0),
- libnet_host_lookup(ip->ip_src.s_addr, 0));
+ libnet_addr2name4(ip->ip_dst.s_addr, 0),
+ libnet_addr2name4(ip->ip_src.s_addr, 0));
fprintf(stderr, "%s unreachable - need to frag (mtu %d)\n",
- libnet_host_lookup(ip->ip_src.s_addr, 0), MIN_MTU);
+ libnet_addr2name4(ip->ip_src.s_addr, 0), MIN_MTU);
}
static void
tcp_nice_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt)
{
- struct libnet_ip_hdr *ip;
+ struct libnet_ipv4_hdr *ip;
struct libnet_tcp_hdr *tcp;
- int *sock, len;
+ int len;
+ libnet_t *l;
- sock = (int *)user;
+ l = (libnet_t *)user;
pkt += pcap_off;
len = pcap->caplen - pcap_off;
- ip = (struct libnet_ip_hdr *)pkt;
+ ip = (struct libnet_ipv4_hdr *)pkt;
if (ip->ip_p != IPPROTO_TCP)
return;
@@ -151,11 +150,11 @@
if (ntohs(ip->ip_len) > (ip->ip_hl << 2) + (tcp->th_off << 2)) {
if (Opt_icmp)
- send_icmp_source_quench(*sock, ip);
+ send_icmp_source_quench(l, ip);
if (Opt_win)
- send_tcp_window_advertisement(*sock, ip, tcp);
+ send_tcp_window_advertisement(l, ip, tcp);
if (Opt_pmtu)
- send_icmp_frag_needed(*sock, ip);
+ send_icmp_frag_needed(l, ip);
}
}
@@ -164,8 +163,10 @@
{
extern char *optarg;
extern int optind;
- int c, sock;
+ int c;
char *intf, *filter, ebuf[PCAP_ERRBUF_SIZE];
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ libnet_t *l;
pcap_t *pd;
intf = NULL;
@@ -209,14 +210,14 @@
if ((pcap_off = pcap_dloff(pd)) < 0)
errx(1, "couldn't determine link layer offset");
- if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
+ if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL)
errx(1, "couldn't initialize sending");
- libnet_seed_prand();
+ libnet_seed_prand(l);
warnx("listening on %s [%s]", intf, filter);
- pcap_loop(pd, -1, tcp_nice_cb, (u_char *)&sock);
+ pcap_loop(pd, -1, tcp_nice_cb, (u_char *)l);
/* NOTREACHED */
--- a/tcp_raw.c
+++ b/tcp_raw.c
@@ -119,7 +119,7 @@
}
struct iovec *
-tcp_raw_input(struct libnet_ip_hdr *ip, struct libnet_tcp_hdr *tcp, int len)
+tcp_raw_input(struct libnet_ipv4_hdr *ip, struct libnet_tcp_hdr *tcp, int len)
{
struct tha tha;
struct tcp_conn *conn;
@@ -131,7 +131,7 @@
/* Verify TCP checksum. */
cksum = tcp->th_sum;
- libnet_do_checksum((u_char *) ip, IPPROTO_TCP, len);
+ libnet_do_checksum(NULL, (u_char *) ip, IPPROTO_TCP, len);
if (cksum != tcp->th_sum)
return (NULL);
--- a/tcp_raw.h
+++ b/tcp_raw.h
@@ -15,7 +15,7 @@
u_short sport, u_short dport,
u_char *buf, int len);
-struct iovec *tcp_raw_input(struct libnet_ip_hdr *ip,
+struct iovec *tcp_raw_input(struct libnet_ipv4_hdr *ip,
struct libnet_tcp_hdr *tcp, int len);
void tcp_raw_timeout(int timeout, tcp_raw_callback_t callback);
--- a/trigger.c
+++ b/trigger.c
@@ -276,7 +276,7 @@
}
void
-trigger_ip(struct libnet_ip_hdr *ip)
+trigger_ip(struct libnet_ipv4_hdr *ip)
{
struct trigger *t, tr;
u_char *buf;
@@ -305,7 +305,7 @@
/* libnids needs a nids_register_udp()... */
void
-trigger_udp(struct libnet_ip_hdr *ip)
+trigger_udp(struct libnet_ipv4_hdr *ip)
{
struct trigger *t, tr;
struct libnet_udp_hdr *udp;
@@ -437,7 +437,7 @@
}
void
-trigger_tcp_raw(struct libnet_ip_hdr *ip)
+trigger_tcp_raw(struct libnet_ipv4_hdr *ip)
{
struct trigger *t, tr;
struct libnet_tcp_hdr *tcp;
--- a/trigger.h
+++ b/trigger.h
@@ -24,10 +24,10 @@
int trigger_set_tcp(int port, char *name);
int trigger_set_rpc(int program, char *name);
-void trigger_ip(struct libnet_ip_hdr *ip);
-void trigger_udp(struct libnet_ip_hdr *ip);
+void trigger_ip(struct libnet_ipv4_hdr *ip);
+void trigger_udp(struct libnet_ipv4_hdr *ip);
void trigger_tcp(struct tcp_stream *ts, void **conn_save);
-void trigger_tcp_raw(struct libnet_ip_hdr *ip);
+void trigger_tcp_raw(struct libnet_ipv4_hdr *ip);
void trigger_tcp_raw_timeout(int signal);
void trigger_rpc(int program, int proto, int port);
--- a/urlsnarf.c
+++ b/urlsnarf.c
@@ -145,14 +145,14 @@
if (user == NULL)
user = "-";
if (vhost == NULL)
- vhost = libnet_host_lookup(addr->daddr, Opt_dns);
+ vhost = libnet_addr2name4(addr->daddr, Opt_dns);
if (referer == NULL)
referer = "-";
if (agent == NULL)
agent = "-";
printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n",
- libnet_host_lookup(addr->saddr, Opt_dns),
+ libnet_addr2name4(addr->saddr, Opt_dns),
user, timestamp(), req, vhost, uri, referer, agent);
}
fflush(stdout);
--- a/webmitm.c
+++ b/webmitm.c
@@ -242,7 +242,7 @@
word = buf_tok(&msg, "/", 1);
vhost = buf_strdup(word);
}
- ssin.sin_addr.s_addr = libnet_name_resolve(vhost, 1);
+ ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1);
free(vhost);
if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) ||
@@ -510,7 +510,7 @@
argv += optind;
if (argc == 1) {
- if ((static_host = libnet_name_resolve(argv[0], 1)) == -1)
+ if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
usage();
}
else if (argc != 0) usage();
--- a/webspy.c
+++ b/webspy.c
@@ -126,7 +126,7 @@
if (auth == NULL)
auth = "";
if (vhost == NULL)
- vhost = libnet_host_lookup(addr->daddr, 0);
+ vhost = libnet_addr2name4(addr->daddr, 0);
snprintf(cmd, sizeof(cmd), "openURL(http://%s%s%s%s)",
auth, *auth ? "@" : "", vhost, uri);
@@ -205,7 +205,7 @@
cmdtab[0] = cmd;
cmdtab[1] = NULL;
- if ((host = libnet_name_resolve(argv[0], 1)) == -1)
+ if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
errx(1, "unknown host");
if ((dpy = XOpenDisplay(NULL)) == NULL)

15
network/dsniff/patches/08_openssl-0.9.8.patch Normal file
View File

@ -0,0 +1,15 @@
Author: <kees@ubuntu.com>
Description: Fix FTBFS with openssl.
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/ssh.c
+++ b/ssh.c
@@ -16,6 +16,7 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
+#include <openssl/md5.h>
#include <err.h>
#include <errno.h>

23
network/dsniff/patches/09_sysconf_clocks.patch Normal file
View File

@ -0,0 +1,23 @@
Author: <kees@ubuntu.com>
Description: Fix FTBFS: ./sshow.c:226: error: 'CLK_TCK' undeclared.
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/sshow.c
+++ b/sshow.c
@@ -217,6 +217,7 @@
{
clock_t delay;
int payload;
+ long CLK_TCK= sysconf(_SC_CLK_TCK);
delay = add_history(session, 0, cipher_size, plain_range);
@@ -265,6 +266,7 @@
clock_t delay;
int skip;
range string_range;
+ long CLK_TCK= sysconf(_SC_CLK_TCK);
delay = add_history(session, 1, cipher_size, plain_range);

89
network/dsniff/patches/10_urlsnarf_escape.patch Normal file
View File

@ -0,0 +1,89 @@
Author: Hilko Bengen <bengen@debian.org>
Description: Escape user, vhost, uri, referer, agent strings in log.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372536
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/urlsnarf.c
+++ b/urlsnarf.c
@@ -84,6 +84,43 @@
return (tstr);
}
+static char *
+escape_log_entry(char *string)
+{
+ char *out;
+ unsigned char *c, *o;
+ size_t len;
+
+ if (!string)
+ return NULL;
+
+ /* Determine needed length */
+ for (c = string, len = 0; *c; c++) {
+ if ((*c < 32) || (*c >= 128))
+ len += 4;
+ else if ((*c == '"') || (*c =='\\'))
+ len += 2;
+ else
+ len++;
+ }
+ out = malloc(len+1);
+ if (!out)
+ return NULL;
+ for (c = string, o = out; *c; c++, o++) {
+ if ((*c < 32) || (*c >= 128)) {
+ snprintf(o, 5, "\\x%02x", *c);
+ o += 3;
+ } else if ((*c == '"') || ((*c =='\\'))) {
+ *(o++) = '\\';
+ *o = *c;
+ } else {
+ *o = *c;
+ }
+ }
+ out[len]='\0';
+ return out;
+}
+
static int
process_http_request(struct tuple4 *addr, u_char *data, int len)
{
@@ -142,18 +179,26 @@
buf_tok(NULL, NULL, i);
}
}
- if (user == NULL)
- user = "-";
- if (vhost == NULL)
- vhost = libnet_addr2name4(addr->daddr, Opt_dns);
- if (referer == NULL)
- referer = "-";
- if (agent == NULL)
- agent = "-";
-
+ user = escape_log_entry(user);
+ vhost = escape_log_entry(vhost);
+ uri = escape_log_entry(uri);
+ referer = escape_log_entry(referer);
+ agent = escape_log_entry(agent);
+
printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n",
libnet_addr2name4(addr->saddr, Opt_dns),
- user, timestamp(), req, vhost, uri, referer, agent);
+ (user?user:"-"),
+ timestamp(), req,
+ (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)),
+ uri,
+ (referer?referer:"-"),
+ (agent?agent:"-"));
+
+ free(user);
+ free(vhost);
+ free(uri);
+ free(referer);
+ free(agent);
}
fflush(stdout);

166
network/dsniff/patches/11_string_header.patch Normal file
View File

@ -0,0 +1,166 @@
Author: Luciano Bello <luciano@linux.org.ar>
Description: Avoid the "implicit declaration of function 'str*'" warning
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/arp.c
+++ b/arp.c
@@ -34,6 +34,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
+#include <string.h>
#include "arp.h"
--- a/buf.c
+++ b/buf.c
@@ -17,6 +17,7 @@
#include <unistd.h>
#include <ctype.h>
#include <err.h>
+#include <string.h>
#include "buf.h"
--- a/decode_nntp.c
+++ b/decode_nntp.c
@@ -15,6 +15,7 @@
#include <stdio.h>
#include <string.h>
+#include <strlcat.h>
#include "base64.h"
#include "decode.h"
--- a/decode_pop.c
+++ b/decode_pop.c
@@ -14,6 +14,7 @@
#include <stdio.h>
#include <string.h>
+#include <strlcat.h>
#include "base64.h"
#include "options.h"
--- a/decode_rlogin.c
+++ b/decode_rlogin.c
@@ -14,6 +14,8 @@
#include <stdio.h>
#include <string.h>
+#include <strlcpy.h>
+#include <strlcat.h>
#include "options.h"
#include "decode.h"
--- a/decode_smb.c
+++ b/decode_smb.c
@@ -15,6 +15,7 @@
#include <stdio.h>
#include <string.h>
+#include <strlcat.h>
#include "decode.h"
--- a/decode_smtp.c
+++ b/decode_smtp.c
@@ -14,6 +14,7 @@
#include <stdio.h>
#include <string.h>
+#include <strlcat.h>
#include "base64.h"
#include "options.h"
--- a/decode_sniffer.c
+++ b/decode_sniffer.c
@@ -15,6 +15,8 @@
#include <stdio.h>
#include <string.h>
+#include <strlcat.h>
+#include <strlcpy.h>
#include "base64.h"
#include "decode.h"
--- a/decode_socks.c
+++ b/decode_socks.c
@@ -14,6 +14,7 @@
#include <stdio.h>
#include <string.h>
+#include <strlcat.h>
#include "decode.h"
--- a/decode_tds.c
+++ b/decode_tds.c
@@ -18,6 +18,7 @@
#include <stdio.h>
#include <string.h>
+#include <strlcat.h>
#include "decode.h"
--- a/decode_telnet.c
+++ b/decode_telnet.c
@@ -14,6 +14,7 @@
#include <stdio.h>
#include <string.h>
+#include <strlcpy.h>
#include "options.h"
#include "decode.h"
--- a/decode_x11.c
+++ b/decode_x11.c
@@ -14,6 +14,8 @@
#include <stdio.h>
#include <string.h>
+#include <strlcat.h>
+#include <strlcpy.h>
#include "decode.h"
--- a/dnsspoof.c
+++ b/dnsspoof.c
@@ -20,6 +20,7 @@
#include <stdlib.h>
#include <signal.h>
#include <string.h>
+#include <strlcpy.h>
#include <resolv.h>
#include <err.h>
#include <libnet.h>
--- a/magic.c
+++ b/magic.c
@@ -36,6 +36,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <strlcpy.h>
#include <ctype.h>
#include <time.h>
#include <err.h>
--- /dev/null
+++ b/missing/strlcat.h
@@ -0,0 +1 @@
+size_t strlcat(char *dst, const char *src, size_t siz);
--- /dev/null
+++ b/missing/strlcpy.h
@@ -0,0 +1 @@
+size_t strlcpy(char *dst, const char *src, size_t siz);
--- a/sshmitm.c
+++ b/sshmitm.c
@@ -24,6 +24,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
+#include <strlcat.h>
#include "buf.h"
#include "record.h"

65
network/dsniff/patches/12_arpa_inet_header.patch Normal file
View File

@ -0,0 +1,65 @@
Author: Luciano Bello <luciano@linux.org.ar>
Description: avoid the "implicit declaration of function 'ntohs'" warning
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/decode_aim.c
+++ b/decode_aim.c
@@ -14,6 +14,7 @@
#include <stdio.h>
#include <string.h>
+#include <arpa/inet.h>
#include "hex.h"
#include "buf.h"
--- a/decode_mmxp.c
+++ b/decode_mmxp.c
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <string.h>
+#include <arpa/inet.h>
#include "buf.h"
#include "decode.h"
--- a/decode_pptp.c
+++ b/decode_pptp.c
@@ -16,6 +16,7 @@
#include <stdio.h>
#include <string.h>
+#include <arpa/inet.h>
#include "buf.h"
#include "decode.h"
--- a/decode_tds.c
+++ b/decode_tds.c
@@ -19,6 +19,7 @@
#include <stdio.h>
#include <string.h>
#include <strlcat.h>
+#include <arpa/inet.h>
#include "decode.h"
--- a/decode_vrrp.c
+++ b/decode_vrrp.c
@@ -15,6 +15,7 @@
#include <stdio.h>
#include <string.h>
+#include <arpa/inet.h>
#include "buf.h"
#include "decode.h"
--- a/ssh.c
+++ b/ssh.c
@@ -23,6 +23,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <arpa/inet.h>
#include <unistd.h>
#include "hex.h"

30
network/dsniff/patches/13_pop_with_version.patch Normal file
View File

@ -0,0 +1,30 @@
Author: Luciano Bello <luciano@linux.org.ar>
Description: distinguish between pop versions
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/decode.c
+++ b/decode.c
@@ -63,7 +63,8 @@
{ "http", decode_http },
{ "ospf", decode_ospf },
{ "poppass", decode_poppass },
- { "pop", decode_pop },
+ { "pop2", decode_pop },
+ { "pop3", decode_pop },
{ "nntp", decode_nntp },
{ "smb", decode_smb },
{ "imap", decode_imap },
--- a/dsniff.services
+++ b/dsniff.services
@@ -10,8 +10,8 @@
ospf 89/ip
http 98/tcp
poppass 106/tcp
-pop 109/tcp
-pop 110/tcp
+pop2 109/tcp
+pop3 110/tcp
portmap 111/tcp
portmap -111/tcp
portmap 111/udp

36
network/dsniff/patches/14_obsolete_time.patch Normal file
View File

@ -0,0 +1,36 @@
Author: Luciano Bello <luciano@linux.org.ar>
Description: According to /usr/include/time.h, CLK_TCK is the
"obsolete POSIX.1-1988 name" for CLOCKS_PER_SEC.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420944
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/sshow.c
+++ b/sshow.c
@@ -224,7 +224,7 @@
if (debug)
printf("- %s -> %s: DATA (%s bytes, %.2f seconds)\n",
s_saddr(ts), s_daddr(ts), s_range(plain_range),
- (float)delay / CLK_TCK);
+ (float)delay / CLOCKS_PER_SEC);
if (debug > 1)
print_data(&ts->server, cipher_size);
@@ -273,7 +273,7 @@
if (debug)
printf("- %s <- %s: DATA (%s bytes, %.2f seconds)\n",
s_saddr(ts), s_daddr(ts), s_range(plain_range),
- (float)delay / CLK_TCK);
+ (float)delay / CLOCKS_PER_SEC);
if (debug > 1)
print_data(&ts->client, cipher_size);
@@ -302,7 +302,7 @@
if (session->state == 1 &&
#ifdef USE_TIMING
- now - get_history(session, 2)->timestamp >= CLK_TCK &&
+ now - get_history(session, 2)->timestamp >= CLOCKS_PER_SEC &&
#endif
session->protocol == 1 &&
(session->history.directions & 7) == 5 &&

98
network/dsniff/patches/15_checksum_libnids.patch Normal file
View File

@ -0,0 +1,98 @@
Author: Gleb Paharenko <gpaharenko@gmail.com>
Description: Workaround to this Debian bug
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420129
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/dsniff.c
+++ b/dsniff.c
@@ -70,6 +70,80 @@
{
}
+
+static int get_all_ifaces(struct ifreq **, int *);
+static unsigned int get_addr_from_ifreq(struct ifreq *);
+
+int all_local_ipaddrs_chksum_disable()
+{
+ struct ifreq *ifaces;
+ int ifaces_count;
+ int i, ind = 0;
+ struct nids_chksum_ctl *ctlp;
+ unsigned int tmp;
+
+ if (!get_all_ifaces(&ifaces, &ifaces_count))
+ return -1;
+ ctlp =
+ (struct nids_chksum_ctl *) malloc(ifaces_count *
+ sizeof(struct
+ nids_chksum_ctl));
+ if (!ctlp)
+ return -1;
+ for (i = 0; i < ifaces_count; i++) {
+ tmp = get_addr_from_ifreq(ifaces + i);
+ if (tmp) {
+ ctlp[ind].netaddr = tmp;
+ ctlp[ind].mask = inet_addr("255.255.255.255");
+ ctlp[ind].action = NIDS_DONT_CHKSUM;
+ ind++;
+ }
+ }
+ free(ifaces);
+ nids_register_chksum_ctl(ctlp, ind);
+}
+
+/* helper functions for Example 2 */
+unsigned int get_addr_from_ifreq(struct ifreq *iface)
+{
+ if (iface->ifr_addr.sa_family == AF_INET)
+ return ((struct sockaddr_in *) &(iface->ifr_addr))->
+ sin_addr.s_addr;
+ return 0;
+}
+
+static int get_all_ifaces(struct ifreq **ifaces, int *count)
+{
+ int ifaces_size = 8 * sizeof(struct ifreq);
+ struct ifconf param;
+ int sock;
+ unsigned int i;
+
+ *ifaces = malloc(ifaces_size);
+ sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
+ if (sock <= 0)
+ return 0;
+ for (;;) {
+ param.ifc_len = ifaces_size;
+ param.ifc_req = *ifaces;
+ if (ioctl(sock, SIOCGIFCONF, &param))
+ goto err;
+ if (param.ifc_len < ifaces_size)
+ break;
+ free(*ifaces);
+ ifaces_size *= 2;
+ ifaces = malloc(ifaces_size);
+ }
+ *count = param.ifc_len / sizeof(struct ifreq);
+ close(sock);
+ return 1;
+ err:
+ close(sock);
+ return 0;
+}
+
+
+
int
main(int argc, char *argv[])
{
@@ -189,6 +263,8 @@
warnx("using %s", nids_params.filename);
}
}
+
+ all_local_ipaddrs_chksum_disable();
nids_run();

20
network/dsniff/patches/16_TDS_decoder.patch Normal file
View File

@ -0,0 +1,20 @@
Author: Luciano Bello <luciano@debian.org>
Description: Fix for DOS y TDS decoder. Patch provided by Hilko Bengen.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609988
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/decode_tds.c
+++ b/decode_tds.c
@@ -144,6 +144,11 @@
len > sizeof(*th) && len >= ntohs(th->size);
buf += ntohs(th->size), len -= ntohs(th->size)) {
+ if (th->size != 8) {
+ /* wrong header length */
+ break;
+ }
+
if (th->type == 2) {
/* Version 4.x, 5.0 */
if (len < sizeof(*th) + sizeof(*tl))

29
network/dsniff/patches/17_checksum.patch Normal file
View File

@ -0,0 +1,29 @@
Author: Piotr Engelking <inkerman42@gmail.com>
Description: Disable the filtering packets with incorrect checksum.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372536
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/urlsnarf.c
+++ b/urlsnarf.c
@@ -245,6 +245,7 @@
extern char *optarg;
extern int optind;
int c;
+ struct nids_chksum_ctl chksum_ctl;
while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
switch (c) {
@@ -305,6 +306,12 @@
}
}
+ chksum_ctl.netaddr = 0;
+ chksum_ctl.mask = 0;
+ chksum_ctl.action = NIDS_DONT_CHKSUM;
+
+ nids_register_chksum_ctl(&chksum_ctl, 1);
+
nids_run();
/* NOTREACHED */

17
network/dsniff/patches/18_sshcrypto.patch Normal file
View File

@ -0,0 +1,17 @@
Author: Steve Kemp <skx@debian.org>
Description: Missing openssl includes in sshcrypto.c.
This patch was through diff.gz and now is implemented as a dpatch.
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/sshcrypto.c
+++ b/sshcrypto.c
@@ -14,6 +14,8 @@
#include <sys/types.h>
#include <openssl/ssl.h>
+#include <openssl/blowfish.h>
+#include <openssl/des.h>
#include <err.h>
#include <stdio.h>

132
network/dsniff/patches/19_rewrite-and-modernize-POP-decoder.patch Normal file
View File

@ -0,0 +1,132 @@
>From b05e27ba9b0ba9ef00ad2183933652e08d8c89af Mon Sep 17 00:00:00 2001
From: Stefan Tomanek <stefan@pico.ruhr.de>
Date: Sat, 29 Oct 2011 20:48:55 +0200
Subject: [PATCH] rewrite and modernize POP decoder
Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
---
decode_pop.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 77 insertions(+), 19 deletions(-)
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/decode_pop.c
+++ b/decode_pop.c
@@ -6,6 +6,8 @@
* Copyright (c) 2000 Dug Song <dugsong@monkey.org>
*
* $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $
+ *
+ * Rewritten by Stefan Tomanek 2011 <stefan@pico.ruhr.de>
*/
#include "config.h"
@@ -45,32 +47,88 @@
decode_pop(u_char *buf, int len, u_char *obuf, int olen)
{
char *p;
+ char *s;
+ int n;
int i, j;
+ char *user;
+ char *password;
+ enum {
+ NONE,
+ AUTHPLAIN,
+ AUTHLOGIN,
+ USERPASS
+ } mode = NONE;
+
obuf[0] = '\0';
for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) {
- if (strncasecmp(p, "AUTH PLAIN", 10) == 0 ||
- strncasecmp(p, "AUTH LOGIN", 10) == 0) {
- strlcat(obuf, p, olen);
- strlcat(obuf, "\n", olen);
-
- /* Decode SASL auth. */
- for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) {
- strlcat(obuf, p, olen);
- j = base64_pton(p, p, strlen(p));
- p[j] = '\0';
- strlcat(obuf, " [", olen);
- strlcat(obuf, p, olen);
- strlcat(obuf, "]\n", olen);
+ if (mode == NONE) {
+ user = NULL;
+ password = NULL;
+ if (strncasecmp(p, "AUTH PLAIN", 10) == 0) {
+ mode = AUTHPLAIN;
+ continue;
+ }
+ if (strncasecmp(p, "AUTH LOGIN", 10) == 0) {
+ mode = AUTHLOGIN;
+ continue;
+ }
+ if (strncasecmp(p, "USER ", 5) == 0) {
+ mode = USERPASS;
+ /* the traditional login cuts right to the case,
+ * so no continue here
+ */
}
}
- /* Save regular POP2, POP3 auth info. */
- else if (strncasecmp(p, "USER ", 5) == 0 ||
- strncasecmp(p, "PASS ", 5) == 0 ||
- strncasecmp(p, "HELO ", 5) == 0) {
- strlcat(obuf, p, olen);
- strlcat(obuf, "\n", olen);
+ printf("(%d) %s\n", mode, p);
+ if (mode == USERPASS) {
+ if (strncasecmp(p, "USER ", 5) == 0) {
+ user = &p[5];
+ } else if (strncasecmp(p, "PASS ", 5) == 0) {
+ password = &p[5];
+ }
+ }
+
+ if (mode == AUTHPLAIN) {
+ j = base64_pton(p, p, strlen(p));
+ p[j] = '\0';
+ n = 0;
+ s = p;
+ /* p consists of three parts, divided by \0 */
+ while (s <= &p[j] && n<=3) {
+ if (n == 0) {
+ /* we do not process this portion yet */
+ } else if (n == 1) {
+ user = s;
+ } else if (n == 2) {
+ password = s;
+ }
+ n++;
+ while (*s) s++;
+ s++;
+ }
+ }
+
+ if (mode == AUTHLOGIN) {
+ j = base64_pton(p, p, strlen(p));
+ p[j] = '\0';
+ if (! user) {
+ user = p;
+ } else {
+ password = p;
+ /* got everything we need :-) */
+ }
+ }
+
+ if (user && password) {
+ strlcat(obuf, "\nusername [", olen);
+ strlcat(obuf, user, olen);
+ strlcat(obuf, "] password [", olen);
+ strlcat(obuf, password, olen);
+ strlcat(obuf, "]\n", olen);
+
+ mode = NONE;
}
}
return (strlen(obuf));

62
network/dsniff/patches/20_debian_dirs.patch Normal file
View File

@ -0,0 +1,62 @@
Author: Steve Kemp <skx@debian.org>
Description: Adapt to Debian directory structure.
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/Makefile.in
+++ b/Makefile.in
@@ -11,7 +11,7 @@
install_prefix =
prefix = @prefix@
exec_prefix = @exec_prefix@
-libdir = @libdir@
+libdir = $(prefix)/share/dsniff
sbindir = @sbindir@
mandir = @mandir@
@@ -37,8 +37,7 @@
X11INC = @X_CFLAGS@
X11LIB = @X_LIBS@ @X_PRE_LIBS@ -lXmu -lX11 @X_EXTRA_LIBS@
-INCS = -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \
- -I$(srcdir)/missing
+INCS = -I. $(X11INC) -I$(srcdir)/missing
LIBS = @LIBS@ -L$(srcdir) -lmissing
INSTALL = @INSTALL@
--- a/dnsspoof.8
+++ b/dnsspoof.8
@@ -31,7 +31,7 @@
address queries on the LAN with an answer of the local machine's IP
address.
.SH FILES
-.IP \fI/usr/local/lib/dnsspoof.hosts\fR
+.IP \fI/usr/share/dsniff/dnsspoof.hosts\fR
Sample hosts file.
.SH "SEE ALSO"
dsniff(8), hosts(5)
--- a/dsniff.8
+++ b/dsniff.8
@@ -68,9 +68,9 @@
On a hangup signal \fBdsniff\fR will dump its current trigger table to
\fIdsniff.services\fR.
.SH FILES
-.IP \fI/usr/local/lib/dsniff.services\fR
+.IP \fI/usr/share/dsniff/dsniff.services\fR
Default trigger table
-.IP \fI/usr/local/lib/dsniff.magic\fR
+.IP \fI/usr/share/dsniff/dsniff.magic\fR
Network protocol magic
.SH "SEE ALSO"
arpspoof(8), libnids(3), services(5), magic(5)
--- a/pathnames.h
+++ b/pathnames.h
@@ -12,7 +12,7 @@
#define PATHNAMES_H
#ifndef DSNIFF_LIBDIR
-#define DSNIFF_LIBDIR "/usr/local/lib/"
+#define DSNIFF_LIBDIR "/usr/share/dsniff/"
#endif
#define DSNIFF_SERVICES "dsniff.services"

15
network/dsniff/patches/21_msgsnarf_segfault.patch Normal file
View File

@ -0,0 +1,15 @@
Author: <bdefreese@debian2.bddebian.com>
Description: Correctly 0 out the c struct.
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/msgsnarf.c
+++ b/msgsnarf.c
@@ -584,6 +584,7 @@
if (i == 0) {
if ((c = malloc(sizeof(*c))) == NULL)
nids_params.no_mem("sniff_msgs");
+ memset(c, 0, sizeof(*c));
c->ip = ts->addr.saddr;
c->nick = strdup("unknown");
SLIST_INSERT_HEAD(&client_list, c, next);

17
network/dsniff/patches/22_handlepp.patch Normal file
View File

@ -0,0 +1,17 @@
Author: Joerg Dorchain <joerg@dorchain.net>
Description: Add tcpkill support for handle ppp interfaces.
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/pcaputil.c
+++ b/pcaputil.c
@@ -52,6 +52,9 @@
case DLT_NULL:
offset = 4;
break;
+ case DLT_LINUX_SLL: /* e.g. ppp */
+ offset = 16;
+ break;
default:
warnx("unsupported datalink type");
break;

82
network/dsniff/patches/23_urlsnarf_timestamp.patch Normal file
View File

@ -0,0 +1,82 @@
Author: Hilko Bengen <bengen@debian.org>
Description: urlsnarf: use timestamps from pcap file if available.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573365
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/urlsnarf.c
+++ b/urlsnarf.c
@@ -36,6 +36,7 @@
u_short Opt_dns = 1;
int Opt_invert = 0;
regex_t *pregex = NULL;
+time_t tt = 0;
static void
usage(void)
@@ -57,9 +58,12 @@
{
static char tstr[32], sign;
struct tm *t, gmt;
- time_t tt = time(NULL);
int days, hours, tz, len;
+ if (!nids_params.filename) {
+ tt = time(NULL);
+ }
+
gmt = *gmtime(&tt);
t = localtime(&tt);
@@ -312,9 +316,48 @@
nids_register_chksum_ctl(&chksum_ctl, 1);
- nids_run();
-
- /* NOTREACHED */
+ pcap_t *p;
+ char pcap_errbuf[PCAP_ERRBUF_SIZE];
+ if (nids_params.filename == NULL) {
+ /* adapted from libnids.c:open_live() */
+ if (strcmp(nids_params.device, "all") == 0)
+ nids_params.device = "any";
+ p = pcap_open_live(nids_params.device, 16384,
+ (nids_params.promisc != 0),
+ 0, pcap_errbuf);
+ if (!p) {
+ fprintf(stderr, "pcap_open_live(): %s\n",
+ pcap_errbuf);
+ exit(1);
+ }
+ }
+ else {
+ p = pcap_open_offline(nids_params.filename,
+ pcap_errbuf);
+ if (!p) {
+ fprintf(stderr, "pcap_open_offline(%s): %s\n",
+ nids_params.filename, pcap_errbuf);
+ }
+ }
+
+ struct pcap_pkthdr *h;
+ u_char *d;
+ int rc;
+ while ((rc = pcap_next_ex(p, &h, &d)) == 1) {
+ tt = h->ts.tv_sec;
+ nids_pcap_handler(NULL, h, d);
+ }
+ switch (rc) {
+ case(-2): /* end of pcap file */
+ case(0): /* timeout on live capture */
+ break;
+ case(-1):
+ default:
+ fprintf(stderr, "rc = %i\n", rc);
+ pcap_perror(p, "pcap_read_ex()");
+ exit(1);
+ break;
+ }
exit(0);
}

202
network/dsniff/patches/24_Fix-OpenSSL1.1.0-Build.patch Normal file
View File

@ -0,0 +1,202 @@
Description: Fix build with OpenSSL 1.1.0
Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/ssh.c
+++ b/ssh.c
@@ -234,7 +234,10 @@
u_char *p, cipher, cookie[8], msg[1024];
u_int32_t num;
int i;
-
+
+ const BIGNUM *servkey_e, *servkey_n;
+ const BIGNUM *hostkey_e, *hostkey_n;
+
/* Generate anti-spoofing cookie. */
RAND_bytes(cookie, sizeof(cookie));
@@ -243,11 +246,13 @@
*p++ = SSH_SMSG_PUBLIC_KEY; /* type */
memcpy(p, cookie, 8); p += 8; /* cookie */
num = 768; PUTLONG(num, p); /* servkey bits */
- put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */
- put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */
+ RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL);
+ put_bn(servkey_e, &p); /* servkey exponent */
+ put_bn(servkey_n, &p); /* servkey modulus */
num = 1024; PUTLONG(num, p); /* hostkey bits */
- put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */
- put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */
+ RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL);
+ put_bn(hostkey_e, &p); /* hostkey exponent */
+ put_bn(hostkey_n, &p); /* hostkey modulus */
num = 0; PUTLONG(num, p); /* protocol flags */
num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */
num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */
@@ -298,7 +303,7 @@
SKIP(p, i, 4);
/* Decrypt session key. */
- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) {
+ if (BN_cmp(servkey_n, hostkey_n) > 0) {
rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
}
@@ -318,8 +323,8 @@
BN_clear_free(enckey);
/* Derive real session key using session id. */
- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
- ssh->ctx->servkey->n)) == NULL) {
+ if ((p = ssh_session_id(cookie, hostkey_n,
+ servkey_n)) == NULL) {
warn("ssh_session_id");
return (-1);
}
@@ -328,10 +333,8 @@
}
/* Set cipher. */
if (cipher == SSH_CIPHER_3DES) {
- ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
- ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
- ssh->encrypt = des3_encrypt;
- ssh->decrypt = des3_decrypt;
+ warnx("cipher 3des no longer supported");
+ return (-1);
}
else if (cipher == SSH_CIPHER_BLOWFISH) {
ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
@@ -357,7 +360,10 @@
u_char *p, cipher, cookie[8], msg[1024];
u_int32_t num;
int i;
-
+
+ BIGNUM *servkey_n, *servkey_e;
+ BIGNUM *hostkey_n, *hostkey_e;
+
/* Get public key. */
if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
warn("SSH_recv");
@@ -379,21 +385,23 @@
/* Get servkey. */
ssh->ctx->servkey = RSA_new();
- ssh->ctx->servkey->n = BN_new();
- ssh->ctx->servkey->e = BN_new();
+ servkey_n = BN_new();
+ servkey_e = BN_new();
+ RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL);
SKIP(p, i, 4);
- get_bn(ssh->ctx->servkey->e, &p, &i);
- get_bn(ssh->ctx->servkey->n, &p, &i);
+ get_bn(servkey_e, &p, &i);
+ get_bn(servkey_n, &p, &i);
/* Get hostkey. */
ssh->ctx->hostkey = RSA_new();
- ssh->ctx->hostkey->n = BN_new();
- ssh->ctx->hostkey->e = BN_new();
+ hostkey_n = BN_new();
+ hostkey_e = BN_new();
+ RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL);
SKIP(p, i, 4);
- get_bn(ssh->ctx->hostkey->e, &p, &i);
- get_bn(ssh->ctx->hostkey->n, &p, &i);
+ get_bn(hostkey_e, &p, &i);
+ get_bn(hostkey_n, &p, &i);
/* Get cipher, auth masks. */
SKIP(p, i, 4);
@@ -405,8 +413,8 @@
RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey));
/* Obfuscate with session id. */
- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
- ssh->ctx->servkey->n)) == NULL) {
+ if ((p = ssh_session_id(cookie, hostkey_n,
+ servkey_n)) == NULL) {
warn("ssh_session_id");
return (-1);
}
@@ -422,7 +430,7 @@
else BN_add_word(bn, ssh->sesskey[i]);
}
/* Encrypt session key. */
- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) {
+ if (BN_cmp(servkey_n, hostkey_n) < 0) {
rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
}
@@ -470,10 +478,8 @@
ssh->decrypt = blowfish_decrypt;
}
else if (cipher == SSH_CIPHER_3DES) {
- ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
- ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
- ssh->encrypt = des3_encrypt;
- ssh->decrypt = des3_decrypt;
+ warnx("cipher 3des no longer supported");
+ return (-1);
}
/* Get server response. */
if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
--- a/sshcrypto.c
+++ b/sshcrypto.c
@@ -28,10 +28,12 @@
u_char iv[8];
};
+#if 0
struct des3_state {
des_key_schedule k1, k2, k3;
des_cblock iv1, iv2, iv3;
};
+#endif
void
rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
@@ -39,10 +41,12 @@
u_char *inbuf, *outbuf;
int len, ilen, olen;
- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
+ const BIGNUM *n, *e;
+ RSA_get0_key(key, &n, &e, NULL);
+ if (BN_num_bits(e) < 2 || !BN_is_odd(e))
errx(1, "rsa_public_encrypt() exponent too small or not odd");
- olen = BN_num_bytes(key->n);
+ olen = BN_num_bytes(n);
outbuf = malloc(olen);
ilen = BN_num_bytes(in);
@@ -71,7 +75,9 @@
u_char *inbuf, *outbuf;
int len, ilen, olen;
- olen = BN_num_bytes(key->n);
+ const BIGNUM *n;
+ RSA_get0_key(key, &n, NULL, NULL);
+ olen = BN_num_bytes(n);
outbuf = malloc(olen);
ilen = BN_num_bytes(in);
@@ -146,6 +152,7 @@
swap_bytes(dst, dst, len);
}
+#if 0
/* XXX - SSH1's weirdo 3DES... */
void *
des3_init(u_char *sesskey, int len)
@@ -194,3 +201,4 @@
des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT);
des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT);
}
+#endif

17
network/dsniff/patches/25_fix-spelling-errors.patch Normal file
View File

@ -0,0 +1,17 @@
Description: Fix minor spelling error in source code
Author: Marcos Fouces <marcos.fouces@gmail.com>
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/remote.c
+++ b/remote.c
@@ -652,7 +652,7 @@
if (remote_command_count > 0)
{
fprintf (stderr,
- "%s: the `-id' option must preceed all `-remote' options.\n",
+ "%s: the `-id' option must precede all `-remote' options.\n",
progname);
usage ();
exit (-1);

170
network/dsniff/patches/26_arpspoof-add-r-switch-to-poison-both-directions.patch Normal file
View File

@ -0,0 +1,170 @@
>From 8fbf0ac15e5fe2df427e3e028f9aa8d96788986a Mon Sep 17 00:00:00 2001
From: Stefan Tomanek <stefan@pico.ruhr.de>
Date: Sun, 6 Nov 2011 22:44:54 +0100
Subject: [PATCH 1/3] arpspoof: add -r switch to poison both directions
Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
---
arpspoof.8 | 5 ++++-
arpspoof.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++------------
2 files changed, 51 insertions(+), 13 deletions(-)
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/arpspoof.8
+++ b/arpspoof.8
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] \fIhost\fR
+\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
.SH DESCRIPTION
.ad
.fi
@@ -26,6 +26,9 @@
.IP "\fB-t \fItarget\fR"
Specify a particular host to ARP poison (if not specified, all hosts
on the LAN).
+.IP "\fB\-r\fR"
+Poison both hosts (host and target) to capture traffic in both directions.
+(only valid in conjuntion with \-t)
.IP \fIhost\fR
Specify the host you wish to intercept packets for (usually the local
gateway).
--- a/arpspoof.c
+++ b/arpspoof.c
@@ -7,6 +7,8 @@
* Copyright (c) 1999 Dug Song <dugsong@monkey.org>
*
* $Id: arpspoof.c,v 1.5 2001/03/15 08:32:58 dugsong Exp $
+ *
+ * Improved 2011 by Stefan Tomanek <stefa@pico.ruhr.de>
*/
#include "config.h"
@@ -31,12 +33,13 @@
static struct ether_addr spoof_mac, target_mac;
static in_addr_t spoof_ip, target_ip;
static char *intf;
+static int poison_reverse;
static void
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: arpspoof [-i interface] [-t target] host\n");
+ "Usage: arpspoof [-i interface] [-t target] [-r] host\n");
exit(1);
}
@@ -133,18 +136,30 @@
static void
cleanup(int sig)
{
+ int fw = arp_find(spoof_ip, &spoof_mac);
+ int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac);
int i;
-
- if (arp_find(spoof_ip, &spoof_mac)) {
- for (i = 0; i < 3; i++) {
- /* XXX - on BSD, requires ETHERSPOOF kernel. */
+
+ fprintf(stderr, "Cleaning up and re-arping targets...\n");
+ for (i = 0; i < 5; i++) {
+ /* XXX - on BSD, requires ETHERSPOOF kernel. */
+ if (fw) {
arp_send(l, ARPOP_REPLY,
(u_int8_t *)&spoof_mac, spoof_ip,
(target_ip ? (u_int8_t *)&target_mac : NULL),
target_ip);
+ /* we have to wait a moment before sending the next packet */
+ sleep(1);
+ }
+ if (bw) {
+ arp_send(l, ARPOP_REPLY,
+ (u_int8_t *)&target_mac, target_ip,
+ (u_int8_t *)&spoof_mac,
+ spoof_ip);
sleep(1);
}
}
+
exit(0);
}
@@ -156,11 +171,12 @@
char pcap_ebuf[PCAP_ERRBUF_SIZE];
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
int c;
-
+
intf = NULL;
spoof_ip = target_ip = 0;
-
- while ((c = getopt(argc, argv, "i:t:h?V")) != -1) {
+ poison_reverse = 0;
+
+ while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
switch (c) {
case 'i':
intf = optarg;
@@ -169,6 +185,9 @@
if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
usage();
break;
+ case 'r':
+ poison_reverse = 1;
+ break;
default:
usage();
}
@@ -178,7 +197,12 @@
if (argc != 1)
usage();
-
+
+ if (poison_reverse && !target_ip) {
+ errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t).");
+ usage();
+ }
+
if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
@@ -191,18 +215,29 @@
if (target_ip != 0 && !arp_find(target_ip, &target_mac))
errx(1, "couldn't arp for host %s",
libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
-
+
+ if (poison_reverse) {
+ if (!arp_find(spoof_ip, &spoof_mac)) {
+ errx(1, "couldn't arp for spoof host %s",
+ libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE));
+ }
+ }
+
signal(SIGHUP, cleanup);
signal(SIGINT, cleanup);
signal(SIGTERM, cleanup);
-
+
for (;;) {
arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
(target_ip ? (u_int8_t *)&target_mac : NULL),
target_ip);
+ if (poison_reverse) {
+ arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip);
+ }
+
sleep(2);
}
/* NOTREACHED */
-
+
exit(0);
}

194
network/dsniff/patches/27_arpspoof-allow-use-of-of-multiple-targets.patch Normal file
View File

@ -0,0 +1,194 @@
Description: [PATCH 2/3] arpspoof: allow use of multiple targets. Last hunk modified by João Salavisa <joao.salavisa@gmail.com>
in order to fix a bug with "-t" option of arpspoof. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706766 fo more information.
Author: Stefan Tomanek <stefan@pico.ruhr.de>
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/arpspoof.8
+++ b/arpspoof.8
@@ -25,7 +25,7 @@
Specify the interface to use.
.IP "\fB-t \fItarget\fR"
Specify a particular host to ARP poison (if not specified, all hosts
-on the LAN).
+on the LAN). Repeat to specify multiple hosts.
.IP "\fB\-r\fR"
Poison both hosts (host and target) to capture traffic in both directions.
(only valid in conjuntion with \-t)
--- a/arpspoof.c
+++ b/arpspoof.c
@@ -29,9 +29,14 @@
extern char *ether_ntoa(struct ether_addr *);
+struct host {
+ in_addr_t ip;
+ struct ether_addr mac;
+};
+
static libnet_t *l;
-static struct ether_addr spoof_mac, target_mac;
-static in_addr_t spoof_ip, target_ip;
+static struct host spoof = {0};
+static struct host *targets;
static char *intf;
static int poison_reverse;
@@ -133,30 +138,46 @@
return (0);
}
+static int arp_find_all() {
+ struct host *target = targets;
+ while(target->ip) {
+ if (arp_find(target->ip, &target->mac)) {
+ return 1;
+ }
+ target++;
+ }
+
+ return 0;
+}
+
static void
cleanup(int sig)
{
- int fw = arp_find(spoof_ip, &spoof_mac);
- int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac);
+ int fw = arp_find(spoof.ip, &spoof.mac);
+ int bw = poison_reverse && targets[0].ip && arp_find_all();
int i;
fprintf(stderr, "Cleaning up and re-arping targets...\n");
for (i = 0; i < 5; i++) {
- /* XXX - on BSD, requires ETHERSPOOF kernel. */
- if (fw) {
- arp_send(l, ARPOP_REPLY,
- (u_int8_t *)&spoof_mac, spoof_ip,
- (target_ip ? (u_int8_t *)&target_mac : NULL),
- target_ip);
- /* we have to wait a moment before sending the next packet */
- sleep(1);
- }
- if (bw) {
- arp_send(l, ARPOP_REPLY,
- (u_int8_t *)&target_mac, target_ip,
- (u_int8_t *)&spoof_mac,
- spoof_ip);
- sleep(1);
+ struct host *target = targets;
+ while(target->ip) {
+ /* XXX - on BSD, requires ETHERSPOOF kernel. */
+ if (fw) {
+ arp_send(l, ARPOP_REPLY,
+ (u_int8_t *)&spoof.mac, spoof.ip,
+ (target->ip ? (u_int8_t *)&target->mac : NULL),
+ target->ip);
+ /* we have to wait a moment before sending the next packet */
+ sleep(1);
+ }
+ if (bw) {
+ arp_send(l, ARPOP_REPLY,
+ (u_int8_t *)&target->mac, target->ip,
+ (u_int8_t *)&spoof.mac,
+ spoof.ip);
+ sleep(1);
+ }
+ target++;
}
}
@@ -171,10 +192,15 @@
char pcap_ebuf[PCAP_ERRBUF_SIZE];
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
int c;
+ int n_targets;
+ spoof.ip = 0;
intf = NULL;
- spoof_ip = target_ip = 0;
poison_reverse = 0;
+ n_targets = 0;
+
+ /* allocate enough memory for target list */
+ targets = calloc( argc+1, sizeof(struct host) );
while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
switch (c) {
@@ -182,7 +208,7 @@
intf = optarg;
break;
case 't':
- if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
+ if ((targets[n_targets++].ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
usage();
break;
case 'r':
@@ -198,12 +224,12 @@
if (argc != 1)
usage();
- if (poison_reverse && !target_ip) {
+ if (poison_reverse && !n_targets) {
errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t).");
usage();
}
- if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
@@ -211,15 +237,19 @@
if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
errx(1, "%s", libnet_ebuf);
-
- if (target_ip != 0 && !arp_find(target_ip, &target_mac))
- errx(1, "couldn't arp for host %s",
- libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
+
+ struct host *target = targets;
+ while(target->ip) {
+ if (target->ip != 0 && !arp_find(target->ip, &target->mac))
+ errx(1, "couldn't arp for host %s",
+ libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
+ target++;
+ }
if (poison_reverse) {
- if (!arp_find(spoof_ip, &spoof_mac)) {
+ if (!arp_find(spoof.ip, &spoof.mac)) {
errx(1, "couldn't arp for spoof host %s",
- libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE));
+ libnet_addr2name4(spoof.ip, LIBNET_DONT_RESOLVE));
}
}
@@ -228,12 +258,20 @@
signal(SIGTERM, cleanup);
for (;;) {
- arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
- (target_ip ? (u_int8_t *)&target_mac : NULL),
- target_ip);
- if (poison_reverse) {
- arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip);
+ if (!n_targets) {
+ arp_send(l, ARPOP_REPLY, my_ha, spoof.ip, brd_ha, 0, my_ha);
+ } else {
+ struct host *target = targets;
+ while(target->ip) {
+ arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
+ (target->ip ? (u_int8_t *)&target->mac : NULL),
+ target->ip);
+ if (poison_reverse) {
+ arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
+ }
+ target++;
}
+ }
sleep(2);
}

230
network/dsniff/patches/28_arpspoof-allow-selection-of-source-hw-address.patch Normal file
View File

@ -0,0 +1,230 @@
>From 21773ccf18a5fc49d35e510a8797b0a1e83858c4 Mon Sep 17 00:00:00 2001
From: Stefan Tomanek <stefan@pico.ruhr.de>
Date: Sun, 20 Nov 2011 21:32:53 +0100
Subject: [PATCH 3/3] arpspoof: allow selection of source hw address
In certain networks, sending with the wrong hardware source address can
jeopardize the network connection of the host running arpspoof. This
patch makes it possible to specify whether arpspoof should use the own
hardware address or the one of the real host when resetting the arp
table of the target systems; it is also possible to use both.
Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
---
arpspoof.8 | 9 +++++-
arpspoof.c | 90 ++++++++++++++++++++++++++++++++++++++++++-----------------
2 files changed, 72 insertions(+), 27 deletions(-)
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/arpspoof.8
+++ b/arpspoof.8
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
+\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-c \fIown|host|both\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
.SH DESCRIPTION
.ad
.fi
@@ -23,6 +23,13 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to use.
+.IP "\fB-c \fIown|host|both\fR"
+Specify which hardware address t use when restoring the arp configuration;
+while cleaning up, packets can be send with the own address as well as with
+the address of the host. Sending packets with a fake hw address can disrupt
+connectivity with certain switch/ap/bridge configurations, however it works
+more reliably than using the own address, which is the default way arpspoof
+cleans up afterwards.
.IP "\fB-t \fItarget\fR"
Specify a particular host to ARP poison (if not specified, all hosts
on the LAN). Repeat to specify multiple hosts.
--- a/arpspoof.c
+++ b/arpspoof.c
@@ -40,37 +40,36 @@
static char *intf;
static int poison_reverse;
+static uint8_t *my_ha = NULL;
+static uint8_t *brd_ha = "\xff\xff\xff\xff\xff\xff";
+
+static int cleanup_src_own = 1;
+static int cleanup_src_host = 0;
+
static void
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: arpspoof [-i interface] [-t target] [-r] host\n");
+ "Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host\n");
exit(1);
}
static int
-arp_send(libnet_t *l, int op, u_int8_t *sha,
- in_addr_t spa, u_int8_t *tha, in_addr_t tpa)
+arp_send(libnet_t *l, int op,
+ u_int8_t *sha, in_addr_t spa,
+ u_int8_t *tha, in_addr_t tpa,
+ u_int8_t *me)
{
int retval;
- if (sha == NULL &&
- (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
- return (-1);
- }
- if (spa == 0) {
- if ((spa = libnet_get_ipaddr4(l)) == -1)
- return (-1);
- }
- if (tha == NULL)
- tha = "\xff\xff\xff\xff\xff\xff";
-
+ if (!me) me = sha;
+
libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
tha, (u_int8_t *)&tpa, l);
- libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0);
+ libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0);
fprintf(stderr, "%s ",
- ether_ntoa((struct ether_addr *)sha));
+ ether_ntoa((struct ether_addr *)me));
if (op == ARPOP_REQUEST) {
fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
@@ -129,7 +128,7 @@
/* XXX - force the kernel to arp. feh. */
arp_force(ip);
#else
- arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip);
+ arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip, NULL);
#endif
sleep(1);
}
@@ -156,17 +155,23 @@
int fw = arp_find(spoof.ip, &spoof.mac);
int bw = poison_reverse && targets[0].ip && arp_find_all();
int i;
+ int rounds = (cleanup_src_own*5 + cleanup_src_host*5);
fprintf(stderr, "Cleaning up and re-arping targets...\n");
- for (i = 0; i < 5; i++) {
+ for (i = 0; i < rounds; i++) {
struct host *target = targets;
while(target->ip) {
+ uint8_t *src_ha = NULL;
+ if (cleanup_src_own && (i%2 || !cleanup_src_host)) {
+ src_ha = my_ha;
+ }
/* XXX - on BSD, requires ETHERSPOOF kernel. */
if (fw) {
arp_send(l, ARPOP_REPLY,
(u_int8_t *)&spoof.mac, spoof.ip,
- (target->ip ? (u_int8_t *)&target->mac : NULL),
- target->ip);
+ (target->ip ? (u_int8_t *)&target->mac : brd_ha),
+ target->ip,
+ src_ha);
/* we have to wait a moment before sending the next packet */
sleep(1);
}
@@ -174,7 +179,8 @@
arp_send(l, ARPOP_REPLY,
(u_int8_t *)&target->mac, target->ip,
(u_int8_t *)&spoof.mac,
- spoof.ip);
+ spoof.ip,
+ src_ha);
sleep(1);
}
target++;
@@ -193,6 +199,7 @@
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
int c;
int n_targets;
+ char *cleanup_src = NULL;
spoof.ip = 0;
intf = NULL;
@@ -202,7 +209,7 @@
/* allocate enough memory for target list */
targets = calloc( argc+1, sizeof(struct host) );
- while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
switch (c) {
case 'i':
intf = optarg;
@@ -214,6 +221,9 @@
case 'r':
poison_reverse = 1;
break;
+ case 'c':
+ cleanup_src = optarg;
+ break;
default:
usage();
}
@@ -229,6 +239,29 @@
usage();
}
+ if (!cleanup_src || strcmp(cleanup_src, "own")==0) { /* default! */
+ /* only use our own hw address when cleaning up,
+ * not jeopardizing any bridges on the way to our
+ * target
+ */
+ cleanup_src_own = 1;
+ cleanup_src_host = 0;
+ } else if (strcmp(cleanup_src, "host")==0) {
+ /* only use the target hw address when cleaning up;
+ * this can screw up some bridges and scramble access
+ * for our own host, however it resets the arp table
+ * more reliably
+ */
+ cleanup_src_own = 0;
+ cleanup_src_host = 1;
+ } else if (strcmp(cleanup_src, "both")==0) {
+ cleanup_src_own = 1;
+ cleanup_src_host = 1;
+ } else {
+ errx(1, "Invalid parameter to -c: use 'own' (default), 'host' or 'both'.");
+ usage();
+ }
+
if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
@@ -253,6 +286,10 @@
}
}
+ if ((my_ha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
+ errx(1, "Unable to determine own mac address");
+ }
+
signal(SIGHUP, cleanup);
signal(SIGINT, cleanup);
signal(SIGTERM, cleanup);
@@ -263,11 +300,12 @@
} else {
struct host *target = targets;
while(target->ip) {
- arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
- (target->ip ? (u_int8_t *)&target->mac : NULL),
- target->ip);
+ arp_send(l, ARPOP_REPLY, my_ha, spoof.ip,
+ (target->ip ? (u_int8_t *)&target->mac : brd_ha),
+ target->ip,
+ my_ha);
if (poison_reverse) {
- arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
+ arp_send(l, ARPOP_REPLY, my_ha, target->ip, (uint8_t *)&spoof.mac, spoof.ip, my_ha);
}
target++;
}

144
network/dsniff/patches/29_libnet_name2addr4.patch Normal file
View File

@ -0,0 +1,144 @@
Description: fixes possible segmentation faults of arpspoof, sshmitm, webmitm and
webspy if any non-resolving hostname is passed. Issue was introduced by
dsniff-2.4-libnet_11.patch; libnet_name_resolve() was replaced by libnet_name2addr4()
while there must be the structure libnet_t passed additionally. And if that structure is not initialized
using libnet_init() and the passed name can't be resolved (like "192.168.2."), it
causes a snprintf() to NULL and thus the segmentation fault. Note that macof isn't
affected as no resolving was involved here ever.
Author: Robert Scheck <robert@fedoraproject.org>
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1009879
Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-libnet_name2addr4.patch
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/sshmitm.c
+++ b/sshmitm.c
@@ -45,6 +45,8 @@
struct sockaddr_in csin, ssin;
int sig_pipe[2];
+static libnet_t *l;
+
static void
usage(void)
{
@@ -364,6 +366,7 @@
u_long ip;
u_short lport, rport;
int c;
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
lport = rport = 22;
@@ -390,12 +393,15 @@
if (argc < 1)
usage();
- if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1)
- usage();
-
if (argc == 2 && (rport = atoi(argv[1])) == 0)
usage();
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
+
+ if ((ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ usage();
+
record_init(NULL);
mitm_init(lport, ip, rport);
--- a/webmitm.c
+++ b/webmitm.c
@@ -47,6 +47,8 @@
int do_ssl, sig_pipe[2];
in_addr_t static_host = 0;
+static libnet_t *l;
+
extern int decode_http(char *, int, char *, int);
static void
@@ -242,7 +244,7 @@
word = buf_tok(&msg, "/", 1);
vhost = buf_strdup(word);
}
- ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1);
+ ssin.sin_addr.s_addr = libnet_name2addr4(l, vhost, LIBNET_RESOLVE);
free(vhost);
if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) ||
@@ -496,6 +498,7 @@
extern char *optarg;
extern int optind;
int c;
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
while ((c = getopt(argc, argv, "dh?V")) != -1) {
switch (c) {
@@ -509,8 +512,11 @@
argc -= optind;
argv += optind;
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
+
if (argc == 1) {
- if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
+ if ((static_host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
}
else if (argc != 0) usage();
--- a/webspy.c
+++ b/webspy.c
@@ -33,6 +33,7 @@
extern int mozilla_remote_commands (Display *, Window, char **);
char *expected_mozilla_version = "4.7";
char *progname = "webspy";
+static libnet_t *l;
Display *dpy;
char cmd[2048], *cmdtab[2];
@@ -183,6 +184,7 @@
extern char *optarg;
extern int optind;
int c;
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
switch (c) {
@@ -205,7 +207,10 @@
cmdtab[0] = cmd;
cmdtab[1] = NULL;
- if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
+
+ if ((host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
errx(1, "unknown host");
if ((dpy = XOpenDisplay(NULL)) == NULL)
--- a/arpspoof.c
+++ b/arpspoof.c
@@ -208,6 +208,10 @@
/* allocate enough memory for target list */
targets = calloc( argc+1, sizeof(struct host) );
+
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
+
while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
switch (c) {
@@ -265,6 +269,8 @@
if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
+ libnet_destroy(l);
+
if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
errx(1, "%s", pcap_ebuf);

19
network/dsniff/patches/30_pntohl_shift.patch Normal file
View File

@ -0,0 +1,19 @@
Description: Corrects the incorrect bit-shift in pntohl(), the left-shift should be 8 bits, not 18.
Author: Matthew Boyle <mlb@decisionsoft.co.uk>
Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-pntohl_shift.patch
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=714958
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=850496
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/decode.h
+++ b/decode.h
@@ -35,7 +35,7 @@
(u_short)*((u_char *)p+0)<<8))
#define pntohl(p) ((u_int32_t)*((u_char *)p+3)<<0| \
- (u_int32_t)*((u_char *)p+2)<<18| \
+ (u_int32_t)*((u_char *)p+2)<<8| \
(u_int32_t)*((u_char *)p+1)<<16| \
(u_int32_t)*((u_char *)p+0)<<24)

31
network/dsniff/patches/31_sysconf_clocks.patch Normal file
View File

@ -0,0 +1,31 @@
Description: Adds a clock fix. It was improved by Robert Scheck <robert@fedoraproject.org>
to work with older Linux kernel versions, too.
Author: <kees@ubuntu.com>
Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-sysconf_clocks.patch
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/sshow.c
+++ b/sshow.c
@@ -217,7 +217,9 @@
{
clock_t delay;
int payload;
- long CLK_TCK= sysconf(_SC_CLK_TCK);
+#if defined(_SC_CLK_TCK)
+ long CLK_TCK = sysconf(_SC_CLK_TCK);
+#endif
delay = add_history(session, 0, cipher_size, plain_range);
@@ -266,7 +268,9 @@
clock_t delay;
int skip;
range string_range;
- long CLK_TCK= sysconf(_SC_CLK_TCK);
+#if defined(_SC_CLK_TCK)
+ long CLK_TCK = sysconf(_SC_CLK_TCK);
+#endif
delay = add_history(session, 1, cipher_size, plain_range);

19
network/dsniff/patches/32_rpc_segfault.patch Normal file
View File

@ -0,0 +1,19 @@
Description: avoids xdrs being used without being initialised first. Without this
patch dsniff segfaults when decoding RPC packets on x86_64.
Author: Matthew Boyle <mlb@decisionsoft.co.uk>
Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-rpc_segfault.patch
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/rpc.c
+++ b/rpc.c
@@ -125,6 +125,9 @@
return (0);
}
}
+ else
+ return (0);
+
stat = xdr_getpos(&xdrs);
xdr_destroy(&xdrs);

65
network/dsniff/patches/33_sshcrypto_DES.patch Normal file
View File

@ -0,0 +1,65 @@
Description: improves 18_sshcrypto.patch
- Replace all des_ methods and structs with DES_ equivalents.
- Remove openssl/des_old.h include.
- Register dependencies on OpenSSL, glib20 and gettext.
Author: jca
Origin: OpenBSD
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/sshcrypto.c
+++ b/sshcrypto.c
@@ -30,8 +30,8 @@
#if 0
struct des3_state {
- des_key_schedule k1, k2, k3;
- des_cblock iv1, iv2, iv3;
+ DES_key_schedule k1, k2, k3;
+ DES_cblock iv1, iv2, iv3;
};
#endif
@@ -162,13 +162,13 @@
if ((state = malloc(sizeof(*state))) == NULL)
err(1, "malloc");
- des_set_key((void *)sesskey, state->k1);
- des_set_key((void *)(sesskey + 8), state->k2);
+ DES_set_key((void *)sesskey, &state->k1);
+ DES_set_key((void *)(sesskey + 8), &state->k2);
if (len <= 16)
- des_set_key((void *)sesskey, state->k3);
+ DES_set_key((void *)sesskey, &state->k3);
else
- des_set_key((void *)(sesskey + 16), state->k3);
+ DES_set_key((void *)(sesskey + 16), &state->k3);
memset(state->iv1, 0, 8);
memset(state->iv2, 0, 8);
@@ -184,9 +184,9 @@
estate = (struct des3_state *)state;
memcpy(estate->iv1, estate->iv2, 8);
- des_ncbc_encrypt(src, dst, len, estate->k1, &estate->iv1, DES_ENCRYPT);
- des_ncbc_encrypt(dst, dst, len, estate->k2, &estate->iv2, DES_DECRYPT);
- des_ncbc_encrypt(dst, dst, len, estate->k3, &estate->iv3, DES_ENCRYPT);
+ DES_ncbc_encrypt(src, dst, len, &estate->k1, &estate->iv1, DES_ENCRYPT);
+ DES_ncbc_encrypt(dst, dst, len, &estate->k2, &estate->iv2, DES_DECRYPT);
+ DES_ncbc_encrypt(dst, dst, len, &estate->k3, &estate->iv3, DES_ENCRYPT);
}
void
@@ -197,8 +197,8 @@
dstate = (struct des3_state *)state;
memcpy(dstate->iv1, dstate->iv2, 8);
- des_ncbc_encrypt(src, dst, len, dstate->k3, &dstate->iv3, DES_DECRYPT);
- des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT);
- des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT);
+ DES_ncbc_encrypt(src, dst, len, &dstate->k3, &dstate->iv3, DES_DECRYPT);
+ DES_ncbc_encrypt(dst, dst, len, &dstate->k2, &dstate->iv2, DES_ENCRYPT);
+ DES_ncbc_encrypt(dst, dst, len, &dstate->k1, &dstate->iv1, DES_DECRYPT);
}
#endif

109
network/dsniff/patches/34_fix-parallel-FTBFS.patch Normal file
View File

@ -0,0 +1,109 @@
Description: Fix parallel FTBFS problems
* Add libmissing.a as a dependency to each of the PROGS to ensure it is
built before them.
* Ensure mount.h is created before decode_mountd.o gets built.
* Ensure nfs_prot.h is created before filesnarf.o gets built.
Author: Lukas Schwaighofer <lukas@schwaighofer.name>
Author: Adrian Bunk <bunk@debian.org>
Bug-Debian: https://bugs.debian.org/860611
Bug-Debian: https://bugs.debian.org/869086
--- a/Makefile.in
+++ b/Makefile.in
@@ -75,16 +75,28 @@
.c.o:
$(CC) $(CFLAGS) $(INCS) -c $(srcdir)/$*.c
-all: libmissing.a $(PROGS)
+all: $(PROGS)
-mount.c: mount.x
+mount.h: mount.x
rpcgen -h mount.x -o mount.h
+
+mount.c: mount.x
rpcgen -c mount.x -o mount.c
-nfs_prot.c: nfs_prot.x
+mount.o: mount.h
+
+decode_mountd.o: mount.h
+
+nfs_prot.h: nfs_prot.x
rpcgen -h nfs_prot.x -o nfs_prot.h
+
+nfs_prot.c: nfs_prot.x
rpcgen -c nfs_prot.x -o nfs_prot.c
+nfs_prot.o: nfs_prot.h
+
+filesnarf.o: nfs_prot.h
+
$(LIBOBJS):
$(CC) $(CFLAGS) $(INCS) -c $(srcdir)/missing/$*.c
@@ -92,49 +104,49 @@
ar -cr $@ $(LIBOBJS)
$(RANLIB) $@
-dsniff: $(HDRS) $(SRCS) $(OBJS)
+dsniff: $(HDRS) $(SRCS) $(OBJS) libmissing.a
$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB)
-arpspoof: arpspoof.o arp.o
+arpspoof: arpspoof.o arp.o libmissing.a
$(CC) $(LDFLAGS) -o $@ arpspoof.o arp.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-dnsspoof: dnsspoof.o pcaputil.o
+dnsspoof: dnsspoof.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ dnsspoof.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o
+filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o libmissing.a
$(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
-macof: macof.o
+macof: macof.o libmissing.a
$(CC) $(LDFLAGS) -o $@ macof.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-mailsnarf: mailsnarf.o buf.o pcaputil.o
+mailsnarf: mailsnarf.o buf.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ mailsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
-msgsnarf: msgsnarf.o buf.o pcaputil.o
+msgsnarf: msgsnarf.o buf.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ msgsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
-sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o
+sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o libmissing.a
$(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
-sshow: sshow.o pcaputil.o
+sshow: sshow.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ sshow.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
-tcpkill: tcpkill.o pcaputil.o
+tcpkill: tcpkill.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ tcpkill.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-tcpnice: tcpnice.o pcaputil.o
+tcpnice: tcpnice.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ tcpnice.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-tcphijack: tcphijack.o pcaputil.o
+tcphijack: tcphijack.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ tcphijack.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-urlsnarf: urlsnarf.o base64.o buf.o pcaputil.o
+urlsnarf: urlsnarf.o base64.o buf.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ urlsnarf.o base64.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
-webmitm: webmitm.o base64.o buf.o decode_http.o record.o
+webmitm: webmitm.o base64.o buf.o decode_http.o record.o libmissing.a
$(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
-webspy: webspy.o base64.o buf.o remote.o
+webspy: webspy.o base64.o buf.o remote.o libmissing.a
$(CC) $(LDFLAGS) -o $@ webspy.o base64.o buf.o remote.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(X11LIB)
install:

50
network/dsniff/patches/35_Add_CPPFLAGS.patch Normal file
View File

@ -0,0 +1,50 @@
Description: import CPPFLAGS in order to build an ELF binary that uses fortified libc functions. Now it is built with all default Debian compiler flags.
Author: Marcos Fouces <marcos.fouces@gmail.com>
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/Makefile.in
+++ b/Makefile.in
@@ -11,12 +11,13 @@
install_prefix =
prefix = @prefix@
exec_prefix = @exec_prefix@
-libdir = $(prefix)/share/dsniff
+libdir = @libdir@
sbindir = @sbindir@
mandir = @mandir@
CC = @CC@
CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\"
+CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
PCAPINC = @PCAPINC@
@@ -37,7 +38,8 @@
X11INC = @X_CFLAGS@
X11LIB = @X_LIBS@ @X_PRE_LIBS@ -lXmu -lX11 @X_EXTRA_LIBS@
-INCS = -I. $(X11INC) -I$(srcdir)/missing
+INCS = -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \
+ -I$(srcdir)/missing
LIBS = @LIBS@ -L$(srcdir) -lmissing
INSTALL = @INSTALL@
@@ -73,7 +75,7 @@
CONFIGS = dsniff.magic dsniff.services dnsspoof.hosts
.c.o:
- $(CC) $(CFLAGS) $(INCS) -c $(srcdir)/$*.c
+ $(CC) $(CFLAGS) $(CPPFLAGS) $(INCS) -c $(srcdir)/$*.c
all: $(PROGS)
@@ -98,7 +100,7 @@
filesnarf.o: nfs_prot.h
$(LIBOBJS):
- $(CC) $(CFLAGS) $(INCS) -c $(srcdir)/missing/$*.c
+ $(CC) $(CFLAGS) $(CPPFLAGS) $(INCS) -c $(srcdir)/missing/$*.c
libmissing.a: $(LIBOBJS)
ar -cr $@ $(LIBOBJS)

59
network/dsniff/patches/36_implicit_declarations.patch Normal file
View File

@ -0,0 +1,59 @@
Description: fix implicit declarations compiler warning
* switch to C99 uint64_t, remove now unnecessary xdr_u_int64_t function
* include missing string.h for memset
Author: Lukas Schwaighofer <lukas@schwaighofer.name>
--- a/filesnarf.c
+++ b/filesnarf.c
@@ -55,30 +55,6 @@
exit(1);
}
-/* XXX - for nfs_prot_xdr.c */
-bool_t
-xdr_u_int64_t(XDR *xdrs, u_int64_t *nump)
-{
- int i = 1;
- u_char *p = (u_char *)nump;
-
- if (*(char *)&i == 1) { /* endian haack. */
- if (xdr_u_long(xdrs, (u_long *)(p + 4)))
- return (xdr_u_long(xdrs, (u_long *)p));
- }
- else {
- if (xdr_u_long(xdrs, (u_long *)p))
- return (xdr_u_long(xdrs, (u_long *)(p + 4)));
- }
- return (FALSE);
-}
-
-bool_t
-xdr_int64_t(XDR *xdrs, int64_t *nump)
-{
- return (xdr_u_int64_t(xdrs, (u_int64_t *)nump));
-}
-
static void
fh_map_init(void)
{
--- a/nfs_prot.x
+++ b/nfs_prot.x
@@ -190,7 +190,7 @@
/*
* Basic data types
*/
-typedef u_int64_t uint64;
+typedef uint64_t uint64;
typedef int64_t int64;
typedef unsigned int uint32;
typedef int int32;
--- a/sshcrypto.c
+++ b/sshcrypto.c
@@ -20,6 +20,7 @@
#include <err.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include "sshcrypto.h"

14
network/dsniff/patches/37_fix-lib-and-share-dirs.patch Normal file
View File

@ -0,0 +1,14 @@
Description: Fix directory location for data files. They were wrongly set to lib dirs.
Author: Hank Leininger <hlein@korelogic.com>
--- a/Makefile.in
+++ b/Makefile.in
@@ -11,7 +11,7 @@
install_prefix =
prefix = @prefix@
exec_prefix = @exec_prefix@
-libdir = @libdir@
+libdir = $(prefix)/share/dsniff
sbindir = @sbindir@
mandir = @mandir@

63
network/dsniff/patches/38_fix-pcap_init.patch Normal file
View File

@ -0,0 +1,63 @@
Description: Resolve naming collision due to libpcap API changes
dsniff was written with a function named pcap_init() that predates
the one in libpcap and is entirely different. This patch renames it
out of the way.
Author: Dennis Filder <d.filder@web.de>
Bug-Debian: https://bugs.debian.org/980588
Last-Update: 2021-02-10
---
--- a/tcpnice.c
+++ b/tcpnice.c
@@ -204,7 +204,7 @@
filter = copy_argv(argv);
- if ((pd = pcap_init(intf, filter, 128)) == NULL)
+ if ((pd = pcap_init_dsniff(intf, filter, 128)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pd)) < 0)
--- a/dnsspoof.c
+++ b/dnsspoof.c
@@ -309,7 +309,7 @@
else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s",
libnet_addr2name4(lnet_ip, LIBNET_DONT_RESOLVE));
- if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL)
+ if ((pcap_pd = pcap_init_dsniff(dev, buf, 128)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pcap_pd)) < 0)
--- a/pcaputil.h
+++ b/pcaputil.h
@@ -11,7 +11,7 @@
#ifndef PCAPUTIL_H
#define PCAPUTIL_H
-pcap_t *pcap_init(char *intf, char *filter, int snaplen);
+pcap_t *pcap_init_dsniff(char *intf, char *filter, int snaplen);
int pcap_dloff(pcap_t *pd);
--- a/tcpkill.c
+++ b/tcpkill.c
@@ -130,7 +130,7 @@
filter = copy_argv(argv);
- if ((pd = pcap_init(intf, filter, 64)) == NULL)
+ if ((pd = pcap_init_dsniff(intf, filter, 64)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pd)) < 0)
--- a/pcaputil.c
+++ b/pcaputil.c
@@ -63,7 +63,7 @@
}
pcap_t *
-pcap_init(char *intf, char *filter, int snaplen)
+pcap_init_dsniff(char *intf, char *filter, int snaplen)
{
pcap_t *pd;
u_int net, mask;

51
network/dsniff/patches/39_libtirpc.patch Normal file
View File

@ -0,0 +1,51 @@
Author: Robert Scheck <robert@fedoraproject.org>
Description: allows building against libtirpc (as a separate library) given the Sun RPC
support in glibc has been deprecated for a long time.
--- a/Makefile.in
+++ b/Makefile.in
@@ -16,7 +16,7 @@
mandir = @mandir@
CC = @CC@
-CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\"
+CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\" -I/usr/include/tirpc
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
@@ -107,7 +107,7 @@
$(RANLIB) $@
dsniff: $(HDRS) $(SRCS) $(OBJS) libmissing.a
- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB)
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc
arpspoof: arpspoof.o arp.o libmissing.a
$(CC) $(LDFLAGS) -o $@ arpspoof.o arp.o $(LIBS) $(PCAPLIB) $(LNETLIB)
@@ -116,7 +116,7 @@
$(CC) $(LDFLAGS) -o $@ dnsspoof.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o libmissing.a
- $(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
+ $(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) -ltirpc
macof: macof.o libmissing.a
$(CC) $(LDFLAGS) -o $@ macof.o $(LIBS) $(PCAPLIB) $(LNETLIB)
@@ -128,7 +128,7 @@
$(CC) $(LDFLAGS) -o $@ msgsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o libmissing.a
- $(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
+ $(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc
sshow: sshow.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ sshow.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
@@ -146,7 +146,7 @@
$(CC) $(LDFLAGS) -o $@ urlsnarf.o base64.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
webmitm: webmitm.o base64.o buf.o decode_http.o record.o libmissing.a
- $(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
+ $(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc
webspy: webspy.o base64.o buf.o remote.o libmissing.a
$(CC) $(LDFLAGS) -o $@ webspy.o base64.o buf.o remote.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(X11LIB)