hijack.pm -- P.A.T.H hijacking stuff SYNOPSIS use hijack; use NET::PcapUtils; Net::PcapUtils::loop(\&sniffit, PROMISC => 1, FILTER => 'tcp and port 23', DEV => 'eth0'); sub sniffit { unless(defined $connection) { $connection = hijack->new($packet); } if($connection->is_established) { if( ($connection->check($packet)) && ($connection->check_port($packet,23,0)) ) { $connection->update($packet); $connection->reset('rst'); } } } DESCRIPTION This module contains all the hijacking stuff of the P.A.T.H project. It supports stateful and stateless hijacking, connection resetting, packet infiltration and more. Per default the module runs in stateless mode. If you want to run it in stateful mode use the stateful() method first. Please note that this module can only handle *one* connection in *one* object so if you want to handle more than one connection you have to store one hijack object per connection in an array or something like that. Maybe this will change in the future... Who knows? ;) METHODS new check check_port check_ip check_flag stateful stateless set_server_seq server_seq set_client_seq client_seq is_established update update_seq is_hijackable is_hijacked hijacked unset_hijacked infiltrate greet_client reset create_packet DESCRIPTION OF METHODS new() $connection = hijack->new($packet); This method create a new stateless hijack object. It takes a Net::PcapUtils packet object as parameter. check() $connection->check($packet); This method simply check if the packet has got the same source or destination port / ip as the last saved one. If you are running in stateful method it will check if the specified packet either comes from the client and is send to the server or the other way round. The method returns true if the packet belongs to "our" connection otherwise it will return false. check_port $connection->check_port($packet,src,dest); Check_port() checks if the packet has got the specified src and destination port. You can choose a 0 or NULL if the number of one port is of no interest for you. The method returns true if the specified ports are found in the packet otherwise it returns false. check_ip $connection->check_ip($packet,src,dest); The same as check_port(), but checks the ips... check_flag $connection.>check_flag($packet,$flag); Check if the given flag is set in the TCP header of the passed packet. If the flag is set this method returns true otherwise it returns false. stateful $connection->stateful($packet,[server|client]); This method takes two options: A Net::PcapUtils packet object A direction: server or client Now the module can distinguish between a client and a server module. You can check the dicrection of the captured packet with the check_port() method. stateless $connection->stateless(); This method tells the module that we dont want to run in stateful mode any more. set_server_seq() $connection->set_server_seq($packet); Save the sequence and acknowledgement number in the packet as server seq and ack. There is also a set_client_seq method. server_seq() $connection->server_seq() Returns true if the server sequence and acknowledgment number is known. There is also a client_seq method. This method does only make sense if you are running in stateful mode! update() $connection->update($packet); This method updates connection information in stateless connection hijacking. Use update_seq if you only want to update the sequence and acknowledgement numbers. is_hijackable() $connection->is_hijackable(); Returns true if you can sniff the sequence and acknowledgement numbers. is_hijacked $connection->is_hijacked(); Remember that you have already hijacked the connection. Use the hijacked() method to check if a connection was marked as hijacked before. unset_hijacked $connection->unset_hijacked($src_ip,$dst_ip); Remove the specified source and destination ip from the hijacked array so we can hijack the connection again. If no parameter is specified all hijacked connection are deleted! infiltrate() $connection->infiltrate($command); This method will send a spoofed packet from the client to the server with the specified payload. In stateful mode this method injects the command to the server otherwise to the last specified destination ip and port. greet_client() $connection->greet_client("Hello lamer! Nice weather outside! =)"); Use this method if you want to send a message to the client. This method can only be used in the stateful method. reset() $connection->reset($flag,$direction); The first parameter to pass is a reset flag (RST|FIN) the second one is only necessary in stateful mode and tells the target direction (client|server) create_packet() $packet = $connection->create_packet($cfg); This methods takes a config object to create and return a Net::RawIP packet object. See config module documentation for more information. BUGS Debug the following methods: logged_in AUTHOR Bastian Ballmann [ bytebeater@crazydj.de ] http://www.crazydj.de COPYRIGHT This module is free software. Its licensed under the GPL.