rpms/dsniff
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f37-riscv64
rpms:f37
rpms:main
rpms:f36
rpms:epel9
rpms:f35
rpms:f34
rpms:epel8
rpms:epel7
rpms:f33
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:el5
rpms:el6
rpms:f24
rpms:f25
rpms:f26
rpms:f23
rpms:f21
rpms:f22
rpms:f18
rpms:f19
rpms:f20
rpms:f16
rpms:f17
rpms:f15
rpms:f11
rpms:f14
rpms:f9
rpms:f10
rpms:f12
rpms:el4
rpms:f13
rpms:f7
rpms:f8
rpms:dsniff-2_4-0_9_b1_el6
rpms:dsniff-2_4-0_9_b1_fc13
rpms:dsniff-2_4-0_9_b1_fc12
rpms:EL-6-start
rpms:EL-6-split
rpms:dsniff-2_4-0_9_b1_fc11
rpms:dsniff-2_4-0_9_b1_fc14
rpms:dsniff-2_4-0_9_b1_el5
rpms:dsniff-2_4-0_9_b1_el4
rpms:dsniff-2_4-0_8_b1_fc13
rpms:dsniff-2_4-0_8_b1_fc12
rpms:dsniff-2_4-0_8_b1_fc11
rpms:F-13-start
rpms:F-13-split
rpms:dsniff-2_4-0_8_b1_el5
rpms:dsniff-2_4-0_8_b1_el4
rpms:dsniff-2_4-0_7_b1_fc12
rpms:F-12-start
rpms:F-12-split
rpms:dsniff-2_4-0_6_b1_fc12
rpms:dsniff-2_4-0_5_b1_fc12
rpms:dsniff-2_4-0_5_b1_fc11
rpms:F-11-start
rpms:F-11-split
rpms:dsniff-2_4-0_4_b1_fc11
rpms:dsniff-2_4-0_4_b1_fc10
rpms:F-10-start
rpms:F-10-split
rpms:dsniff-2_4-0_3_b1_fc10
rpms:dsniff-2_4-0_3_b1_fc9
rpms:dsniff-2_4-0_3_b1_fc8
rpms:dsniff-2_4-0_3_b1_fc7
rpms:dsniff-2_4-0_3_b1_el5
rpms:dsniff-2_4-0_3_b1_el4
rpms:dsniff-2_4-0_2_b1_fc9
rpms:F-9-start
rpms:F-9-split
rpms:dsniff-2_4-0_1_b1_fc9
rpms:dsniff-2_4-0_1_b1_fc8
rpms:dsniff-2_4-0_1_b1_fc7
rpms:dsniff-2_4-0_1_b1_el5
rpms:dsniff-2_4-0_1_b1_el4
rpms:F-8-start
rpms:F-8-split
rpms:F-7-start
rpms:F-7-split
rpms:EL-5-start
rpms:EL-5-split
rpms:EL-4-start
rpms:EL-4-split
..
compare: rpms:f11
Branches Tags
rpms:f37-riscv64
rpms:f37
rpms:main
rpms:rawhide
rpms:f36
rpms:epel9
rpms:f35
rpms:f34
rpms:epel8
rpms:epel7
rpms:f33
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:el5
rpms:el6
rpms:f24
rpms:f25
rpms:f26
rpms:f23
rpms:f21
rpms:f22
rpms:f18
rpms:f19
rpms:f20
rpms:f16
rpms:f17
rpms:f15
rpms:f11
rpms:f14
rpms:f9
rpms:f10
rpms:f12
rpms:el4
rpms:f13
rpms:f7
rpms:f8
rpms:dsniff-2_4-0_9_b1_el6
rpms:dsniff-2_4-0_9_b1_fc13
rpms:dsniff-2_4-0_9_b1_fc12
rpms:EL-6-start
rpms:EL-6-split
rpms:dsniff-2_4-0_9_b1_fc11
rpms:dsniff-2_4-0_9_b1_fc14
rpms:dsniff-2_4-0_9_b1_el5
rpms:dsniff-2_4-0_9_b1_el4
rpms:dsniff-2_4-0_8_b1_fc13
rpms:dsniff-2_4-0_8_b1_fc12
rpms:dsniff-2_4-0_8_b1_fc11
rpms:F-13-start
rpms:F-13-split
rpms:dsniff-2_4-0_8_b1_el5
rpms:dsniff-2_4-0_8_b1_el4
rpms:dsniff-2_4-0_7_b1_fc12
rpms:F-12-start
rpms:F-12-split
rpms:dsniff-2_4-0_6_b1_fc12
rpms:dsniff-2_4-0_5_b1_fc12
rpms:dsniff-2_4-0_5_b1_fc11
rpms:F-11-start
rpms:F-11-split
rpms:dsniff-2_4-0_4_b1_fc11
rpms:dsniff-2_4-0_4_b1_fc10
rpms:F-10-start
rpms:F-10-split
rpms:dsniff-2_4-0_3_b1_fc10
rpms:dsniff-2_4-0_3_b1_fc9
rpms:dsniff-2_4-0_3_b1_fc8
rpms:dsniff-2_4-0_3_b1_fc7
rpms:dsniff-2_4-0_3_b1_el5
rpms:dsniff-2_4-0_3_b1_el4
rpms:dsniff-2_4-0_2_b1_fc9
rpms:F-9-start
rpms:F-9-split
rpms:dsniff-2_4-0_1_b1_fc9
rpms:dsniff-2_4-0_1_b1_fc8
rpms:dsniff-2_4-0_1_b1_fc7
rpms:dsniff-2_4-0_1_b1_el5
rpms:dsniff-2_4-0_1_b1_el4
rpms:F-8-start
rpms:F-8-split
rpms:F-7-start
rpms:F-7-split
rpms:EL-5-start
rpms:EL-5-split
rpms:EL-4-start
rpms:EL-4-split

5 Commits
rawhide ... f11

Author SHA1 Message Date
Fedora Release Engineering
128e1a4e6a dist-git conversion 2010-07-28 13:17:05 +00:00
Robert Scheck
4974c2334f Rebuild against libnids 1.24 2010-03-30 19:47:29 +00:00
Robert Scheck
b347e79904 Added build requirement to libXmu-devel for webspy (#553230) 2010-01-08 00:26:29 +00:00
Bill Nottingham
213d6ecc59 Fix typo that causes a failure to update the common directory. (releng 
#2781)
 2009-11-26 01:25:32 +00:00
Jesse Keating
8788b3a7ec Initialize branch F-11 for dsniff 2009-04-15 06:05:46 +00:00
19 changed files with 47 additions and 1658 deletions
Show Stats Expand all files Collapse all files

218
dsniff-2.4-arpspoof_hwaddr.patch
View File

@ -1,218 +0,0 @@
Patch by Stefan Tomanek <stefan@pico.ruhr.de> for dsniff >= 2.4b1 to allow the
selection of source hw address.
In certain networks, sending with the wrong hardware source address can jeopardize
the network connection of the host running arpspoof. This patch makes it possible
to specify whether arpspoof should use the own hardware address or the one of the
real host when resetting the arp table of the target systems; it is also possible
to use both.
For some more information, please have a look to Debian bug ID #650752.
--- dsniff-2.4/arpspoof.8 2013-12-20 20:54:25.000000000 +0100
+++ dsniff-2.4/arpspoof.8.arpspoof_hwaddr 2013-12-20 20:55:19.000000000 +0100
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
+\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-c \fIown|host|both\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
.SH DESCRIPTION
.ad
.fi
@@ -23,6 +23,13 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to use.
+.IP "\fB-c \fIown|host|both\fR"
+Specify which hardware address t use when restoring the arp configuration;
+while cleaning up, packets can be send with the own address as well as with
+the address of the host. Sending packets with a fake hw address can disrupt
+connectivity with certain switch/ap/bridge configurations, however it works
+more reliably than using the own address, which is the default way arpspoof
+cleans up afterwards.
.IP "\fB-t \fItarget\fR"
Specify a particular host to ARP poison (if not specified, all hosts
on the LAN). Repeat to specify multiple hosts.
--- dsniff-2.4/arpspoof.c 2013-12-20 20:54:25.000000000 +0100
+++ dsniff-2.4/arpspoof.c.arpspoof_hwaddr 2013-12-20 21:02:10.000000000 +0100
@@ -40,37 +40,36 @@
static char *intf;
static int poison_reverse;
+static uint8_t *my_ha = NULL;
+static uint8_t *brd_ha = "\xff\xff\xff\xff\xff\xff";
+
+static int cleanup_src_own = 1;
+static int cleanup_src_host = 0;
+
static void
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: arpspoof [-i interface] [-t target] [-r] host\n");
+ "Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host\n");
exit(1);
}
static int
-arp_send(libnet_t *l, int op, u_int8_t *sha,
- in_addr_t spa, u_int8_t *tha, in_addr_t tpa)
+arp_send(libnet_t *l, int op,
+ u_int8_t *sha, in_addr_t spa,
+ u_int8_t *tha, in_addr_t tpa,
+ u_int8_t *me)
{
int retval;
- if (sha == NULL &&
- (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
- return (-1);
- }
- if (spa == 0) {
- if ((spa = libnet_get_ipaddr4(l)) == -1)
- return (-1);
- }
- if (tha == NULL)
- tha = "\xff\xff\xff\xff\xff\xff";
+ if (!me) me = sha;
libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
tha, (u_int8_t *)&tpa, l);
- libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0);
+ libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0);
fprintf(stderr, "%s ",
- ether_ntoa((struct ether_addr *)sha));
+ ether_ntoa((struct ether_addr *)me));
if (op == ARPOP_REQUEST) {
fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
@@ -129,7 +128,7 @@
/* XXX - force the kernel to arp. feh. */
arp_force(ip);
#else
- arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip);
+ arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip, NULL);
#endif
sleep(1);
}
@@ -156,17 +155,22 @@
int fw = arp_find(spoof.ip, &spoof.mac);
int bw = poison_reverse && targets[0].ip && arp_find_all();
int i;
+ int rounds = (cleanup_src_own*5 + cleanup_src_host*5);
fprintf(stderr, "Cleaning up and re-arping targets...\n");
- for (i = 0; i < 5; i++) {
+ for (i = 0; i < rounds; i++) {
struct host *target = targets;
while(target->ip) {
+ uint8_t *src_ha = NULL;
+ if (cleanup_src_own && (i%2 || !cleanup_src_host)) {
+ src_ha = my_ha;
+ }
/* XXX - on BSD, requires ETHERSPOOF kernel. */
if (fw) {
arp_send(l, ARPOP_REPLY,
(u_int8_t *)&spoof.mac, spoof.ip,
- (target->ip ? (u_int8_t *)&target->mac : NULL),
- target->ip);
+ (target->ip ? (u_int8_t *)&target->mac : brd_ha),
+ target->ip, src_ha);
/* we have to wait a moment before sending the next packet */
sleep(1);
}
@@ -174,7 +178,7 @@
arp_send(l, ARPOP_REPLY,
(u_int8_t *)&target->mac, target->ip,
(u_int8_t *)&spoof.mac,
- spoof.ip);
+ spoof.ip, src_ha);
sleep(1);
}
target++;
@@ -193,6 +197,7 @@
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
int c;
int n_targets;
+ char *cleanup_src = NULL;
spoof.ip = 0;
intf = NULL;
@@ -202,7 +207,7 @@
/* allocate enough memory for target list */
targets = calloc( argc+1, sizeof(struct host) );
- while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
switch (c) {
case 'i':
intf = optarg;
@@ -214,6 +219,9 @@
case 'r':
poison_reverse = 1;
break;
+ case 'c':
+ cleanup_src = optarg;
+ break;
default:
usage();
}
@@ -229,6 +237,29 @@
usage();
}
+ if (!cleanup_src || strcmp(cleanup_src, "own") == 0) { /* default! */
+ /* only use our own hw address when cleaning up,
+ * not jeopardizing any bridges on the way to our
+ * target
+ */
+ cleanup_src_own = 1;
+ cleanup_src_host = 0;
+ } else if (strcmp(cleanup_src, "host") == 0) {
+ /* only use the target hw address when cleaning up;
+ * this can screw up some bridges and scramble access
+ * for our own host, however it resets the arp table
+ * more reliably
+ */
+ cleanup_src_own = 0;
+ cleanup_src_host = 1;
+ } else if (strcmp(cleanup_src, "both") == 0) {
+ cleanup_src_own = 1;
+ cleanup_src_host = 1;
+ } else {
+ errx(1, "Invalid parameter to -c: use 'own' (default), 'host' or 'both'.");
+ usage();
+ }
+
if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
@@ -253,6 +284,10 @@
}
}
+ if ((my_ha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
+ errx(1, "Unable to determine own mac address");
+ }
+
signal(SIGHUP, cleanup);
signal(SIGINT, cleanup);
signal(SIGTERM, cleanup);
@@ -260,11 +295,11 @@
for (;;) {
struct host *target = targets;
while(target->ip) {
- arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
- (target->ip ? (u_int8_t *)&target->mac : NULL),
- target->ip);
+ arp_send(l, ARPOP_REPLY, my_ha, spoof.ip,
+ (target->ip ? (u_int8_t *)&target->mac : brd_ha),
+ target->ip, my_ha);
if (poison_reverse) {
- arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
+ arp_send(l, ARPOP_REPLY, my_ha, target->ip, (uint8_t *)&spoof.mac, spoof.ip, my_ha);
}
target++;
}

186
dsniff-2.4-arpspoof_multiple.patch
View File

@ -1,186 +0,0 @@
Patch by Stefan Tomanek <stefan@pico.ruhr.de> for dsniff >= 2.4b1 to allow the use
of of multiple targets. For some more information, please have a look to Debian bug
ID #650751.
--- dsniff-2.4/arpspoof.8 2013-12-20 20:40:36.000000000 +0100
+++ dsniff-2.4/arpspoof.8.arpspoof_multiple 2013-12-20 20:41:45.000000000 +0100
@@ -25,7 +25,7 @@
Specify the interface to use.
.IP "\fB-t \fItarget\fR"
Specify a particular host to ARP poison (if not specified, all hosts
-on the LAN).
+on the LAN). Repeat to specify multiple hosts.
.IP "\fB\-r\fR"
Poison both hosts (host and target) to capture traffic in both directions.
(only valid in conjuntion with \-t)
--- dsniff-2.4/arpspoof.c 2013-12-20 20:40:36.000000000 +0100
+++ dsniff-2.4/arpspoof.c.arpspoof_multiple 2013-12-20 20:50:34.000000000 +0100
@@ -27,11 +27,16 @@
#include "arp.h"
#include "version.h"
+struct host {
+ in_addr_t ip;
+ struct ether_addr mac;
+};
+
extern char *ether_ntoa(struct ether_addr *);
static libnet_t *l;
-static struct ether_addr spoof_mac, target_mac;
-static in_addr_t spoof_ip, target_ip;
+static struct host spoof = {0};
+static struct host *targets;
static char *intf;
static int poison_reverse;
@@ -133,30 +138,46 @@
return (0);
}
+static int arp_find_all() {
+ struct host *target = targets;
+ while(target->ip) {
+ if (arp_find(target->ip, &target->mac)) {
+ return 1;
+ }
+ target++;
+ }
+
+ return 0;
+}
+
static void
cleanup(int sig)
{
- int fw = arp_find(spoof_ip, &spoof_mac);
- int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac);
+ int fw = arp_find(spoof.ip, &spoof.mac);
+ int bw = poison_reverse && targets[0].ip && arp_find_all();
int i;
fprintf(stderr, "Cleaning up and re-arping targets...\n");
for (i = 0; i < 5; i++) {
- /* XXX - on BSD, requires ETHERSPOOF kernel. */
- if (fw) {
- arp_send(l, ARPOP_REPLY,
- (u_int8_t *)&spoof_mac, spoof_ip,
- (target_ip ? (u_int8_t *)&target_mac : NULL),
- target_ip);
- /* we have to wait a moment before sending the next packet */
- sleep(1);
- }
- if (bw) {
- arp_send(l, ARPOP_REPLY,
- (u_int8_t *)&target_mac, target_ip,
- (u_int8_t *)&spoof_mac,
- spoof_ip);
- sleep(1);
+ struct host *target = targets;
+ while(target->ip) {
+ /* XXX - on BSD, requires ETHERSPOOF kernel. */
+ if (fw) {
+ arp_send(l, ARPOP_REPLY,
+ (u_int8_t *)&spoof.mac, spoof.ip,
+ (target->ip ? (u_int8_t *)&target->mac : NULL),
+ target->ip);
+ /* we have to wait a moment before sending the next packet */
+ sleep(1);
+ }
+ if (bw) {
+ arp_send(l, ARPOP_REPLY,
+ (u_int8_t *)&target->mac, target->ip,
+ (u_int8_t *)&spoof.mac,
+ spoof.ip);
+ sleep(1);
+ }
+ target++;
}
}
@@ -171,10 +192,15 @@
char pcap_ebuf[PCAP_ERRBUF_SIZE];
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
int c;
+ int n_targets;
+ spoof.ip = 0;
intf = NULL;
- spoof_ip = target_ip = 0;
poison_reverse = 0;
+ n_targets = 0;
+
+ /* allocate enough memory for target list */
+ targets = calloc( argc+1, sizeof(struct host) );
while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
switch (c) {
@@ -182,7 +208,7 @@
intf = optarg;
break;
case 't':
- if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
+ if ((targets[n_targets++].ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
usage();
break;
case 'r':
@@ -198,12 +224,12 @@
if (argc != 1)
usage();
- if (poison_reverse && !target_ip) {
+ if (poison_reverse && !n_targets) {
errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t).");
usage();
}
- if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
@@ -212,14 +238,18 @@
if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
errx(1, "%s", libnet_ebuf);
- if (target_ip != 0 && !arp_find(target_ip, &target_mac))
- errx(1, "couldn't arp for host %s",
- libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
+ struct host *target = targets;
+ while(target->ip) {
+ if (target->ip != 0 && !arp_find(target->ip, &target->mac))
+ errx(1, "couldn't arp for host %s",
+ libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
+ target++;
+ }
if (poison_reverse) {
- if (!arp_find(spoof_ip, &spoof_mac)) {
+ if (!arp_find(spoof.ip, &spoof.mac)) {
errx(1, "couldn't arp for spoof host %s",
- libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE));
+ libnet_addr2name4(spoof.ip, LIBNET_DONT_RESOLVE));
}
}
@@ -228,11 +258,15 @@
signal(SIGTERM, cleanup);
for (;;) {
- arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
- (target_ip ? (u_int8_t *)&target_mac : NULL),
- target_ip);
- if (poison_reverse) {
- arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip);
+ struct host *target = targets;
+ while(target->ip) {
+ arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
+ (target->ip ? (u_int8_t *)&target->mac : NULL),
+ target->ip);
+ if (poison_reverse) {
+ arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
+ }
+ target++;
}
sleep(2);
}

142
dsniff-2.4-arpspoof_reverse.patch
View File

@ -1,142 +0,0 @@
Patch by Stefan Tomanek <stefan@pico.ruhr.de> for dsniff >= 2.4b1 to add add -r
switch to poison both directions. For some more information, please have a look to
Debian bug ID #650749.
--- dsniff-2.4/arpspoof.8 2000-11-28 08:43:43.000000000 +0100
+++ dsniff-2.4/arpspoof.8.arpspoof_reverse 2013-12-20 20:27:49.000000000 +0100
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] \fIhost\fR
+\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
.SH DESCRIPTION
.ad
.fi
@@ -26,6 +26,9 @@
.IP "\fB-t \fItarget\fR"
Specify a particular host to ARP poison (if not specified, all hosts
on the LAN).
+.IP "\fB\-r\fR"
+Poison both hosts (host and target) to capture traffic in both directions.
+(only valid in conjuntion with \-t)
.IP \fIhost\fR
Specify the host you wish to intercept packets for (usually the local
gateway).
--- dsniff-2.4/arpspoof.c 2013-12-20 20:25:04.000000000 +0100
+++ dsniff-2.4/arpspoof.c.arpspoof_reverse 2013-12-20 20:34:31.000000000 +0100
@@ -7,6 +7,8 @@
* Copyright (c) 1999 Dug Song <dugsong@monkey.org>
*
* $Id: arpspoof.c,v 1.5 2001/03/15 08:32:58 dugsong Exp $
+ *
+ * Improved 2011 by Stefan Tomanek <stefa@pico.ruhr.de>
*/
#include "config.h"
@@ -31,12 +33,13 @@
static struct ether_addr spoof_mac, target_mac;
static in_addr_t spoof_ip, target_ip;
static char *intf;
+static int poison_reverse;
static void
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: arpspoof [-i interface] [-t target] host\n");
+ "Usage: arpspoof [-i interface] [-t target] [-r] host\n");
exit(1);
}
@@ -133,18 +136,30 @@
static void
cleanup(int sig)
{
+ int fw = arp_find(spoof_ip, &spoof_mac);
+ int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac);
int i;
- if (arp_find(spoof_ip, &spoof_mac)) {
- for (i = 0; i < 3; i++) {
- /* XXX - on BSD, requires ETHERSPOOF kernel. */
+ fprintf(stderr, "Cleaning up and re-arping targets...\n");
+ for (i = 0; i < 5; i++) {
+ /* XXX - on BSD, requires ETHERSPOOF kernel. */
+ if (fw) {
arp_send(l, ARPOP_REPLY,
(u_int8_t *)&spoof_mac, spoof_ip,
(target_ip ? (u_int8_t *)&target_mac : NULL),
target_ip);
+ /* we have to wait a moment before sending the next packet */
+ sleep(1);
+ }
+ if (bw) {
+ arp_send(l, ARPOP_REPLY,
+ (u_int8_t *)&target_mac, target_ip,
+ (u_int8_t *)&spoof_mac,
+ spoof_ip);
sleep(1);
}
}
+
exit(0);
}
@@ -159,8 +174,9 @@
intf = NULL;
spoof_ip = target_ip = 0;
+ poison_reverse = 0;
- while ((c = getopt(argc, argv, "i:t:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
switch (c) {
case 'i':
intf = optarg;
@@ -169,6 +185,9 @@
if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
usage();
break;
+ case 'r':
+ poison_reverse = 1;
+ break;
default:
usage();
}
@@ -179,6 +198,11 @@
if (argc != 1)
usage();
+ if (poison_reverse && !target_ip) {
+ errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t).");
+ usage();
+ }
+
if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
@@ -192,6 +216,13 @@
errx(1, "couldn't arp for host %s",
libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
+ if (poison_reverse) {
+ if (!arp_find(spoof_ip, &spoof_mac)) {
+ errx(1, "couldn't arp for spoof host %s",
+ libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE));
+ }
+ }
+
signal(SIGHUP, cleanup);
signal(SIGINT, cleanup);
signal(SIGTERM, cleanup);
@@ -200,6 +231,9 @@
arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
(target_ip ? (u_int8_t *)&target_mac : NULL),
target_ip);
+ if (poison_reverse) {
+ arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip);
+ }
sleep(2);
}
/* NOTREACHED */

2
dsniff-2.4-fedora_dirs.patch
View File

@ -18,7 +18,7 @@ various paths for the Fedora directory structure.
-INCS = -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \
- -I$(srcdir)/missing
+INCS = -I. $(X11INC) $(SSLINC) -I$(srcdir)/missing
+INCS = -I. $(X11INC) -I$(srcdir)/missing
LIBS = @LIBS@ -L$(srcdir) -lmissing
INSTALL = @INSTALL@

140
dsniff-2.4-libnet_name2addr4.patch
View File

@ -1,140 +0,0 @@
Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1 which fixes
possible segmentation faults of arpspoof, sshmitm, webmitm and webspy if any non-
resolving hostname is passed. Issue was introduced by dsniff-2.4-libnet_11.patch;
libnet_name_resolve() was replaced by libnet_name2addr4() while there must be the
structure libnet_t passed additionally. And if that structure is not initialized
using libnet_init() and the passed name can't be resolved (like "192.168.2."), it
causes a snprintf() to NULL and thus the segmentation fault. Note that macof isn't
affected as no resolving was involved here ever. Please also have a look to Red Hat
Bugzilla ID #1009879 for further information.
--- dsniff-2.4/sshmitm.c 2013-12-20 21:19:58.000000000 +0100
+++ dsniff-2.4/sshmitm.c.libnet_name2addr4 2013-12-20 21:29:44.000000000 +0100
@@ -45,6 +45,8 @@
struct sockaddr_in csin, ssin;
int sig_pipe[2];
+static libnet_t *l;
+
static void
usage(void)
{
@@ -364,6 +366,7 @@
u_long ip;
u_short lport, rport;
int c;
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
lport = rport = 22;
@@ -390,12 +393,15 @@
if (argc < 1)
usage();
- if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1)
- usage();
-
if (argc == 2 && (rport = atoi(argv[1])) == 0)
usage();
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
+
+ if ((ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ usage();
+
record_init(NULL);
mitm_init(lport, ip, rport);
--- dsniff-2.4/webmitm.c 2013-12-20 21:19:58.000000000 +0100
+++ dsniff-2.4/webmitm.c.libnet_name2addr4 2013-12-20 21:40:09.000000000 +0100
@@ -47,6 +47,8 @@
int do_ssl, sig_pipe[2];
in_addr_t static_host = 0;
+static libnet_t *l;
+
extern int decode_http(char *, int, char *, int);
static void
@@ -242,7 +244,7 @@
word = buf_tok(&msg, "/", 1);
vhost = buf_strdup(word);
}
- ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1);
+ ssin.sin_addr.s_addr = libnet_name2addr4(l, vhost, LIBNET_RESOLVE);
free(vhost);
if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) ||
@@ -496,6 +498,7 @@
extern char *optarg;
extern int optind;
int c;
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
while ((c = getopt(argc, argv, "dh?V")) != -1) {
switch (c) {
@@ -509,8 +512,11 @@
argc -= optind;
argv += optind;
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
+
if (argc == 1) {
- if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
+ if ((static_host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
}
else if (argc != 0) usage();
--- dsniff-2.4/webspy.c 2013-12-20 21:19:58.000000000 +0100
+++ dsniff-2.4/webspy.c.libnet_name2addr4 2013-12-20 21:45:57.000000000 +0100
@@ -33,6 +33,7 @@
extern int mozilla_remote_commands (Display *, Window, char **);
char *expected_mozilla_version = "4.7";
char *progname = "webspy";
+static libnet_t *l;
Display *dpy;
char cmd[2048], *cmdtab[2];
@@ -183,6 +184,7 @@
extern char *optarg;
extern int optind;
int c;
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
switch (c) {
@@ -205,7 +207,10 @@
cmdtab[0] = cmd;
cmdtab[1] = NULL;
- if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
+
+ if ((host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
errx(1, "unknown host");
if ((dpy = XOpenDisplay(NULL)) == NULL)
--- dsniff-2.4/arpspoof.c 2013-12-20 22:00:53.000000000 +0100
+++ dsniff-2.4/arpspoof.c.libnet_name2addr4 2013-12-20 22:00:38.000000000 +0100
@@ -207,6 +207,9 @@
/* allocate enough memory for target list */
targets = calloc( argc+1, sizeof(struct host) );
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+ errx(1, "%s", libnet_ebuf);
+
while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
switch (c) {
case 'i':
@@ -263,6 +266,8 @@
if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
+ libnet_destroy(l);
+
if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
errx(1, "%s", pcap_ebuf);

51
dsniff-2.4-libtirpc.patch
View File

@ -1,51 +0,0 @@
Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1 which
allows building against libtirpc (as a separate library) given the Sun RPC
support in glibc has been deprecated for a long time.
--- dsniff-2.4/Makefile.in 2018-05-26 22:04:34.809966900 +0200
+++ dsniff-2.4/Makefile.in.libtirpc 2018-05-27 02:56:31.149313503 +0200
@@ -16,7 +16,7 @@
mandir = @mandir@
CC = @CC@
-CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\"
+CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\" -I/usr/include/tirpc
LDFLAGS = @LDFLAGS@
PCAPINC = @PCAPINC@
@@ -93,7 +93,7 @@
$(RANLIB) $@
dsniff: $(HDRS) $(SRCS) $(OBJS) libmissing.a
- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB)
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc
arpspoof: arpspoof.o arp.o libmissing.a
$(CC) $(LDFLAGS) -o $@ arpspoof.o arp.o $(LIBS) $(PCAPLIB) $(LNETLIB)
@@ -102,7 +102,7 @@
$(CC) $(LDFLAGS) -o $@ dnsspoof.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o libmissing.a
- $(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
+ $(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) -ltirpc
macof: macof.o libmissing.a
$(CC) $(LDFLAGS) -o $@ macof.o $(LIBS) $(PCAPLIB) $(LNETLIB)
@@ -114,7 +114,7 @@
$(CC) $(LDFLAGS) -o $@ msgsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o libmissing.a
- $(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
+ $(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc
sshow: sshow.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ sshow.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
@@ -132,7 +132,7 @@
$(CC) $(LDFLAGS) -o $@ urlsnarf.o base64.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
webmitm: webmitm.o base64.o buf.o decode_http.o record.o libmissing.a
- $(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
+ $(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc
webspy: webspy.o base64.o buf.o remote.o libmissing.a
$(CC) $(LDFLAGS) -o $@ webspy.o base64.o buf.o remote.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(X11LIB)

73
dsniff-2.4-link_layer_offset.patch
View File

@ -1,73 +0,0 @@
Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1, that
adds further link layer offsets; inspirated from the original DLT_LINUX_SLL
patch by Roland Kletzing <devzero@web.de>. This patch supersedes the Debian
patch by Joerg Dorchain <joerg@dorchain.net> which adds tcpkill support for
handling PPP interfaces. So for some further information, please also have
a look to Debian bug ID #572516.
--- dsniff-2.4/pcaputil.c 2001-03-15 09:33:04.000000000 +0100
+++ dsniff-2.4/pcaputil.c.ll_offset 2011-10-09 17:13:01.000000000 +0200
@@ -46,12 +46,63 @@
case DLT_FDDI:
offset = 21;
break;
+#ifdef __amigaos__
+ case DLT_MIAMI:
+ offset = 16;
+ break;
+#endif
+ case DLT_RAW:
#ifdef DLT_LOOP
case DLT_LOOP:
#endif
case DLT_NULL:
offset = 4;
break;
+ case DLT_SLIP:
+#ifdef DLT_SLIP_BSDOS
+ case DLT_SLIP_BSDOS:
+#endif
+#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__)
+ offset = 16;
+#else
+ offset = 24;
+#endif
+ break;
+ case DLT_PPP:
+#ifdef DLT_PPP_BSDOS
+ case DLT_PPP_BSDOS:
+#endif
+#ifdef DLT_PPP_SERIAL
+ case DLT_PPP_SERIAL:
+#endif
+#ifdef DLT_PPP_ETHER
+ case DLT_PPP_ETHER:
+#endif
+#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__)
+ offset = 4;
+#else
+#if defined(sun) || defined(__sun)
+ offset = 8;
+#else
+ offset = 24;
+#endif
+#endif
+ break;
+#ifdef DLT_ENC
+ case DLT_ENC:
+ offset = 12;
+ break;
+#endif
+#ifdef DLT_LINUX_SLL
+ case DLT_LINUX_SLL:
+ offset = 16;
+ break;
+#endif
+#ifdef DLT_IPNET
+ case DLT_IPNET:
+ offset = 24;
+ break;
+#endif
default:
warnx("unsupported datalink type");
break;

122
dsniff-2.4-modernize_pop.patch
View File

@ -1,122 +0,0 @@
Patch by Stefan Tomanek <stefan@pico.ruhr.de> for dsniff >= 2.4b1 to rewrite and
modernize the POP decoder. For some more information, please have a look to Debian
bug ID #647583.
--- dsniff-2.4/decode_pop.c 2013-12-20 21:06:13.000000000 +0100
+++ dsniff-2.4/decode_pop.c.modernize_pop 2013-12-20 21:12:58.000000000 +0100
@@ -6,6 +6,8 @@
* Copyright (c) 2000 Dug Song <dugsong@monkey.org>
*
* $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $
+ *
+ * Rewritten by Stefan Tomanek 2011 <stefan@pico.ruhr.de>
*/
#include "config.h"
@@ -45,32 +47,87 @@
decode_pop(u_char *buf, int len, u_char *obuf, int olen)
{
char *p;
+ char *s;
+ int n;
int i, j;
+ char *user;
+ char *password;
+ enum {
+ NONE,
+ AUTHPLAIN,
+ AUTHLOGIN,
+ USERPASS
+ } mode = NONE;
obuf[0] = '\0';
for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) {
- if (strncasecmp(p, "AUTH PLAIN", 10) == 0 ||
- strncasecmp(p, "AUTH LOGIN", 10) == 0) {
- strlcat(obuf, p, olen);
- strlcat(obuf, "\n", olen);
-
- /* Decode SASL auth. */
- for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) {
- strlcat(obuf, p, olen);
- j = base64_pton(p, p, strlen(p));
- p[j] = '\0';
- strlcat(obuf, " [", olen);
- strlcat(obuf, p, olen);
- strlcat(obuf, "]\n", olen);
+ if (mode == NONE) {
+ user = NULL;
+ password = NULL;
+ if (strncasecmp(p, "AUTH PLAIN", 10) == 0) {
+ mode = AUTHPLAIN;
+ continue;
+ }
+ if (strncasecmp(p, "AUTH LOGIN", 10) == 0) {
+ mode = AUTHLOGIN;
+ continue;
+ }
+ if (strncasecmp(p, "USER ", 5) == 0) {
+ mode = USERPASS;
+ /* the traditional login cuts right to the case,
+ * so no continue here
+ */
}
}
- /* Save regular POP2, POP3 auth info. */
- else if (strncasecmp(p, "USER ", 5) == 0 ||
- strncasecmp(p, "PASS ", 5) == 0 ||
- strncasecmp(p, "HELO ", 5) == 0) {
- strlcat(obuf, p, olen);
- strlcat(obuf, "\n", olen);
+ printf("(%d) %s\n", mode, p);
+ if (mode == USERPASS) {
+ if (strncasecmp(p, "USER ", 5) == 0) {
+ user = &p[5];
+ } else if (strncasecmp(p, "PASS ", 5) == 0) {
+ password = &p[5];
+ }
+ }
+
+ if (mode == AUTHPLAIN) {
+ j = base64_pton(p, p, strlen(p));
+ p[j] = '\0';
+ n = 0;
+ s = p;
+ /* p consists of three parts, divided by \0 */
+ while (s <= &p[j] && n<=3) {
+ if (n == 0) {
+ /* we do not process this portion yet */
+ } else if (n == 1) {
+ user = s;
+ } else if (n == 2) {
+ password = s;
+ }
+ n++;
+ while (*s) s++;
+ s++;
+ }
+ }
+
+ if (mode == AUTHLOGIN) {
+ j = base64_pton(p, p, strlen(p));
+ p[j] = '\0';
+ if (!user) {
+ user = p;
+ } else {
+ password = p;
+ /* got everything we need :-) */
+ }
+ }
+
+ if (user && password) {
+ strlcat(obuf, "\nusername [", olen);
+ strlcat(obuf, user, olen);
+ strlcat(obuf, "] password [", olen);
+ strlcat(obuf, password, olen);
+ strlcat(obuf, "]\n", olen);
+
+ mode = NONE;
}
}
return (strlen(obuf));

13
dsniff-2.4-msgsnarf_segfault.patch
View File

@ -1,13 +0,0 @@
Patch by <bdefreese@debian2.bddebian.com> for dsniff >= 2.4b1, which adds
a memset to correctly 0 out the C struct.
--- dsniff-2.4/msgsnarf.c 2011-10-09 18:13:49.000000000 +0200
+++ dsniff-2.4/msgsnarf.c.segfault 2011-10-09 18:25:26.000000000 +0200
@@ -584,6 +584,7 @@
if (i == 0) {
if ((c = malloc(sizeof(*c))) == NULL)
nids_params.no_mem("sniff_msgs");
+ memset(c, 0, sizeof(*c));
c->ip = ts->addr.saddr;
c->nick = strdup("unknown");
SLIST_INSERT_HEAD(&client_list, c, next);

243
dsniff-2.4-openssl_110.patch
View File

@ -1,243 +0,0 @@
Patch by Christoph Biedl <debian.axhn@manchmal.in-ulm.de> for dsniff >=
2.4b1, which fixes building with OpenSSL 1.1.0. Adapted for compatibility
with older OpenSSL versions by Robert Scheck <robert@fedoraproject.org>.
--- dsniff-2.4/ssh.c 2017-02-11 22:31:54.705269813 +0100
+++ dsniff-2.4/ssh.c.openssl_110 2017-02-11 22:45:31.193447230 +0100
@@ -234,6 +234,10 @@
u_char *p, cipher, cookie[8], msg[1024];
u_int32_t num;
int i;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const BIGNUM *servkey_e, *servkey_n;
+ const BIGNUM *hostkey_e, *hostkey_n;
+#endif
/* Generate anti-spoofing cookie. */
RAND_bytes(cookie, sizeof(cookie));
@@ -243,11 +247,23 @@
*p++ = SSH_SMSG_PUBLIC_KEY; /* type */
memcpy(p, cookie, 8); p += 8; /* cookie */
num = 768; PUTLONG(num, p); /* servkey bits */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL);
+ put_bn(servkey_e, &p); /* servkey exponent */
+ put_bn(servkey_n, &p); /* servkey modulus */
+#else
put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */
put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */
+#endif
num = 1024; PUTLONG(num, p); /* hostkey bits */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL);
+ put_bn(hostkey_e, &p); /* hostkey exponent */
+ put_bn(hostkey_n, &p); /* hostkey modulus */
+#else
put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */
put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */
+#endif
num = 0; PUTLONG(num, p); /* protocol flags */
num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */
num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */
@@ -298,7 +314,11 @@
SKIP(p, i, 4);
/* Decrypt session key. */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (BN_cmp(servkey_n, hostkey_n) > 0) {
+#else
if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) {
+#endif
rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
}
@@ -318,8 +338,13 @@
BN_clear_free(enckey);
/* Derive real session key using session id. */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if ((p = ssh_session_id(cookie, hostkey_n,
+ servkey_n)) == NULL) {
+#else
if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
ssh->ctx->servkey->n)) == NULL) {
+#endif
warn("ssh_session_id");
return (-1);
}
@@ -328,10 +353,15 @@
}
/* Set cipher. */
if (cipher == SSH_CIPHER_3DES) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ warnx("cipher 3des no longer supported");
+ return (-1);
+#else
ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
ssh->encrypt = des3_encrypt;
ssh->decrypt = des3_decrypt;
+#endif
}
else if (cipher == SSH_CIPHER_BLOWFISH) {
ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
@@ -357,6 +387,10 @@
u_char *p, cipher, cookie[8], msg[1024];
u_int32_t num;
int i;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ BIGNUM *servkey_n, *servkey_e;
+ BIGNUM *hostkey_n, *hostkey_e;
+#endif
/* Get public key. */
if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
@@ -379,21 +413,43 @@
/* Get servkey. */
ssh->ctx->servkey = RSA_new();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ servkey_n = BN_new();
+ servkey_e = BN_new();
+ RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL);
+#else
ssh->ctx->servkey->n = BN_new();
ssh->ctx->servkey->e = BN_new();
+#endif
SKIP(p, i, 4);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ get_bn(servkey_e, &p, &i);
+ get_bn(servkey_n, &p, &i);
+#else
get_bn(ssh->ctx->servkey->e, &p, &i);
get_bn(ssh->ctx->servkey->n, &p, &i);
+#endif
/* Get hostkey. */
ssh->ctx->hostkey = RSA_new();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ hostkey_n = BN_new();
+ hostkey_e = BN_new();
+ RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL);
+#else
ssh->ctx->hostkey->n = BN_new();
ssh->ctx->hostkey->e = BN_new();
+#endif
SKIP(p, i, 4);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ get_bn(hostkey_e, &p, &i);
+ get_bn(hostkey_n, &p, &i);
+#else
get_bn(ssh->ctx->hostkey->e, &p, &i);
get_bn(ssh->ctx->hostkey->n, &p, &i);
+#endif
/* Get cipher, auth masks. */
SKIP(p, i, 4);
@@ -405,8 +461,13 @@
RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey));
/* Obfuscate with session id. */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if ((p = ssh_session_id(cookie, hostkey_n,
+ servkey_n)) == NULL) {
+#else
if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
ssh->ctx->servkey->n)) == NULL) {
+#endif
warn("ssh_session_id");
return (-1);
}
@@ -422,7 +483,11 @@
else BN_add_word(bn, ssh->sesskey[i]);
}
/* Encrypt session key. */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (BN_cmp(servkey_n, hostkey_n) < 0) {
+#else
if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) {
+#endif
rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
}
@@ -470,10 +535,15 @@
ssh->decrypt = blowfish_decrypt;
}
else if (cipher == SSH_CIPHER_3DES) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ warnx("cipher 3des no longer supported");
+ return (-1);
+#else
ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
ssh->encrypt = des3_encrypt;
ssh->decrypt = des3_decrypt;
+#endif
}
/* Get server response. */
if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
--- dsniff-2.4/sshcrypto.c 2017-02-11 22:31:54.688270184 +0100
+++ dsniff-2.4/sshcrypto.c.openssl_110 2017-02-11 22:35:30.594555807 +0100
@@ -28,10 +28,12 @@
u_char iv[8];
};
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
struct des3_state {
des_key_schedule k1, k2, k3;
des_cblock iv1, iv2, iv3;
};
+#endif
void
rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
@@ -39,10 +41,20 @@
u_char *inbuf, *outbuf;
int len, ilen, olen;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const BIGNUM *n, *e;
+ RSA_get0_key(key, &n, &e, NULL);
+ if (BN_num_bits(e) < 2 || !BN_is_odd(e))
+#else
if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
+#endif
errx(1, "rsa_public_encrypt() exponent too small or not odd");
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ olen = BN_num_bytes(n);
+#else
olen = BN_num_bytes(key->n);
+#endif
outbuf = malloc(olen);
ilen = BN_num_bytes(in);
@@ -71,7 +83,13 @@
u_char *inbuf, *outbuf;
int len, ilen, olen;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const BIGNUM *n;
+ RSA_get0_key(key, &n, NULL, NULL);
+ olen = BN_num_bytes(n);
+#else
olen = BN_num_bytes(key->n);
+#endif
outbuf = malloc(olen);
ilen = BN_num_bytes(in);
@@ -146,6 +164,7 @@
swap_bytes(dst, dst, len);
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* XXX - SSH1's weirdo 3DES... */
void *
des3_init(u_char *sesskey, int len)
@@ -194,3 +213,4 @@
des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT);
des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT);
}
+#endif

61
dsniff-2.4-pcap_init.patch
View File

@ -1,61 +0,0 @@
Patch by Dennis Filder <d.filder@web.de> for dsniff >= 2.4b1 to resolve naming
collision due to libpcap API changes. Dsniff was written with a function named
pcap_init() that predates the one in libpcap and is entirely different. This patch
renames it out of the way. For some more information, please have a look to Debian
bug ID #980588.
--- dsniff-2.4/dnsspoof.c 2021-07-25 01:00:08.445636429 +0200
+++ dsniff-2.4/dnsspoof.c.pcap_init 2021-07-25 01:00:53.540928897 +0200
@@ -309,7 +309,7 @@
else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s",
libnet_addr2name4(lnet_ip, LIBNET_DONT_RESOLVE));
- if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL)
+ if ((pcap_pd = pcap_init_dsniff(dev, buf, 128)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pcap_pd)) < 0)
--- dsniff-2.4/pcaputil.c 2021-07-25 01:00:08.469636585 +0200
+++ dsniff-2.4/pcaputil.c.pcap_init 2021-07-25 01:00:59.816969598 +0200
@@ -111,7 +111,7 @@
}
pcap_t *
-pcap_init(char *intf, char *filter, int snaplen)
+pcap_init_dsniff(char *intf, char *filter, int snaplen)
{
pcap_t *pd;
u_int net, mask;
--- dsniff-2.4/pcaputil.h 2001-03-15 09:33:06.000000000 +0100
+++ dsniff-2.4/pcaputil.h.pcap_init 2021-07-25 01:07:46.246603851 +0200
@@ -11,7 +11,7 @@
#ifndef PCAPUTIL_H
#define PCAPUTIL_H
-pcap_t *pcap_init(char *intf, char *filter, int snaplen);
+pcap_t *pcap_init_dsniff(char *intf, char *filter, int snaplen);
int pcap_dloff(pcap_t *pd);
--- dsniff-2.4/tcpkill.c 2021-07-25 01:00:08.426636306 +0200
+++ dsniff-2.4/tcpkill.c.pcap_init 2021-07-25 01:01:06.728014416 +0200
@@ -130,7 +130,7 @@
filter = copy_argv(argv);
- if ((pd = pcap_init(intf, filter, 64)) == NULL)
+ if ((pd = pcap_init_dsniff(intf, filter, 64)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pd)) < 0)
--- dsniff-2.4/tcpnice.c 2021-07-25 01:00:08.426636306 +0200
+++ dsniff-2.4/tcpnice.c.pcap_init 2021-07-25 01:01:13.816060381 +0200
@@ -204,7 +204,7 @@
filter = copy_argv(argv);
- if ((pd = pcap_init(intf, filter, 128)) == NULL)
+ if ((pd = pcap_init_dsniff(intf, filter, 128)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pd)) < 0)

15
dsniff-2.4-pntohl_shift.patch
View File

@ -1,15 +0,0 @@
Patch by Matthew Boyle <mlb@decisionsoft.co.uk> for dsniff >= 2.4b1 which corrects
the incorrect bit-shift in pntohl(), the left-shift should be 8 bits, not 18. For
further information please have a look to Red Hat Bugzilla ID #714958 and #850496.
--- dsniff-2.4/decode.h 2001-03-15 09:33:06.000000000 +0100
+++ dsniff-2.4/decode.h.pntohl_shift 2013-12-20 22:16:52.000000000 +0100
@@ -35,7 +35,7 @@
(u_short)*((u_char *)p+0)<<8))
#define pntohl(p) ((u_int32_t)*((u_char *)p+3)<<0| \
- (u_int32_t)*((u_char *)p+2)<<18| \
+ (u_int32_t)*((u_char *)p+2)<<8| \
(u_int32_t)*((u_char *)p+1)<<16| \
(u_int32_t)*((u_char *)p+0)<<24)

14
dsniff-2.4-remote_typo.patch
View File

@ -1,14 +0,0 @@
Patch by Marcos Fouces <mfouces@yahoo.es> for dsniff >= 2.4b1, which fixes
a minor spelling error in source code.
--- dsniff-2.4/remote.c 2000-11-14 16:51:04.000000000 +0100
+++ dsniff-2.4/remote.c.remote_typo 2017-02-11 23:03:25.420064992 +0100
@@ -652,7 +652,7 @@
if (remote_command_count > 0)
{
fprintf (stderr,
- "%s: the `-id' option must preceed all `-remote' options.\n",
+ "%s: the `-id' option must precede all `-remote' options.\n",
progname);
usage ();
exit (-1);

17
dsniff-2.4-rpc_segfault.patch
View File

@ -1,17 +0,0 @@
Patch based on suggestion by Matthew Boyle <mlb@decisionsoft.co.uk> for dsniff >=
2.4b1 which avoids xdrs being used without being initialised first. Without this
patch dsniff segfaults when decoding RPC packets on x86_64. For further information
please also have a look to Red Hat Bugzilla ID #715042 and #850494.
--- dsniff-2.4/rpc.c 2001-03-15 09:33:04.000000000 +0100
+++ dsniff-2.4/rpc.c.rpc_segfault 2013-12-20 22:49:34.000000000 +0100
@@ -125,6 +125,9 @@
return (0);
}
}
+ else
+ return (0);
+
stat = xdr_getpos(&xdrs);
xdr_destroy(&xdrs);

70
dsniff-2.4-smp_mflags.patch
View File

@ -1,70 +0,0 @@
Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1 which
ensures when building using %{?_smp_mflags} that libmissing.a is built when
its being used for linking.
--- dsniff-2.4/Makefile.in 2018-07-14 02:54:20.405095355 +0200
+++ dsniff-2.4/Makefile.in.smp_mflags 2018-07-14 02:54:44.973245128 +0200
@@ -92,49 +92,49 @@
ar -cr $@ $(LIBOBJS)
$(RANLIB) $@
-dsniff: $(HDRS) $(SRCS) $(OBJS)
+dsniff: $(HDRS) $(SRCS) $(OBJS) libmissing.a
$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB)
-arpspoof: arpspoof.o arp.o
+arpspoof: arpspoof.o arp.o libmissing.a
$(CC) $(LDFLAGS) -o $@ arpspoof.o arp.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-dnsspoof: dnsspoof.o pcaputil.o
+dnsspoof: dnsspoof.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ dnsspoof.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o
+filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o libmissing.a
$(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
-macof: macof.o
+macof: macof.o libmissing.a
$(CC) $(LDFLAGS) -o $@ macof.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-mailsnarf: mailsnarf.o buf.o pcaputil.o
+mailsnarf: mailsnarf.o buf.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ mailsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
-msgsnarf: msgsnarf.o buf.o pcaputil.o
+msgsnarf: msgsnarf.o buf.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ msgsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
-sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o
+sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o libmissing.a
$(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
-sshow: sshow.o pcaputil.o
+sshow: sshow.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ sshow.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
-tcpkill: tcpkill.o pcaputil.o
+tcpkill: tcpkill.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ tcpkill.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-tcpnice: tcpnice.o pcaputil.o
+tcpnice: tcpnice.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ tcpnice.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
tcphijack: tcphijack.o pcaputil.o
$(CC) $(LDFLAGS) -o $@ tcphijack.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
-urlsnarf: urlsnarf.o base64.o buf.o pcaputil.o
+urlsnarf: urlsnarf.o base64.o buf.o pcaputil.o libmissing.a
$(CC) $(LDFLAGS) -o $@ urlsnarf.o base64.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
-webmitm: webmitm.o base64.o buf.o decode_http.o record.o
+webmitm: webmitm.o base64.o buf.o decode_http.o record.o libmissing.a
$(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
-webspy: webspy.o base64.o buf.o remote.o
+webspy: webspy.o base64.o buf.o remote.o libmissing.a
$(CC) $(LDFLAGS) -o $@ webspy.o base64.o buf.o remote.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(X11LIB)
install:

19
dsniff-2.4-tds_decoder.patch
View File

@ -1,19 +0,0 @@
Patch by Hilko Bengen <bengen@debian.org> for dsniff >= 2.4b1, to avoid a
possible DoS opportunity in the Tabular Data Stream protocol handler. For
further information, please have a look to the Debian bug ID #609988 and
#712648.
--- dsniff-2.4/decode_tds.c 2013-12-19 23:36:26.000000000 +0100
+++ dsniff-2.4/decode_tds.c.tds_decoder 2013-12-19 23:38:01.000000000 +0100
@@ -144,6 +144,11 @@
len > sizeof(*th) && len >= ntohs(th->size);
buf += ntohs(th->size), len -= ntohs(th->size)) {
+ if (th->size != 8) {
+ /* wrong header length */
+ break;
+ }
+
if (th->type == 2) {
/* Version 4.x, 5.0 */
if (len < sizeof(*th) + sizeof(*tl))

80
dsniff-2.4-urlsnarf_timestamp.patch
View File

@ -1,80 +0,0 @@
Patch by Hilko Bengen <bengen@debian.org> for dsniff >= 2.4b1, which adds
the usage of timestamps from pcap file if available to urlsnarf. For some
more information, please have a look to Debian bug ID #573365.
--- dsniff-2.4/urlsnarf.c 2011-10-09 18:13:49.000000000 +0200
+++ dsniff-2.4/urlsnarf.c.timestamp 2011-10-09 18:37:33.000000000 +0200
@@ -36,6 +36,7 @@
u_short Opt_dns = 1;
int Opt_invert = 0;
regex_t *pregex = NULL;
+time_t tt = 0;
static void
usage(void)
@@ -57,9 +58,12 @@
{
static char tstr[32], sign;
struct tm *t, gmt;
- time_t tt = time(NULL);
int days, hours, tz, len;
+ if (!nids_params.filename) {
+ tt = time(NULL);
+ }
+
gmt = *gmtime(&tt);
t = localtime(&tt);
@@ -312,9 +316,48 @@
nids_register_chksum_ctl(&chksum_ctl, 1);
- nids_run();
-
- /* NOTREACHED */
+ pcap_t *p;
+ char pcap_errbuf[PCAP_ERRBUF_SIZE];
+ if (nids_params.filename == NULL) {
+ /* adapted from libnids.c:open_live() */
+ if (strcmp(nids_params.device, "all") == 0)
+ nids_params.device = "any";
+ p = pcap_open_live(nids_params.device, 16384,
+ (nids_params.promisc != 0),
+ 0, pcap_errbuf);
+ if (!p) {
+ fprintf(stderr, "pcap_open_live(): %s\n",
+ pcap_errbuf);
+ exit(1);
+ }
+ }
+ else {
+ p = pcap_open_offline(nids_params.filename,
+ pcap_errbuf);
+ if (!p) {
+ fprintf(stderr, "pcap_open_offline(%s): %s\n",
+ nids_params.filename, pcap_errbuf);
+ }
+ }
+
+ struct pcap_pkthdr *h;
+ u_char *d;
+ int rc;
+ while ((rc = pcap_next_ex(p, &h, &d)) == 1) {
+ tt = h->ts.tv_sec;
+ nids_pcap_handler(NULL, h, d);
+ }
+ switch (rc) {
+ case(-2): /* end of pcap file */
+ case(0): /* timeout on live capture */
+ break;
+ case(-1):
+ default:
+ fprintf(stderr, "rc = %i\n", rc);
+ pcap_perror(p, "pcap_read_ex()");
+ exit(1);
+ break;
+ }
exit(0);
}

237
dsniff.spec
View File

@ -1,63 +1,38 @@
Summary: Tools for network auditing and penetration testing
Name: dsniff
Version: 2.4
Release: 0.39.b1%{?dist}
License: BSD
URL: https://www.monkey.org/~dugsong/%{name}/
Source0: https://www.monkey.org/~dugsong/%{name}/beta/%{name}-%{version}b1.tar.gz
Patch0: dsniff-2.4-time_h.patch
Patch1: dsniff-2.4-mailsnarf_corrupt.patch
Patch2: dsniff-2.4-pcap_read_dump.patch
Patch3: dsniff-2.4-multiple_intf.patch
Patch4: dsniff-2.4-amd64_fix.patch
Patch5: dsniff-2.4-urlsnarf_zeropad.patch
Patch6: dsniff-2.4-libnet_11.patch
Patch7: dsniff-2.4-checksum.patch
Patch8: dsniff-2.4-openssl_098.patch
Patch9: dsniff-2.4-sshcrypto.patch
Patch10: dsniff-2.4-sysconf_clocks.patch
Patch11: dsniff-2.4-urlsnarf_escape.patch
Patch12: dsniff-2.4-string_header.patch
Patch13: dsniff-2.4-arpa_inet_header.patch
Patch14: dsniff-2.4-pop_with_version.patch
Patch15: dsniff-2.4-obsolete_time.patch
Patch16: dsniff-2.4-checksum_libnids.patch
Patch17: dsniff-2.4-fedora_dirs.patch
Patch18: dsniff-2.4-glib2.patch
Patch19: dsniff-2.4-link_layer_offset.patch
Patch20: dsniff-2.4-tds_decoder.patch
Patch21: dsniff-2.4-msgsnarf_segfault.patch
Patch22: dsniff-2.4-urlsnarf_timestamp.patch
Patch23: dsniff-2.4-arpspoof_reverse.patch
Patch24: dsniff-2.4-arpspoof_multiple.patch
Patch25: dsniff-2.4-arpspoof_hwaddr.patch
Patch26: dsniff-2.4-modernize_pop.patch
Patch27: dsniff-2.4-libnet_name2addr4.patch
Patch28: dsniff-2.4-pntohl_shift.patch
Patch29: dsniff-2.4-rpc_segfault.patch
Patch30: dsniff-2.4-openssl_110.patch
Patch31: dsniff-2.4-remote_typo.patch
Patch32: dsniff-2.4-smp_mflags.patch
Patch33: dsniff-2.4-libtirpc.patch
Patch34: dsniff-2.4-pcap_init.patch
BuildRequires: gcc
BuildRequires: libnet-devel
%if 0%{?fedora} || 0%{?rhel} >= 8
BuildRequires: openssl-devel
Summary: Tools for network auditing and penetration testing
Name: dsniff
Version: 2.4
Release: 0.9.b1%{?dist}
License: BSD
Group: Applications/Internet
URL: http://www.monkey.org/~dugsong/%{name}/
Source: http://www.monkey.org/~dugsong/%{name}/beta/%{name}-%{version}b1.tar.gz
Patch0: dsniff-2.4-time_h.patch
Patch1: dsniff-2.4-mailsnarf_corrupt.patch
Patch2: dsniff-2.4-pcap_read_dump.patch
Patch3: dsniff-2.4-multiple_intf.patch
Patch4: dsniff-2.4-amd64_fix.patch
Patch5: dsniff-2.4-urlsnarf_zeropad.patch
Patch6: dsniff-2.4-libnet_11.patch
Patch7: dsniff-2.4-checksum.patch
Patch8: dsniff-2.4-openssl_098.patch
Patch9: dsniff-2.4-sshcrypto.patch
Patch10: dsniff-2.4-sysconf_clocks.patch
Patch11: dsniff-2.4-urlsnarf_escape.patch
Patch12: dsniff-2.4-string_header.patch
Patch13: dsniff-2.4-arpa_inet_header.patch
Patch14: dsniff-2.4-pop_with_version.patch
Patch15: dsniff-2.4-obsolete_time.patch
Patch16: dsniff-2.4-checksum_libnids.patch
Patch17: dsniff-2.4-fedora_dirs.patch
Patch18: dsniff-2.4-glib2.patch
BuildRequires: libnet-devel, openssl-devel, libnids-devel
BuildRequires: glib2-devel, db4-devel, %{_includedir}/pcap.h
%if 0%{?rhel}%{?fedora} >= 5
BuildRequires: libXmu-devel
%else
BuildRequires: openssl11-devel
BuildRequires: xorg-x11-devel
%endif
BuildRequires: libnids-devel
BuildRequires: glib2-devel
BuildRequires: libpcap-devel
BuildRequires: libdb-devel
BuildRequires: libXmu-devel
%if 0%{?fedora} || 0%{?rhel} >= 8
BuildRequires: rpcgen
BuildRequires: libtirpc-devel
BuildRequires: libnsl2-devel
%endif
BuildRequires: make
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description
A collection of tools for network auditing and penetration testing. Dsniff,
@ -80,7 +55,9 @@ by exploiting weak bindings in ad-hoc PKI.
%patch7 -p1 -b .checksum
%patch8 -p1 -b .openssl_098
%patch9 -p1 -b .sshcrypto
%if 0%{?rhel}%{?fedora} >= 5
%patch10 -p1 -b .sysconf_clocks
%endif
%patch11 -p1 -b .urlsnarf_escape
%patch12 -p1 -b .string_header
%patch13 -p1 -b .arpa_inet_header
@ -89,44 +66,22 @@ by exploiting weak bindings in ad-hoc PKI.
%patch16 -p1 -b .checksum_libnids
%patch17 -p1 -b .fedora_dirs
%patch18 -p1 -b .glib2
%patch19 -p1 -b .link_layer_offset
%patch20 -p1 -b .tds_decoder
%patch21 -p1 -b .msgsnarf_segfault
%patch22 -p1 -b .urlsnarf_timestamp
%patch23 -p1 -b .arpspoof_reverse
%patch24 -p1 -b .arpspoof_multiple
%patch25 -p1 -b .arpspoof_hwaddr
%patch26 -p1 -b .modernize_pop
%patch27 -p1 -b .libnet_name2addr4
%patch28 -p1 -b .pntohl_shift
%patch29 -p1 -b .rpc_segfault
%patch30 -p1 -b .openssl_110
%patch31 -p1 -b .remote_typo
%patch32 -p1 -b .smp_mflags
%if 0%{?fedora} || 0%{?rhel} >= 8
%patch33 -p1 -b .libtirpc
%endif
%patch34 -p1 -b .pcap_init
%build
%if 0%{?rhel} == 7
sed \
-e 's|include/openssl/|include/openssl11/openssl/|g' \
-e 's|\(SSLINC="\)-I${prefix}/include|\1$(pkg-config --cflags openssl11)|g' \
-e 's|\(SSLLIB="\)-L${prefix}/lib -lssl -lcrypto|\1$(pkg-config --libs openssl11)|g' \
-i configure
%endif
%configure
%make_build
make %{?_smp_mflags}
%install
%make_install install_prefix=$RPM_BUILD_ROOT
rm -rf $RPM_BUILD_ROOT
make install_prefix=$RPM_BUILD_ROOT INSTALL='install -p' install
%clean
rm -rf $RPM_BUILD_ROOT
%files
%license LICENSE
%doc CHANGES README TODO
%dir %{_sysconfdir}/%{name}/
%defattr(-,root,root,-)
%doc CHANGES LICENSE README TODO
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/*
%{_sbindir}/arpspoof
%{_sbindir}/dnsspoof
@ -158,108 +113,6 @@ sed \
%{_mandir}/man8/webspy.8*
%changelog
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.39.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.38.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.4-0.37.b1
- Rebuilt with OpenSSL 3.0.0
* Sun Jul 25 2021 Robert Scheck <robert@fedoraproject.org> 2.4-0.36.b1
- Added patch to work around pcap_init() API change in libpcap
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.35.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.34.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.33.b1
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.32.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.31.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.30.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.29.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.28.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun May 27 2018 Robert Scheck <robert@fedoraproject.org> 2.4-0.27.b1
- Added patch to allow building dsniff against libtirpc (#1582770)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.26.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.25.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.24.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Robert Scheck <robert@fedoraproject.org> 2.4-0.23.b1
- Added patch to allow building dsniff with OpenSSL >= 1.1.0
- Added patch to correct a typo related to the -remote option
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.22.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.21.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.20.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.19.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.18.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Dec 20 2013 Robert Scheck <robert@fedoraproject.org> 2.4-0.17.b1
- Corrected patch which touches tabular data stream protocol handler
- Added a patch to add both communication partners in arpspoof
- Added patch to allow multiple targets to be imitated simultaniously
- Added patch to allow the selection of source hw address in arpspoof
- Added a patch which fixes and modernizes the POP decoder
- Fixed segmentation faults related to libnet_name2addr4() (#1009879)
- Added a patch to fix bit-shift in pntohl() macro (#714958, #850496)
- Avoid xdrs being used without being initialised (#715042, #850494)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.16.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.15.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Jul 30 2012 Robert Scheck <robert@fedoraproject.org> 2.4-0.14.b1
- Added a patch which adds further link layer offsets
- Avoid opportunity for DoS in tabular data stream protocol handler
- Added a memset in msgsnarf to correctly 0 out the C struct
- Patched urlsnarf to use timestamps from pcap file if available
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.13.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Mar 30 2012 Jon Ciesla <limburgher@gmail.com> - 2.4-0.12.b1
- libnet rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.11.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.10.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Mar 29 2010 Robert Scheck <robert@fedoraproject.org> 2.4-0.9.b1
- Rebuild against libnids 1.24
@ -278,7 +131,7 @@ sed \
* Sat Aug 30 2008 Robert Scheck <robert@fedoraproject.org> 2.4-0.4.b1
- Re-diffed dsniff url log escaping patch for no fuzz
* Thu May 29 2008 Robert Scheck <robert@fedoraproject.org> 2.4-0.3.b1
* Wed May 29 2008 Robert Scheck <robert@fedoraproject.org> 2.4-0.3.b1
- Rebuild against libnids 1.23
* Sun Feb 10 2008 Robert Scheck <robert@fedoraproject.org> 2.4-0.2.b1

2
sources
View File

@ -1 +1 @@
SHA512 (dsniff-2.4b1.tar.gz) = 62dafab293de6dc3e9b01561b3627d63ca334467c01c3550a6318d8bcbe99d5a301ec16967af34065a14e8bca1c4b6a41da766cbd51ebd8338615b950c4f642f
2f761fa3475682a7512b0b43568ee7d6 dsniff-2.4b1.tar.gz