Compare commits
5 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
b43656ddd6 | ||
|
9171129e24 | ||
|
25fa369153 | ||
|
7bf6cbca69 | ||
|
ac41c52e34 |
@ -1,218 +0,0 @@
|
|||||||
Patch by Stefan Tomanek <stefan@pico.ruhr.de> for dsniff >= 2.4b1 to allow the
|
|
||||||
selection of source hw address.
|
|
||||||
|
|
||||||
In certain networks, sending with the wrong hardware source address can jeopardize
|
|
||||||
the network connection of the host running arpspoof. This patch makes it possible
|
|
||||||
to specify whether arpspoof should use the own hardware address or the one of the
|
|
||||||
real host when resetting the arp table of the target systems; it is also possible
|
|
||||||
to use both.
|
|
||||||
|
|
||||||
For some more information, please have a look to Debian bug ID #650752.
|
|
||||||
|
|
||||||
--- dsniff-2.4/arpspoof.8 2013-12-20 20:54:25.000000000 +0100
|
|
||||||
+++ dsniff-2.4/arpspoof.8.arpspoof_hwaddr 2013-12-20 20:55:19.000000000 +0100
|
|
||||||
@@ -9,7 +9,7 @@
|
|
||||||
.na
|
|
||||||
.nf
|
|
||||||
.fi
|
|
||||||
-\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
|
|
||||||
+\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-c \fIown|host|both\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
|
|
||||||
.SH DESCRIPTION
|
|
||||||
.ad
|
|
||||||
.fi
|
|
||||||
@@ -23,6 +23,13 @@
|
|
||||||
.SH OPTIONS
|
|
||||||
.IP "\fB-i \fIinterface\fR"
|
|
||||||
Specify the interface to use.
|
|
||||||
+.IP "\fB-c \fIown|host|both\fR"
|
|
||||||
+Specify which hardware address t use when restoring the arp configuration;
|
|
||||||
+while cleaning up, packets can be send with the own address as well as with
|
|
||||||
+the address of the host. Sending packets with a fake hw address can disrupt
|
|
||||||
+connectivity with certain switch/ap/bridge configurations, however it works
|
|
||||||
+more reliably than using the own address, which is the default way arpspoof
|
|
||||||
+cleans up afterwards.
|
|
||||||
.IP "\fB-t \fItarget\fR"
|
|
||||||
Specify a particular host to ARP poison (if not specified, all hosts
|
|
||||||
on the LAN). Repeat to specify multiple hosts.
|
|
||||||
--- dsniff-2.4/arpspoof.c 2013-12-20 20:54:25.000000000 +0100
|
|
||||||
+++ dsniff-2.4/arpspoof.c.arpspoof_hwaddr 2013-12-20 21:02:10.000000000 +0100
|
|
||||||
@@ -40,37 +40,36 @@
|
|
||||||
static char *intf;
|
|
||||||
static int poison_reverse;
|
|
||||||
|
|
||||||
+static uint8_t *my_ha = NULL;
|
|
||||||
+static uint8_t *brd_ha = "\xff\xff\xff\xff\xff\xff";
|
|
||||||
+
|
|
||||||
+static int cleanup_src_own = 1;
|
|
||||||
+static int cleanup_src_host = 0;
|
|
||||||
+
|
|
||||||
static void
|
|
||||||
usage(void)
|
|
||||||
{
|
|
||||||
fprintf(stderr, "Version: " VERSION "\n"
|
|
||||||
- "Usage: arpspoof [-i interface] [-t target] [-r] host\n");
|
|
||||||
+ "Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host\n");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
-arp_send(libnet_t *l, int op, u_int8_t *sha,
|
|
||||||
- in_addr_t spa, u_int8_t *tha, in_addr_t tpa)
|
|
||||||
+arp_send(libnet_t *l, int op,
|
|
||||||
+ u_int8_t *sha, in_addr_t spa,
|
|
||||||
+ u_int8_t *tha, in_addr_t tpa,
|
|
||||||
+ u_int8_t *me)
|
|
||||||
{
|
|
||||||
int retval;
|
|
||||||
|
|
||||||
- if (sha == NULL &&
|
|
||||||
- (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
|
|
||||||
- return (-1);
|
|
||||||
- }
|
|
||||||
- if (spa == 0) {
|
|
||||||
- if ((spa = libnet_get_ipaddr4(l)) == -1)
|
|
||||||
- return (-1);
|
|
||||||
- }
|
|
||||||
- if (tha == NULL)
|
|
||||||
- tha = "\xff\xff\xff\xff\xff\xff";
|
|
||||||
+ if (!me) me = sha;
|
|
||||||
|
|
||||||
libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
|
|
||||||
tha, (u_int8_t *)&tpa, l);
|
|
||||||
- libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0);
|
|
||||||
+ libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0);
|
|
||||||
|
|
||||||
fprintf(stderr, "%s ",
|
|
||||||
- ether_ntoa((struct ether_addr *)sha));
|
|
||||||
+ ether_ntoa((struct ether_addr *)me));
|
|
||||||
|
|
||||||
if (op == ARPOP_REQUEST) {
|
|
||||||
fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
|
|
||||||
@@ -129,7 +128,7 @@
|
|
||||||
/* XXX - force the kernel to arp. feh. */
|
|
||||||
arp_force(ip);
|
|
||||||
#else
|
|
||||||
- arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip);
|
|
||||||
+ arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip, NULL);
|
|
||||||
#endif
|
|
||||||
sleep(1);
|
|
||||||
}
|
|
||||||
@@ -156,17 +155,22 @@
|
|
||||||
int fw = arp_find(spoof.ip, &spoof.mac);
|
|
||||||
int bw = poison_reverse && targets[0].ip && arp_find_all();
|
|
||||||
int i;
|
|
||||||
+ int rounds = (cleanup_src_own*5 + cleanup_src_host*5);
|
|
||||||
|
|
||||||
fprintf(stderr, "Cleaning up and re-arping targets...\n");
|
|
||||||
- for (i = 0; i < 5; i++) {
|
|
||||||
+ for (i = 0; i < rounds; i++) {
|
|
||||||
struct host *target = targets;
|
|
||||||
while(target->ip) {
|
|
||||||
+ uint8_t *src_ha = NULL;
|
|
||||||
+ if (cleanup_src_own && (i%2 || !cleanup_src_host)) {
|
|
||||||
+ src_ha = my_ha;
|
|
||||||
+ }
|
|
||||||
/* XXX - on BSD, requires ETHERSPOOF kernel. */
|
|
||||||
if (fw) {
|
|
||||||
arp_send(l, ARPOP_REPLY,
|
|
||||||
(u_int8_t *)&spoof.mac, spoof.ip,
|
|
||||||
- (target->ip ? (u_int8_t *)&target->mac : NULL),
|
|
||||||
- target->ip);
|
|
||||||
+ (target->ip ? (u_int8_t *)&target->mac : brd_ha),
|
|
||||||
+ target->ip, src_ha);
|
|
||||||
/* we have to wait a moment before sending the next packet */
|
|
||||||
sleep(1);
|
|
||||||
}
|
|
||||||
@@ -174,7 +178,7 @@
|
|
||||||
arp_send(l, ARPOP_REPLY,
|
|
||||||
(u_int8_t *)&target->mac, target->ip,
|
|
||||||
(u_int8_t *)&spoof.mac,
|
|
||||||
- spoof.ip);
|
|
||||||
+ spoof.ip, src_ha);
|
|
||||||
sleep(1);
|
|
||||||
}
|
|
||||||
target++;
|
|
||||||
@@ -193,6 +197,7 @@
|
|
||||||
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
|
|
||||||
int c;
|
|
||||||
int n_targets;
|
|
||||||
+ char *cleanup_src = NULL;
|
|
||||||
|
|
||||||
spoof.ip = 0;
|
|
||||||
intf = NULL;
|
|
||||||
@@ -202,7 +207,7 @@
|
|
||||||
/* allocate enough memory for target list */
|
|
||||||
targets = calloc( argc+1, sizeof(struct host) );
|
|
||||||
|
|
||||||
- while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
|
|
||||||
+ while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
case 'i':
|
|
||||||
intf = optarg;
|
|
||||||
@@ -214,6 +219,9 @@
|
|
||||||
case 'r':
|
|
||||||
poison_reverse = 1;
|
|
||||||
break;
|
|
||||||
+ case 'c':
|
|
||||||
+ cleanup_src = optarg;
|
|
||||||
+ break;
|
|
||||||
default:
|
|
||||||
usage();
|
|
||||||
}
|
|
||||||
@@ -229,6 +237,29 @@
|
|
||||||
usage();
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (!cleanup_src || strcmp(cleanup_src, "own") == 0) { /* default! */
|
|
||||||
+ /* only use our own hw address when cleaning up,
|
|
||||||
+ * not jeopardizing any bridges on the way to our
|
|
||||||
+ * target
|
|
||||||
+ */
|
|
||||||
+ cleanup_src_own = 1;
|
|
||||||
+ cleanup_src_host = 0;
|
|
||||||
+ } else if (strcmp(cleanup_src, "host") == 0) {
|
|
||||||
+ /* only use the target hw address when cleaning up;
|
|
||||||
+ * this can screw up some bridges and scramble access
|
|
||||||
+ * for our own host, however it resets the arp table
|
|
||||||
+ * more reliably
|
|
||||||
+ */
|
|
||||||
+ cleanup_src_own = 0;
|
|
||||||
+ cleanup_src_host = 1;
|
|
||||||
+ } else if (strcmp(cleanup_src, "both") == 0) {
|
|
||||||
+ cleanup_src_own = 1;
|
|
||||||
+ cleanup_src_host = 1;
|
|
||||||
+ } else {
|
|
||||||
+ errx(1, "Invalid parameter to -c: use 'own' (default), 'host' or 'both'.");
|
|
||||||
+ usage();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
||||||
usage();
|
|
||||||
|
|
||||||
@@ -253,6 +284,10 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if ((my_ha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
|
|
||||||
+ errx(1, "Unable to determine own mac address");
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
signal(SIGHUP, cleanup);
|
|
||||||
signal(SIGINT, cleanup);
|
|
||||||
signal(SIGTERM, cleanup);
|
|
||||||
@@ -260,11 +295,11 @@
|
|
||||||
for (;;) {
|
|
||||||
struct host *target = targets;
|
|
||||||
while(target->ip) {
|
|
||||||
- arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
|
|
||||||
- (target->ip ? (u_int8_t *)&target->mac : NULL),
|
|
||||||
- target->ip);
|
|
||||||
+ arp_send(l, ARPOP_REPLY, my_ha, spoof.ip,
|
|
||||||
+ (target->ip ? (u_int8_t *)&target->mac : brd_ha),
|
|
||||||
+ target->ip, my_ha);
|
|
||||||
if (poison_reverse) {
|
|
||||||
- arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
|
|
||||||
+ arp_send(l, ARPOP_REPLY, my_ha, target->ip, (uint8_t *)&spoof.mac, spoof.ip, my_ha);
|
|
||||||
}
|
|
||||||
target++;
|
|
||||||
}
|
|
@ -1,186 +0,0 @@
|
|||||||
Patch by Stefan Tomanek <stefan@pico.ruhr.de> for dsniff >= 2.4b1 to allow the use
|
|
||||||
of of multiple targets. For some more information, please have a look to Debian bug
|
|
||||||
ID #650751.
|
|
||||||
|
|
||||||
--- dsniff-2.4/arpspoof.8 2013-12-20 20:40:36.000000000 +0100
|
|
||||||
+++ dsniff-2.4/arpspoof.8.arpspoof_multiple 2013-12-20 20:41:45.000000000 +0100
|
|
||||||
@@ -25,7 +25,7 @@
|
|
||||||
Specify the interface to use.
|
|
||||||
.IP "\fB-t \fItarget\fR"
|
|
||||||
Specify a particular host to ARP poison (if not specified, all hosts
|
|
||||||
-on the LAN).
|
|
||||||
+on the LAN). Repeat to specify multiple hosts.
|
|
||||||
.IP "\fB\-r\fR"
|
|
||||||
Poison both hosts (host and target) to capture traffic in both directions.
|
|
||||||
(only valid in conjuntion with \-t)
|
|
||||||
--- dsniff-2.4/arpspoof.c 2013-12-20 20:40:36.000000000 +0100
|
|
||||||
+++ dsniff-2.4/arpspoof.c.arpspoof_multiple 2013-12-20 20:50:34.000000000 +0100
|
|
||||||
@@ -27,11 +27,16 @@
|
|
||||||
#include "arp.h"
|
|
||||||
#include "version.h"
|
|
||||||
|
|
||||||
+struct host {
|
|
||||||
+ in_addr_t ip;
|
|
||||||
+ struct ether_addr mac;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
extern char *ether_ntoa(struct ether_addr *);
|
|
||||||
|
|
||||||
static libnet_t *l;
|
|
||||||
-static struct ether_addr spoof_mac, target_mac;
|
|
||||||
-static in_addr_t spoof_ip, target_ip;
|
|
||||||
+static struct host spoof = {0};
|
|
||||||
+static struct host *targets;
|
|
||||||
static char *intf;
|
|
||||||
static int poison_reverse;
|
|
||||||
|
|
||||||
@@ -133,30 +138,46 @@
|
|
||||||
return (0);
|
|
||||||
}
|
|
||||||
|
|
||||||
+static int arp_find_all() {
|
|
||||||
+ struct host *target = targets;
|
|
||||||
+ while(target->ip) {
|
|
||||||
+ if (arp_find(target->ip, &target->mac)) {
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+ target++;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static void
|
|
||||||
cleanup(int sig)
|
|
||||||
{
|
|
||||||
- int fw = arp_find(spoof_ip, &spoof_mac);
|
|
||||||
- int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac);
|
|
||||||
+ int fw = arp_find(spoof.ip, &spoof.mac);
|
|
||||||
+ int bw = poison_reverse && targets[0].ip && arp_find_all();
|
|
||||||
int i;
|
|
||||||
|
|
||||||
fprintf(stderr, "Cleaning up and re-arping targets...\n");
|
|
||||||
for (i = 0; i < 5; i++) {
|
|
||||||
- /* XXX - on BSD, requires ETHERSPOOF kernel. */
|
|
||||||
- if (fw) {
|
|
||||||
- arp_send(l, ARPOP_REPLY,
|
|
||||||
- (u_int8_t *)&spoof_mac, spoof_ip,
|
|
||||||
- (target_ip ? (u_int8_t *)&target_mac : NULL),
|
|
||||||
- target_ip);
|
|
||||||
- /* we have to wait a moment before sending the next packet */
|
|
||||||
- sleep(1);
|
|
||||||
- }
|
|
||||||
- if (bw) {
|
|
||||||
- arp_send(l, ARPOP_REPLY,
|
|
||||||
- (u_int8_t *)&target_mac, target_ip,
|
|
||||||
- (u_int8_t *)&spoof_mac,
|
|
||||||
- spoof_ip);
|
|
||||||
- sleep(1);
|
|
||||||
+ struct host *target = targets;
|
|
||||||
+ while(target->ip) {
|
|
||||||
+ /* XXX - on BSD, requires ETHERSPOOF kernel. */
|
|
||||||
+ if (fw) {
|
|
||||||
+ arp_send(l, ARPOP_REPLY,
|
|
||||||
+ (u_int8_t *)&spoof.mac, spoof.ip,
|
|
||||||
+ (target->ip ? (u_int8_t *)&target->mac : NULL),
|
|
||||||
+ target->ip);
|
|
||||||
+ /* we have to wait a moment before sending the next packet */
|
|
||||||
+ sleep(1);
|
|
||||||
+ }
|
|
||||||
+ if (bw) {
|
|
||||||
+ arp_send(l, ARPOP_REPLY,
|
|
||||||
+ (u_int8_t *)&target->mac, target->ip,
|
|
||||||
+ (u_int8_t *)&spoof.mac,
|
|
||||||
+ spoof.ip);
|
|
||||||
+ sleep(1);
|
|
||||||
+ }
|
|
||||||
+ target++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -171,10 +192,15 @@
|
|
||||||
char pcap_ebuf[PCAP_ERRBUF_SIZE];
|
|
||||||
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
|
|
||||||
int c;
|
|
||||||
+ int n_targets;
|
|
||||||
|
|
||||||
+ spoof.ip = 0;
|
|
||||||
intf = NULL;
|
|
||||||
- spoof_ip = target_ip = 0;
|
|
||||||
poison_reverse = 0;
|
|
||||||
+ n_targets = 0;
|
|
||||||
+
|
|
||||||
+ /* allocate enough memory for target list */
|
|
||||||
+ targets = calloc( argc+1, sizeof(struct host) );
|
|
||||||
|
|
||||||
while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
@@ -182,7 +208,7 @@
|
|
||||||
intf = optarg;
|
|
||||||
break;
|
|
||||||
case 't':
|
|
||||||
- if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
|
|
||||||
+ if ((targets[n_targets++].ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
|
|
||||||
usage();
|
|
||||||
break;
|
|
||||||
case 'r':
|
|
||||||
@@ -198,12 +224,12 @@
|
|
||||||
if (argc != 1)
|
|
||||||
usage();
|
|
||||||
|
|
||||||
- if (poison_reverse && !target_ip) {
|
|
||||||
+ if (poison_reverse && !n_targets) {
|
|
||||||
errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t).");
|
|
||||||
usage();
|
|
||||||
}
|
|
||||||
|
|
||||||
- if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
||||||
+ if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
||||||
usage();
|
|
||||||
|
|
||||||
if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
|
|
||||||
@@ -212,14 +238,18 @@
|
|
||||||
if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
|
|
||||||
errx(1, "%s", libnet_ebuf);
|
|
||||||
|
|
||||||
- if (target_ip != 0 && !arp_find(target_ip, &target_mac))
|
|
||||||
- errx(1, "couldn't arp for host %s",
|
|
||||||
- libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
|
|
||||||
+ struct host *target = targets;
|
|
||||||
+ while(target->ip) {
|
|
||||||
+ if (target->ip != 0 && !arp_find(target->ip, &target->mac))
|
|
||||||
+ errx(1, "couldn't arp for host %s",
|
|
||||||
+ libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
|
|
||||||
+ target++;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (poison_reverse) {
|
|
||||||
- if (!arp_find(spoof_ip, &spoof_mac)) {
|
|
||||||
+ if (!arp_find(spoof.ip, &spoof.mac)) {
|
|
||||||
errx(1, "couldn't arp for spoof host %s",
|
|
||||||
- libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE));
|
|
||||||
+ libnet_addr2name4(spoof.ip, LIBNET_DONT_RESOLVE));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -228,11 +258,15 @@
|
|
||||||
signal(SIGTERM, cleanup);
|
|
||||||
|
|
||||||
for (;;) {
|
|
||||||
- arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
|
|
||||||
- (target_ip ? (u_int8_t *)&target_mac : NULL),
|
|
||||||
- target_ip);
|
|
||||||
- if (poison_reverse) {
|
|
||||||
- arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip);
|
|
||||||
+ struct host *target = targets;
|
|
||||||
+ while(target->ip) {
|
|
||||||
+ arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
|
|
||||||
+ (target->ip ? (u_int8_t *)&target->mac : NULL),
|
|
||||||
+ target->ip);
|
|
||||||
+ if (poison_reverse) {
|
|
||||||
+ arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
|
|
||||||
+ }
|
|
||||||
+ target++;
|
|
||||||
}
|
|
||||||
sleep(2);
|
|
||||||
}
|
|
@ -1,142 +0,0 @@
|
|||||||
Patch by Stefan Tomanek <stefan@pico.ruhr.de> for dsniff >= 2.4b1 to add add -r
|
|
||||||
switch to poison both directions. For some more information, please have a look to
|
|
||||||
Debian bug ID #650749.
|
|
||||||
|
|
||||||
--- dsniff-2.4/arpspoof.8 2000-11-28 08:43:43.000000000 +0100
|
|
||||||
+++ dsniff-2.4/arpspoof.8.arpspoof_reverse 2013-12-20 20:27:49.000000000 +0100
|
|
||||||
@@ -9,7 +9,7 @@
|
|
||||||
.na
|
|
||||||
.nf
|
|
||||||
.fi
|
|
||||||
-\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] \fIhost\fR
|
|
||||||
+\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
|
|
||||||
.SH DESCRIPTION
|
|
||||||
.ad
|
|
||||||
.fi
|
|
||||||
@@ -26,6 +26,9 @@
|
|
||||||
.IP "\fB-t \fItarget\fR"
|
|
||||||
Specify a particular host to ARP poison (if not specified, all hosts
|
|
||||||
on the LAN).
|
|
||||||
+.IP "\fB\-r\fR"
|
|
||||||
+Poison both hosts (host and target) to capture traffic in both directions.
|
|
||||||
+(only valid in conjuntion with \-t)
|
|
||||||
.IP \fIhost\fR
|
|
||||||
Specify the host you wish to intercept packets for (usually the local
|
|
||||||
gateway).
|
|
||||||
--- dsniff-2.4/arpspoof.c 2013-12-20 20:25:04.000000000 +0100
|
|
||||||
+++ dsniff-2.4/arpspoof.c.arpspoof_reverse 2013-12-20 20:34:31.000000000 +0100
|
|
||||||
@@ -7,6 +7,8 @@
|
|
||||||
* Copyright (c) 1999 Dug Song <dugsong@monkey.org>
|
|
||||||
*
|
|
||||||
* $Id: arpspoof.c,v 1.5 2001/03/15 08:32:58 dugsong Exp $
|
|
||||||
+ *
|
|
||||||
+ * Improved 2011 by Stefan Tomanek <stefa@pico.ruhr.de>
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "config.h"
|
|
||||||
@@ -31,12 +33,13 @@
|
|
||||||
static struct ether_addr spoof_mac, target_mac;
|
|
||||||
static in_addr_t spoof_ip, target_ip;
|
|
||||||
static char *intf;
|
|
||||||
+static int poison_reverse;
|
|
||||||
|
|
||||||
static void
|
|
||||||
usage(void)
|
|
||||||
{
|
|
||||||
fprintf(stderr, "Version: " VERSION "\n"
|
|
||||||
- "Usage: arpspoof [-i interface] [-t target] host\n");
|
|
||||||
+ "Usage: arpspoof [-i interface] [-t target] [-r] host\n");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -133,18 +136,30 @@
|
|
||||||
static void
|
|
||||||
cleanup(int sig)
|
|
||||||
{
|
|
||||||
+ int fw = arp_find(spoof_ip, &spoof_mac);
|
|
||||||
+ int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac);
|
|
||||||
int i;
|
|
||||||
|
|
||||||
- if (arp_find(spoof_ip, &spoof_mac)) {
|
|
||||||
- for (i = 0; i < 3; i++) {
|
|
||||||
- /* XXX - on BSD, requires ETHERSPOOF kernel. */
|
|
||||||
+ fprintf(stderr, "Cleaning up and re-arping targets...\n");
|
|
||||||
+ for (i = 0; i < 5; i++) {
|
|
||||||
+ /* XXX - on BSD, requires ETHERSPOOF kernel. */
|
|
||||||
+ if (fw) {
|
|
||||||
arp_send(l, ARPOP_REPLY,
|
|
||||||
(u_int8_t *)&spoof_mac, spoof_ip,
|
|
||||||
(target_ip ? (u_int8_t *)&target_mac : NULL),
|
|
||||||
target_ip);
|
|
||||||
+ /* we have to wait a moment before sending the next packet */
|
|
||||||
+ sleep(1);
|
|
||||||
+ }
|
|
||||||
+ if (bw) {
|
|
||||||
+ arp_send(l, ARPOP_REPLY,
|
|
||||||
+ (u_int8_t *)&target_mac, target_ip,
|
|
||||||
+ (u_int8_t *)&spoof_mac,
|
|
||||||
+ spoof_ip);
|
|
||||||
sleep(1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+
|
|
||||||
exit(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -159,8 +174,9 @@
|
|
||||||
|
|
||||||
intf = NULL;
|
|
||||||
spoof_ip = target_ip = 0;
|
|
||||||
+ poison_reverse = 0;
|
|
||||||
|
|
||||||
- while ((c = getopt(argc, argv, "i:t:h?V")) != -1) {
|
|
||||||
+ while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
case 'i':
|
|
||||||
intf = optarg;
|
|
||||||
@@ -169,6 +185,9 @@
|
|
||||||
if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
|
|
||||||
usage();
|
|
||||||
break;
|
|
||||||
+ case 'r':
|
|
||||||
+ poison_reverse = 1;
|
|
||||||
+ break;
|
|
||||||
default:
|
|
||||||
usage();
|
|
||||||
}
|
|
||||||
@@ -179,6 +198,11 @@
|
|
||||||
if (argc != 1)
|
|
||||||
usage();
|
|
||||||
|
|
||||||
+ if (poison_reverse && !target_ip) {
|
|
||||||
+ errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t).");
|
|
||||||
+ usage();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
||||||
usage();
|
|
||||||
|
|
||||||
@@ -192,6 +216,13 @@
|
|
||||||
errx(1, "couldn't arp for host %s",
|
|
||||||
libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
|
|
||||||
|
|
||||||
+ if (poison_reverse) {
|
|
||||||
+ if (!arp_find(spoof_ip, &spoof_mac)) {
|
|
||||||
+ errx(1, "couldn't arp for spoof host %s",
|
|
||||||
+ libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE));
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
signal(SIGHUP, cleanup);
|
|
||||||
signal(SIGINT, cleanup);
|
|
||||||
signal(SIGTERM, cleanup);
|
|
||||||
@@ -200,6 +231,9 @@
|
|
||||||
arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
|
|
||||||
(target_ip ? (u_int8_t *)&target_mac : NULL),
|
|
||||||
target_ip);
|
|
||||||
+ if (poison_reverse) {
|
|
||||||
+ arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip);
|
|
||||||
+ }
|
|
||||||
sleep(2);
|
|
||||||
}
|
|
||||||
/* NOTREACHED */
|
|
@ -18,7 +18,7 @@ various paths for the Fedora directory structure.
|
|||||||
|
|
||||||
-INCS = -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \
|
-INCS = -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \
|
||||||
- -I$(srcdir)/missing
|
- -I$(srcdir)/missing
|
||||||
+INCS = -I. $(X11INC) $(SSLINC) -I$(srcdir)/missing
|
+INCS = -I. $(X11INC) -I$(srcdir)/missing
|
||||||
LIBS = @LIBS@ -L$(srcdir) -lmissing
|
LIBS = @LIBS@ -L$(srcdir) -lmissing
|
||||||
|
|
||||||
INSTALL = @INSTALL@
|
INSTALL = @INSTALL@
|
||||||
|
@ -1,140 +0,0 @@
|
|||||||
Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1 which fixes
|
|
||||||
possible segmentation faults of arpspoof, sshmitm, webmitm and webspy if any non-
|
|
||||||
resolving hostname is passed. Issue was introduced by dsniff-2.4-libnet_11.patch;
|
|
||||||
libnet_name_resolve() was replaced by libnet_name2addr4() while there must be the
|
|
||||||
structure libnet_t passed additionally. And if that structure is not initialized
|
|
||||||
using libnet_init() and the passed name can't be resolved (like "192.168.2."), it
|
|
||||||
causes a snprintf() to NULL and thus the segmentation fault. Note that macof isn't
|
|
||||||
affected as no resolving was involved here ever. Please also have a look to Red Hat
|
|
||||||
Bugzilla ID #1009879 for further information.
|
|
||||||
|
|
||||||
--- dsniff-2.4/sshmitm.c 2013-12-20 21:19:58.000000000 +0100
|
|
||||||
+++ dsniff-2.4/sshmitm.c.libnet_name2addr4 2013-12-20 21:29:44.000000000 +0100
|
|
||||||
@@ -45,6 +45,8 @@
|
|
||||||
struct sockaddr_in csin, ssin;
|
|
||||||
int sig_pipe[2];
|
|
||||||
|
|
||||||
+static libnet_t *l;
|
|
||||||
+
|
|
||||||
static void
|
|
||||||
usage(void)
|
|
||||||
{
|
|
||||||
@@ -364,6 +366,7 @@
|
|
||||||
u_long ip;
|
|
||||||
u_short lport, rport;
|
|
||||||
int c;
|
|
||||||
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
|
|
||||||
|
|
||||||
lport = rport = 22;
|
|
||||||
|
|
||||||
@@ -390,12 +393,15 @@
|
|
||||||
if (argc < 1)
|
|
||||||
usage();
|
|
||||||
|
|
||||||
- if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1)
|
|
||||||
- usage();
|
|
||||||
-
|
|
||||||
if (argc == 2 && (rport = atoi(argv[1])) == 0)
|
|
||||||
usage();
|
|
||||||
|
|
||||||
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
|
|
||||||
+ errx(1, "%s", libnet_ebuf);
|
|
||||||
+
|
|
||||||
+ if ((ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
||||||
+ usage();
|
|
||||||
+
|
|
||||||
record_init(NULL);
|
|
||||||
|
|
||||||
mitm_init(lport, ip, rport);
|
|
||||||
--- dsniff-2.4/webmitm.c 2013-12-20 21:19:58.000000000 +0100
|
|
||||||
+++ dsniff-2.4/webmitm.c.libnet_name2addr4 2013-12-20 21:40:09.000000000 +0100
|
|
||||||
@@ -47,6 +47,8 @@
|
|
||||||
int do_ssl, sig_pipe[2];
|
|
||||||
in_addr_t static_host = 0;
|
|
||||||
|
|
||||||
+static libnet_t *l;
|
|
||||||
+
|
|
||||||
extern int decode_http(char *, int, char *, int);
|
|
||||||
|
|
||||||
static void
|
|
||||||
@@ -242,7 +244,7 @@
|
|
||||||
word = buf_tok(&msg, "/", 1);
|
|
||||||
vhost = buf_strdup(word);
|
|
||||||
}
|
|
||||||
- ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1);
|
|
||||||
+ ssin.sin_addr.s_addr = libnet_name2addr4(l, vhost, LIBNET_RESOLVE);
|
|
||||||
free(vhost);
|
|
||||||
|
|
||||||
if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) ||
|
|
||||||
@@ -496,6 +498,7 @@
|
|
||||||
extern char *optarg;
|
|
||||||
extern int optind;
|
|
||||||
int c;
|
|
||||||
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
|
|
||||||
|
|
||||||
while ((c = getopt(argc, argv, "dh?V")) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
@@ -509,8 +512,11 @@
|
|
||||||
argc -= optind;
|
|
||||||
argv += optind;
|
|
||||||
|
|
||||||
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
|
|
||||||
+ errx(1, "%s", libnet_ebuf);
|
|
||||||
+
|
|
||||||
if (argc == 1) {
|
|
||||||
- if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
|
|
||||||
+ if ((static_host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
||||||
usage();
|
|
||||||
}
|
|
||||||
else if (argc != 0) usage();
|
|
||||||
--- dsniff-2.4/webspy.c 2013-12-20 21:19:58.000000000 +0100
|
|
||||||
+++ dsniff-2.4/webspy.c.libnet_name2addr4 2013-12-20 21:45:57.000000000 +0100
|
|
||||||
@@ -33,6 +33,7 @@
|
|
||||||
extern int mozilla_remote_commands (Display *, Window, char **);
|
|
||||||
char *expected_mozilla_version = "4.7";
|
|
||||||
char *progname = "webspy";
|
|
||||||
+static libnet_t *l;
|
|
||||||
|
|
||||||
Display *dpy;
|
|
||||||
char cmd[2048], *cmdtab[2];
|
|
||||||
@@ -183,6 +184,7 @@
|
|
||||||
extern char *optarg;
|
|
||||||
extern int optind;
|
|
||||||
int c;
|
|
||||||
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
|
|
||||||
|
|
||||||
while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
@@ -205,7 +207,10 @@
|
|
||||||
cmdtab[0] = cmd;
|
|
||||||
cmdtab[1] = NULL;
|
|
||||||
|
|
||||||
- if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
|
|
||||||
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
|
|
||||||
+ errx(1, "%s", libnet_ebuf);
|
|
||||||
+
|
|
||||||
+ if ((host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
||||||
errx(1, "unknown host");
|
|
||||||
|
|
||||||
if ((dpy = XOpenDisplay(NULL)) == NULL)
|
|
||||||
--- dsniff-2.4/arpspoof.c 2013-12-20 22:00:53.000000000 +0100
|
|
||||||
+++ dsniff-2.4/arpspoof.c.libnet_name2addr4 2013-12-20 22:00:38.000000000 +0100
|
|
||||||
@@ -207,6 +207,9 @@
|
|
||||||
/* allocate enough memory for target list */
|
|
||||||
targets = calloc( argc+1, sizeof(struct host) );
|
|
||||||
|
|
||||||
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
|
|
||||||
+ errx(1, "%s", libnet_ebuf);
|
|
||||||
+
|
|
||||||
while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
case 'i':
|
|
||||||
@@ -263,6 +266,8 @@
|
|
||||||
if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
||||||
usage();
|
|
||||||
|
|
||||||
+ libnet_destroy(l);
|
|
||||||
+
|
|
||||||
if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
|
|
||||||
errx(1, "%s", pcap_ebuf);
|
|
||||||
|
|
@ -1,51 +0,0 @@
|
|||||||
Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1 which
|
|
||||||
allows building against libtirpc (as a separate library) given the Sun RPC
|
|
||||||
support in glibc has been deprecated for a long time.
|
|
||||||
|
|
||||||
--- dsniff-2.4/Makefile.in 2018-05-26 22:04:34.809966900 +0200
|
|
||||||
+++ dsniff-2.4/Makefile.in.libtirpc 2018-05-27 02:56:31.149313503 +0200
|
|
||||||
@@ -16,7 +16,7 @@
|
|
||||||
mandir = @mandir@
|
|
||||||
|
|
||||||
CC = @CC@
|
|
||||||
-CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\"
|
|
||||||
+CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\" -I/usr/include/tirpc
|
|
||||||
LDFLAGS = @LDFLAGS@
|
|
||||||
|
|
||||||
PCAPINC = @PCAPINC@
|
|
||||||
@@ -93,7 +93,7 @@
|
|
||||||
$(RANLIB) $@
|
|
||||||
|
|
||||||
dsniff: $(HDRS) $(SRCS) $(OBJS) libmissing.a
|
|
||||||
- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB)
|
|
||||||
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc
|
|
||||||
|
|
||||||
arpspoof: arpspoof.o arp.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ arpspoof.o arp.o $(LIBS) $(PCAPLIB) $(LNETLIB)
|
|
||||||
@@ -102,7 +102,7 @@
|
|
||||||
$(CC) $(LDFLAGS) -o $@ dnsspoof.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o libmissing.a
|
|
||||||
- $(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
|
|
||||||
+ $(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) -ltirpc
|
|
||||||
|
|
||||||
macof: macof.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ macof.o $(LIBS) $(PCAPLIB) $(LNETLIB)
|
|
||||||
@@ -114,7 +114,7 @@
|
|
||||||
$(CC) $(LDFLAGS) -o $@ msgsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o libmissing.a
|
|
||||||
- $(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
|
|
||||||
+ $(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc
|
|
||||||
|
|
||||||
sshow: sshow.o pcaputil.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ sshow.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
|
|
||||||
@@ -132,7 +132,7 @@
|
|
||||||
$(CC) $(LDFLAGS) -o $@ urlsnarf.o base64.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
webmitm: webmitm.o base64.o buf.o decode_http.o record.o libmissing.a
|
|
||||||
- $(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
|
|
||||||
+ $(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc
|
|
||||||
|
|
||||||
webspy: webspy.o base64.o buf.o remote.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ webspy.o base64.o buf.o remote.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(X11LIB)
|
|
@ -1,73 +0,0 @@
|
|||||||
Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1, that
|
|
||||||
adds further link layer offsets; inspirated from the original DLT_LINUX_SLL
|
|
||||||
patch by Roland Kletzing <devzero@web.de>. This patch supersedes the Debian
|
|
||||||
patch by Joerg Dorchain <joerg@dorchain.net> which adds tcpkill support for
|
|
||||||
handling PPP interfaces. So for some further information, please also have
|
|
||||||
a look to Debian bug ID #572516.
|
|
||||||
|
|
||||||
--- dsniff-2.4/pcaputil.c 2001-03-15 09:33:04.000000000 +0100
|
|
||||||
+++ dsniff-2.4/pcaputil.c.ll_offset 2011-10-09 17:13:01.000000000 +0200
|
|
||||||
@@ -46,12 +46,63 @@
|
|
||||||
case DLT_FDDI:
|
|
||||||
offset = 21;
|
|
||||||
break;
|
|
||||||
+#ifdef __amigaos__
|
|
||||||
+ case DLT_MIAMI:
|
|
||||||
+ offset = 16;
|
|
||||||
+ break;
|
|
||||||
+#endif
|
|
||||||
+ case DLT_RAW:
|
|
||||||
#ifdef DLT_LOOP
|
|
||||||
case DLT_LOOP:
|
|
||||||
#endif
|
|
||||||
case DLT_NULL:
|
|
||||||
offset = 4;
|
|
||||||
break;
|
|
||||||
+ case DLT_SLIP:
|
|
||||||
+#ifdef DLT_SLIP_BSDOS
|
|
||||||
+ case DLT_SLIP_BSDOS:
|
|
||||||
+#endif
|
|
||||||
+#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__)
|
|
||||||
+ offset = 16;
|
|
||||||
+#else
|
|
||||||
+ offset = 24;
|
|
||||||
+#endif
|
|
||||||
+ break;
|
|
||||||
+ case DLT_PPP:
|
|
||||||
+#ifdef DLT_PPP_BSDOS
|
|
||||||
+ case DLT_PPP_BSDOS:
|
|
||||||
+#endif
|
|
||||||
+#ifdef DLT_PPP_SERIAL
|
|
||||||
+ case DLT_PPP_SERIAL:
|
|
||||||
+#endif
|
|
||||||
+#ifdef DLT_PPP_ETHER
|
|
||||||
+ case DLT_PPP_ETHER:
|
|
||||||
+#endif
|
|
||||||
+#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__)
|
|
||||||
+ offset = 4;
|
|
||||||
+#else
|
|
||||||
+#if defined(sun) || defined(__sun)
|
|
||||||
+ offset = 8;
|
|
||||||
+#else
|
|
||||||
+ offset = 24;
|
|
||||||
+#endif
|
|
||||||
+#endif
|
|
||||||
+ break;
|
|
||||||
+#ifdef DLT_ENC
|
|
||||||
+ case DLT_ENC:
|
|
||||||
+ offset = 12;
|
|
||||||
+ break;
|
|
||||||
+#endif
|
|
||||||
+#ifdef DLT_LINUX_SLL
|
|
||||||
+ case DLT_LINUX_SLL:
|
|
||||||
+ offset = 16;
|
|
||||||
+ break;
|
|
||||||
+#endif
|
|
||||||
+#ifdef DLT_IPNET
|
|
||||||
+ case DLT_IPNET:
|
|
||||||
+ offset = 24;
|
|
||||||
+ break;
|
|
||||||
+#endif
|
|
||||||
default:
|
|
||||||
warnx("unsupported datalink type");
|
|
||||||
break;
|
|
@ -1,122 +0,0 @@
|
|||||||
Patch by Stefan Tomanek <stefan@pico.ruhr.de> for dsniff >= 2.4b1 to rewrite and
|
|
||||||
modernize the POP decoder. For some more information, please have a look to Debian
|
|
||||||
bug ID #647583.
|
|
||||||
|
|
||||||
--- dsniff-2.4/decode_pop.c 2013-12-20 21:06:13.000000000 +0100
|
|
||||||
+++ dsniff-2.4/decode_pop.c.modernize_pop 2013-12-20 21:12:58.000000000 +0100
|
|
||||||
@@ -6,6 +6,8 @@
|
|
||||||
* Copyright (c) 2000 Dug Song <dugsong@monkey.org>
|
|
||||||
*
|
|
||||||
* $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $
|
|
||||||
+ *
|
|
||||||
+ * Rewritten by Stefan Tomanek 2011 <stefan@pico.ruhr.de>
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "config.h"
|
|
||||||
@@ -45,32 +47,87 @@
|
|
||||||
decode_pop(u_char *buf, int len, u_char *obuf, int olen)
|
|
||||||
{
|
|
||||||
char *p;
|
|
||||||
+ char *s;
|
|
||||||
+ int n;
|
|
||||||
int i, j;
|
|
||||||
+ char *user;
|
|
||||||
+ char *password;
|
|
||||||
+ enum {
|
|
||||||
+ NONE,
|
|
||||||
+ AUTHPLAIN,
|
|
||||||
+ AUTHLOGIN,
|
|
||||||
+ USERPASS
|
|
||||||
+ } mode = NONE;
|
|
||||||
|
|
||||||
obuf[0] = '\0';
|
|
||||||
|
|
||||||
for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) {
|
|
||||||
- if (strncasecmp(p, "AUTH PLAIN", 10) == 0 ||
|
|
||||||
- strncasecmp(p, "AUTH LOGIN", 10) == 0) {
|
|
||||||
- strlcat(obuf, p, olen);
|
|
||||||
- strlcat(obuf, "\n", olen);
|
|
||||||
-
|
|
||||||
- /* Decode SASL auth. */
|
|
||||||
- for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) {
|
|
||||||
- strlcat(obuf, p, olen);
|
|
||||||
- j = base64_pton(p, p, strlen(p));
|
|
||||||
- p[j] = '\0';
|
|
||||||
- strlcat(obuf, " [", olen);
|
|
||||||
- strlcat(obuf, p, olen);
|
|
||||||
- strlcat(obuf, "]\n", olen);
|
|
||||||
+ if (mode == NONE) {
|
|
||||||
+ user = NULL;
|
|
||||||
+ password = NULL;
|
|
||||||
+ if (strncasecmp(p, "AUTH PLAIN", 10) == 0) {
|
|
||||||
+ mode = AUTHPLAIN;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ if (strncasecmp(p, "AUTH LOGIN", 10) == 0) {
|
|
||||||
+ mode = AUTHLOGIN;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ if (strncasecmp(p, "USER ", 5) == 0) {
|
|
||||||
+ mode = USERPASS;
|
|
||||||
+ /* the traditional login cuts right to the case,
|
|
||||||
+ * so no continue here
|
|
||||||
+ */
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- /* Save regular POP2, POP3 auth info. */
|
|
||||||
- else if (strncasecmp(p, "USER ", 5) == 0 ||
|
|
||||||
- strncasecmp(p, "PASS ", 5) == 0 ||
|
|
||||||
- strncasecmp(p, "HELO ", 5) == 0) {
|
|
||||||
- strlcat(obuf, p, olen);
|
|
||||||
- strlcat(obuf, "\n", olen);
|
|
||||||
+ printf("(%d) %s\n", mode, p);
|
|
||||||
+ if (mode == USERPASS) {
|
|
||||||
+ if (strncasecmp(p, "USER ", 5) == 0) {
|
|
||||||
+ user = &p[5];
|
|
||||||
+ } else if (strncasecmp(p, "PASS ", 5) == 0) {
|
|
||||||
+ password = &p[5];
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (mode == AUTHPLAIN) {
|
|
||||||
+ j = base64_pton(p, p, strlen(p));
|
|
||||||
+ p[j] = '\0';
|
|
||||||
+ n = 0;
|
|
||||||
+ s = p;
|
|
||||||
+ /* p consists of three parts, divided by \0 */
|
|
||||||
+ while (s <= &p[j] && n<=3) {
|
|
||||||
+ if (n == 0) {
|
|
||||||
+ /* we do not process this portion yet */
|
|
||||||
+ } else if (n == 1) {
|
|
||||||
+ user = s;
|
|
||||||
+ } else if (n == 2) {
|
|
||||||
+ password = s;
|
|
||||||
+ }
|
|
||||||
+ n++;
|
|
||||||
+ while (*s) s++;
|
|
||||||
+ s++;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (mode == AUTHLOGIN) {
|
|
||||||
+ j = base64_pton(p, p, strlen(p));
|
|
||||||
+ p[j] = '\0';
|
|
||||||
+ if (!user) {
|
|
||||||
+ user = p;
|
|
||||||
+ } else {
|
|
||||||
+ password = p;
|
|
||||||
+ /* got everything we need :-) */
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (user && password) {
|
|
||||||
+ strlcat(obuf, "\nusername [", olen);
|
|
||||||
+ strlcat(obuf, user, olen);
|
|
||||||
+ strlcat(obuf, "] password [", olen);
|
|
||||||
+ strlcat(obuf, password, olen);
|
|
||||||
+ strlcat(obuf, "]\n", olen);
|
|
||||||
+
|
|
||||||
+ mode = NONE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return (strlen(obuf));
|
|
@ -1,13 +0,0 @@
|
|||||||
Patch by <bdefreese@debian2.bddebian.com> for dsniff >= 2.4b1, which adds
|
|
||||||
a memset to correctly 0 out the C struct.
|
|
||||||
|
|
||||||
--- dsniff-2.4/msgsnarf.c 2011-10-09 18:13:49.000000000 +0200
|
|
||||||
+++ dsniff-2.4/msgsnarf.c.segfault 2011-10-09 18:25:26.000000000 +0200
|
|
||||||
@@ -584,6 +584,7 @@
|
|
||||||
if (i == 0) {
|
|
||||||
if ((c = malloc(sizeof(*c))) == NULL)
|
|
||||||
nids_params.no_mem("sniff_msgs");
|
|
||||||
+ memset(c, 0, sizeof(*c));
|
|
||||||
c->ip = ts->addr.saddr;
|
|
||||||
c->nick = strdup("unknown");
|
|
||||||
SLIST_INSERT_HEAD(&client_list, c, next);
|
|
@ -1,243 +0,0 @@
|
|||||||
Patch by Christoph Biedl <debian.axhn@manchmal.in-ulm.de> for dsniff >=
|
|
||||||
2.4b1, which fixes building with OpenSSL 1.1.0. Adapted for compatibility
|
|
||||||
with older OpenSSL versions by Robert Scheck <robert@fedoraproject.org>.
|
|
||||||
|
|
||||||
--- dsniff-2.4/ssh.c 2017-02-11 22:31:54.705269813 +0100
|
|
||||||
+++ dsniff-2.4/ssh.c.openssl_110 2017-02-11 22:45:31.193447230 +0100
|
|
||||||
@@ -234,6 +234,10 @@
|
|
||||||
u_char *p, cipher, cookie[8], msg[1024];
|
|
||||||
u_int32_t num;
|
|
||||||
int i;
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ const BIGNUM *servkey_e, *servkey_n;
|
|
||||||
+ const BIGNUM *hostkey_e, *hostkey_n;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* Generate anti-spoofing cookie. */
|
|
||||||
RAND_bytes(cookie, sizeof(cookie));
|
|
||||||
@@ -243,11 +247,23 @@
|
|
||||||
*p++ = SSH_SMSG_PUBLIC_KEY; /* type */
|
|
||||||
memcpy(p, cookie, 8); p += 8; /* cookie */
|
|
||||||
num = 768; PUTLONG(num, p); /* servkey bits */
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL);
|
|
||||||
+ put_bn(servkey_e, &p); /* servkey exponent */
|
|
||||||
+ put_bn(servkey_n, &p); /* servkey modulus */
|
|
||||||
+#else
|
|
||||||
put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */
|
|
||||||
put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */
|
|
||||||
+#endif
|
|
||||||
num = 1024; PUTLONG(num, p); /* hostkey bits */
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL);
|
|
||||||
+ put_bn(hostkey_e, &p); /* hostkey exponent */
|
|
||||||
+ put_bn(hostkey_n, &p); /* hostkey modulus */
|
|
||||||
+#else
|
|
||||||
put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */
|
|
||||||
put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */
|
|
||||||
+#endif
|
|
||||||
num = 0; PUTLONG(num, p); /* protocol flags */
|
|
||||||
num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */
|
|
||||||
num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */
|
|
||||||
@@ -298,7 +314,11 @@
|
|
||||||
SKIP(p, i, 4);
|
|
||||||
|
|
||||||
/* Decrypt session key. */
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ if (BN_cmp(servkey_n, hostkey_n) > 0) {
|
|
||||||
+#else
|
|
||||||
if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) {
|
|
||||||
+#endif
|
|
||||||
rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
|
|
||||||
rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
|
|
||||||
}
|
|
||||||
@@ -318,8 +338,13 @@
|
|
||||||
BN_clear_free(enckey);
|
|
||||||
|
|
||||||
/* Derive real session key using session id. */
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ if ((p = ssh_session_id(cookie, hostkey_n,
|
|
||||||
+ servkey_n)) == NULL) {
|
|
||||||
+#else
|
|
||||||
if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
|
|
||||||
ssh->ctx->servkey->n)) == NULL) {
|
|
||||||
+#endif
|
|
||||||
warn("ssh_session_id");
|
|
||||||
return (-1);
|
|
||||||
}
|
|
||||||
@@ -328,10 +353,15 @@
|
|
||||||
}
|
|
||||||
/* Set cipher. */
|
|
||||||
if (cipher == SSH_CIPHER_3DES) {
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ warnx("cipher 3des no longer supported");
|
|
||||||
+ return (-1);
|
|
||||||
+#else
|
|
||||||
ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
|
|
||||||
ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
|
|
||||||
ssh->encrypt = des3_encrypt;
|
|
||||||
ssh->decrypt = des3_decrypt;
|
|
||||||
+#endif
|
|
||||||
}
|
|
||||||
else if (cipher == SSH_CIPHER_BLOWFISH) {
|
|
||||||
ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
|
|
||||||
@@ -357,6 +387,10 @@
|
|
||||||
u_char *p, cipher, cookie[8], msg[1024];
|
|
||||||
u_int32_t num;
|
|
||||||
int i;
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ BIGNUM *servkey_n, *servkey_e;
|
|
||||||
+ BIGNUM *hostkey_n, *hostkey_e;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* Get public key. */
|
|
||||||
if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
|
|
||||||
@@ -379,21 +413,43 @@
|
|
||||||
|
|
||||||
/* Get servkey. */
|
|
||||||
ssh->ctx->servkey = RSA_new();
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ servkey_n = BN_new();
|
|
||||||
+ servkey_e = BN_new();
|
|
||||||
+ RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL);
|
|
||||||
+#else
|
|
||||||
ssh->ctx->servkey->n = BN_new();
|
|
||||||
ssh->ctx->servkey->e = BN_new();
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
SKIP(p, i, 4);
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ get_bn(servkey_e, &p, &i);
|
|
||||||
+ get_bn(servkey_n, &p, &i);
|
|
||||||
+#else
|
|
||||||
get_bn(ssh->ctx->servkey->e, &p, &i);
|
|
||||||
get_bn(ssh->ctx->servkey->n, &p, &i);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* Get hostkey. */
|
|
||||||
ssh->ctx->hostkey = RSA_new();
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ hostkey_n = BN_new();
|
|
||||||
+ hostkey_e = BN_new();
|
|
||||||
+ RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL);
|
|
||||||
+#else
|
|
||||||
ssh->ctx->hostkey->n = BN_new();
|
|
||||||
ssh->ctx->hostkey->e = BN_new();
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
SKIP(p, i, 4);
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ get_bn(hostkey_e, &p, &i);
|
|
||||||
+ get_bn(hostkey_n, &p, &i);
|
|
||||||
+#else
|
|
||||||
get_bn(ssh->ctx->hostkey->e, &p, &i);
|
|
||||||
get_bn(ssh->ctx->hostkey->n, &p, &i);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* Get cipher, auth masks. */
|
|
||||||
SKIP(p, i, 4);
|
|
||||||
@@ -405,8 +461,13 @@
|
|
||||||
RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey));
|
|
||||||
|
|
||||||
/* Obfuscate with session id. */
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ if ((p = ssh_session_id(cookie, hostkey_n,
|
|
||||||
+ servkey_n)) == NULL) {
|
|
||||||
+#else
|
|
||||||
if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
|
|
||||||
ssh->ctx->servkey->n)) == NULL) {
|
|
||||||
+#endif
|
|
||||||
warn("ssh_session_id");
|
|
||||||
return (-1);
|
|
||||||
}
|
|
||||||
@@ -422,7 +483,11 @@
|
|
||||||
else BN_add_word(bn, ssh->sesskey[i]);
|
|
||||||
}
|
|
||||||
/* Encrypt session key. */
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ if (BN_cmp(servkey_n, hostkey_n) < 0) {
|
|
||||||
+#else
|
|
||||||
if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) {
|
|
||||||
+#endif
|
|
||||||
rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
|
|
||||||
rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
|
|
||||||
}
|
|
||||||
@@ -470,10 +535,15 @@
|
|
||||||
ssh->decrypt = blowfish_decrypt;
|
|
||||||
}
|
|
||||||
else if (cipher == SSH_CIPHER_3DES) {
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ warnx("cipher 3des no longer supported");
|
|
||||||
+ return (-1);
|
|
||||||
+#else
|
|
||||||
ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
|
|
||||||
ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
|
|
||||||
ssh->encrypt = des3_encrypt;
|
|
||||||
ssh->decrypt = des3_decrypt;
|
|
||||||
+#endif
|
|
||||||
}
|
|
||||||
/* Get server response. */
|
|
||||||
if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
|
|
||||||
--- dsniff-2.4/sshcrypto.c 2017-02-11 22:31:54.688270184 +0100
|
|
||||||
+++ dsniff-2.4/sshcrypto.c.openssl_110 2017-02-11 22:35:30.594555807 +0100
|
|
||||||
@@ -28,10 +28,12 @@
|
|
||||||
u_char iv[8];
|
|
||||||
};
|
|
||||||
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
||||||
struct des3_state {
|
|
||||||
des_key_schedule k1, k2, k3;
|
|
||||||
des_cblock iv1, iv2, iv3;
|
|
||||||
};
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
void
|
|
||||||
rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
|
|
||||||
@@ -39,10 +41,20 @@
|
|
||||||
u_char *inbuf, *outbuf;
|
|
||||||
int len, ilen, olen;
|
|
||||||
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ const BIGNUM *n, *e;
|
|
||||||
+ RSA_get0_key(key, &n, &e, NULL);
|
|
||||||
+ if (BN_num_bits(e) < 2 || !BN_is_odd(e))
|
|
||||||
+#else
|
|
||||||
if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
|
|
||||||
+#endif
|
|
||||||
errx(1, "rsa_public_encrypt() exponent too small or not odd");
|
|
||||||
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ olen = BN_num_bytes(n);
|
|
||||||
+#else
|
|
||||||
olen = BN_num_bytes(key->n);
|
|
||||||
+#endif
|
|
||||||
outbuf = malloc(olen);
|
|
||||||
|
|
||||||
ilen = BN_num_bytes(in);
|
|
||||||
@@ -71,7 +83,13 @@
|
|
||||||
u_char *inbuf, *outbuf;
|
|
||||||
int len, ilen, olen;
|
|
||||||
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ const BIGNUM *n;
|
|
||||||
+ RSA_get0_key(key, &n, NULL, NULL);
|
|
||||||
+ olen = BN_num_bytes(n);
|
|
||||||
+#else
|
|
||||||
olen = BN_num_bytes(key->n);
|
|
||||||
+#endif
|
|
||||||
outbuf = malloc(olen);
|
|
||||||
|
|
||||||
ilen = BN_num_bytes(in);
|
|
||||||
@@ -146,6 +164,7 @@
|
|
||||||
swap_bytes(dst, dst, len);
|
|
||||||
}
|
|
||||||
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
||||||
/* XXX - SSH1's weirdo 3DES... */
|
|
||||||
void *
|
|
||||||
des3_init(u_char *sesskey, int len)
|
|
||||||
@@ -194,3 +213,4 @@
|
|
||||||
des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT);
|
|
||||||
des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT);
|
|
||||||
}
|
|
||||||
+#endif
|
|
@ -1,61 +0,0 @@
|
|||||||
Patch by Dennis Filder <d.filder@web.de> for dsniff >= 2.4b1 to resolve naming
|
|
||||||
collision due to libpcap API changes. Dsniff was written with a function named
|
|
||||||
pcap_init() that predates the one in libpcap and is entirely different. This patch
|
|
||||||
renames it out of the way. For some more information, please have a look to Debian
|
|
||||||
bug ID #980588.
|
|
||||||
|
|
||||||
--- dsniff-2.4/dnsspoof.c 2021-07-25 01:00:08.445636429 +0200
|
|
||||||
+++ dsniff-2.4/dnsspoof.c.pcap_init 2021-07-25 01:00:53.540928897 +0200
|
|
||||||
@@ -309,7 +309,7 @@
|
|
||||||
else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s",
|
|
||||||
libnet_addr2name4(lnet_ip, LIBNET_DONT_RESOLVE));
|
|
||||||
|
|
||||||
- if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL)
|
|
||||||
+ if ((pcap_pd = pcap_init_dsniff(dev, buf, 128)) == NULL)
|
|
||||||
errx(1, "couldn't initialize sniffing");
|
|
||||||
|
|
||||||
if ((pcap_off = pcap_dloff(pcap_pd)) < 0)
|
|
||||||
--- dsniff-2.4/pcaputil.c 2021-07-25 01:00:08.469636585 +0200
|
|
||||||
+++ dsniff-2.4/pcaputil.c.pcap_init 2021-07-25 01:00:59.816969598 +0200
|
|
||||||
@@ -111,7 +111,7 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
pcap_t *
|
|
||||||
-pcap_init(char *intf, char *filter, int snaplen)
|
|
||||||
+pcap_init_dsniff(char *intf, char *filter, int snaplen)
|
|
||||||
{
|
|
||||||
pcap_t *pd;
|
|
||||||
u_int net, mask;
|
|
||||||
--- dsniff-2.4/pcaputil.h 2001-03-15 09:33:06.000000000 +0100
|
|
||||||
+++ dsniff-2.4/pcaputil.h.pcap_init 2021-07-25 01:07:46.246603851 +0200
|
|
||||||
@@ -11,7 +11,7 @@
|
|
||||||
#ifndef PCAPUTIL_H
|
|
||||||
#define PCAPUTIL_H
|
|
||||||
|
|
||||||
-pcap_t *pcap_init(char *intf, char *filter, int snaplen);
|
|
||||||
+pcap_t *pcap_init_dsniff(char *intf, char *filter, int snaplen);
|
|
||||||
|
|
||||||
int pcap_dloff(pcap_t *pd);
|
|
||||||
|
|
||||||
--- dsniff-2.4/tcpkill.c 2021-07-25 01:00:08.426636306 +0200
|
|
||||||
+++ dsniff-2.4/tcpkill.c.pcap_init 2021-07-25 01:01:06.728014416 +0200
|
|
||||||
@@ -130,7 +130,7 @@
|
|
||||||
|
|
||||||
filter = copy_argv(argv);
|
|
||||||
|
|
||||||
- if ((pd = pcap_init(intf, filter, 64)) == NULL)
|
|
||||||
+ if ((pd = pcap_init_dsniff(intf, filter, 64)) == NULL)
|
|
||||||
errx(1, "couldn't initialize sniffing");
|
|
||||||
|
|
||||||
if ((pcap_off = pcap_dloff(pd)) < 0)
|
|
||||||
--- dsniff-2.4/tcpnice.c 2021-07-25 01:00:08.426636306 +0200
|
|
||||||
+++ dsniff-2.4/tcpnice.c.pcap_init 2021-07-25 01:01:13.816060381 +0200
|
|
||||||
@@ -204,7 +204,7 @@
|
|
||||||
|
|
||||||
filter = copy_argv(argv);
|
|
||||||
|
|
||||||
- if ((pd = pcap_init(intf, filter, 128)) == NULL)
|
|
||||||
+ if ((pd = pcap_init_dsniff(intf, filter, 128)) == NULL)
|
|
||||||
errx(1, "couldn't initialize sniffing");
|
|
||||||
|
|
||||||
if ((pcap_off = pcap_dloff(pd)) < 0)
|
|
@ -1,15 +0,0 @@
|
|||||||
Patch by Matthew Boyle <mlb@decisionsoft.co.uk> for dsniff >= 2.4b1 which corrects
|
|
||||||
the incorrect bit-shift in pntohl(), the left-shift should be 8 bits, not 18. For
|
|
||||||
further information please have a look to Red Hat Bugzilla ID #714958 and #850496.
|
|
||||||
|
|
||||||
--- dsniff-2.4/decode.h 2001-03-15 09:33:06.000000000 +0100
|
|
||||||
+++ dsniff-2.4/decode.h.pntohl_shift 2013-12-20 22:16:52.000000000 +0100
|
|
||||||
@@ -35,7 +35,7 @@
|
|
||||||
(u_short)*((u_char *)p+0)<<8))
|
|
||||||
|
|
||||||
#define pntohl(p) ((u_int32_t)*((u_char *)p+3)<<0| \
|
|
||||||
- (u_int32_t)*((u_char *)p+2)<<18| \
|
|
||||||
+ (u_int32_t)*((u_char *)p+2)<<8| \
|
|
||||||
(u_int32_t)*((u_char *)p+1)<<16| \
|
|
||||||
(u_int32_t)*((u_char *)p+0)<<24)
|
|
||||||
|
|
@ -1,14 +0,0 @@
|
|||||||
Patch by Marcos Fouces <mfouces@yahoo.es> for dsniff >= 2.4b1, which fixes
|
|
||||||
a minor spelling error in source code.
|
|
||||||
|
|
||||||
--- dsniff-2.4/remote.c 2000-11-14 16:51:04.000000000 +0100
|
|
||||||
+++ dsniff-2.4/remote.c.remote_typo 2017-02-11 23:03:25.420064992 +0100
|
|
||||||
@@ -652,7 +652,7 @@
|
|
||||||
if (remote_command_count > 0)
|
|
||||||
{
|
|
||||||
fprintf (stderr,
|
|
||||||
- "%s: the `-id' option must preceed all `-remote' options.\n",
|
|
||||||
+ "%s: the `-id' option must precede all `-remote' options.\n",
|
|
||||||
progname);
|
|
||||||
usage ();
|
|
||||||
exit (-1);
|
|
@ -1,17 +0,0 @@
|
|||||||
Patch based on suggestion by Matthew Boyle <mlb@decisionsoft.co.uk> for dsniff >=
|
|
||||||
2.4b1 which avoids xdrs being used without being initialised first. Without this
|
|
||||||
patch dsniff segfaults when decoding RPC packets on x86_64. For further information
|
|
||||||
please also have a look to Red Hat Bugzilla ID #715042 and #850494.
|
|
||||||
|
|
||||||
--- dsniff-2.4/rpc.c 2001-03-15 09:33:04.000000000 +0100
|
|
||||||
+++ dsniff-2.4/rpc.c.rpc_segfault 2013-12-20 22:49:34.000000000 +0100
|
|
||||||
@@ -125,6 +125,9 @@
|
|
||||||
return (0);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ else
|
|
||||||
+ return (0);
|
|
||||||
+
|
|
||||||
stat = xdr_getpos(&xdrs);
|
|
||||||
xdr_destroy(&xdrs);
|
|
||||||
|
|
@ -1,70 +0,0 @@
|
|||||||
Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1 which
|
|
||||||
ensures when building using %{?_smp_mflags} that libmissing.a is built when
|
|
||||||
its being used for linking.
|
|
||||||
|
|
||||||
--- dsniff-2.4/Makefile.in 2018-07-14 02:54:20.405095355 +0200
|
|
||||||
+++ dsniff-2.4/Makefile.in.smp_mflags 2018-07-14 02:54:44.973245128 +0200
|
|
||||||
@@ -92,49 +92,49 @@
|
|
||||||
ar -cr $@ $(LIBOBJS)
|
|
||||||
$(RANLIB) $@
|
|
||||||
|
|
||||||
-dsniff: $(HDRS) $(SRCS) $(OBJS)
|
|
||||||
+dsniff: $(HDRS) $(SRCS) $(OBJS) libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB)
|
|
||||||
|
|
||||||
-arpspoof: arpspoof.o arp.o
|
|
||||||
+arpspoof: arpspoof.o arp.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ arpspoof.o arp.o $(LIBS) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
-dnsspoof: dnsspoof.o pcaputil.o
|
|
||||||
+dnsspoof: dnsspoof.o pcaputil.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ dnsspoof.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
-filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o
|
|
||||||
+filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
-macof: macof.o
|
|
||||||
+macof: macof.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ macof.o $(LIBS) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
-mailsnarf: mailsnarf.o buf.o pcaputil.o
|
|
||||||
+mailsnarf: mailsnarf.o buf.o pcaputil.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ mailsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
-msgsnarf: msgsnarf.o buf.o pcaputil.o
|
|
||||||
+msgsnarf: msgsnarf.o buf.o pcaputil.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ msgsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
-sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o
|
|
||||||
+sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
|
|
||||||
|
|
||||||
-sshow: sshow.o pcaputil.o
|
|
||||||
+sshow: sshow.o pcaputil.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ sshow.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
-tcpkill: tcpkill.o pcaputil.o
|
|
||||||
+tcpkill: tcpkill.o pcaputil.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ tcpkill.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
-tcpnice: tcpnice.o pcaputil.o
|
|
||||||
+tcpnice: tcpnice.o pcaputil.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ tcpnice.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
tcphijack: tcphijack.o pcaputil.o
|
|
||||||
$(CC) $(LDFLAGS) -o $@ tcphijack.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
-urlsnarf: urlsnarf.o base64.o buf.o pcaputil.o
|
|
||||||
+urlsnarf: urlsnarf.o base64.o buf.o pcaputil.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ urlsnarf.o base64.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB)
|
|
||||||
|
|
||||||
-webmitm: webmitm.o base64.o buf.o decode_http.o record.o
|
|
||||||
+webmitm: webmitm.o base64.o buf.o decode_http.o record.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB)
|
|
||||||
|
|
||||||
-webspy: webspy.o base64.o buf.o remote.o
|
|
||||||
+webspy: webspy.o base64.o buf.o remote.o libmissing.a
|
|
||||||
$(CC) $(LDFLAGS) -o $@ webspy.o base64.o buf.o remote.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(X11LIB)
|
|
||||||
|
|
||||||
install:
|
|
@ -1,19 +0,0 @@
|
|||||||
Patch by Hilko Bengen <bengen@debian.org> for dsniff >= 2.4b1, to avoid a
|
|
||||||
possible DoS opportunity in the Tabular Data Stream protocol handler. For
|
|
||||||
further information, please have a look to the Debian bug ID #609988 and
|
|
||||||
#712648.
|
|
||||||
|
|
||||||
--- dsniff-2.4/decode_tds.c 2013-12-19 23:36:26.000000000 +0100
|
|
||||||
+++ dsniff-2.4/decode_tds.c.tds_decoder 2013-12-19 23:38:01.000000000 +0100
|
|
||||||
@@ -144,6 +144,11 @@
|
|
||||||
len > sizeof(*th) && len >= ntohs(th->size);
|
|
||||||
buf += ntohs(th->size), len -= ntohs(th->size)) {
|
|
||||||
|
|
||||||
+ if (th->size != 8) {
|
|
||||||
+ /* wrong header length */
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (th->type == 2) {
|
|
||||||
/* Version 4.x, 5.0 */
|
|
||||||
if (len < sizeof(*th) + sizeof(*tl))
|
|
@ -1,80 +0,0 @@
|
|||||||
Patch by Hilko Bengen <bengen@debian.org> for dsniff >= 2.4b1, which adds
|
|
||||||
the usage of timestamps from pcap file if available to urlsnarf. For some
|
|
||||||
more information, please have a look to Debian bug ID #573365.
|
|
||||||
|
|
||||||
--- dsniff-2.4/urlsnarf.c 2011-10-09 18:13:49.000000000 +0200
|
|
||||||
+++ dsniff-2.4/urlsnarf.c.timestamp 2011-10-09 18:37:33.000000000 +0200
|
|
||||||
@@ -36,6 +36,7 @@
|
|
||||||
u_short Opt_dns = 1;
|
|
||||||
int Opt_invert = 0;
|
|
||||||
regex_t *pregex = NULL;
|
|
||||||
+time_t tt = 0;
|
|
||||||
|
|
||||||
static void
|
|
||||||
usage(void)
|
|
||||||
@@ -57,9 +58,12 @@
|
|
||||||
{
|
|
||||||
static char tstr[32], sign;
|
|
||||||
struct tm *t, gmt;
|
|
||||||
- time_t tt = time(NULL);
|
|
||||||
int days, hours, tz, len;
|
|
||||||
|
|
||||||
+ if (!nids_params.filename) {
|
|
||||||
+ tt = time(NULL);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
gmt = *gmtime(&tt);
|
|
||||||
t = localtime(&tt);
|
|
||||||
|
|
||||||
@@ -312,9 +316,48 @@
|
|
||||||
|
|
||||||
nids_register_chksum_ctl(&chksum_ctl, 1);
|
|
||||||
|
|
||||||
- nids_run();
|
|
||||||
-
|
|
||||||
- /* NOTREACHED */
|
|
||||||
+ pcap_t *p;
|
|
||||||
+ char pcap_errbuf[PCAP_ERRBUF_SIZE];
|
|
||||||
+ if (nids_params.filename == NULL) {
|
|
||||||
+ /* adapted from libnids.c:open_live() */
|
|
||||||
+ if (strcmp(nids_params.device, "all") == 0)
|
|
||||||
+ nids_params.device = "any";
|
|
||||||
+ p = pcap_open_live(nids_params.device, 16384,
|
|
||||||
+ (nids_params.promisc != 0),
|
|
||||||
+ 0, pcap_errbuf);
|
|
||||||
+ if (!p) {
|
|
||||||
+ fprintf(stderr, "pcap_open_live(): %s\n",
|
|
||||||
+ pcap_errbuf);
|
|
||||||
+ exit(1);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ else {
|
|
||||||
+ p = pcap_open_offline(nids_params.filename,
|
|
||||||
+ pcap_errbuf);
|
|
||||||
+ if (!p) {
|
|
||||||
+ fprintf(stderr, "pcap_open_offline(%s): %s\n",
|
|
||||||
+ nids_params.filename, pcap_errbuf);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ struct pcap_pkthdr *h;
|
|
||||||
+ u_char *d;
|
|
||||||
+ int rc;
|
|
||||||
+ while ((rc = pcap_next_ex(p, &h, &d)) == 1) {
|
|
||||||
+ tt = h->ts.tv_sec;
|
|
||||||
+ nids_pcap_handler(NULL, h, d);
|
|
||||||
+ }
|
|
||||||
+ switch (rc) {
|
|
||||||
+ case(-2): /* end of pcap file */
|
|
||||||
+ case(0): /* timeout on live capture */
|
|
||||||
+ break;
|
|
||||||
+ case(-1):
|
|
||||||
+ default:
|
|
||||||
+ fprintf(stderr, "rc = %i\n", rc);
|
|
||||||
+ pcap_perror(p, "pcap_read_ex()");
|
|
||||||
+ exit(1);
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
exit(0);
|
|
||||||
}
|
|
237
dsniff.spec
237
dsniff.spec
@ -1,63 +1,38 @@
|
|||||||
Summary: Tools for network auditing and penetration testing
|
Summary: Tools for network auditing and penetration testing
|
||||||
Name: dsniff
|
Name: dsniff
|
||||||
Version: 2.4
|
Version: 2.4
|
||||||
Release: 0.39.b1%{?dist}
|
Release: 0.9.b1%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: https://www.monkey.org/~dugsong/%{name}/
|
Group: Applications/Internet
|
||||||
Source0: https://www.monkey.org/~dugsong/%{name}/beta/%{name}-%{version}b1.tar.gz
|
URL: http://www.monkey.org/~dugsong/%{name}/
|
||||||
Patch0: dsniff-2.4-time_h.patch
|
Source: http://www.monkey.org/~dugsong/%{name}/beta/%{name}-%{version}b1.tar.gz
|
||||||
Patch1: dsniff-2.4-mailsnarf_corrupt.patch
|
Patch0: dsniff-2.4-time_h.patch
|
||||||
Patch2: dsniff-2.4-pcap_read_dump.patch
|
Patch1: dsniff-2.4-mailsnarf_corrupt.patch
|
||||||
Patch3: dsniff-2.4-multiple_intf.patch
|
Patch2: dsniff-2.4-pcap_read_dump.patch
|
||||||
Patch4: dsniff-2.4-amd64_fix.patch
|
Patch3: dsniff-2.4-multiple_intf.patch
|
||||||
Patch5: dsniff-2.4-urlsnarf_zeropad.patch
|
Patch4: dsniff-2.4-amd64_fix.patch
|
||||||
Patch6: dsniff-2.4-libnet_11.patch
|
Patch5: dsniff-2.4-urlsnarf_zeropad.patch
|
||||||
Patch7: dsniff-2.4-checksum.patch
|
Patch6: dsniff-2.4-libnet_11.patch
|
||||||
Patch8: dsniff-2.4-openssl_098.patch
|
Patch7: dsniff-2.4-checksum.patch
|
||||||
Patch9: dsniff-2.4-sshcrypto.patch
|
Patch8: dsniff-2.4-openssl_098.patch
|
||||||
Patch10: dsniff-2.4-sysconf_clocks.patch
|
Patch9: dsniff-2.4-sshcrypto.patch
|
||||||
Patch11: dsniff-2.4-urlsnarf_escape.patch
|
Patch10: dsniff-2.4-sysconf_clocks.patch
|
||||||
Patch12: dsniff-2.4-string_header.patch
|
Patch11: dsniff-2.4-urlsnarf_escape.patch
|
||||||
Patch13: dsniff-2.4-arpa_inet_header.patch
|
Patch12: dsniff-2.4-string_header.patch
|
||||||
Patch14: dsniff-2.4-pop_with_version.patch
|
Patch13: dsniff-2.4-arpa_inet_header.patch
|
||||||
Patch15: dsniff-2.4-obsolete_time.patch
|
Patch14: dsniff-2.4-pop_with_version.patch
|
||||||
Patch16: dsniff-2.4-checksum_libnids.patch
|
Patch15: dsniff-2.4-obsolete_time.patch
|
||||||
Patch17: dsniff-2.4-fedora_dirs.patch
|
Patch16: dsniff-2.4-checksum_libnids.patch
|
||||||
Patch18: dsniff-2.4-glib2.patch
|
Patch17: dsniff-2.4-fedora_dirs.patch
|
||||||
Patch19: dsniff-2.4-link_layer_offset.patch
|
Patch18: dsniff-2.4-glib2.patch
|
||||||
Patch20: dsniff-2.4-tds_decoder.patch
|
BuildRequires: libnet-devel, openssl-devel, libnids-devel
|
||||||
Patch21: dsniff-2.4-msgsnarf_segfault.patch
|
BuildRequires: glib2-devel, db4-devel, %{_includedir}/pcap.h
|
||||||
Patch22: dsniff-2.4-urlsnarf_timestamp.patch
|
%if 0%{?rhel}%{?fedora} >= 5
|
||||||
Patch23: dsniff-2.4-arpspoof_reverse.patch
|
BuildRequires: libXmu-devel
|
||||||
Patch24: dsniff-2.4-arpspoof_multiple.patch
|
|
||||||
Patch25: dsniff-2.4-arpspoof_hwaddr.patch
|
|
||||||
Patch26: dsniff-2.4-modernize_pop.patch
|
|
||||||
Patch27: dsniff-2.4-libnet_name2addr4.patch
|
|
||||||
Patch28: dsniff-2.4-pntohl_shift.patch
|
|
||||||
Patch29: dsniff-2.4-rpc_segfault.patch
|
|
||||||
Patch30: dsniff-2.4-openssl_110.patch
|
|
||||||
Patch31: dsniff-2.4-remote_typo.patch
|
|
||||||
Patch32: dsniff-2.4-smp_mflags.patch
|
|
||||||
Patch33: dsniff-2.4-libtirpc.patch
|
|
||||||
Patch34: dsniff-2.4-pcap_init.patch
|
|
||||||
BuildRequires: gcc
|
|
||||||
BuildRequires: libnet-devel
|
|
||||||
%if 0%{?fedora} || 0%{?rhel} >= 8
|
|
||||||
BuildRequires: openssl-devel
|
|
||||||
%else
|
%else
|
||||||
BuildRequires: openssl11-devel
|
BuildRequires: xorg-x11-devel
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: libnids-devel
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: glib2-devel
|
|
||||||
BuildRequires: libpcap-devel
|
|
||||||
BuildRequires: libdb-devel
|
|
||||||
BuildRequires: libXmu-devel
|
|
||||||
%if 0%{?fedora} || 0%{?rhel} >= 8
|
|
||||||
BuildRequires: rpcgen
|
|
||||||
BuildRequires: libtirpc-devel
|
|
||||||
BuildRequires: libnsl2-devel
|
|
||||||
%endif
|
|
||||||
BuildRequires: make
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
A collection of tools for network auditing and penetration testing. Dsniff,
|
A collection of tools for network auditing and penetration testing. Dsniff,
|
||||||
@ -80,7 +55,9 @@ by exploiting weak bindings in ad-hoc PKI.
|
|||||||
%patch7 -p1 -b .checksum
|
%patch7 -p1 -b .checksum
|
||||||
%patch8 -p1 -b .openssl_098
|
%patch8 -p1 -b .openssl_098
|
||||||
%patch9 -p1 -b .sshcrypto
|
%patch9 -p1 -b .sshcrypto
|
||||||
|
%if 0%{?rhel}%{?fedora} >= 5
|
||||||
%patch10 -p1 -b .sysconf_clocks
|
%patch10 -p1 -b .sysconf_clocks
|
||||||
|
%endif
|
||||||
%patch11 -p1 -b .urlsnarf_escape
|
%patch11 -p1 -b .urlsnarf_escape
|
||||||
%patch12 -p1 -b .string_header
|
%patch12 -p1 -b .string_header
|
||||||
%patch13 -p1 -b .arpa_inet_header
|
%patch13 -p1 -b .arpa_inet_header
|
||||||
@ -89,44 +66,22 @@ by exploiting weak bindings in ad-hoc PKI.
|
|||||||
%patch16 -p1 -b .checksum_libnids
|
%patch16 -p1 -b .checksum_libnids
|
||||||
%patch17 -p1 -b .fedora_dirs
|
%patch17 -p1 -b .fedora_dirs
|
||||||
%patch18 -p1 -b .glib2
|
%patch18 -p1 -b .glib2
|
||||||
%patch19 -p1 -b .link_layer_offset
|
|
||||||
%patch20 -p1 -b .tds_decoder
|
|
||||||
%patch21 -p1 -b .msgsnarf_segfault
|
|
||||||
%patch22 -p1 -b .urlsnarf_timestamp
|
|
||||||
%patch23 -p1 -b .arpspoof_reverse
|
|
||||||
%patch24 -p1 -b .arpspoof_multiple
|
|
||||||
%patch25 -p1 -b .arpspoof_hwaddr
|
|
||||||
%patch26 -p1 -b .modernize_pop
|
|
||||||
%patch27 -p1 -b .libnet_name2addr4
|
|
||||||
%patch28 -p1 -b .pntohl_shift
|
|
||||||
%patch29 -p1 -b .rpc_segfault
|
|
||||||
%patch30 -p1 -b .openssl_110
|
|
||||||
%patch31 -p1 -b .remote_typo
|
|
||||||
%patch32 -p1 -b .smp_mflags
|
|
||||||
%if 0%{?fedora} || 0%{?rhel} >= 8
|
|
||||||
%patch33 -p1 -b .libtirpc
|
|
||||||
%endif
|
|
||||||
%patch34 -p1 -b .pcap_init
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?rhel} == 7
|
|
||||||
sed \
|
|
||||||
-e 's|include/openssl/|include/openssl11/openssl/|g' \
|
|
||||||
-e 's|\(SSLINC="\)-I${prefix}/include|\1$(pkg-config --cflags openssl11)|g' \
|
|
||||||
-e 's|\(SSLLIB="\)-L${prefix}/lib -lssl -lcrypto|\1$(pkg-config --libs openssl11)|g' \
|
|
||||||
-i configure
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%configure
|
%configure
|
||||||
%make_build
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%make_install install_prefix=$RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
make install_prefix=$RPM_BUILD_ROOT INSTALL='install -p' install
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%license LICENSE
|
%defattr(-,root,root,-)
|
||||||
%doc CHANGES README TODO
|
%doc CHANGES LICENSE README TODO
|
||||||
%dir %{_sysconfdir}/%{name}/
|
%dir %{_sysconfdir}/%{name}
|
||||||
%config(noreplace) %{_sysconfdir}/%{name}/*
|
%config(noreplace) %{_sysconfdir}/%{name}/*
|
||||||
%{_sbindir}/arpspoof
|
%{_sbindir}/arpspoof
|
||||||
%{_sbindir}/dnsspoof
|
%{_sbindir}/dnsspoof
|
||||||
@ -158,108 +113,6 @@ sed \
|
|||||||
%{_mandir}/man8/webspy.8*
|
%{_mandir}/man8/webspy.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.39.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.38.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.4-0.37.b1
|
|
||||||
- Rebuilt with OpenSSL 3.0.0
|
|
||||||
|
|
||||||
* Sun Jul 25 2021 Robert Scheck <robert@fedoraproject.org> 2.4-0.36.b1
|
|
||||||
- Added patch to work around pcap_init() API change in libpcap
|
|
||||||
|
|
||||||
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.35.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.34.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
||||||
|
|
||||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.33.b1
|
|
||||||
- Second attempt - Rebuilt for
|
|
||||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.32.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.31.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.30.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.29.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.28.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
||||||
|
|
||||||
* Sun May 27 2018 Robert Scheck <robert@fedoraproject.org> 2.4-0.27.b1
|
|
||||||
- Added patch to allow building dsniff against libtirpc (#1582770)
|
|
||||||
|
|
||||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.26.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.25.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.24.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
||||||
|
|
||||||
* Sat Feb 11 2017 Robert Scheck <robert@fedoraproject.org> 2.4-0.23.b1
|
|
||||||
- Added patch to allow building dsniff with OpenSSL >= 1.1.0
|
|
||||||
- Added patch to correct a typo related to the -remote option
|
|
||||||
|
|
||||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.22.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-0.21.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.20.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
||||||
|
|
||||||
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.19.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
||||||
|
|
||||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.18.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Dec 20 2013 Robert Scheck <robert@fedoraproject.org> 2.4-0.17.b1
|
|
||||||
- Corrected patch which touches tabular data stream protocol handler
|
|
||||||
- Added a patch to add both communication partners in arpspoof
|
|
||||||
- Added patch to allow multiple targets to be imitated simultaniously
|
|
||||||
- Added patch to allow the selection of source hw address in arpspoof
|
|
||||||
- Added a patch which fixes and modernizes the POP decoder
|
|
||||||
- Fixed segmentation faults related to libnet_name2addr4() (#1009879)
|
|
||||||
- Added a patch to fix bit-shift in pntohl() macro (#714958, #850496)
|
|
||||||
- Avoid xdrs being used without being initialised (#715042, #850494)
|
|
||||||
|
|
||||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.16.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.15.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Jul 30 2012 Robert Scheck <robert@fedoraproject.org> 2.4-0.14.b1
|
|
||||||
- Added a patch which adds further link layer offsets
|
|
||||||
- Avoid opportunity for DoS in tabular data stream protocol handler
|
|
||||||
- Added a memset in msgsnarf to correctly 0 out the C struct
|
|
||||||
- Patched urlsnarf to use timestamps from pcap file if available
|
|
||||||
|
|
||||||
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.13.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Mar 30 2012 Jon Ciesla <limburgher@gmail.com> - 2.4-0.12.b1
|
|
||||||
- libnet rebuild
|
|
||||||
|
|
||||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.11.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-0.10.b1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Mar 29 2010 Robert Scheck <robert@fedoraproject.org> 2.4-0.9.b1
|
* Mon Mar 29 2010 Robert Scheck <robert@fedoraproject.org> 2.4-0.9.b1
|
||||||
- Rebuild against libnids 1.24
|
- Rebuild against libnids 1.24
|
||||||
|
|
||||||
@ -278,7 +131,7 @@ sed \
|
|||||||
* Sat Aug 30 2008 Robert Scheck <robert@fedoraproject.org> 2.4-0.4.b1
|
* Sat Aug 30 2008 Robert Scheck <robert@fedoraproject.org> 2.4-0.4.b1
|
||||||
- Re-diffed dsniff url log escaping patch for no fuzz
|
- Re-diffed dsniff url log escaping patch for no fuzz
|
||||||
|
|
||||||
* Thu May 29 2008 Robert Scheck <robert@fedoraproject.org> 2.4-0.3.b1
|
* Wed May 29 2008 Robert Scheck <robert@fedoraproject.org> 2.4-0.3.b1
|
||||||
- Rebuild against libnids 1.23
|
- Rebuild against libnids 1.23
|
||||||
|
|
||||||
* Sun Feb 10 2008 Robert Scheck <robert@fedoraproject.org> 2.4-0.2.b1
|
* Sun Feb 10 2008 Robert Scheck <robert@fedoraproject.org> 2.4-0.2.b1
|
||||||
|
Loading…
Reference in New Issue
Block a user