L4) TCP 헤더 구축

import struct

class Tcp:
     def __init__(self,data=None):
          if data != None:
               (self.src,)=struct.unpack('!H',data[:2])
               (self.dst,)=struct.unpack('!H',data[2:4])
               (self.sq_num,)=struct.unpack('!L',data[4:8])
               (self.ack_num,)=struct.unpack('!L',data[8:12])
               self.len=data[12]
               self.len>>=2
               self.flag=data[13]
               (self.window,)=struct.unpack('!H',data[14:16])
               (self.chksum,)=struct.unpack('!H',data[16:18])
               (self.un,)=struct.unpack('!H',data[18:20])

   self.data=data[20:]
          else:
               self.src=b''
               self.dst=b''
               self.sq_num=b''
               self.ack_num=b''
               self.len=b''
               self.flag=b''
               self.window=b''
               self.chksum=b''
               self.un=b''

self.data=b''

     def get_header(self):
          return self.src+self.dst+self.sq_num+self.ack_num+self.len+self.flag+self.window+self.chksum+self.un
   def set_src(self,src):
          self.src=struct.pack('!H',src)
     def set_dst(self,dst):
          self.dst=struct.pack('!H',dst)
     def set_sq_num(self,sq_num):
          self.sq_num=struct.pack('L',sq_num)

     def set_ack_num(self,ack_num):
          self.ack_num=struct.pack('!L',ack_num)
     def set_len(self,len):
          self.len=struct.pack('!B',len<<2)
     def set_flag(self,flag):
          self.flag=struct.pack('!B',flag)
     def set_window(self,window):
self.window=struct.pack('!H',window)
     def set_chksum(self,chksum):
          self.chksum=struct.pack('!H',chksum)
     def set_un(self,un):
          self.un=struct.pack('!H',un)

def set_data(self,data):

self.data=data.encode()

from socket import*
import struct
import ip as _ip
import eth as _eth
import tcp as _tcp

def make_chksum(header):

        size=len(header)
        if (size %2) !=0 :
                header=header+b'\x00'
                size=len(header)

header=struct.unpack('!'+str(size//2)+'H',header)
chksum=sum(header)

        carry=chksum & 0b_1111_1111_0000_0000_0000_0000
        carry = chksum >> 16
        while carry !=0:
                chksum =chksum & 0b_0000_0000_1111_1111_1111_1111
                chksum =chksum +carry
                carry=chksum & 0b_1111_1111_0000_0000_0000_0000
                carry = chksum >> 16
        chksum =chksum ^ 0b_1111_1111_1111_1111
        return chksum

sock = socket(AF_PACKET,SOCK_RAW)
sock.bind(('eth0',SOCK_RAW))

client_port=1111
server_port=10000

client_seq=1
server_seq=0

ip=_ip.Ip()
eth=_eth.Eth()
tcp=_tcp.Tcp()

tcp.set_src(client_port)
tcp.set_dst(server_port)
tcp.set_seq(client_seq)
tcp.set_ack(0)
tcp.set_len(20)
tcp.set_flag(2)
tcp.set_window(65535)
tcp.set_chksum(0)
tcp.set_dummy(0)

ip.set_ver(4)
ip.set_len(20)
ip.set_total_len(len(tcp.get_header())+20)
ip.set_id(0)
ip.set_type(6)
ip.set_ttl(64)
ip.set_flag(0)
ip.set_offset(0)
ip.set_chksum(0)
ip.set_src('192.168.219.115')
ip.set_dst('192.168.219.130')
ip.set_chksum(make_chksum(ip.get_header()))

len2=struct.pack('!H',len(tcp.get_header()))
pseudo=ip.src+ip.dst+b'\x00'+ ip.type+len2+tcp.get_header()

tcp.set_chksum(make_chksum(pseudo))

eth.set_dst('00:0c:29:6e:09:cb')
eth.set_src('00:0c:29:d1:80:e5')
eth.set_type(0x0800)

sock.send(eth.get_header()+ip.get_header()+tcp.get_header())

# syn/ack 뒤에다 추가

client_seq +=1

#recv 받아오기 ( 응답기다리기 )

while True:

     (raw,_)=sock.recvfrom(65535)
   tmp_eth=_eth.Eth(raw[:14])

   if tmp_eth.type=='0x0800' and (tmp_eth.dst=='00:0c:29:6e:09:cb'or tmp_eth.src=='00:0c:29:6e:09:cb'):
              tmp_ip=_ip.Ip(raw[14:34])
              if tmp_ip.type==6:
                       tmp_tcp=_tcp.Tcp(raw[34:])
                       if client_seq==tmp_tcp.ack:
                                server_seq=tmp_tcp.seq
                                break

server_seq +=1

tcp=_tcp.Tcp()
ip=_ip.Ip()

tcp.set_src(client_port)
tcp.set_dst(server_port)
tcp.set_seq(client_seq)
tcp.set_ack(server_seq)
tcp.set_len(20)
tcp.set_flag(16)
tcp.set_window(65535)
tcp.set_chksum(0)
tcp.set_dummy(0)

ip.set_ver(4)
ip.set_len(20)
ip.set_total_len(len(tcp.get_header())+20)
ip.set_id(0)
ip.set_type(6)
ip.set_ttl(64)
ip.set_flag(0)
ip.set_offset(0)
ip.set_chksum(0)
ip.set_src('192.168.219.115')
ip.set_dst('192.168.219.130')
ip.set_chksum(make_chksum(ip.get_header()))

len2=struct.pack('!H',len(tcp.get_header()))
pseudo=ip.src+ip.dst+b'\x00'+ ip.type+len2+tcp.get_header()
tcp.set_chksum(make_chksum(pseudo))

sock.send(eth.get_header()+ip.get_header()+tcp.get_header())

1) syn/ack + 2) ack 뒤에 추가

data=b'KOREA'
tcp=_tcp.Tcp()
ip=_ip.Ip()

tcp.set_src(client_port)
tcp.set_dst(server_port)
tcp.set_seq(client_seq)
tcp.set_ack(server_seq)
tcp.set_len(20)
tcp.set_flag(24)
tcp.set_window(65535)
tcp.set_chksum(0)
tcp.set_dummy(0)

ip.set_ver(4)
ip.set_len(20)
ip.set_total_len(len(tcp.get_header())+20+5)
ip.set_id(0)
ip.set_type(6)
ip.set_ttl(64)
ip.set_flag(0)
ip.set_offset(0)
ip.set_chksum(0)
ip.set_src('192.168.219.115')
ip.set_dst('192.168.219.130')
ip.set_chksum(make_chksum(ip.get_header()))

len2=struct.pack('!H',25)
pseudo=ip.src+ip.dst+b'\x00'+ ip.type+len2+tcp.get_header()+data
tcp.set_chksum(make_chksum(pseudo))

sock.send(eth.get_header()+ip.get_header()+tcp.get_header()+data)

1) syn/ack + 2) ack +3) psh 뒤에 추가

from socket import*
import struct
import ip as _ip
import eth as _eth
import tcp as _tcp

def make_chksum(header):

        size=len(header)
        if (size %2) !=0 :
                header=header+b'\x00'
                size=len(header)

header=struct.unpack('!'+str(size//2)+'H',header)
chksum=sum(header)

        carry=chksum & 0b_1111_1111_0000_0000_0000_0000
        carry = chksum >> 16
        while carry !=0:
                chksum =chksum & 0b_0000_0000_1111_1111_1111_1111
                chksum =chksum +carry
                carry=chksum & 0b_1111_1111_0000_0000_0000_0000
                carry = chksum >> 16
        chksum =chksum ^ 0b_1111_1111_1111_1111
        return chksum

sock = socket(AF_PACKET,SOCK_RAW)
sock.bind(('eth0',SOCK_RAW))

client_port=3333
server_port=10001 # tcp_server.py의 포트번호와 같게 해줘야함

client_seq=1
server_seq=0

#syn
ip=_ip.Ip()
eth=_eth.Eth()
tcp=_tcp.Tcp()

tcp.set_src(client_port)
tcp.set_dst(server_port)
tcp.set_seq(client_seq)
tcp.set_ack(0)
tcp.set_len(20)
tcp.set_flag(2) #flag : 000010
tcp.set_window(65535)
tcp.set_chksum(0)
tcp.set_dummy(0)

ip.set_ver(4)
ip.set_len(20)
ip.set_total_len(len(tcp.get_header())+20)
ip.set_id(0)
ip.set_type(6)
ip.set_ttl(64)
ip.set_flag(0)
ip.set_offset(0)
ip.set_chksum(0)
ip.set_src('192.168.219.115')
ip.set_dst('192.168.219.130')
ip.set_chksum(make_chksum(ip.get_header()))

len2=struct.pack('!H',len(tcp.get_header()))
pseudo=ip.src+ip.dst+b'\x00'+ ip.type+len2+tcp.get_header()
tcp.set_chksum(make_chksum(pseudo))

eth.set_dst('00:0c:29:6e:09:cb')
eth.set_src('00:0c:29:d1:80:e5')
eth.set_type(0x0800)

sock.send(eth.get_header()+ip.get_header()+tcp.get_header())

client_seq +=1
while True:
(raw,_)=sock.recvfrom(65535)
tmp_eth=_eth.Eth(raw[:14])

if tmp_eth.type=='0x0800' and (tmp_eth.dst=='00:0c:29:6e:09:cb'or tmp_eth.src=='00:0c:29:6e:09:cb'):
  tmp_ip=_ip.Ip(raw[14:34])
  if tmp_ip.type==6:
   tmp_tcp=_tcp.Tcp(raw[34:])
   if client_seq==tmp_tcp.ack:
    server_seq=tmp_tcp.seq
    break
server_seq +=1

#ack
tcp=_tcp.Tcp()
ip=_ip.Ip()
tcp.set_src(client_port)
tcp.set_dst(server_port)
tcp.set_seq(client_seq)
tcp.set_ack(server_seq)
tcp.set_len(20)
tcp.set_flag(16) #flag : 010000
tcp.set_window(65535)
tcp.set_chksum(0)
tcp.set_dummy(0)

ip.set_ver(4)
ip.set_len(20)
ip.set_total_len(len(tcp.get_header())+20)
ip.set_id(0)
ip.set_type(6)
ip.set_ttl(64)
ip.set_flag(0)
ip.set_offset(0)
ip.set_chksum(0)
ip.set_src('192.168.219.115')
ip.set_dst('192.168.219.130')
ip.set_chksum(make_chksum(ip.get_header()))

len2=struct.pack('!H',len(tcp.get_header()))
pseudo=ip.src+ip.dst+b'\x00'+ ip.type+len2+tcp.get_header()
tcp.set_chksum(make_chksum(pseudo))

sock.send(eth.get_header()+ip.get_header()+tcp.get_header())

#psh
data=b'KOREA'
tcp=_tcp.Tcp()
ip=_ip.Ip()

tcp.set_src(client_port)
tcp.set_dst(server_port)
tcp.set_seq(client_seq)
tcp.set_ack(server_seq)
tcp.set_len(20)
tcp.set_flag(24) #flag: 011000
tcp.set_window(65535)
tcp.set_chksum(0)
tcp.set_dummy(0)

ip.set_ver(4)
ip.set_len(20)
ip.set_total_len(len(tcp.get_header())+20+5)
ip.set_id(0)
ip.set_type(6)
ip.set_ttl(64)
ip.set_flag(0)
ip.set_offset(0)
ip.set_chksum(0)
ip.set_src('192.168.219.115')
ip.set_dst('192.168.219.130')

ip.set_chksum(make_chksum(ip.get_header()))

len2=struct.pack('!H',25)
pseudo=ip.src+ip.dst+b'\x00'+ ip.type+len2+tcp.get_header()+data
tcp.set_chksum(make_chksum(pseudo))

sock.send(eth.get_header()+ip.get_header()+tcp.get_header()+data)

client_seq +=5
while True:
(raw,_)=sock.recvfrom(65535)
tmp_eth=_eth.Eth(raw[:14])

        if tmp_eth.type=='0x0800' and (tmp_eth.dst=='00:0c:29:6e:09:cb'or tmp_eth.src=='00:0c:29:6e:09:cb'):
                tmp_ip=_ip.Ip(raw[14:34])
                if tmp_ip.type==6:
                        tmp_tcp=_tcp.Tcp(raw[34:])
                        if client_seq==tmp_tcp.ack:
                                server_seq=tmp_tcp.seq
                                break

server_seq +=1

#fin/ack
tcp=_tcp.Tcp()
ip=_ip.Ip()

tcp.set_src(client_port)
tcp.set_dst(server_port)
tcp.set_seq(client_seq)
tcp.set_ack(server_seq)
tcp.set_len(20)
tcp.set_flag(16)
tcp.set_window(65535)
tcp.set_chksum(0)
tcp.set_dummy(0)

ip.set_ver(4)
ip.set_len(20)
ip.set_total_len(len(tcp.get_header())+20)
ip.set_id(0)
ip.set_type(6)
ip.set_ttl(64)
ip.set_flag(0)
ip.set_offset(0)
ip.set_chksum(0)
ip.set_src('192.168.219.115')
ip.set_dst('192.168.219.130')
ip.set_chksum(make_chksum(ip.get_header()))

len2=struct.pack('!H',len(tcp.get_header()))
pseudo=ip.src+ip.dst+b'\x00'+ ip.type+len2+tcp.get_header()
tcp.set_chksum(make_chksum(pseudo))

sock.send(eth.get_header()+ip.get_header()+tcp.get_header())

#fin
tcp=_tcp.Tcp()
ip=_ip.Ip()

tcp.set_src(client_port)
tcp.set_dst(server_port)
tcp.set_seq(client_seq)
tcp.set_ack(server_seq)
tcp.set_len(20)
tcp.set_flag(17)
tcp.set_window(65535)
tcp.set_chksum(0)
tcp.set_dummy(0)

ip.set_ver(4)
ip.set_len(20)
ip.set_total_len(len(tcp.get_header())+20)
ip.set_id(0)
ip.set_type(6)
ip.set_ttl(64)
ip.set_flag(0)
ip.set_offset(0)
ip.set_chksum(0)
ip.set_src('192.168.219.115')
ip.set_dst('192.168.219.130')
ip.set_chksum(make_chksum(ip.get_header()))

len2=struct.pack('!H',len(tcp.get_header()))
pseudo=ip.src+ip.dst+b'\x00'+ ip.type+len2+tcp.get_header()
tcp.set_chksum(make_chksum(pseudo))

sock.send(eth.get_header()+ip.get_header()+tcp.get_header())

import socket

server_socket=socket.socket(socket.AF_INET,socket.SOCK_STREAM)

server_socket.bind(('',9999))
server_socket.listen(1)

while True:
client_socket = server_socket.accept()
print( client_socket )

        data = client_socket[0].recv(65535)
        print( 'receive:', data.decode())
        client_socket[0].send(data)
        client_socket[0].close()

와이어 샤크설치 /사용법 (0)	2018.01.17
L4) TCP 취약점 (0)	2018.01.17
L4) TCP 프로그래밍 / 3-way handshake (0)	2018.01.03
L4) UDP프로그래밍 / 공격기법 (0)	2018.01.03
checksum 계산 (0)	2017.12.31

HNNN_IT

티스토리 뷰

L4) TCP 헤더 구축

'Network Security > Network' 카테고리의 다른 글

티스토리툴바

« 2025/06 »
일	월	화	수	목	금	토
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30