Merge pull request #956 from BenGardiner/ipv6_anyproxy_fixes

Ipv6 any.proxy fixes

firewall/firewall_linux.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"strings"
 
 	"github.com/bettercap/bettercap/core"
 	"github.com/bettercap/bettercap/network"
@@ -73,10 +74,18 @@ func (f LinuxFirewall) EnableForwarding(enabled bool) error {
 
 func (f *LinuxFirewall) getCommandLine(r *Redirection, enabled bool) (cmdLine []string) {
 	action := "-A"
+	destination := ""
+
 	if !enabled {
 		action = "-D"
 	}
 
+	if strings.Count(r.DstAddress, ":") < 2 {
+		destination = r.DstAddress
+	} else {
+		destination = fmt.Sprintf("[%s]", r.DstAddress)
+	}
+
 	if r.SrcAddress == "" {
 		cmdLine = []string{
 			"-t", "nat",
@@ -85,7 +94,7 @@ func (f *LinuxFirewall) getCommandLine(r *Redirection, enabled bool) (cmdLine []
 			"-p", r.Protocol,
 			"--dport", fmt.Sprintf("%d", r.SrcPort),
 			"-j", "DNAT",
-			"--to", fmt.Sprintf("%s:%d", r.DstAddress, r.DstPort),
+			"--to", fmt.Sprintf("%s:%d", destination, r.DstPort),
 		}
 	} else {
 		cmdLine = []string{
@@ -96,7 +105,7 @@ func (f *LinuxFirewall) getCommandLine(r *Redirection, enabled bool) (cmdLine []
 			"-d", r.SrcAddress,
 			"--dport", fmt.Sprintf("%d", r.SrcPort),
 			"-j", "DNAT",
-			"--to", fmt.Sprintf("%s:%d", r.DstAddress, r.DstPort),
+			"--to", fmt.Sprintf("%s:%d", destination, r.DstPort),
 		}
 	}
 
@@ -107,6 +116,13 @@ func (f *LinuxFirewall) EnableRedirection(r *Redirection, enabled bool) error {
 	cmdLine := f.getCommandLine(r, enabled)
 	rkey := r.String()
 	_, found := f.redirections[rkey]
+	cmd := ""
+
+	if strings.Count(r.DstAddress, ":") < 2 {
+		cmd = "iptables"
+	} else {
+		cmd = "ip6tables"
+	}
 
 	if enabled {
 		if found {
@@ -116,9 +132,9 @@ func (f *LinuxFirewall) EnableRedirection(r *Redirection, enabled bool) error {
 		f.redirections[rkey] = r
 
 		// accept all
-		if _, err := core.Exec("iptables", []string{"-P", "FORWARD", "ACCEPT"}); err != nil {
+		if _, err := core.Exec(cmd, []string{"-P", "FORWARD", "ACCEPT"}); err != nil {
 			return err
-		} else if _, err := core.Exec("iptables", cmdLine); err != nil {
+		} else if _, err := core.Exec(cmd, cmdLine); err != nil {
 			return err
 		}
 	} else {
@@ -128,7 +144,7 @@ func (f *LinuxFirewall) EnableRedirection(r *Redirection, enabled bool) error {
 
 		delete(f.redirections, r.String())
 
-		if _, err := core.Exec("iptables", cmdLine); err != nil {
+		if _, err := core.Exec(cmd, cmdLine); err != nil {
 			return err
 		}
 	}

modules/any_proxy/any_proxy.go

@@ -44,7 +44,7 @@ func NewAnyProxy(s *session.Session) *AnyProxy {
 
 	mod.AddParam(session.NewStringParameter("any.proxy.dst_address",
 		session.ParamIfaceAddress,
-		session.IPv4Validator,
+		"",
 		"Address where the proxy is listening."))
 
 	mod.AddParam(session.NewIntParameter("any.proxy.dst_port",

modules/ndp_spoof/ndp_spoof.go

@@ -32,7 +32,9 @@ func NewNDPSpoofer(s *session.Session) *NDPSpoofer {
 	mod.AddParam(session.NewStringParameter("ndp.spoof.targets", "", "",
 		"Comma separated list of IPv6 victim addresses."))
 
-	mod.AddParam(session.NewStringParameter("ndp.spoof.neighbour", "fe80::1", "",
+	mod.AddParam(session.NewStringParameter("ndp.spoof.neighbour",
+		"fe80::1",
+		session.IPv6Validator,
 		"Neighbour IPv6 address to spoof, clear to disable NA."))
 
 	mod.AddParam(session.NewStringParameter("ndp.spoof.prefix", "d00d::", "",
@@ -122,7 +124,7 @@ func (mod *NDPSpoofer) Start() error {
 	}
 
 	return mod.SetRunning(true, func() {
-		mod.Info("ndp spoofer started - neighbour=%s prefix=%s", mod.neighbour, mod.prefix)
+		mod.Info("ndp spoofer started - targets=%s neighbour=%s prefix=%s", mod.addresses, mod.neighbour, mod.prefix)
 
 		mod.waitGroup.Add(1)
 		defer mod.waitGroup.Done()
@@ -179,6 +181,8 @@ func (mod *NDPSpoofer) getTargets(probe bool) map[string]net.HardwareAddr {
 		// do we have this ip mac address?
 		if hw, err := mod.Session.FindMAC(ip, probe); err == nil {
 			targets[ip.String()] = hw
+		} else {
+			mod.Info("couldn't get MAC for ip=%s, put it into the neighbour table manually e.g. ping -6")
 		}
 	}