Jump to content

Search the Community

Showing results for tags 'winpcap'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements and Site News
    • Administration
  • AutoIt v3
    • AutoIt Help and Support
    • AutoIt Technical Discussion
    • AutoIt Example Scripts
  • Scripting and Development
    • Developer General Discussion
    • Language Specific Discussion
  • IT Administration
    • Operating System Deployment
    • Windows Client
    • Windows Server
    • Office

Categories

  • AutoIt Team
    • Beta
    • MVP
  • AutoIt
    • Automation
    • Databases and web connections
    • Data compression
    • Encryption and hash
    • Games
    • GUI Additions
    • Hardware
    • Information gathering
    • Internet protocol suite
    • Maths
    • Media
    • PDF
    • Security
    • Social Media and other Website API
    • Windows
  • Scripting and Development
  • IT Administration
    • Operating System Deployment
    • Windows Client
    • Windows Server
    • Office

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Member Title


Location


WWW


Interests

Found 4 results

  1. Version 1.0.1.3

    1,739 downloads

    Display Http Requests and response by analyzing http packets using winpcap and also recreate by one click the winhttp request to au3 format. Topic
  2. HttpHeaderWatcher v1.0.1.3 Some time ago, some members asked how to see the Http Requests. There are quite a few external applications but not in AutoIt! HttpHeaderWatcher in association with WinPcap, very modestly solves this lack. Once done this http watcher, i asked me : why not Re-build a WinHttp Request in AutoIt from a selected Request in one Click ? So i have added a "Create au3" button who open the WinHttp Request of your choice in AutoIt format in SciTE Editor. Voila voila, hope it can help ! Buttons were made online with chimply.com the easy and free buttons generator ! See Help for more infos. previous downloads : 253 source and executable are available in the Download Section Hope you like it !
  3. Hi there, a long long time ago... i found the time and need to add again something to the examples forum. I'm currently trying to get better in packet analysing and wrote a proove of concept dhcp protocol analyser. its no where near a completed state but just to give you a hint what can be done with winpcap.udf and fighting against bits/bytes and horrorbly written RFCs (http://www.networksorcery.com/enp/rfc/rfc1533.txt , http://www.networksorcery.com/enp/protocol/bootp/options.htm). YOU WILL NEED THE WinPCap - Packet.dll UDF from here: () #region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Change2CUI=y #endregion ;**** Directives created by AutoIt3Wrapper_GUI **** #include <array.au3> #include <date.au3> #include "Winpcap.au3" $winpcap = _PcapSetup() If ($winpcap = -1) Then MsgBox(16, "Pcap error !", "WinPcap not found !") Exit EndIf $pcap_devices = _PcapGetDeviceList() If ($pcap_devices = -1) Then MsgBox(16, "Pcap error !", _PcapGetLastError()) Exit EndIf For $i = 0 To UBound($pcap_devices) - 1 ;~ ConsoleWrite($pcap_devices[$i][0] & " ==> " & $pcap_devices[$i][1] & @CRLF) Next $dev_ID = $pcap_devices[0][0] $i = 0 $pcap = 0 $packet = 0 $pcapfile = 0 $prom = 1 $filter = "port 67" ; DHCP $pcap = _PcapStartCapture($dev_ID, $filter, $prom) If ($pcap = -1) Then MsgBox(16, "Pcap error !", _PcapGetLastError()) Exit EndIf $linktype = _PcapGetLinkType($pcap) If ($linktype[1] <> "EN10MB") Then MsgBox(16, "Pcap error !", "This example only works for Ethernet captures") Exit EndIf ;~ AdlibRegister("stats", 1000 * 60) While True If IsPtr($pcap) Then ; If $pcap is a Ptr, then the capture is running $time0 = TimerInit() While (TimerDiff($time0) < 500) ; Retrieve packets from queue for maximum 500ms before returning to main loop, not to "hang" the window for user $packet = _PcapGetPacket($pcap) If IsInt($packet) Then ExitLoop $udpdata = _UDP_Parser($packet[3]) $dhcpdata = _DHCP_Parser($udpdata) WEnd EndIf Sleep(1) WEnd _PcapFree() Exit Func Stats() $s = _PcapGetStats($pcap) Local $stats_txt = "" For $a = 1 To UBound($s, 1) - 1 $stats_txt &= $s[$a][1] & ":" & $s[$a][0] & @CRLF Next ConsoleWrite($stats_txt) EndFunc ;==>Stats Func _UDP_Parser($data) If BinaryMid($data, 13, 2) <> "0x0800" Then Return ; Ethertype If BinaryMid($data, 24, 1) <> "0x11" Then Return ; UDP Local $srcip = Number(BinaryMid($data, 27, 1)) & "." & Number(BinaryMid($data, 28, 1)) & "." & Number(BinaryMid($data, 29, 1)) & "." & Number(BinaryMid($data, 30, 1)) Local $dstip = Number(BinaryMid($data, 31, 1)) & "." & Number(BinaryMid($data, 32, 1)) & "." & Number(BinaryMid($data, 33, 1)) & "." & Number(BinaryMid($data, 34, 1)) Local $srcport = Number(BinaryMid($data, 35, 1)) * 256 + Number(BinaryMid($data, 36, 1)) Local $dstport = Number(BinaryMid($data, 37, 1)) * 256 + Number(BinaryMid($data, 38, 1)) Local $udplength = Number(BinaryMid($data, 39, 1)) * 256 + Number(BinaryMid($data, 40, 1)) Local $udpchecksum = Number(BinaryMid($data, 41, 1)) * 256 + Number(BinaryMid($data, 42, 1)) ConsoleWrite($srcip & ":" & $srcport & " ==> " & $dstip & ":" & $dstport & " Length: " & $udplength & @CRLF) Local $udpdata = BinaryMid($data, 43, $udplength) ConsoleWrite($udpdata & @CRLF) Return $udpdata EndFunc ;==>_UDP_Parser Func _DHCP_Parser($udpdata) $op = Number(BinaryMid($udpdata, 1, 1)) Switch $op Case 1 ConsoleWrite("Boot Request ") Case 2 ConsoleWrite("Boot Reply ") EndSwitch $htype = Number(BinaryMid($udpdata, 2, 1)) Switch $htype Case 1 ConsoleWrite("via Ethernet ") Case 6 ConsoleWrite("via IEEE 802 ") Case 7 ConsoleWrite("via ARCNET ") EndSwitch $hlen = Number(BinaryMid($udpdata, 3, 1)) Switch $hlen Case 6 ConsoleWrite("and a Hardware address Length of a MAC address ") Case 2 ConsoleWrite("and an Unknown Hardware address Length ") EndSwitch $hops = Number(BinaryMid($udpdata, 4, 1)) Switch $hops Case 0 ConsoleWrite("send directly ") Case Else ConsoleWrite("relayed over " & $hops & " DHCP-Relay-Agents ") EndSwitch $xid = BinaryMid($udpdata, 5, 4) ConsoleWrite("and a transaction ID of " & $xid & " ") $secs = Number(BinaryMid($udpdata, 9, 1)) * 256 + Number(BinaryMid($udpdata, 10, 1)) ConsoleWrite("waiting since " & $secs & " seconds ") $flags = Number(BinaryMid($udpdata, 11, 1)) ; easy implemetation Switch $flags Case 0 ConsoleWrite("with an old IP ") Case 1 ConsoleWrite("without an old IP ") EndSwitch $ciaddr = Number(BinaryMid($udpdata, 13, 1)) & "." & Number(BinaryMid($udpdata, 14, 1)) & "." & Number(BinaryMid($udpdata, 15, 1)) & "." & Number(BinaryMid($udpdata, 16, 1)) $yiaddr = Number(BinaryMid($udpdata, 17, 1)) & "." & Number(BinaryMid($udpdata, 18, 1)) & "." & Number(BinaryMid($udpdata, 19, 1)) & "." & Number(BinaryMid($udpdata, 20, 1)) $siaddr = Number(BinaryMid($udpdata, 21, 1)) & "." & Number(BinaryMid($udpdata, 22, 1)) & "." & Number(BinaryMid($udpdata, 23, 1)) & "." & Number(BinaryMid($udpdata, 24, 1)) $giaddr = Number(BinaryMid($udpdata, 25, 1)) & "." & Number(BinaryMid($udpdata, 26, 1)) & "." & Number(BinaryMid($udpdata, 27, 1)) & "." & Number(BinaryMid($udpdata, 28, 1)) ConsoleWrite("ClientIP: " & $ciaddr & " Your IP: " & $yiaddr & " Server IP: " & $siaddr & " Relay-Agent-IP-Adress " & $giaddr & " ") $chaddr = BinaryMid($udpdata, 29, 16) $chaddr_mac = StringTrimLeft(BinaryMid($udpdata, 29, 6), 2) $chaddr_pad = StringTrimLeft(BinaryMid($udpdata, 35, 10), 2) ConsoleWrite("and a client identifier of " & $chaddr & " which results in a client MAC-Address of " & $chaddr_mac & " and padding, ") $sname = StringReplace(BinaryToString(BinaryMid($udpdata, 45, 64)), Chr(0), "") Switch $sname Case "" ConsoleWrite("requesting no special server ") Case Else ConsoleWrite("requesting Server-Name " & $sname & " ") EndSwitch $file = StringReplace(BinaryToString(BinaryMid($udpdata, 109, 128)), Chr(0), "") Switch $file Case "" ConsoleWrite("with no boot-file specified ") Case Else ConsoleWrite("getting following Bootfile '" & $file & "' ") EndSwitch $options = StringReplace(BinaryToString(BinaryMid($udpdata, 237)), Chr(0), "") ConsoleWrite("and the following options: " & $options) ConsoleWrite(@CRLF) If BitAND(BinaryMid($udpdata, 237, 4), 0x63825363) Then ; is a DHCP Package ConsoleWrite("DHCP options:" & @CRLF) _DHCP_Options_Parser(BinaryMid($udpdata, 241)) EndIf EndFunc ;==>_DHCP_Parser Func _DHCP_Options_Parser($options) $i = 1 Do $options_type = Number(BinaryMid($options, $i, 1)) $length = Number(BinaryMid($options, $i + 1, 1)) If $options_type = 0 Or $options_type = 255 Then $length = 1 ConsoleWrite("Count: " & $i & " Option Type: " & $options_type & " Packet Length: " & $length & @CRLF) Switch $options_type Case 0 ; padding Case 1 ; Subnetmask $subnetmask = Number(BinaryMid($options, $i + 2, 1)) & "." & Number(BinaryMid($options, $i + 3, 1)) & "." & Number(BinaryMid($options, $i + 4, 1)) & "." & Number(BinaryMid($options, $i + 5, 1)) ConsoleWrite("Subnetmask: " & $subnetmask & @CRLF) Case 2 ; time offset $time_offset = Number(BinaryMid($options, $i + 2, 4)) ConsoleWrite("Time Offset: " & $time_offset & @CRLF) Case 3 ; Router Option ; not working properly Case 6 ; DNS-Servers $dns_servers_count = $length/4 for $j = 0 to $dns_servers_count-1 $dns_servers = Number(BinaryMid($options, $i + 2 + ($j*4), 1)) & "." & Number(BinaryMid($options, $i + 3+ ($j*4), 1)) & "." & Number(BinaryMid($options, $i + 4+ ($j*4), 1)) & "." & Number(BinaryMid($options, $i + 5+ ($j*4), 1)) ConsoleWrite("dns server: " & $dns_servers & @CRLF) Next Case 12; Client Hostname $Host_Name = StringReplace(BinaryToString(BinaryMid($options, $i + 2, $length)), Chr(0), "") ConsoleWrite("Host Name: " & $Host_Name & @CRLF) Case 43 ; Vendor-specific information $vendor_specific_info = StringReplace(BinaryToString(BinaryMid($options, $i + 2, $length)), Chr(0), "") ConsoleWrite("Vendor-specific information: " & $vendor_specific_info & @CRLF) Case 51 ; Address lease time ; not working properly $lease_time = Number(BinaryMid($options, $i + 2, 4)) $sNewDate = _DateAdd('s', $lease_time, _NowCalcDate()) ConsoleWrite("Lease Time: " & $sNewDate & @CRLF) Case 53 ; DHCP Message type Switch Number(BinaryMid($options, $i + 2, 1)) Case 1 ConsoleWrite("DHCPDISCOVER" & @CRLF) Case 2 ConsoleWrite("DHCPOFFER" & @CRLF) Case 3 ConsoleWrite("DHCPREQUEST" & @CRLF) Case 4 ConsoleWrite("DHCPDECLINE" & @CRLF) Case 5 ConsoleWrite("DHCPACK" & @CRLF) Case 6 ConsoleWrite("DHCPNAK" & @CRLF) Case 7 ConsoleWrite("DHCPRELEASE" & @CRLF) Case 8 ConsoleWrite("DHCPINFORM" & @CRLF) Case Else; Armageddon!!! EndSwitch Case 54 ; Server Identifier $server_identifier = Number(BinaryMid($options, $i + 2, 1)) & "." & Number(BinaryMid($options, $i + 3, 1)) & "." & Number(BinaryMid($options, $i + 4, 1)) & "." & Number(BinaryMid($options, $i + 5, 1)) ConsoleWrite("Server Identifier: " & $server_identifier & @CRLF) Case 55 ; Parameter Request List $parameter_request_list = BinaryMid($options, $i + 2, $length) ConsoleWrite("Parameter Request List: " & $parameter_request_list & @CRLF) Case 60 ; Class-Identifier $class_identifier = StringReplace(BinaryToString(BinaryMid($options, $i + 2, $length)), Chr(0), "") ConsoleWrite("Class-Identifier: " & $class_identifier & @CRLF) Case 61 ; Identifier $identifier = BinaryMid($options, $i + 2, $length) ConsoleWrite("Identifier: " & $identifier & @CRLF) Case 81 ; FQDN $FQDN = StringReplace(BinaryToString(BinaryMid($options, $i + 2, $length)), Chr(0), "") ConsoleWrite("FQDN: " & $FQDN & @CRLF) Case 255 ; end $i = BinaryLen($options) Case Else; Armageddon!!! EndSwitch $i += (2 + $length) Until $i >= BinaryLen($options) ; unclean but prevents the loop from continuing infinite if a counting error occures. Return False ; until everything is in a 2d array..... EndFunc ;==>_DHCP_Options_Parsertraffic.au3
  4. Hi, I have worked on a project for a friend and it needed to retreive some data in UDP packets, it was a challenge because I didn't know anything about that packets, and after few days of work I have managed to do what I wanted. The hardest part was to set a very strict filter for the cpu usage and for the script optimisation, so here is one : ;use filters with _PcapStartCapture ;retreive only tcp packets containing AABBCCDD, at the start of 8 and with a length of 4; like the StringMid func. tcp[8:4] == 0xAABBCCDD ;8th byte from the beginning of the tcp DATA, 4bytes length; always include the 0x to specify you are dealing with hex. And some funcs to split the different data from packets : ;$hCapture is the handle returned by _PcapStartCapture ; #FUNCTION# ==================================================================================================================== ; Name...........: _TCP_Recv ; Description ...: Retreives a TCP Packet and returns its data splitted ; Syntax.........: _TCP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) ; Parameters ....: $hCapture - Capture handle ; $iInstance - Instance of the packet to retreive ; $iTimeOut - Timeout ; Return values .: Success - Array containing the packet data ; Failure - -1 (timedout) ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: _UDP_Recv ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _TCP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) Local $blPacketCaptured = False, $iTimer_Capture, $aPacket, $iPacket $iTimer_Capture = TimerInit() While (TimerDiff($iTimer_Capture) < $iTimeOut Or $iTimeOut = -1) $aPacket = _PcapGetPacket($hCapture) If IsArray($aPacket) Then If $iPacket = $iInstance Then Local $aTCPPacket[21] $aTCPPacket[0] = StringMid($aPacket[3], 3, 12) ;Destination Mac Address $aTCPPacket[1] = StringMid($aPacket[3], 15, 12) ;Source Mac Address $aTCPPacket[2] = StringMid($aPacket[3], 27, 4) ;Type $aTCPPacket[3] = StringMid($aPacket[3], 31, 2) ;Version & Header length $aTCPPacket[4] = StringMid($aPacket[3], 33, 2) ;Differientiated Services Field $aTCPPacket[5] = StringMid($aPacket[3], 35, 4) ;Total Length $aTCPPacket[6] = StringMid($aPacket[3], 39, 4) ;Identification $aTCPPacket[7] = StringMid($aPacket[3], 43, 4) ;Fragment offset $aTCPPacket[8] = StringMid($aPacket[3], 47, 2) ;Time to live $aTCPPacket[9] = StringMid($aPacket[3], 49, 2) ;Protocol $aTCPPacket[10] = StringMid($aPacket[3], 51, 4) ;Header checksum $aTCPPacket[11] = StringMid($aPacket[3], 55, 8) ;Source IP Address $aTCPPacket[12] = StringMid($aPacket[3], 63, 8) ;Destination IP Address $aTCPPacket[13] = StringMid($aPacket[3], 71, 4) ;Source port $aTCPPacket[14] = StringMid($aPacket[3], 75, 4) ;Destination port $aTCPPacket[15] = StringMid($aPacket[3], 79, 8) ;Sequence number $aTCPPacket[16] = StringMid($aPacket[3], 87, 8) ;Acknowledgment number $aTCPPacket[17] = StringMid($aPacket[3], 95, 4) ;Flags $aTCPPacket[18] = StringMid($aPacket[3], 99, 4) ;Window size value $aTCPPacket[19] = StringMid($aPacket[3], 103, 4) ;Checksum ;107 to 110 = NULL data $aTCPPacket[20] = StringTrimLeft($aPacket[3], 110) ;Data Return $aTCPPacket EndIf $iPacket += 1 EndIf Sleep(50) WEnd Return -1 EndFunc ;==>_TCP_Recv ; #FUNCTION# ==================================================================================================================== ; Name...........: _UDP_Recv ; Description ...: Retreives an UDP Packet and returns its data splitted ; Syntax.........: _UDP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) ; Parameters ....: $hCapture - Capture handle ; $iInstance - Instance of the packet to retreive ; $iTimeOut - Timeout ; Return values .: Success - Array containing the packet data ; Failure - -1 (timedout) ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: _TCP_Recv ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _UDP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) Local $blPacketCaptured = False, $iTimer_Capture, $aPacket, $iPacket $iTimer_Capture = TimerInit() While (TimerDiff($iTimer_Capture) < $iTimeOut Or $iTimeOut = -1) $aPacket = _PcapGetPacket($hCapture) If IsArray($aPacket) Then If $iPacket = $iInstance Then Local $aUDPPacket[18] $aUDPPacket[0] = StringMid($aPacket[3], 3, 12) ;Source Mac Address $aUDPPacket[1] = StringMid($aPacket[3], 15, 12) ;Destination Mac Address $aUDPPacket[2] = StringMid($aPacket[3], 27, 4) ;Type $aUDPPacket[3] = StringMid($aPacket[3], 31, 2) ;Version & Header length $aUDPPacket[4] = StringMid($aPacket[3], 33, 2) ;Differientiated Services Field $aUDPPacket[5] = StringMid($aPacket[3], 35, 4) ;Total Length $aUDPPacket[6] = StringMid($aPacket[3], 39, 4) ;Identification $aUDPPacket[7] = StringMid($aPacket[3], 43, 4) ;Fragment offset $aUDPPacket[8] = StringMid($aPacket[3], 47, 2) ;Time to live $aUDPPacket[9] = StringMid($aPacket[3], 49, 2) ;Protocol $aUDPPacket[10] = StringMid($aPacket[3], 51, 4) ;Header checksum $aUDPPacket[11] = StringMid($aPacket[3], 55, 8) ;Source IP Address $aUDPPacket[12] = StringMid($aPacket[3], 63, 8) ;Destination IP Address $aUDPPacket[13] = StringMid($aPacket[3], 71, 4) ;Source port $aUDPPacket[14] = StringMid($aPacket[3], 75, 4) ;Destination port $aUDPPacket[15] = StringMid($aPacket[3], 79, 4) ;Length $aUDPPacket[16] = StringMid($aPacket[3], 83, 4) ;Checksum $aUDPPacket[17] = StringTrimLeft($aPacket[3], 86) ;Data Return $aUDPPacket EndIf $iPacket += 1 EndIf Sleep(50) WEnd Return -1 EndFunc ;==>_UDP_Recv ;for example convert the packet's source/dest IP Address to text ; #FUNCTION# ==================================================================================================================== ; Name...........: _HexIPAddressToText ; Description ...: Converts Hex IP Adress to text ; Syntax.........: _HexIPAddressToText($vhexIPAddress) ; Parameters ....: $vIPAddress - IP Address v4 (string, int) ; Return values .: Success - Converted IP Address ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _HexIPAddressToText($vhexIPAddress) Local $sIPAddress For $iOffset = 1 To 8 Step 2 $sIPAddress &= Dec(StringMid($vhexIPAddress, $iOffset, 2)) & "." Next Return StringTrimRight($sIPAddress, 1) EndFunc ;==>_UDP_DecodeIPAddress Ops, almost forgot the Winpcap UDF available here : http://opensource.grisambre.net/pcapau3/ PS : If you find this helpful, please "like"/rate this post. Enjoy
×
×
  • Create New...