Forward Channel

daemon/include/CovertChannel.h → daemon/include/CovertChannel/CovertChannel.h

@@ -1,5 +1,5 @@
-#ifndef SNIFFER_H
+#ifndef COVERTCHANNEL_H
-#define SNIFFER_H
+#define COVERTCHANNEL_H
 
 #include <tins/tins.h>
 
@@ -21,7 +21,7 @@ public:
 	 *
 	 * @param interface name of the interface for sniffing
 	 */
-	CovertChannel(const std::string &innerInterface, const std::string &outerInterface);
+	CovertChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &filter);
 
 	/**
 	 * Destroys the Sniffer.
@@ -63,17 +63,22 @@ protected:
 
 	bool handleForwardToInner(Tins::PDU &pdu);
 	bool handleForwardToOuter(Tins::PDU &pdu);
-	virtual bool handleRedirectToInner(Tins::PDU &pdu) = 0;
+	virtual bool handleChannelToInner(Tins::PDU &pdu) = 0;
-	virtual bool handleRedirectToOuter(Tins::PDU &pdu) = 0;
+	virtual bool handleChannelToOuter(Tins::PDU &pdu) = 0;
 
-	void startInnerSniffing();
+	void startInnerForwardSniffing();
-	void startOuterSniffing();
+	void startOuterForwardSniffing();
+
+	void startInnerChannelSniffing();
+	void startOuterChannelSniffing();
 
 	/**
 	 * Tins sniffer object.
 	 */
-	Tins::Sniffer *innerSniffer;
+	Tins::Sniffer *innerForwardSniffer;
-	Tins::Sniffer *outerSniffer;
+	Tins::Sniffer *outerForwardSniffer;
+	Tins::Sniffer *innerChannelSniffer;
+	Tins::Sniffer *outerChannelSniffer;
 	Tins::PacketSender innerSender;
 	Tins::PacketSender outerSender;
 };

daemon/include/CovertChannel/ForwardChannel.h

@@ -0,0 +1,38 @@
+#ifndef FORWARDCHANNEL_H
+#define FORWARDCHANNEL_H
+
+#include "CovertChannel.h"
+
+/**
+ * @class Sniffer
+ *
+ * Sniffs the network.
+ *
+ * Sniffer class which will sniff on a network interface. It is supposed to
+ * forward the packets to an analyzer or modifyer so we can hide data in the
+ * traffic.
+ */
+class ForwardChannel : public CovertChannel {
+public:
+	/**
+	 * Creates a Sniffer.
+	 *
+	 * Creates a Sniffer and sets the network interface for sniffing.
+	 *
+	 * @param interface name of the interface for sniffing
+	 */
+	ForwardChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &filter);
+
+	/**
+	 * Destroys the Sniffer.
+	 *
+	 * Destructor of the Sniffer.
+	 */
+	virtual ~ForwardChannel();
+
+protected:
+	virtual bool handleChannelToInner(Tins::PDU &pdu);
+	virtual bool handleChannelToOuter(Tins::PDU &pdu);
+};
+
+#endif

daemon/src/CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
 
 set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 
-add_executable(ccats src/main.cpp src/CovertChannel.cpp src/Server.cpp src/base64.cpp src/JsonCommander.cpp src/FileManager.cpp src/UserManager.cpp src/Config.cpp)
+add_executable(ccats src/main.cpp src/Server.cpp src/base64.cpp src/JsonCommander.cpp src/FileManager.cpp src/UserManager.cpp src/Config.cpp src/CovertChannel/CovertChannel.cpp src/CovertChannel/ForwardChannel.cpp)
 
 # dependencies used by server only
 find_package(libtins 4.2 REQUIRED)

daemon/src/CovertChannel.cpp

@@ -1,52 +0,0 @@
-#include "../include/CovertChannel.h"
-#include <cstdlib>
-#include <iostream>
-#include <thread>
-
-CovertChannel::CovertChannel(const std::string &innerInterface, const std::string &outerInterface) : innerSender(innerInterface), outerSender(outerInterface) {
-	Tins::SnifferConfiguration config;
-	config.set_promisc_mode(true);
-	config.set_immediate_mode(true);
-	config.set_direction(PCAP_D_IN);
-	config.set_snap_len(1500);
-
-	try {
-		innerSniffer = new Tins::Sniffer(innerInterface, config);
-		outerSniffer = new Tins::Sniffer(outerInterface, config);
-	} catch (const Tins::pcap_error &e) {
-		std::cerr << "An error accured setting up the sniffer: " << e.what() << std::endl;
-		std::exit(EXIT_FAILURE);
-	}
-}
-
-CovertChannel::~CovertChannel() {
-	innerSniffer->stop_sniff();
-	outerSniffer->stop_sniff();
-	delete (innerSniffer);
-	delete (outerSniffer);
-}
-
-void CovertChannel::startSniffing() {
-	std::thread innerSnifferThread(&CovertChannel::startInnerSniffing, this);
-	std::thread outerSnifferThread(&CovertChannel::startOuterSniffing, this);
-	innerSnifferThread.detach();
-	outerSnifferThread.detach();
-}
-
-void CovertChannel::startInnerSniffing() { innerSniffer->sniff_loop(make_sniffer_handler(this, &CovertChannel::handleForwardToOuter)); }
-
-void CovertChannel::startOuterSniffing() { outerSniffer->sniff_loop(make_sniffer_handler(this, &CovertChannel::handleForwardToInner)); }
-
-void CovertChannel::setFilter(const std::string &filterString) { innerSniffer->set_filter(filterString); }
-
-bool CovertChannel::handleForwardToInner(Tins::PDU &pdu) {
-	innerSender.send(pdu);
-
-	return true;
-}
-
-bool CovertChannel::handleForwardToOuter(Tins::PDU &pdu) {
-	outerSender.send(pdu);
-
-	return true;
-}

daemon/src/CovertChannel/CovertChannel.cpp

@@ -0,0 +1,74 @@
+#include "../../include/CovertChannel/CovertChannel.h"
+#include <cstdlib>
+#include <iostream>
+#include <thread>
+
+CovertChannel::CovertChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &filter)
+    : innerSender(innerInterface), outerSender(outerInterface) {
+	Tins::SnifferConfiguration forwardConfig;
+	forwardConfig.set_promisc_mode(true);
+	forwardConfig.set_immediate_mode(true);
+	forwardConfig.set_direction(PCAP_D_IN);
+	forwardConfig.set_snap_len(1500);
+	forwardConfig.set_filter("not (" + filter + ")");
+
+	Tins::SnifferConfiguration channelConfig;
+	channelConfig.set_promisc_mode(true);
+	channelConfig.set_immediate_mode(true);
+	channelConfig.set_direction(PCAP_D_IN);
+	channelConfig.set_snap_len(1500);
+	channelConfig.set_filter(filter);
+
+	try {
+		innerForwardSniffer = new Tins::Sniffer(innerInterface, forwardConfig);
+		outerForwardSniffer = new Tins::Sniffer(outerInterface, forwardConfig);
+	} catch (const Tins::pcap_error &e) {
+		std::cerr << "An error accured setting up the sniffer: " << e.what() << std::endl;
+		std::exit(EXIT_FAILURE);
+	}
+}
+
+CovertChannel::~CovertChannel() {
+	innerForwardSniffer->stop_sniff();
+	outerForwardSniffer->stop_sniff();
+	innerChannelSniffer->stop_sniff();
+	outerChannelSniffer->stop_sniff();
+	delete (innerForwardSniffer);
+	delete (outerForwardSniffer);
+	delete (innerChannelSniffer);
+	delete (outerChannelSniffer);
+}
+
+void CovertChannel::startSniffing() {
+	std::thread innerSnifferThread(&CovertChannel::startInnerForwardSniffing, this);
+	std::thread outerSnifferThread(&CovertChannel::startOuterForwardSniffing, this);
+	innerSnifferThread.detach();
+	outerSnifferThread.detach();
+}
+
+void CovertChannel::startInnerForwardSniffing() { innerForwardSniffer->sniff_loop(make_sniffer_handler(this, &CovertChannel::handleForwardToOuter)); }
+
+void CovertChannel::startOuterForwardSniffing() { outerForwardSniffer->sniff_loop(make_sniffer_handler(this, &CovertChannel::handleForwardToInner)); }
+
+void CovertChannel::startInnerChannelSniffing() { innerChannelSniffer->sniff_loop(make_sniffer_handler(this, &CovertChannel::handleChannelToOuter)); }
+
+void CovertChannel::startOuterChannelSniffing() { outerChannelSniffer->sniff_loop(make_sniffer_handler(this, &CovertChannel::handleChannelToInner)); }
+
+void CovertChannel::setFilter(const std::string &filterString) {
+	innerForwardSniffer->set_filter("not (" + filterString + ")");
+	outerForwardSniffer->set_filter("not (" + filterString + ")");
+	innerChannelSniffer->set_filter(filterString);
+	outerChannelSniffer->set_filter(filterString);
+}
+
+bool CovertChannel::handleForwardToInner(Tins::PDU &pdu) {
+	innerSender.send(pdu);
+
+	return true;
+}
+
+bool CovertChannel::handleForwardToOuter(Tins::PDU &pdu) {
+	outerSender.send(pdu);
+
+	return true;
+}

daemon/src/CovertChannel/ForwardChannel.cpp

@@ -0,0 +1,16 @@
+#include "../../include/CovertChannel/ForwardChannel.h"
+
+ForwardChannel::ForwardChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &filter)
+    : CovertChannel(innerInterface, outerInterface, filter) {}
+
+ForwardChannel::~ForwardChannel() {}
+
+bool ForwardChannel::handleChannelToInner(Tins::PDU &pdu) {
+	innerSender.send(pdu);
+	return true;
+}
+
+bool ForwardChannel::handleChannelToOuter(Tins::PDU &pdu) {
+	outerSender.send(pdu);
+	return true;
+}

daemon/src/main.cpp

@@ -1,8 +1,8 @@
 #include <iostream>
-#include <thread>
 
 #include "../include/Config.h"
-#include "../include/CovertChannel.h"
+#include "../include/CovertChannel/CovertChannel.h"
+#include "../include/CovertChannel/ForwardChannel.h"
 #include "../include/Server.h"
 #include "../include/UserManager.h"
 
@@ -17,13 +17,14 @@ int main(int argc, char *argv[]) {
 
 	const string innerInterface = Config::getValue("innerInterface");
 	const string outerInterface = Config::getValue("outerInterface");
+	const string filter = Config::getValue("filter");
 
 	// check if userStorage is add specified location
 	// if not create one
 	UserManager::init(Config::getValue("userdatabase"));
 
-	CovertChannel covertchannel(innerInterface, outerInterface);
+	CovertChannel *covertchannel = new ForwardChannel(innerInterface, outerInterface, filter);
-	covertchannel.startSniffing();
+	covertchannel->startSniffing();
 
 	try {
 		io_service io_service;
@@ -33,5 +34,6 @@ int main(int argc, char *argv[]) {
 		cerr << e.what() << endl;
 	}
 
+	delete (covertchannel);
 	return 0;
 }