Browse Source

Merge branch '72-us40-another-covert-channel-method' into 'develop'

US40: Another Covert Channel Method

Closes #72

See merge request tobias.wach/ccats!77
Sander, Paul 4 years ago
parent
commit
2a1b96631e

+ 2 - 1
daemon/include/CovertChannel/CovertProtocol.hpp

@@ -91,7 +91,8 @@ public:
 					data[i] = fileName.at(fileNamePosition++);
 				}
 			} else {
-				for (int i = 0; i < fileNameSize - fileNamePosition; i++) {
+				int diff = fileNameSize - fileNamePosition;
+				for (int i = 0; i < diff; i++) {
 					data[i] = fileName.at(fileNamePosition++);
 				}
 			}

+ 110 - 0
daemon/include/CovertChannel/TCPOptionTimestampChannel.hpp

@@ -0,0 +1,110 @@
+#ifndef TCPOPTIONTIMESTAMPCHANNEL_H
+#define TCPOPTIONTIMESTAMPCHANNEL_H
+
+#include "CovertChannel.h"
+#include "CovertProtocolBidirectional.hpp"
+
+#include <utility>
+
+/**
+ * @class TCPOptionTimestampChannel
+ *
+ * A CovertChannel which hides data in the TCP timestamp option field.
+ *
+ * @warning Only use on connections which will never use the timestamp option on their own!!!
+ *
+ * @param PASSIVE true - server only reacts to incoming channel | false - server initiates channel
+ */
+template <bool PASSIVE> class TCPOptionTimestampChannel : public CovertChannel {
+public:
+	/**
+	 * Sets up a CovertChannel.
+	 *
+	 * Creates a CovertChannel, sets the network interfaces for sniffing and sending and sets the filter.
+	 *
+	 * @param innerInterface name of the interface of the inner network
+	 * @param outerInterface name of the interface of the outer network
+	 * @param ownIP IP of this server
+	 * @param targetIP IP of the target server
+	 * @param targetPort Port of the target server
+	 */
+	TCPOptionTimestampChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &targetIP,
+	                          const std::string &targetPort)
+	    : CovertChannel(innerInterface, outerInterface,
+	                    "(not (tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") +
+	                        " port " + targetPort + ")) and (not (dst host " + ownIP + "))",
+	                    "(not (tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") +
+	                        " port " + targetPort + ")) and (not (dst host " + ownIP + "))",
+	                    "tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") + " port " +
+	                        targetPort,
+	                    "tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") + " port " +
+	                        targetPort) {}
+
+	/**
+	 * Destroys the CovertChannel.
+	 */
+	virtual ~TCPOptionTimestampChannel() {}
+
+	/**
+	 * Send a file over the covert channel.
+	 *
+	 * @param fileName name of the file in the file directory
+	 * @return true - file will be sent | false - file was not accepted
+	 */
+	virtual bool sendFile(const std::string &fileName) {
+		if constexpr (PASSIVE) {
+			return false;
+		} else {
+			return protocol.sendFile(fileName);
+		}
+	}
+
+protected:
+	/**
+	 * Handler for sniffed packets filterd to forward from the outer network.
+	 *
+	 * Handles incoming packets and forwards them.
+	 *
+	 * @param pdu sniffed packet
+	 *
+	 * @return false = stop loop | true = continue loop
+	 */
+	virtual bool handleChannelFromOuter(Tins::PDU &pdu) {
+		Tins::TCP &tcp = pdu.rfind_pdu<Tins::TCP>();
+
+		std::pair<uint32_t, uint32_t> timestamp = tcp.timestamp();
+		uint64_t data = ((uint64_t)timestamp.first) << 32 | timestamp.second;
+		protocol.receive((uint8_t *)(&data));
+		tcp.remove_option(Tins::TCP::OptionTypes::TSOPT);
+		innerSender.send(pdu);
+
+		return true;
+	}
+
+	/**
+	 * Handler for sniffed packets filterd to forward from the inner network.
+	 *
+	 * Handles incoming packets and forwards them.
+	 *
+	 * @param pdu sniffed packet
+	 *
+	 * @return false = stop loop | true = continue loop
+	 */
+	virtual bool handleChannelFromInner(Tins::PDU &pdu) {
+		Tins::TCP &tcp = pdu.rfind_pdu<Tins::TCP>();
+
+		uint64_t data = 0;
+		protocol.send((uint8_t *)(&data));
+		tcp.timestamp(data >> 32, data);
+		outerSender.send(pdu);
+
+		return true;
+	}
+
+	/**
+	 * protocol used to transmit data
+	 */
+	CovertProtocolBidirectional<8, PASSIVE> protocol;
+};
+
+#endif

+ 23 - 0
daemon/src/main.cpp

@@ -3,6 +3,7 @@
 #include "../include/Config.h"
 #include "../include/CovertChannel/CovertChannel.h"
 #include "../include/CovertChannel/ForwardChannel.h"
+#include "../include/CovertChannel/TCPOptionTimestampChannel.hpp"
 #include "../include/CovertChannel/TCPUrgencyChannel.hpp"
 #include "../include/Server.h"
 #include "../include/UserManager.h"
@@ -34,6 +35,28 @@ int main(int argc, char *argv[]) {
 			covertchannel = new TCPUrgencyChannel<false>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
 		}
 
+		// test sending file
+		if (passiveMode != "true" && sendFile != "")
+			covertchannel->sendFile(sendFile);
+
+		// covertchannel = new ForwardChannel(innerInterface, outerInterface);
+		covertchannel->startSniffing();
+	} else if (covertChannelMode == "tcpoptiontimestamp") {
+		const string innerInterface = Config::getValue("innerInterface");
+		const string outerInterface = Config::getValue("outerInterface");
+
+		const string ownIP = Config::getValue("ownIP");
+		const string targetIP = Config::getValue("targetIP");
+		const string targetPort = Config::getValue("targetPort");
+		const string passiveMode = Config::getValue("passiveMode");
+		const string sendFile = Config::getValue("sendFile");
+
+		if (passiveMode == "true") {
+			covertchannel = new TCPOptionTimestampChannel<true>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+		} else {
+			covertchannel = new TCPOptionTimestampChannel<false>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+		}
+
 		// test sending file
 		if (passiveMode != "true" && sendFile != "")
 			covertchannel->sendFile(sendFile);