4 years ago · 51fb1553ce
@@ -1,11 +1,10 @@
 # Daemon configuration
 
 The daemon is configurable by config.txt.
-The config file must be in the same directory from where you run the binary.
+The config file must be in the same directory from where you run the binary. If the file does not exist, the server will exit immediately.
 
-### Configuration Values
-`port`: The port where the server listens. Must be a valid port.<br/>
-`interface`: The sniffer interface you want to use.<br/>
+## General Configuration Values
+`port`: The port where the server listens for clients. Must be a valid port<br/>
 `userdatabase`: The file where userdata is stored in format: user;password<br/>
 `deleteAllowed`: Says if a client is allowed to delete files from its file directory<br/>
 `filedirectory`: The directory where files from the clients will be stored and read from<br/>
@@ -23,32 +22,42 @@ Place the `rootca.crt` certificate in the directory you intend to run the client
 If you get an error about SSL related files not being found despite them existing, shorten the names of the files.
 If you cannot connect and the server prints a error related to TLSv1, ensure your version of boost and OpenSSL are up to date.
 
-#### Covert Channel options
-`covertChannelMode`: Sets the covert channel mode. To deactiveate don't set it or set it to none or false.<br/>
-`innerInterface`: The interface of your inner network<br/>
-`outerInterface`: The interface of your outer network<br/>
-`targetIP`: IP of the target server<br/>
-`targetPort`: Port of the target server<br/>
-`passiveMode`: true - server only reacts to incoming channel | false - server initiates channel<br/>
-
-##### Covert Channel Modes
-There are several covert channel modes which will transmit data in other ways.
+### Covert Channel Modes
+There are several covert channel modes which will transmit data in other ways. If you do not set this to any of the values below, the server will not have covert channel sending and recieving capabilities, but still answer to requests from clients. In this case, no superuser permissions will be required, as no network interfaces are touched directly.
 `forward`: no data transmission<br/>
 `tcpurgency`: uses the TCP urgency pointer<br/>
-`tcpoptiontimestamp`: uses the TCP option Timestamp to transmit data. WARNING: most OSs use the timestamp so you should not use this option.<br/>
+`tcpoptiontimestamp`: uses the TCP option Timestamp to transmit data. WARNING: most OSs use the timestamp so you should not use this option unless you are sure that the communication does not depend on it.<br/>
 `tcpappend`: appends the data to the payload of a TCP packet<br/>
 `tcpoptioncustom`: writes data in a custom option field<br/>
 
+### General Covert Channel options
+`covertChannelMode`: Sets the covert channel mode. To deactivate don't set it or set it to none or false.<br/>
+`innerInterface`: The interface of your inner network<br/>
+`outerInterface`: The interface of your outer network<br/>
+
+##### Covert Channel Mode `forward`
+No further config is needed. Forward should work out of the box.<br/>
+
+##### Covert Channel Modes `tcpurgency`, `tcpoptiontimestamp`, `tcpappend`, `tcpoptioncustom`
+`targetIP`: IP of the target server<br/>
+`targetPort`: Port of the target server<br/>
+`passiveMode`: true - server only reacts to incoming channel | false - server initiates channel<br/>
 
-### Example for config.txt
+## Example for config.txt
 ```
-port=1234
-userdatabase=userStorage.txt
+covertChannelMode=tcpurgency
+deleteAllowed=false
 filedirectory=./files/
-deleteAllowed=true
-SSLenabled=true
+innerInterface=eth0
+outerInterface=eth1
+passiveMode=false
+port=1234
 SSLcertificate=user.crt
-SSLprivatekey=user.key
 SSLdhparams=dh2048.pem
-activateCovertChannel=false
+SSLenabled=true
+SSLprivatekey=user.key
+targetIP=1.2.3.4
+targetPort=443
+userdatabase=userStorage.txt
+
 ```
@@ -21,21 +21,13 @@ public:
 	 *
 	 * @param innerInterface name of the interface of the inner network
 	 * @param outerInterface name of the interface of the outer network
-	 * @param ownIP IP of this server
 	 * @param targetIP IP of the target server
 	 * @param targetPort Port of the target server
 	 */
-	BidirectionalChannels(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &targetIP,
-	                      const std::string &targetPort)
-	    : CovertChannel(innerInterface, outerInterface,
-	                    "(not (tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") +
-	                        " port " + targetPort + ")) and (not (dst host " + ownIP + "))",
-	                    "(not (tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") +
-	                        " port " + targetPort + ")) and (not (dst host " + ownIP + "))",
-	                    "tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") + " port " +
-	                        targetPort,
-	                    "tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") + " port " +
-	                        targetPort) {}
+	BidirectionalChannels(const std::string &innerInterface, const std::string &outerInterface, const std::string &targetIP, const std::string &targetPort)
+	    : CovertChannel(innerInterface, outerInterface, "not (tcp and host " + targetIP + " and port " + targetPort + ")",
+	                    "not (tcp and host " + targetIP + " and port " + targetPort + ")", "tcp and host " + targetIP + " and port " + targetPort,
+	                    "tcp and host " + targetIP + " and port " + targetPort) {}
 
 	/**
 	 * Destroys the CovertChannel.
@@ -20,13 +20,11 @@ public:
 	 *
 	 * @param innerInterface name of the interface of the inner network
 	 * @param outerInterface name of the interface of the outer network
-	 * @param ownIP IP of this server
 	 * @param targetIP IP of the target server
 	 * @param targetPort Port of the target server
 	 */
-	TCPAppendChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &targetIP,
-	                 const std::string &targetPort)
-	    : BidirectionalChannels<N, PASSIVE>(innerInterface, outerInterface, ownIP, targetIP, targetPort) {}
+	TCPAppendChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &targetIP, const std::string &targetPort)
+	    : BidirectionalChannels<N, PASSIVE>(innerInterface, outerInterface, targetIP, targetPort) {}
 
 	/**
 	 * Destroys the CovertChannel.
@@ -26,13 +26,11 @@ public:
 	 *
 	 * @param innerInterface name of the interface of the inner network
 	 * @param outerInterface name of the interface of the outer network
-	 * @param ownIP IP of this server
 	 * @param targetIP IP of the target server
 	 * @param targetPort Port of the target server
 	 */
-	TCPOptionCustomChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &targetIP,
-	                       const std::string &targetPort)
-	    : BidirectionalChannels<N, PASSIVE>(innerInterface, outerInterface, ownIP, targetIP, targetPort) {}
+	TCPOptionCustomChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &targetIP, const std::string &targetPort)
+	    : BidirectionalChannels<N, PASSIVE>(innerInterface, outerInterface, targetIP, targetPort) {}
 
 	/**
 	 * Destroys the CovertChannel.
@@ -23,13 +23,11 @@ public:
 	 *
 	 * @param innerInterface name of the interface of the inner network
 	 * @param outerInterface name of the interface of the outer network
-	 * @param ownIP IP of this server
 	 * @param targetIP IP of the target server
 	 * @param targetPort Port of the target server
 	 */
-	TCPOptionTimestampChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &targetIP,
-	                          const std::string &targetPort)
-	    : BidirectionalChannels<8, PASSIVE>(innerInterface, outerInterface, ownIP, targetIP, targetPort) {}
+	TCPOptionTimestampChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &targetIP, const std::string &targetPort)
+	    : BidirectionalChannels<8, PASSIVE>(innerInterface, outerInterface, targetIP, targetPort) {}
 
 	/**
 	 * Destroys the CovertChannel.
@@ -19,13 +19,11 @@ public:
 	 *
 	 * @param innerInterface name of the interface of the inner network
 	 * @param outerInterface name of the interface of the outer network
-	 * @param ownIP IP of this server
 	 * @param targetIP IP of the target server
 	 * @param targetPort Port of the target server
 	 */
-	TCPUrgencyChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &targetIP,
-	                  const std::string &targetPort)
-	    : BidirectionalChannels<2, PASSIVE>(innerInterface, outerInterface, ownIP, targetIP, targetPort) {}
+	TCPUrgencyChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &targetIP, const std::string &targetPort)
+	    : BidirectionalChannels<2, PASSIVE>(innerInterface, outerInterface, targetIP, targetPort) {}
 
 	/**
 	 * Destroys the CovertChannel.
@@ -48,6 +46,7 @@ protected:
 		uint16_t data = tcp.urg_ptr();
 		BidirectionalChannels<2, PASSIVE>::protocol.receive((uint8_t *)(&data));
 		tcp.urg_ptr(0);
+		tcp.set_flag(Tins::TCP::Flags::URG, false);
 		BidirectionalChannels<2, PASSIVE>::innerSender.send(pdu);
 
 		return true;
@@ -68,6 +67,7 @@ protected:
 		uint16_t data = 0;
 		BidirectionalChannels<2, PASSIVE>::protocol.send((uint8_t *)(&data));
 		tcp.urg_ptr(data);
+		tcp.set_flag(Tins::TCP::Flags::URG, true);
 		BidirectionalChannels<2, PASSIVE>::outerSender.send(pdu);
 
 		return true;
@@ -26,15 +26,14 @@ int main(int argc, char *argv[]) {
 		const string innerInterface = Config::getValue("innerInterface");
 		const string outerInterface = Config::getValue("outerInterface");
 
-		const string ownIP = Config::getValue("ownIP");
 		const string targetIP = Config::getValue("targetIP");
 		const string targetPort = Config::getValue("targetPort");
 		const string passiveMode = Config::getValue("passiveMode");
 
 		if (passiveMode == "true") {
-			covertchannel = new TCPUrgencyChannel<true>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+			covertchannel = new TCPUrgencyChannel<true>(innerInterface, outerInterface, targetIP, targetPort);
 		} else {
-			covertchannel = new TCPUrgencyChannel<false>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+			covertchannel = new TCPUrgencyChannel<false>(innerInterface, outerInterface, targetIP, targetPort);
 		}
 
 		// covertchannel = new ForwardChannel(innerInterface, outerInterface);
@@ -43,15 +42,14 @@ int main(int argc, char *argv[]) {
 		const string innerInterface = Config::getValue("innerInterface");
 		const string outerInterface = Config::getValue("outerInterface");
 
-		const string ownIP = Config::getValue("ownIP");
 		const string targetIP = Config::getValue("targetIP");
 		const string targetPort = Config::getValue("targetPort");
 		const string passiveMode = Config::getValue("passiveMode");
 
 		if (passiveMode == "true") {
-			covertchannel = new TCPAppendChannel<8, true>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+			covertchannel = new TCPAppendChannel<8, true>(innerInterface, outerInterface, targetIP, targetPort);
 		} else {
-			covertchannel = new TCPAppendChannel<8, false>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+			covertchannel = new TCPAppendChannel<8, false>(innerInterface, outerInterface, targetIP, targetPort);
 		}
 
 		// covertchannel = new ForwardChannel(innerInterface, outerInterface);
@@ -60,15 +58,14 @@ int main(int argc, char *argv[]) {
 		const string innerInterface = Config::getValue("innerInterface");
 		const string outerInterface = Config::getValue("outerInterface");
 
-		const string ownIP = Config::getValue("ownIP");
 		const string targetIP = Config::getValue("targetIP");
 		const string targetPort = Config::getValue("targetPort");
 		const string passiveMode = Config::getValue("passiveMode");
 
 		if (passiveMode == "true") {
-			covertchannel = new TCPOptionTimestampChannel<true>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+			covertchannel = new TCPOptionTimestampChannel<true>(innerInterface, outerInterface, targetIP, targetPort);
 		} else {
-			covertchannel = new TCPOptionTimestampChannel<false>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+			covertchannel = new TCPOptionTimestampChannel<false>(innerInterface, outerInterface, targetIP, targetPort);
 		}
 
 		// covertchannel = new ForwardChannel(innerInterface, outerInterface);
@@ -77,16 +74,14 @@ int main(int argc, char *argv[]) {
 		const string innerInterface = Config::getValue("innerInterface");
 		const string outerInterface = Config::getValue("outerInterface");
 
-		const string ownIP = Config::getValue("ownIP");
 		const string targetIP = Config::getValue("targetIP");
 		const string targetPort = Config::getValue("targetPort");
 		const string passiveMode = Config::getValue("passiveMode");
-		const string sendFile = Config::getValue("sendFile");
 
 		if (passiveMode == "true") {
-			covertchannel = new TCPOptionCustomChannel<8, true>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+			covertchannel = new TCPOptionCustomChannel<8, true>(innerInterface, outerInterface, targetIP, targetPort);
 		} else {
-			covertchannel = new TCPOptionCustomChannel<8, false>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+			covertchannel = new TCPOptionCustomChannel<8, false>(innerInterface, outerInterface, targetIP, targetPort);
 		}
 
 		// covertchannel = new ForwardChannel(innerInterface, outerInterface);
@@ -1,11 +1,10 @@
 				 # Daemon configuration
 				 The daemon is configurable by config.txt.
 				-The config file must be in the same directory from where you run the binary.
 				+The config file must be in the same directory from where you run the binary. If the file does not exist, the server will exit immediately.
 				-### Configuration Values
 				-`port`: The port where the server listens. Must be a valid port.<br/>
 				-`interface`: The sniffer interface you want to use.<br/>
 				+## General Configuration Values
 				+`port`: The port where the server listens for clients. Must be a valid port<br/>
 				 `userdatabase`: The file where userdata is stored in format: user;password<br/>
 				 `deleteAllowed`: Says if a client is allowed to delete files from its file directory<br/>
 				 `filedirectory`: The directory where files from the clients will be stored and read from<br/>
@@ -23,32 +22,42 @@ Place the `rootca.crt` certificate in the directory you intend to run the client
 				 If you get an error about SSL related files not being found despite them existing, shorten the names of the files.
 				 If you cannot connect and the server prints a error related to TLSv1, ensure your version of boost and OpenSSL are up to date.
 				-#### Covert Channel options
 				-`covertChannelMode`: Sets the covert channel mode. To deactiveate don't set it or set it to none or false.<br/>
 				-`innerInterface`: The interface of your inner network<br/>
 				-`outerInterface`: The interface of your outer network<br/>
 				-`targetIP`: IP of the target server<br/>
 				-`targetPort`: Port of the target server<br/>
 				-`passiveMode`: true - server only reacts to incoming channel | false - server initiates channel<br/>
 				-
 				-##### Covert Channel Modes
 				-There are several covert channel modes which will transmit data in other ways.
 				+### Covert Channel Modes
 				+There are several covert channel modes which will transmit data in other ways. If you do not set this to any of the values below, the server will not have covert channel sending and recieving capabilities, but still answer to requests from clients. In this case, no superuser permissions will be required, as no network interfaces are touched directly.
 				 `forward`: no data transmission<br/>
 				 `tcpurgency`: uses the TCP urgency pointer<br/>
 				-`tcpoptiontimestamp`: uses the TCP option Timestamp to transmit data. WARNING: most OSs use the timestamp so you should not use this option.<br/>
 				+`tcpoptiontimestamp`: uses the TCP option Timestamp to transmit data. WARNING: most OSs use the timestamp so you should not use this option unless you are sure that the communication does not depend on it.<br/>
 				 `tcpappend`: appends the data to the payload of a TCP packet<br/>
 				 `tcpoptioncustom`: writes data in a custom option field<br/>
 				+### General Covert Channel options
 				+`covertChannelMode`: Sets the covert channel mode. To deactivate don't set it or set it to none or false.<br/>
 				+`innerInterface`: The interface of your inner network<br/>
 				+`outerInterface`: The interface of your outer network<br/>
 				+
 				+##### Covert Channel Mode `forward`
 				+No further config is needed. Forward should work out of the box.<br/>
 				+
 				+##### Covert Channel Modes `tcpurgency`, `tcpoptiontimestamp`, `tcpappend`, `tcpoptioncustom`
 				+`targetIP`: IP of the target server<br/>
 				+`targetPort`: Port of the target server<br/>
 				+`passiveMode`: true - server only reacts to incoming channel | false - server initiates channel<br/>
 				-### Example for config.txt
 				+## Example for config.txt
 				 ```
 				-port=1234
 				-userdatabase=userStorage.txt
 				+covertChannelMode=tcpurgency
 				+deleteAllowed=false
 				 filedirectory=./files/
 				-deleteAllowed=true
 				-SSLenabled=true
 				+innerInterface=eth0
 				+outerInterface=eth1
 				+passiveMode=false
 				+port=1234
 				 SSLcertificate=user.crt
 				-SSLprivatekey=user.key
 				 SSLdhparams=dh2048.pem
 				-activateCovertChannel=false
 				+SSLenabled=true
 				+SSLprivatekey=user.key
 				+targetIP=1.2.3.4
 				+targetPort=443
 				+userdatabase=userStorage.txt
 				+
 				 ```
@@ -21,21 +21,13 @@ public:
 				 	 *
 				 	 * @param innerInterface name of the interface of the inner network
 				 	 * @param outerInterface name of the interface of the outer network
 				-	 * @param ownIP IP of this server
 				 	 * @param targetIP IP of the target server
 				 	 * @param targetPort Port of the target server
 				 	 */
 				-	BidirectionalChannels(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &targetIP,
 				-	                      const std::string &targetPort)
 				-	    : CovertChannel(innerInterface, outerInterface,
 				-	                    "(not (tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") +
 				-	                        " port " + targetPort + ")) and (not (dst host " + ownIP + "))",
 				-	                    "(not (tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") +
 				-	                        " port " + targetPort + ")) and (not (dst host " + ownIP + "))",
 				-	                    "tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") + " port " +
 				-	                        targetPort,
 				-	                    "tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") + " port " +
 				-	                        targetPort) {}
 				+	BidirectionalChannels(const std::string &innerInterface, const std::string &outerInterface, const std::string &targetIP, const std::string &targetPort)
 				+	    : CovertChannel(innerInterface, outerInterface, "not (tcp and host " + targetIP + " and port " + targetPort + ")",
 				+	                    "not (tcp and host " + targetIP + " and port " + targetPort + ")", "tcp and host " + targetIP + " and port " + targetPort,
 				+	                    "tcp and host " + targetIP + " and port " + targetPort) {}
 				 	/**
 				 	 * Destroys the CovertChannel.