Adjust filters for passiveMode again

Hopefully it works now

autoformat.sh

@@ -22,7 +22,7 @@ if [ -z "$FMT" ]; then
 fi
 
 function format() {
-    for f in $(find $@ -type d -path "$@/build" -prune -o -type f -name '*.h' -or -name '*.m' -or -name '*.mm' -or -name '*.c' -or -name '*.cpp'); do
+    for f in $(find $@ -type d -path "$@/build" -prune -o -type f -name '*.h' -or -name '*.hpp' -or -name '*.c' -or -name '*.cpp'); do
         if [ ! -d "${f}" ]; then
             echo "format ${f}";
             ${FMT} -i ${f};

daemon/CMakeLists.txt

@@ -1,6 +1,6 @@
 cmake_minimum_required(VERSION 2.8)
 
-set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD 17)
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/../.cmake_modules/")
 message("${CMAKE_MODULE_PATH}")
 

daemon/Daemon-Config-Reference.md

@@ -29,14 +29,14 @@ If you cannot connect and the server prints a error related to TLSv1, ensure you
 `outerInterface`: The interface of your outer network<br/>
 
 ##### Covert Channel Mode `forward`
-There no further config needed. Forward should work out of the pox
+There no further config needed. Forward should work out of the box
 
-##### Covert Channel Mode `proxy`
+##### Covert Channel Mode `tcpurgency`<br/>
 `ownIP`: IP of this server<br/>
-`partnerIP`: IP of the partner server. If this is a relay the other cannot be a relay.<br/>
-`targetIP`: IP of the target server of teh covert channel<br/>
-`targetPort`: Port of the target server of the covert channel<br/>
-`relay`: Bool which sets the mode: true - just relays the covert channel | false - uses it's own covert channel<br/>
+`targetIP`: IP of the target server<br/>
+`targetPort`: Port of the target server<br/>
+`passiveMode`: true - server only reacts to incoming channel | false - server initiates channel<br/>
+`sendFile`: file name in file directory of the file which will be sent after starting the server<br/>
 
 ### Example for config.txt
 ```

daemon/include/CovertChannel/CovertChannel.h

@@ -24,17 +24,23 @@ public:
 	 * @param outerForwardFilter pcap filter string which will be set for the channel sniffers and negated for the forward sniffers
 	 * @param innerChannelFilter pcap filter string which will be set for the channel sniffers and negated for the forward sniffers
 	 * @param outerChannelFilter pcap filter string which will be set for the channel sniffers and negated for the forward sniffers
-	 * @param outerPartnerFilter pcap filter string which will be set for the channel sniffers and negated for the forward sniffers
 	 */
 	CovertChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &innerForwardFilter = "",
-	              const std::string &outerForwardFilter = "", const std::string &innerChannelFilter = "", const std::string &outerChannelFilter = "",
-	              const std::string &outerPartnerFilter = "");
+	              const std::string &outerForwardFilter = "", const std::string &innerChannelFilter = "", const std::string &outerChannelFilter = "");
 
 	/**
 	 * Destroys the CovertChannel.
 	 */
 	virtual ~CovertChannel();
 
+	/**
+	 * Send a file over the covert channel.
+	 *
+	 * @param fileName name of the file in the file directory
+	 * @return true - file will be sent | false - file was not accepted
+	 */
+	virtual bool sendFile(const std::string &fileName);
+
 	/**
 	 * Start sniffing on the interface.
 	 *
@@ -52,7 +58,7 @@ public:
 	 * @param filter pcap filter string which will be set for the channel sniffers and negated for the forward sniffers
 	 */
 	void setFilter(const std::string &innerForwardFilter = "", const std::string &outerForwardFilter = "", const std::string &innerChannelFilter = "",
-	               const std::string &outerChannelFilter = "", const std::string &outerPartnerFilter = "");
+	               const std::string &outerChannelFilter = "");
 
 protected:
 	/**
@@ -99,17 +105,6 @@ protected:
 	 */
 	virtual bool handleChannelFromInner(Tins::PDU &pdu) = 0;
 
-	/**
-	 * Handler for sniffed packets filterd to use as channel from the outer network.
-	 *
-	 * Handles incoming packets and redirets them.
-	 *
-	 * @param pdu sniffed packet
-	 *
-	 * @return false = stop loop | true = continue loop
-	 */
-	virtual bool handlePartnerFromOuter(Tins::PDU &pdu) = 0;
-
 	/**
 	 * Starts the sniffing loop of the inner forward sniffer.
 	 */
@@ -130,11 +125,6 @@ protected:
 	 */
 	void startOuterChannelSniffing();
 
-	/**
-	 * Starts the sniffing loop of the outer partner sniffer.
-	 */
-	void startOuterPartnerSniffing();
-
 	/**
 	 * Tins Sniffer to filter packets to which should be forwarded
 	 */
@@ -155,11 +145,6 @@ protected:
 	 */
 	Tins::Sniffer *outerChannelSniffer;
 
-	/**
-	 * Tins Sniffer to filter packets to which should be used for the covert channel
-	 */
-	Tins::Sniffer *outerPartnerSniffer;
-
 	/**
 	 * Tins PacketSender which sends packets to the inner network
 	 */

daemon/include/CovertChannel/CovertProtocol.hpp

@@ -0,0 +1,335 @@
+#ifndef COVERTPROTOCOL_H
+#define COVERTPROTOCOL_H
+
+#include <fstream>
+#include <iostream>
+#include <string>
+#include <type_traits>
+
+#include "../../include/Config.h"
+
+/**
+ * @class CovertProtocol
+ *
+ * An unidirectional Covert Channel protocol with a variable size template.
+ *
+ * The protocol works unidirectional so the active side uses send to encode data to be sent and the passive side uses receive to extract data.
+ *
+ * @param N number of bytes which can be used to transmit data
+ * @param PASSIVE passive mode
+ */
+template <int N, bool PASSIVE> class CovertProtocol {
+	static_assert(N >= 1);
+
+public:
+	/**
+	 * CovertProtocol constructor
+	 */
+	CovertProtocol() : fileDirectory(Config::getValue("filedirectory")) {}
+
+	/**
+	 * CovertProtocol destructor
+	 *
+	 * Closes the file
+	 */
+	~CovertProtocol() { file.close(); }
+
+	/**
+	 * Starts sending a file.
+	 *
+	 * Starts sending a file if no transmission is running and the file exists.
+	 *
+	 * @param fileName name of the file in the file directory
+	 * @return true - file will be sent | false - file was not accepted
+	 */
+	bool sendFile(const std::string &fileName) {
+		static_assert(!PASSIVE);
+
+		if (state != ProtocolState::idle || file.is_open()) {
+			return false;
+		}
+
+		file.open(fileDirectory + fileName, std::ios::in);
+		if (file.is_open()) {
+			file.close();
+			this->fileName = fileName;
+			state = ProtocolState::fileNameSize;
+			std::cout << "starting sending file \"" << fileName << "\"" << std::endl;
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	/**
+	 * send encodes the data into the data array
+	 *
+	 * 1. Send file name size (length)
+	 * 2. Send file name
+	 * 3. Send data size (length)
+	 * 4. Send data
+	 *
+	 * @param data must be an array of size N
+	 */
+	void send(uint8_t *const data) {
+		static_assert(!PASSIVE);
+
+		switch (state) {
+		case ProtocolState::idle:
+			return;
+
+		case ProtocolState::fileNameSize:
+			fileNameSize = fileName.size();
+			data[0] = fileNameSize;
+			fileNamePosition = 0;
+			state = ProtocolState::fileName;
+			break;
+
+		case ProtocolState::fileName:
+			if (fileNameSize - fileNamePosition >= N) {
+				for (int i = 0; i < N; i++) {
+					data[i] = fileName.at(fileNamePosition++);
+				}
+			} else {
+				for (int i = 0; i < fileNameSize - fileNamePosition; i++) {
+					data[i] = fileName.at(fileNamePosition++);
+				}
+			}
+
+			if (fileNamePosition == fileNameSize) {
+				file.open(fileDirectory + fileName, std::ios::in | std::ios::binary | std::ios::ate);
+				if (!file.is_open()) {
+					file.close();
+					std::cerr << "File \"" << fileName << "\" does exists. Error state!!!" << std::endl;
+					state = ProtocolState::error;
+					return;
+				}
+
+				dataSize = file.tellg();
+				dataPosition = 0;
+				file.seekg(std::ios::beg);
+
+				state = ProtocolState::dataSize;
+			}
+
+			break;
+
+		case ProtocolState::dataSize:
+			if constexpr (N >= 4) {
+				for (; dataPosition < 4; dataPosition++) {
+					data[dataPosition] = dataSize >> ((3 - dataPosition) * 8);
+				}
+			} else {
+				uint32_t oldDataPosition = dataPosition;
+				uint32_t limit = dataPosition + N;
+				if (limit > 4) {
+					limit = 4;
+				}
+
+				for (; dataPosition < limit; dataPosition++) {
+					data[dataPosition - oldDataPosition] = dataSize >> ((3 - dataPosition) * 8);
+				}
+			}
+
+			if (dataPosition == 4) {
+				dataPosition = 0;
+				state = ProtocolState::data;
+			}
+
+			break;
+
+		case ProtocolState::data:
+			if (dataSize - dataPosition >= N) {
+				file.read((char *)data, N);
+				dataPosition += N;
+			} else {
+				file.read((char *)data, dataSize - dataPosition);
+				dataPosition = dataSize;
+			}
+
+			std::cout << "sent " << dataPosition << "/" << dataSize << std::endl;
+
+			if (dataPosition == dataSize) {
+				file.close();
+				state = ProtocolState::idle;
+				std::cout << "finished sending file \"" << fileName << "\"" << std::endl;
+			}
+
+			break;
+
+		case ProtocolState::error:
+
+			break;
+		}
+
+		return;
+	}
+
+	/**
+	 * receive extracts data from the data array
+	 *
+	 * 1. Receive file name size (length)
+	 * 2. Receive file name
+	 * 3. Receive data size (length)
+	 * 4. Receive data
+	 *
+	 * @param data must be an array of size N
+	 */
+	void receive(const uint8_t *const data) {
+		static_assert(PASSIVE);
+
+		switch (state) {
+		case ProtocolState::idle:
+			if (data[0] == 0) {
+				return;
+			}
+
+			// no break because the first data received is the filename size
+		case ProtocolState::fileNameSize:
+			std::cout << "incoming file transmission" << std::endl;
+
+			fileNameSize = data[0];
+			fileNamePosition = 0;
+			fileName = "";
+			state = ProtocolState::fileName;
+			break;
+
+		case ProtocolState::fileName:
+			if (fileNameSize - fileNamePosition >= N) {
+				uint8_t oldFileNamePosition = fileNamePosition;
+				for (; fileNamePosition < oldFileNamePosition + N; fileNamePosition++) {
+					fileName += data[fileNamePosition - oldFileNamePosition];
+				}
+			} else {
+				uint8_t oldFileNamePosition = fileNamePosition;
+				for (; fileNamePosition < fileNameSize; fileNamePosition++) {
+					fileName += data[fileNamePosition - oldFileNamePosition];
+				}
+			}
+
+			if (fileNamePosition == fileNameSize) {
+				file.open(fileDirectory + fileName, std::ios::in);
+				if (file.is_open()) {
+					file.close();
+					std::cerr << "File \"" << fileName << "\" already exists. Error state!!!" << std::endl;
+					state = ProtocolState::error;
+					return;
+				}
+
+				file.close();
+
+				file.open(fileDirectory + fileName, std::ios::out | std::ios::binary | std::ios::app);
+				if (!file.is_open()) {
+					std::cerr << "File \"" << fileName << "\" could not be opened! Error state!!!" << std::endl;
+					state = ProtocolState::error;
+					return;
+				}
+
+				dataSize = 0;
+				dataPosition = 0;
+				state = ProtocolState::dataSize;
+
+				std::cout << "starting receiving file \"" << fileName << "\"" << std::endl;
+			}
+
+			break;
+
+		case ProtocolState::dataSize:
+			if constexpr (N >= 4) {
+				for (; dataPosition < 4; dataPosition++) {
+					dataSize = dataSize | data[dataPosition] << ((3 - dataPosition) * 8);
+				}
+			} else {
+				uint32_t oldDataPosition = dataPosition;
+				uint32_t limit = dataPosition + N;
+				if (limit > 4) {
+					limit = 4;
+				}
+
+				for (; dataPosition < limit; dataPosition++) {
+					dataSize = dataSize | data[dataPosition - oldDataPosition] << ((3 - dataPosition) * 8);
+				}
+			}
+
+			if (dataPosition == 4) {
+				dataPosition = 0;
+				state = ProtocolState::data;
+			}
+
+			break;
+		case ProtocolState::data:
+
+			if (dataSize - dataPosition >= N) {
+				file.write((char *)data, N);
+				dataPosition += 2;
+			} else {
+				file.write((char *)data, dataSize - dataPosition);
+				dataPosition = dataSize;
+			}
+
+			std::cout << "received " << dataPosition << "/" << dataSize << std::endl;
+
+			if (dataPosition == dataSize) {
+				file.close();
+				state = ProtocolState::idle;
+
+				std::cout << "finished receiving file \"" << fileName << "\"" << std::endl;
+			}
+
+			break;
+		case ProtocolState::error:
+			//
+			break;
+		}
+	}
+
+private:
+	/**
+	 * folder of the files
+	 */
+	const std::string fileDirectory;
+
+	/**
+	 * States of the data transmission
+	 *
+	 * @warning error state cannot be recovered!!!
+	 */
+	enum struct ProtocolState { idle, fileNameSize, fileName, dataSize, data, error };
+
+	/**
+	 * State of the data transmission
+	 */
+	ProtocolState state = ProtocolState::idle;
+
+	/**
+	 * size of the file to be sent/received
+	 */
+	uint32_t dataSize;
+
+	/**
+	 * position in the file to be sent/received
+	 */
+	uint32_t dataPosition;
+
+	/**
+	 * file to be sent/received
+	 */
+	std::fstream file;
+
+	/**
+	 * size of the file name
+	 */
+	uint8_t fileNameSize;
+
+	/**
+	 * position of the file name so far sent/received
+	 */
+	uint8_t fileNamePosition;
+
+	/**
+	 * name of the file to be sent/received
+	 */
+	std::string fileName;
+};
+
+#endif

daemon/include/CovertChannel/ForwardChannel.h

@@ -48,17 +48,6 @@ protected:
 	 * @return false = stop loop | true = continue loop
 	 */
 	virtual bool handleChannelFromInner(Tins::PDU &pdu);
-
-	/**
-	 * Handler for sniffed packets filterd to use as channel from the outer network.
-	 *
-	 * Handles incoming packets and redirets them.
-	 *
-	 * @param pdu sniffed packet
-	 *
-	 * @return false = stop loop | true = continue loop
-	 */
-	virtual bool handlePartnerFromOuter(Tins::PDU &pdu);
 };
 
 #endif

daemon/include/CovertChannel/ProxyChannel.h

@@ -1,82 +0,0 @@
-#ifndef PROXYCHANNEL_H
-#define PROXYCHANNEL_H
-
-#include "CovertChannel.h"
-
-/**
- * @class ForwardChannel
- *
- * A CovertChannel which forwards the traffic it captures.
- */
-class ProxyChannel : public CovertChannel {
-public:
-	/**
-	 * Sets up a CovertChannel.
-	 *
-	 * Creates a CovertChannel, sets the network interfaces for sniffing and sending and sets the filter.
-	 *
-	 * @param innerInterface name of the interface of the inner network
-	 * @param outerInterface name of the interface of the outer network
-	 * @param filter pcap filter string which will be set for the channel sniffers and negated for the forward sniffers
-	 * @param relayOnly true - server only relays traffic | false - server redirects traffic over another relay
-	 */
-	ProxyChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &partnerIP,
-	             const std::string &originIP, const std::string &targetIP, const std::string &targetPort, const std::string &ownMAC,
-	             const std::string &originMAC, const std::string &channelGatewayMAC, const std::string &gatewayMAC, const bool relayOnly);
-
-	/**
-	 * Destroys the CovertChannel.
-	 */
-	virtual ~ProxyChannel();
-
-protected:
-	/**
-	 * Handler for sniffed packets filterd to forward from the outer network.
-	 *
-	 * Handles incoming packets and forwards them.
-	 *
-	 * @param pdu sniffed packet
-	 *
-	 * @return false = stop loop | true = continue loop
-	 */
-	virtual bool handleChannelFromOuter(Tins::PDU &pdu);
-
-	/**
-	 * Handler for sniffed packets filterd to forward from the inner network.
-	 *
-	 * Handles incoming packets and forwards them.
-	 *
-	 * @param pdu sniffed packet
-	 *
-	 * @return false = stop loop | true = continue loop
-	 */
-	virtual bool handleChannelFromInner(Tins::PDU &pdu);
-
-	/**
-	 * Handler for sniffed packets filterd to use as channel from the outer network.
-	 *
-	 * Handles incoming packets and redirets them.
-	 *
-	 * @param pdu sniffed packet
-	 *
-	 * @return false = stop loop | true = continue loop
-	 */
-	virtual bool handlePartnerFromOuter(Tins::PDU &pdu);
-
-	/**
-	 * Relay option which activates relay only mode
-	 */
-	const bool relayOnly;
-
-	const Tins::IPv4Address ownAddress;
-	const Tins::IPv4Address partnerAddress;
-	const Tins::IPv4Address originAddress;
-	const Tins::IPv4Address targetAddress;
-
-	const Tins::HWAddress<6> ownMAC;
-	const Tins::HWAddress<6> channelGatewayMAC;
-	const Tins::HWAddress<6> gatewayMAC;
-	const Tins::HWAddress<6> originMAC;
-};
-
-#endif

daemon/include/CovertChannel/TCPUrgencyChannel.hpp

@@ -0,0 +1,112 @@
+#ifndef TCPURGENCYCHANNEL_H
+#define TCPURGENCYCHANNEL_H
+
+#include "CovertChannel.h"
+
+#include "CovertProtocol.hpp"
+
+/**
+ * @class TCPUrgencyChannel
+ *
+ * A CovertChannel which hides data in the TCP urgency pointer
+ *
+ * @param PASSIVE true - server only reacts to incoming channel | false - server initiates channel
+ */
+template <bool PASSIVE> class TCPUrgencyChannel : public CovertChannel {
+public:
+	/**
+	 * Sets up a CovertChannel.
+	 *
+	 * Creates a CovertChannel, sets the network interfaces for sniffing and sending and sets the filter.
+	 *
+	 * @param innerInterface name of the interface of the inner network
+	 * @param outerInterface name of the interface of the outer network
+	 * @param ownIP IP of this server
+	 * @param targetIP IP of the target server
+	 * @param targetPort Port of the target server
+	 */
+	TCPUrgencyChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &targetIP,
+	                  const std::string &targetPort)
+	    : CovertChannel(innerInterface, outerInterface,
+	                    "(not (tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") +
+	                        " port " + targetPort + ")) and (not (dst host " + ownIP + "))",
+	                    "(not (tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") +
+	                        " port " + targetPort + ")) and (not (dst host " + ownIP + "))",
+	                    "tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") + " port " +
+	                        targetPort,
+	                    "tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") + " port " +
+	                        targetPort) {}
+
+	/**
+	 * Destroys the CovertChannel.
+	 */
+	virtual ~TCPUrgencyChannel() {}
+
+	/**
+	 * Send a file over the covert channel.
+	 *
+	 * @param fileName name of the file in the file directory
+	 * @return true - file will be sent | false - file was not accepted
+	 */
+	virtual bool sendFile(const std::string &fileName) {
+		if constexpr (PASSIVE) {
+			return false;
+		} else {
+			return protocol.sendFile(fileName);
+		}
+	}
+
+protected:
+	/**
+	 * Handler for sniffed packets filterd to forward from the outer network.
+	 *
+	 * Handles incoming packets and forwards them.
+	 *
+	 * @param pdu sniffed packet
+	 *
+	 * @return false = stop loop | true = continue loop
+	 */
+	virtual bool handleChannelFromOuter(Tins::PDU &pdu) {
+		Tins::TCP &tcp = pdu.rfind_pdu<Tins::TCP>();
+		if constexpr (PASSIVE) {
+			uint16_t data = tcp.urg_ptr();
+			protocol.receive((uint8_t *)(&data));
+			tcp.urg_ptr(0);
+			innerSender.send(pdu);
+		} else {
+			// uint16_t urg = tcp.urg_ptr();
+			// tcp.urg_ptr(0);
+			innerSender.send(pdu);
+		}
+		return true;
+	}
+
+	/**
+	 * Handler for sniffed packets filterd to forward from the inner network.
+	 *
+	 * Handles incoming packets and forwards them.
+	 *
+	 * @param pdu sniffed packet
+	 *
+	 * @return false = stop loop | true = continue loop
+	 */
+	virtual bool handleChannelFromInner(Tins::PDU &pdu) {
+		Tins::TCP &tcp = pdu.rfind_pdu<Tins::TCP>();
+		if constexpr (PASSIVE) {
+			outerSender.send(pdu);
+		} else {
+			uint16_t data = 0;
+			protocol.send((uint8_t *)(&data));
+			tcp.urg_ptr(data);
+			outerSender.send(pdu);
+		}
+		return true;
+	}
+
+	/**
+	 * protocol used to transmit data
+	 */
+	CovertProtocol<2, PASSIVE> protocol;
+};
+
+#endif

daemon/src/CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
 
 set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 
-add_executable(ccats src/main.cpp src/Server.cpp src/base64.cpp src/JsonCommander.cpp src/FileManager.cpp src/UserManager.cpp src/Config.cpp src/CovertChannel/CovertChannel.cpp src/CovertChannel/ForwardChannel.cpp src/CovertChannel/ProxyChannel.cpp)
+add_executable(ccats src/main.cpp src/Server.cpp src/base64.cpp src/JsonCommander.cpp src/FileManager.cpp src/UserManager.cpp src/Config.cpp src/CovertChannel/CovertChannel.cpp src/CovertChannel/ForwardChannel.cpp)
 
 # dependencies used by server only
 find_package(libtins 4.2 REQUIRED)

daemon/src/CovertChannel/CovertChannel.cpp

@@ -4,8 +4,7 @@
 #include <thread>
 
 CovertChannel::CovertChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &innerForwardFilter,
-                             const std::string &outerForwardFilter, const std::string &innerChannelFilter, const std::string &outerChannelFilter,
-                             const std::string &outerPartnerFilter)
+                             const std::string &outerForwardFilter, const std::string &innerChannelFilter, const std::string &outerChannelFilter)
     : innerSender(innerInterface), outerSender(outerInterface) {
 	Tins::SnifferConfiguration config;
 	config.set_promisc_mode(true);
@@ -18,9 +17,8 @@ CovertChannel::CovertChannel(const std::string &innerInterface, const std::strin
 		outerForwardSniffer = new Tins::Sniffer(outerInterface, config);
 		innerChannelSniffer = new Tins::Sniffer(innerInterface, config);
 		outerChannelSniffer = new Tins::Sniffer(outerInterface, config);
-		outerPartnerSniffer = new Tins::Sniffer(outerInterface, config);
 
-		setFilter(innerForwardFilter, outerForwardFilter, innerChannelFilter, outerChannelFilter, outerPartnerFilter);
+		setFilter(innerForwardFilter, outerForwardFilter, innerChannelFilter, outerChannelFilter);
 	} catch (const Tins::pcap_error &e) {
 		std::cerr << "An error accured setting up the sniffer: " << e.what() << std::endl;
 		std::exit(EXIT_FAILURE);
@@ -32,21 +30,18 @@ CovertChannel::~CovertChannel() {
 	outerForwardSniffer->stop_sniff();
 	innerChannelSniffer->stop_sniff();
 	outerChannelSniffer->stop_sniff();
-	outerPartnerSniffer->stop_sniff();
 	delete (innerForwardSniffer);
 	delete (outerForwardSniffer);
 	delete (innerChannelSniffer);
 	delete (outerChannelSniffer);
-	delete (outerPartnerSniffer);
 }
 
 void CovertChannel::setFilter(const std::string &innerForwardFilter, const std::string &outerForwardFilter, const std::string &innerChannelFilter,
-                              const std::string &outerChannelFilter, const std::string &outerPartnerFilter) {
+                              const std::string &outerChannelFilter) {
 	innerForwardSniffer->set_filter(innerForwardFilter);
 	outerForwardSniffer->set_filter(outerForwardFilter);
 	innerChannelSniffer->set_filter(innerChannelFilter);
 	outerChannelSniffer->set_filter(outerChannelFilter);
-	outerPartnerSniffer->set_filter(outerPartnerFilter);
 }
 
 void CovertChannel::startSniffing() {
@@ -54,13 +49,11 @@ void CovertChannel::startSniffing() {
 	std::thread outerForwardSnifferThread(&CovertChannel::startOuterForwardSniffing, this);
 	std::thread innerChannelSnifferThread(&CovertChannel::startInnerChannelSniffing, this);
 	std::thread outerChannelSnifferThread(&CovertChannel::startOuterChannelSniffing, this);
-	std::thread outerPartnerSnifferThread(&CovertChannel::startOuterPartnerSniffing, this);
 
 	innerForwardSnifferThread.detach();
 	outerForwardSnifferThread.detach();
 	innerChannelSnifferThread.detach();
 	outerChannelSnifferThread.detach();
-	outerPartnerSnifferThread.detach();
 }
 
 void CovertChannel::startInnerForwardSniffing() { innerForwardSniffer->sniff_loop(make_sniffer_handler(this, &CovertChannel::handleForwardFromInner)); }
@@ -71,8 +64,6 @@ void CovertChannel::startInnerChannelSniffing() { innerChannelSniffer->sniff_loo
 
 void CovertChannel::startOuterChannelSniffing() { outerChannelSniffer->sniff_loop(make_sniffer_handler(this, &CovertChannel::handleChannelFromOuter)); }
 
-void CovertChannel::startOuterPartnerSniffing() { outerPartnerSniffer->sniff_loop(make_sniffer_handler(this, &CovertChannel::handlePartnerFromOuter)); }
-
 bool CovertChannel::handleForwardFromOuter(Tins::PDU &pdu) {
 	innerSender.send(pdu);
 
@@ -84,3 +75,5 @@ bool CovertChannel::handleForwardFromInner(Tins::PDU &pdu) {
 
 	return true;
 }
+
+bool CovertChannel::sendFile(const std::string &fileName) { return false; }

daemon/src/CovertChannel/ForwardChannel.cpp

@@ -7,5 +7,3 @@ ForwardChannel::~ForwardChannel() {}
 bool ForwardChannel::handleChannelFromOuter(Tins::PDU &pdu) { return false; }
 
 bool ForwardChannel::handleChannelFromInner(Tins::PDU &pdu) { return false; }
-
-bool ForwardChannel::handlePartnerFromOuter(Tins::PDU &pdu) { return false; }

daemon/src/CovertChannel/ProxyChannel.cpp

@@ -1,82 +0,0 @@
-#include "../../include/CovertChannel/ProxyChannel.h"
-#include <iostream>
-
-ProxyChannel::ProxyChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &partnerIP,
-                           const std::string &originIP, const std::string &targetIP, const std::string &targetPort, const std::string &ownMAC,
-                           const std::string &originMAC, const std::string &channelGatewayMAC, const std::string &gatewayMAC, const bool relayOnly)
-    : CovertChannel(innerInterface, outerInterface,
-                    "(not (tcp and src host " + originIP + " and dst host " + targetIP + " and dst port " + targetPort + ")) and (not (dst host " + ownIP +
-                        "))",
-                    "(not (tcp and src host " + targetIP + " and dst host " + ownIP + " and src port " + targetPort + ")) and (not (dst host " + ownIP + "))",
-                    "tcp and src host " + originIP + " and dst host " + targetIP + " and dst port " + targetPort,
-                    "tcp and src host " + targetIP + " and dst host " + ownIP + " and src port " + targetPort,
-                    "tcp and src host " + partnerIP + " and dst host " + ownIP + " and port " + targetPort),
-
-      relayOnly(relayOnly), ownAddress(ownIP), partnerAddress(partnerIP), originAddress(originIP), targetAddress(targetIP), ownMAC(ownMAC),
-      channelGatewayMAC(channelGatewayMAC), gatewayMAC(gatewayMAC), originMAC(originMAC) {}
-
-ProxyChannel::~ProxyChannel() {}
-
-bool ProxyChannel::handleChannelFromOuter(Tins::PDU &pdu) {
-	// TODO: check in a list how to route it and who send the request for this answer
-
-	Tins::EthernetII &eth = pdu.rfind_pdu<Tins::EthernetII>();
-	Tins::IP &ip = pdu.rfind_pdu<Tins::IP>();
-	if (relayOnly) {
-		// redirect to partner
-		eth.src_addr(ownMAC);
-		eth.dst_addr(channelGatewayMAC);
-		ip.src_addr(ownAddress);
-		ip.dst_addr(partnerAddress);
-		outerSender.send(pdu);
-	} else {
-		// Just forward it
-		// eth.src_addr(gatewayMAC);
-		// eth.dst_addr(originMAC);
-		// ip.src_addr(targetAddress);
-		// ip.dst_addr(originAddress);
-		innerSender.send(pdu);
-		std::cout << "channel from outer" << std::endl;
-	}
-	return true;
-}
-
-bool ProxyChannel::handleChannelFromInner(Tins::PDU &pdu) {
-	Tins::EthernetII &eth = pdu.rfind_pdu<Tins::EthernetII>();
-	Tins::IP &ip = pdu.rfind_pdu<Tins::IP>();
-	if (relayOnly) {
-		std::cerr << "Fixme: packet cannot be routed back so it's dropped here!!!" << std::endl;
-		// outerSender.send(pdu);
-		// TODO: add pdu to a list to check later how to route it
-	} else {
-		eth.src_addr(ownMAC);
-		eth.dst_addr(channelGatewayMAC);
-		ip.src_addr(ownAddress);
-		ip.dst_addr(partnerAddress);
-		outerSender.send(pdu);
-		std::cout << "channel from inner" << std::endl;
-	}
-	return true;
-}
-
-bool ProxyChannel::handlePartnerFromOuter(Tins::PDU &pdu) {
-	Tins::EthernetII &eth = pdu.rfind_pdu<Tins::EthernetII>();
-	Tins::IP &ip = pdu.rfind_pdu<Tins::IP>();
-	if (relayOnly) {
-		// redirect to target
-		eth.src_addr(ownMAC);
-		eth.dst_addr(gatewayMAC);
-		ip.src_addr(ownAddress);
-		ip.dst_addr(targetAddress);
-		outerSender.send(pdu);
-		std::cout << "relay" << std::endl;
-	} else {
-		eth.src_addr(gatewayMAC);
-		eth.dst_addr(originMAC);
-		ip.src_addr(targetAddress);
-		ip.dst_addr(originAddress);
-		innerSender.send(pdu);
-		std::cout << "partner" << std::endl;
-	}
-	return true;
-}

daemon/src/main.cpp

@@ -2,8 +2,9 @@
 
 #include "../include/Config.h"
 #include "../include/CovertChannel/CovertChannel.h"
+#include "../include/CovertChannel/CovertProtocol.hpp"
 #include "../include/CovertChannel/ForwardChannel.h"
-#include "../include/CovertChannel/ProxyChannel.h"
+#include "../include/CovertChannel/TCPUrgencyChannel.hpp"
 #include "../include/Server.h"
 #include "../include/UserManager.h"
 
@@ -18,22 +19,25 @@ int main(int argc, char *argv[]) {
 
 	CovertChannel *covertchannel = nullptr;
 	const std::string covertChannelMode = Config::getValue("covertChannelMode");
-	if (covertChannelMode == "proxy") {
+	if (covertChannelMode == "tcpurgency") {
 		const string innerInterface = Config::getValue("innerInterface");
 		const string outerInterface = Config::getValue("outerInterface");
 
 		const string ownIP = Config::getValue("ownIP");
-		const string partnerIP = Config::getValue("partnerIP");
-		const string originIP = Config::getValue("originIP");
 		const string targetIP = Config::getValue("targetIP");
 		const string targetPort = Config::getValue("targetPort");
-		const string relayMode = Config::getValue("relayMode");
-		const string ownMAC = Config::getValue("ownMAC");
-		const string originMAC = Config::getValue("originMAC");
-		const string gatewayMAC = Config::getValue("gatewayMAC");
-		const string channelGatewayMAC = Config::getValue("channelGatewayMAC");
-		covertchannel = new ProxyChannel(innerInterface, outerInterface, ownIP, partnerIP, originIP, targetIP, targetPort, ownMAC, originMAC, channelGatewayMAC,
-		                                 gatewayMAC, relayMode == "true");
+		const string passiveMode = Config::getValue("passiveMode");
+		const string sendFile = Config::getValue("sendFile");
+
+		if (passiveMode == "true") {
+			covertchannel = new TCPUrgencyChannel<true>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+		} else {
+			covertchannel = new TCPUrgencyChannel<false>(innerInterface, outerInterface, ownIP, targetIP, targetPort);
+		}
+
+		// test sending file
+		if (passiveMode != "true" && sendFile != "")
+			covertchannel->sendFile(sendFile);
 
 		// covertchannel = new ForwardChannel(innerInterface, outerInterface);
 		covertchannel->startSniffing();