#ifndef TCPURGENCYCHANNEL_H #define TCPURGENCYCHANNEL_H #include "CovertChannel.h" #include "CovertProtocol.hpp" /** * @class TCPUrgencyChannel * * A CovertChannel which hides data in the TCP urgency pointer * * @param PASSIVE true - server only reacts to incoming channel | false - server initiates channel */ template class TCPUrgencyChannel : public CovertChannel { public: /** * Sets up a CovertChannel. * * Creates a CovertChannel, sets the network interfaces for sniffing and sending and sets the filter. * * @param innerInterface name of the interface of the inner network * @param outerInterface name of the interface of the outer network * @param ownIP IP of this server * @param targetIP IP of the target server * @param targetPort Port of the target server */ TCPUrgencyChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &targetIP, const std::string &targetPort) : CovertChannel(innerInterface, outerInterface, "(not (tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") + " port " + targetPort + ")) and (not (dst host " + ownIP + "))", "(not (tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") + " port " + targetPort + ")) and (not (dst host " + ownIP + "))", "tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") + " port " + targetPort, "tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") + " port " + targetPort) {} /** * Destroys the CovertChannel. */ virtual ~TCPUrgencyChannel() {} /** * Send a file over the covert channel. * * @param fileName name of the file in the file directory * @return true - file will be sent | false - file was not accepted */ virtual bool sendFile(const std::string &fileName) { if constexpr (PASSIVE) { return false; } else { return protocol.sendFile(fileName); } } protected: /** * Handler for sniffed packets filterd to forward from the outer network. * * Handles incoming packets and forwards them. * * @param pdu sniffed packet * * @return false = stop loop | true = continue loop */ virtual bool handleChannelFromOuter(Tins::PDU &pdu) { Tins::TCP &tcp = pdu.rfind_pdu(); if constexpr (PASSIVE) { uint16_t data = tcp.urg_ptr(); protocol.receive((uint8_t *)(&data)); tcp.urg_ptr(0); innerSender.send(pdu); } else { // uint16_t urg = tcp.urg_ptr(); // tcp.urg_ptr(0); innerSender.send(pdu); } return true; } /** * Handler for sniffed packets filterd to forward from the inner network. * * Handles incoming packets and forwards them. * * @param pdu sniffed packet * * @return false = stop loop | true = continue loop */ virtual bool handleChannelFromInner(Tins::PDU &pdu) { Tins::TCP &tcp = pdu.rfind_pdu(); if constexpr (PASSIVE) { outerSender.send(pdu); } else { uint16_t data = 0; protocol.send((uint8_t *)(&data)); tcp.urg_ptr(data); outerSender.send(pdu); } return true; } /** * protocol used to transmit data */ CovertProtocol<2, PASSIVE> protocol; }; #endif