#ifndef TCPAPPENDCHANNEL_H #define TCPAPPENDCHANNEL_H #include "CovertChannel.h" #include "CovertProtocolBidirectional.hpp" /** * @class TCPAppendChannel * * A CovertChannel which appends data to the TCP payload * * @param N number of bytes which can be used to transmit data * @param PASSIVE true - server only reacts to incoming channel | false - server initiates channel */ template class TCPAppendChannel : public CovertChannel { public: /** * Sets up a CovertChannel. * * Creates a CovertChannel, sets the network interfaces for sniffing and sending and sets the filter. * * @param innerInterface name of the interface of the inner network * @param outerInterface name of the interface of the outer network * @param ownIP IP of this server * @param targetIP IP of the target server * @param targetPort Port of the target server */ TCPAppendChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &targetIP, const std::string &targetPort) : CovertChannel(innerInterface, outerInterface, "(not (tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") + " port " + targetPort + ")) and (not (dst host " + ownIP + "))", "(not (tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") + " port " + targetPort + ")) and (not (dst host " + ownIP + "))", "tcp and " + std::string(PASSIVE ? "src" : "dst") + " host " + targetIP + " and " + std::string(PASSIVE ? "src" : "dst") + " port " + targetPort, "tcp and " + std::string(PASSIVE ? "dst" : "src") + " host " + targetIP + " and " + std::string(PASSIVE ? "dst" : "src") + " port " + targetPort) {} /** * Destroys the CovertChannel. */ virtual ~TCPAppendChannel() {} /** * Send a file over the covert channel. * * @param fileName name of the file in the file directory * @return true - file will be sent | false - file was not accepted */ virtual bool sendFile(const std::string &fileName) { if constexpr (PASSIVE) { return false; } else { return protocol.sendFile(fileName); } } protected: /** * Handler for sniffed packets filterd to forward from the outer network. * * Handles incoming packets and forwards them. * * @param pdu sniffed packet * * @return false = stop loop | true = continue loop */ virtual bool handleChannelFromOuter(Tins::PDU &pdu) { Tins::TCP &tcp = pdu.rfind_pdu(); // get payload Tins::RawPDU *raw = tcp.find_pdu(); if (raw != nullptr) { Tins::RawPDU::payload_type &payload = raw->payload(); // read data from payload std::size_t size = payload.size(); uint8_t *data = &payload.front(); data += size - N; protocol.receive(data); // resize payload payload.resize(size - N); } innerSender.send(pdu); return true; } /** * Handler for sniffed packets filterd to forward from the inner network. * * Handles incoming packets and forwards them. * * @param pdu sniffed packet * * @return false = stop loop | true = continue loop */ virtual bool handleChannelFromInner(Tins::PDU &pdu) { Tins::TCP &tcp = pdu.rfind_pdu(); // get payload Tins::RawPDU *raw = tcp.find_pdu(); if (raw != nullptr) { Tins::RawPDU::payload_type &payload = raw->payload(); // resize payload std::size_t size = payload.size(); payload.resize(size + N); // write data in payload uint8_t *data = &payload.front(); data += size; protocol.send(data); } outerSender.send(pdu); return true; } /** * protocol used to transmit data */ CovertProtocolBidirectional protocol; }; #endif