Created
October 24, 2017 08:14
-
-
Save maakunh/0a7368e96d93fd0ec4b56a9872c5da9f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * The pcap file is the results of the following... | |
| * tcpdump -G 60 -v arp and 'arp[7]==2' -w test_%M.pcap | |
| * | |
| */ | |
| function sender_mac_address($pcapfilename,$packetstart){ | |
| $bincap = file_get_contents($pcapfilename); | |
| $txtcap = bin2hex($bincap); | |
| $mac1 = substr($txtcap, $packetstart + 76, 2); | |
| $mac2 = substr($txtcap, $packetstart + 78, 2); | |
| $mac3 = substr($txtcap, $packetstart + 80, 2); | |
| $mac4 = substr($txtcap, $packetstart + 82, 2); | |
| $mac5 = substr($txtcap, $packetstart + 84, 2); | |
| $mac6 = substr($txtcap, $packetstart + 86, 2); | |
| return $mac1.":".$mac2.":".$mac3.":".$mac4.":".$mac5.":".$mac6; | |
| } | |
| function sender_ip_address($pcapfilename,$packetstart){ | |
| $bincap = file_get_contents($pcapfilename); | |
| $txtcap = bin2hex($bincap); | |
| $ip1 = hexdec(substr($txtcap,$packetstart + 88,2)); | |
| $ip2 = hexdec(substr($txtcap,$packetstart + 90,2)); | |
| $ip3 = hexdec(substr($txtcap,$packetstart + 92,2)); | |
| $ip4 = hexdec(substr($txtcap,$packetstart + 94,2)); | |
| return $ip1.".".$ip2.".".$ip3.".".$ip4; | |
| } | |
| function target_mac_address($pcapfilename,$packetstart){ | |
| $bincap = file_get_contents($pcapfilename); | |
| $txtcap = bin2hex($bincap); | |
| $mac1 = substr($txtcap, $packetstart + 96, 2); | |
| $mac2 = substr($txtcap, $packetstart + 98, 2); | |
| $mac3 = substr($txtcap, $packetstart + 100, 2); | |
| $mac4 = substr($txtcap, $packetstart + 102, 2); | |
| $mac5 = substr($txtcap, $packetstart + 104, 2); | |
| $mac6 = substr($txtcap, $packetstart + 106, 2); | |
| return $mac1.":".$mac2.":".$mac3.":".$mac4.":".$mac5.":".$mac6; | |
| } | |
| function target_ip_address($pcapfilename,$packetstart){ | |
| $bincap = file_get_contents($pcapfilename); | |
| $txtcap = bin2hex($bincap); | |
| $ip1 = hexdec(substr($txtcap,$packetstart + 108,2)); | |
| $ip2 = hexdec(substr($txtcap,$packetstart + 110,2)); | |
| $ip3 = hexdec(substr($txtcap,$packetstart + 112,2)); | |
| $ip4 = hexdec(substr($txtcap,$packetstart + 114,2)); | |
| return $ip1.".".$ip2.".".$ip3.".".$ip4; | |
| } | |
| function maxlength($pcapfilename){ | |
| $bincap = file_get_contents($pcapfilename); | |
| $txtcap = bin2hex($bincap); | |
| return strlen($txtcap); | |
| } | |
| function timeval($pcapfilename,$packetstart) | |
| { | |
| $bincap = file_get_contents($pcapfilename); | |
| $txtcap = bin2hex($bincap); | |
| $dtime = hexdec(substr($txtcap, $packetstart + 6, 2) . substr($txtcap, $packetstart + 4, 2) . substr($txtcap, $packetstart + 2, 2) . substr($txtcap, $packetstart, 2)); | |
| //$stime = date('Y/m/d H:i:s',$timeval + strtotime('1970/01/01 09:00:00')); | |
| return date('Y/m/d H:i:s', $dtime); | |
| } | |
| function check_arpdata($pcapfilename,$packetstart){ | |
| $bincap = file_get_contents($pcapfilename); | |
| $txtcap = bin2hex($bincap); | |
| $type = hexdec(substr($txtcap,$packetstart + 56,4)); | |
| if($type = '0806'){ | |
| return true; | |
| }else{ | |
| echo $txtcap.PHP_EOL; | |
| echo "type is ".$type."?".PHP_EOL; | |
| return false; | |
| } | |
| } | |
| //Padding | |
| function padding($pcapfilename,$packetstart){ | |
| $bincap = file_get_contents($pcapfilename); | |
| $txtcap = bin2hex($bincap); | |
| // $padding = substr($txtcap, $packetstart + 116, 36); | |
| // if($padding == '000000000000000000000000000000000000'){ | |
| // return 0;//パケット終端にパディング有り | |
| // }else{ | |
| // return 36;//パケット終端にパッディング無し(パディング分152から36減らす) | |
| // } | |
| if(substr($txtcap, $packetstart + 208, 4) == '0806'){ | |
| return 0;//パケット終端にパディング有り | |
| }else{ | |
| return 36;//パケット終端にパッディング無し(パディング分36減らす) | |
| } | |
| } | |
| function init_packetstart(){ | |
| $packetstart = 48;//Global header | |
| return $packetstart; | |
| } | |
| function init_packetend(){ | |
| $packetend = 152;//ARP Packet header + data(パディング有り) | |
| return $packetend; | |
| } | |
| function md5sum($f){ | |
| //PCAPファイル一覧テーブルに記載されたファイルと同一ならFalse、異なるならTrueを返す | |
| $fcheck = $f.".check"; | |
| $fline = file_get_contents($fcheck); | |
| if(false == $fline){ | |
| touch($fcheck);//新規ファイル作成 | |
| file_put_contents($fcheck, $f.",".md5_file($f)); | |
| $result = true; | |
| }else{ | |
| if($fline == $f.",".md5_file($f)){ | |
| $result = false;//何もしない | |
| }else{ | |
| file_put_contents($fcheck, $f.",".md5_file($f));//上書き | |
| $result = true; | |
| } | |
| } | |
| echo $result; | |
| return $result; | |
| } | |
| function md5sum_noupd($f){ | |
| //PCAPファイル一覧テーブルに記載されたファイルと同一ならFalse、異なるならTrueを返す | |
| $fcheck = $f.".check"; | |
| $fline = file_get_contents($fcheck); | |
| if(false == $fline){ | |
| $result = false;//何もしない | |
| }else{ | |
| if($fline == $f.",".md5_file($f)){ | |
| $result = false;//何もしない | |
| }else{ | |
| $result = true; | |
| } | |
| } | |
| echo $result; | |
| return $result; | |
| } | |
| //データアップロード(HTTP Request) | |
| function data_send($url,$timeval,$mac_address,$ip_address, $pcapfilename){ | |
| $postdata = array( | |
| 'timeval' => $timeval, | |
| 'mac_address' => $mac_address, | |
| 'ip_address' => $ip_address, | |
| 'pcap_fname' => $pcapfilename, | |
| 'sensor_id' => sensor_id() | |
| ); | |
| $html = http_post($url, $postdata); | |
| return $html; | |
| } | |
| //データ削除(HTTP Request) | |
| function data_delete($url,$mac_address,$ip_address){ | |
| $postdata = array( | |
| 'mac_address' => $mac_address, | |
| 'ip_address' => $ip_address, | |
| 'sensor_id' => sensor_id() | |
| ); | |
| $html = http_post($url, $postdata); | |
| return $html; | |
| } | |
| //arp_recordsテーブルに存在有無 | |
| function flg_arp_records($url,$mac_address,$ip_address){ | |
| $postdata = array( | |
| 'mac_address' => $mac_address, | |
| 'ip_address' => $ip_address, | |
| 'sensor_id' => sensor_id() | |
| ); | |
| $html = http_post($url, $postdata); | |
| return $html; | |
| } | |
| //arp_blocksテーブルに書き込み | |
| function arp_blocks($url,$timeval,$mac_address,$ip_address,$result){ | |
| $postdata = array( | |
| 'timeval' => $timeval, | |
| 'mac_address' => $mac_address, | |
| 'ip_address' => $ip_address, | |
| 'result' => $result, | |
| 'sensor_id' => sensor_id() | |
| ); | |
| $html = http_post($url, $postdata); | |
| return $html; | |
| } | |
| //arp_controlsテーブルに存在有無 | |
| function flg_arp_controls($url,$mac_address,$ip_address){ | |
| $postdata = array( | |
| 'mac_address' => $mac_address, | |
| 'ip_address' => $ip_address, | |
| 'sensor_id' => sensor_id() | |
| ); | |
| $html = http_post($url, $postdata); | |
| return $html; | |
| } | |
| function flg_arp_controls_ip($url,$ip_address){ | |
| $postdata = array( | |
| 'ip_address' => $ip_address, | |
| 'sensor_id' => sensor_id() | |
| ); | |
| $html = http_post($url, $postdata); | |
| return $html; | |
| } | |
| //CURLでHTTP POST | |
| function http_post($url, $postdata){ | |
| $ch = curl_init($url); | |
| curl_setopt($ch, CURLOPT_TIMEOUT, 10); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); | |
| curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postdata)); | |
| curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // Private証明書対策 | |
| curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); // | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); | |
| curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); // Locationヘッダを追跡 | |
| $html = curl_exec($ch); | |
| return $html; | |
| } | |
| //CSVファイルから所定項目の値を返す | |
| function parse_csv($filepath,$item_name){ | |
| //オブジェクトを生成する | |
| $file = new SplFileObject($filepath); | |
| //CSVファイルの読み込み | |
| $file->setFlags(SplFileObject::READ_CSV); | |
| //1行ずつ値を取得する | |
| foreach ($file as $line) { | |
| //空行はスキップ | |
| if (empty($line[0])){ | |
| continue; | |
| } | |
| //1行の要素数を調べる | |
| $cnt = count($line); | |
| if($line[0] == $item_name){ | |
| $value = $line[1]; | |
| break; | |
| } | |
| } | |
| return $value; | |
| } | |
| //設定ファイルからセンサーIDを読み込む | |
| function sensor_id(){ | |
| return parse_csv(dirname(__FILE__).'/env', 'SENSOR_ID'); | |
| } | |
| //設定ファイルからMAC_ADDRESSを読み込む | |
| function sensor_mac_address(){ | |
| return parse_csv(dirname(__FILE__).'/env', 'MAC_ADDRESS'); | |
| } | |
| //設定ファイルからSERVER_URLを読み込む | |
| function sensor_server_url(){ | |
| return parse_csv(dirname(__FILE__).'/env', 'SERVER_URL'); | |
| } | |
| //設定ファイルからSYSTEM_ROOTを読み込む | |
| function sensor_system_root(){ | |
| return parse_csv(dirname(__FILE__).'/env', 'SYSTEM_ROOT'); | |
| } | |
| //設定ファイルからVERSIONを読み込む | |
| function sensor_version(){ | |
| return parse_csv(dirname(__FILE__).'/env', 'VERSION'); | |
| } | |
| //センサー情報をサーバに通知する | |
| function arp_sensor(){ | |
| $postdata = array( | |
| 'sensor_id' => sensor_id(), | |
| 'mac_address' => sensor_mac_address(), | |
| 'version' => sensor_version(), | |
| 'sensor_status' => 1 | |
| ); | |
| $html = http_post(sensor_server_url()."/arp_sensors_api", $postdata); | |
| return $html; | |
| } | |
| //センサー操作実行 | |
| function sensor_operation(){ | |
| $postdata = array( | |
| 'sensor_id' => sensor_id() | |
| ); | |
| $operation = http_post(sensor_server_url()."/arp_sensors_operation_get_api", $postdata); | |
| if($operation == 2){ //シャットダウン | |
| $postdata = array( | |
| 'sensor_id' => sensor_id(), | |
| 'sensor_status' => 3 | |
| ); | |
| //サーバへシャットダウン通知 | |
| http_post(sensor_server_url()."/arp_sensors_operation_put_api", $postdata); | |
| //シャットダウン | |
| exec('/usr/sbin/shutdown -h now'); | |
| // return http_post(sensor_server_url()."/arp_sensors_operation_put_api", $postdata); | |
| }elseif($operation == 4){ //再起動 | |
| $postdata = array( | |
| 'sensor_id' => sensor_id(), | |
| 'sensor_status' => 5 | |
| ); | |
| //サーバへ再起動通知 | |
| http_post(sensor_server_url()."/arp_sensors_operation_put_api", $postdata); | |
| //再起動 | |
| exec('/usr/sbin/shutdown -r now'); | |
| // return http_post(sensor_server_url()."/arp_sensors_operation_put_api", $postdata); | |
| }else{ | |
| return arp_sensor(); //センサー起動中 | |
| } | |
| } | |
| function arp_update(){ | |
| //センサーネットワークアドレスを取得する | |
| $network_addr = sensor_network_addr(); | |
| //偽装MACアドレス | |
| $srcMac = '01:02:03:04:05:06'; | |
| //ブロック対象ノード取得 | |
| $block_nodes = block_node(); | |
| for($i = 1; $i < count($block_nodes); $i++){ //取得したブロック対象ノードひとつずつ処理 | |
| list($dstMac, $dstIP) = explode(",", $block_nodes[$i]); | |
| list($network_ip, $mask) = explode('/', $network_addr); | |
| $j = 1; | |
| $imax = pow(2, 32 - $mask) - 2; | |
| for($j = 1; $j <= $imax; $j++){ | |
| $srcIP = long2ip(ip2long($network_ip) + $j); | |
| exec(sensor_system_root().'/arp_update '.$dstIP.' '.$dstMac.' '.$srcIP.' '.$srcMac.' > /dev/null &'); | |
| } | |
| arp_blocks(sensor_server_url()."/arp_blocks_api",date("Y/m/d H:i:s"),$dstMac,$dstIP,1); | |
| } | |
| } | |
| function arp_update_by_addr($dstMac, $dstIP){ //アドレス指定でarpupdate実行 | |
| //センサーネットワークアドレスを取得する | |
| $network_addr = sensor_network_addr(); | |
| //偽装MACアドレス | |
| $srcMac = '01:02:03:04:05:06'; | |
| while(1){ //プロセスKILLまで無限ループ | |
| //ブロック対象ノード取得 | |
| $block_nodes = block_node(); | |
| list($network_ip, $mask) = explode('/', $network_addr); | |
| $j = 1; | |
| $imax = pow(2, 32 - $mask) - 2; | |
| for($j = 1; $j <= $imax; $j++){ | |
| $srcIP = long2ip(ip2long($network_ip) + $j); | |
| exec(sensor_system_root().'/arp_update '.$dstIP.' '.$dstMac.' '.$srcIP.' '.$srcMac.' > /dev/null &'); | |
| } | |
| arp_blocks(sensor_server_url()."/arp_blocks_api",date("Y/m/d H:i:s"),$dstMac,$dstIP,1); | |
| } | |
| } | |
| //センサー ネットワークアドレス取得(サーバ側で設定) | |
| function sensor_network_addr(){ | |
| $postdata = array( | |
| 'sensor_id' => sensor_id() | |
| ); | |
| $network_addr = http_post(sensor_server_url()."/arp_sensors_network_addr_get_api", $postdata); | |
| return $network_addr; | |
| } | |
| //センサー ネットワークアドレス取得(サーバ側で設定) | |
| function sensor_ip_addr(){ | |
| $postdata = array( | |
| 'sensor_id' => sensor_id() | |
| ); | |
| $ip_addr = http_post(sensor_server_url()."/arp_sensors_ip_addr_get_api", $postdata); | |
| return $ip_addr; | |
| } | |
| //ブロック対象ノード情報取得 | |
| function block_node(){ | |
| $postdata = array( | |
| 'sensor_id' => sensor_id() | |
| ); | |
| $block_node_line = http_post(sensor_server_url()."/arp_sensors_block_node_get_api", $postdata); | |
| $block_nodes = explode("|", $block_node_line); | |
| return $block_nodes; | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment