kaganjd / sealion Goto Github PK

https://github.com/kaganjd/p5.packets/blob/master/p5.packets-client/package.json#L9

Hi,
I've been trying to reproduce and understand your code, however, I can't find how do you establish WebSocket link and use the async def dequeue_packets(ws): to deliver msg to ws link
you explanation appreciated

1. a client side function to arp scan

• ping the whole subnet
• arp request to each IP

2. spoofing requires permissions stuff for mac

• how to set and clear without a visual interface...

Currently, we have to instantiate SeaLion inside a function and then start the sniffer shortly after, like:

function openSniff() {
  let sl = new SeaLion(hostname, port);
  sl.sniffer.listener.on("packet", function(data) {
    packets.push(data);
  });
  sl.sniffer.start();
}

This is because if we don't start the sniffer soon after creating SeaLion, the WebSocket connection idles and dies. But we need to be able to instantiate SeaLion globally and then have functions open, close, log packets, etc. on that instance.

Possible fix is to ping/pong to keep the (SeaLion's? sniffer's?) WebSocket connection alive. One implementation: https://stackoverflow.com/questions/10585355/sending-websocket-ping-pong-frame-from-browser

Right now the GUI for the server locks up whenever it has a websocket open to the client, and it becomes impossible to close the server via the GUI. This likely can be solved by moving the GUI to a separate thread via the following method: https://www.oreilly.com/library/view/python-cookbook/0596001673/ch09s07.html, or by moving to a different GUI framework from Tkinter, such as Kivy.

Cleaner separation and will help ensure one thing isn't invisibly dependent on the other

let's organize it!

Currently, the Sea Lion sniff methods use Scapy's sniff() under the hood here and Scapy's pkt.summary() (Scapy docs here- search "pkt.summary()") to send a summary of the packet instead of having each attribute (dst, src, etc.) broken out. Should we send un-summarized/raw packets so users of the lib have access to those individual attributes if they want them?

Once the API is finalized, the docs site should be updated to reflect the latest version. Currently very out of date!

it's confusing that client sniffSelf() function takes params that are set/reset on the server side.

client: https://github.com/kaganjd/sealion/blob/master/client/src/index.js#L28-L36

server: https://github.com/kaganjd/sealion/blob/master/server/src/utils.py#L46-L53

options:

• make all keys that are set on the server side available on the client side, incl store and lfilter + options listed here
• keep those keys out of client and remove them from the server

either way, seems like instead of setting count to 5 in the server side config, set to "". client side should throw an error if no value is passed in anyway.

pro:

• sea lion is currently written so that count is an arg
• scapy accepts this arg in its sniff method; if someone has a set number of packets they want, they can just pass count in, i.e.

function setup() {
  createCanvas(400, 400);
  background(0);

  sl.sniffSocket.open()
    .then(() => sl.sniffSelf(10))
    .then(() => sl.sniffSocket.close())
}

function draw() {
  const lineHeight = 40
  textSize(lineHeight)
  textAlign(LEFT, CENTER)

  if (sl.packetList) {
    for (i=0; i < sl.packetList.length; i++) {
      fill(0, 255, 255);
      text(sl.packetList[i], 0, i*40)
    }
  }
}

con:

• adds complexity; we could just have sniffer is on/off and then controls around that (not in sea lion but as part of the p5 sketch), i.e.

function setup() {
  createCanvas(400, 400);
  background(0);
  
  sl.sniffSocket.open()
    .then(() => sl.sniffSelf(FOREVER))
}

function draw() {
  if (sl.packetList) {
    if (sl.packetList.length === 9) {   // note: packetList does not actually reliably ++ by 1
      drawPackets(9)
    }
  }
}

function drawPackets(num) {
  textSize(40)
  textAlign(LEFT, CENTER)
  for (i=0; i < num; i++) {
    fill(0, 255, 255);
    text(sl.packetList[i], 0, i*40)
  }
  sl.sniffSocket.close()
}

set up, shut down, and maintain this.running instead of having this.socket.onopen in every method

I think we ran into this with Herbivore as well and that it has to do with packet forwarding permissions? Maybe?

Possible steps

1. Research packet forwarding permissions you need to set on Linux (may be the same as Darwin/Mac OS X)
2. Add some logic that checks which OS the server is running on (this kind of thing should work: utils.py), then routes to the correct permissions functions
3. Add each command for Linux as a constant in config.py
4. In main.py, rename:

• check_permissions --> check_darwin_permissions
• set_permissions --> set_darwin_permissions
• restore_permissions --> restore_darwin_permissions

5. Write functions for:

• check_linux_permission
• set_linux_permissions
• restore_linux_permissions

6. See if it works!

based on user feedback

• specify python3
• link to virtualenv docs for people unfamiliar
• add src before main.py
• clarify that you have to run npm build on client to get started, not just for development
• add more info at beginning readme about what sea lion is

Curious to see what this looks like in Scapy.

user-reported bug, probs related to #21. we need a general solution for handling IP addresses that don't make sense to the server-side sniffNeighbor method: https://github.com/kaganjd/sealion/blob/master/server/src/routes.py#L50-L55

and also clarify in docs that in order to sniff your own traffic, you simply don't pass in any IP address.

Currently GUI does not display any error messages within itself. For example, if the wrong password is given at permissions check the error is printed to the console rather than sending a message to the UI. The way to implement this might be to add a status box within the GUI UI and a queue to look for errors within the GUI class, which would then be printed to the status box.

even though getNetworkInfo comes first in the library, and even when getNetworkInfo comes first in setup(), if a sniff or ping method is also in the sketch, the sniff/ping will run first and block getNetworkInfo from ever happening

Converting final comment from PR #5 as an issue for the future.

I think you're going to want to have the following end points that the p5 client can hit. I know you're using sockets so doesn't need to be REST just describing it in those terms since it makes the actions clearer

• GET /interfaces: this is more for debug but will be useful in the future

• POST /config: allow the client to update the config dict

• POST /sniffer: args include start or stop

• GET /status: is the sniffer running?

• Listener for errors? Not sure if this works but it might be nice to have your try/catch errors bubble up to the client. Lets wait to implement this though

• kill process after set # of packets or time limit or on KeyboardInterrupt?

If left on for a period of time the server begins to use increasing amounts of CPU. After 20 minutes it is using 100% of my CPU. It is unclear what it is doing. This is the case both when it is connected to the client side and when it is waiting to connect.

Specific functions for parsing out only destination or originating IP address, for example

Doesn't work :'(

If this is going to work well we will need to be have clarity on what network interface we are sniffing on.
The names change depending on OS and sometimes hardware. Things that will helkp in the long term

1. Being able to list all network interface
2. Determining what the active network interface (does scapy tell you that?)
3. Getting all the info for the active interface this could include

• Gateway IP
• Subnet
• Proxy Info if any

Having this information available will help in the future