1#!/usr/local/bin/python2.7 2 3import argparse 4import scapy.all as sp 5import sys 6from sniffer import Sniffer 7 8def check_icmp_error(args, packet): 9 ip = packet.getlayer(sp.IP) 10 if not ip: 11 return False 12 if ip.dst != args.to[0]: 13 return False 14 15 icmp = packet.getlayer(sp.ICMP) 16 if not icmp: 17 return False 18 if icmp.type != 3 or icmp.code != 3: 19 return False 20 21 return True 22 23def main(): 24 parser = argparse.ArgumentParser("CVE-2019-icmp.py", 25 description="CVE-2019-icmp test tool") 26 parser.add_argument('--sendif', nargs=1, 27 required=True, 28 help='The interface through which the packet will be sent') 29 parser.add_argument('--recvif', nargs=1, 30 required=True, 31 help='The interface on which to check for the packet') 32 parser.add_argument('--src', nargs=1, 33 required=True, 34 help='The source IP address') 35 parser.add_argument('--to', nargs=1, 36 required=True, 37 help='The destination IP address') 38 39 args = parser.parse_args() 40 41 # Send the allowed packet to establish state 42 udp = sp.Ether() / \ 43 sp.IP(src=args.src[0], dst=args.to[0]) / \ 44 sp.UDP(dport=53, sport=1234) 45 sp.sendp(udp, iface=args.sendif[0], verbose=False) 46 47 # Start sniffing on recvif 48 sniffer = Sniffer(args, check_icmp_error) 49 50 # Send the bad error packet 51 icmp_reachable = sp.Ether() / \ 52 sp.IP(src=args.src[0], dst=args.to[0]) / \ 53 sp.ICMP(type=3, code=3) / \ 54 sp.IP(src="4.3.2.1", dst="1.2.3.4") / \ 55 sp.UDP(dport=53, sport=1234) 56 sp.sendp(icmp_reachable, iface=args.sendif[0], verbose=False) 57 58 sniffer.join() 59 if sniffer.foundCorrectPacket: 60 sys.exit(1) 61 62 sys.exit(0) 63 64if __name__ == '__main__': 65 main() 66