Merge pull request #1024 from half-duplex/ndp-ban

evilsocket · web-flow · commit 76a7820da570 · 2023-07-25T14:34:47.000+02:00
ndp.spoof: add ndp.ban
diff --git a/modules/ndp_spoof/ndp_spoof.go b/modules/ndp_spoof/ndp_spoof.go
@@ -17,13 +17,15 @@ type NDPSpoofer struct {
 	prefix       string
 	prefixLength int
 	addresses    []net.IP
+	ban          bool
 	waitGroup    *sync.WaitGroup
 }
 
 func NewNDPSpoofer(s *session.Session) *NDPSpoofer {
 	mod := &NDPSpoofer{
 		SessionModule: session.NewSessionModule("ndp.spoof", s),
 		addresses:     make([]net.IP, 0),
+		ban:           false,
 		waitGroup:     &sync.WaitGroup{},
 	}
 
@@ -49,12 +51,25 @@ func NewNDPSpoofer(s *session.Session) *NDPSpoofer {
 			return mod.Start()
 		}))
 
+	mod.AddHandler(session.NewModuleHandler("ndp.ban on", "",
+		"Start NDP spoofer in ban mode, meaning the target(s) connectivity will not work.",
+		func(args []string) error {
+			mod.ban = true
+			return mod.Start()
+		}))
+
 	mod.AddHandler(session.NewModuleHandler("ndp.spoof off", "",
 		"Stop NDP spoofer.",
 		func(args []string) error {
 			return mod.Stop()
 		}))
 
+	mod.AddHandler(session.NewModuleHandler("ndp.ban off", "",
+		"Stop NDP spoofer.",
+		func(args []string) error {
+			return mod.Stop()
+		}))
+
 	return mod
 }
 
@@ -107,8 +122,13 @@ func (mod *NDPSpoofer) Configure() error {
 	}
 
 	if !mod.Session.Firewall.IsForwardingEnabled() {
-		mod.Info("enabling forwarding")
-		mod.Session.Firewall.EnableForwarding(true)
+		if mod.ban {
+			mod.Warning("running in ban mode, forwarding not enabled!")
+			mod.Session.Firewall.EnableForwarding(false)
+		} else {
+			mod.Info("enabling forwarding")
+			mod.Session.Firewall.EnableForwarding(true)
+		}
 	}
 
 	return nil
@@ -166,6 +186,7 @@ func (mod *NDPSpoofer) Start() error {
 func (mod *NDPSpoofer) Stop() error {
 	return mod.SetRunning(false, func() {
 		mod.Info("waiting for NDP spoofer to stop ...")
+		mod.ban = false
 		mod.waitGroup.Wait()
 	})
 }
