def packet_factory(packet):
inj = libnet.context(LINK, "wlp3s0")
srcip = socket.inet_ntoa(inj.get_ipaddr4())
tcptag = inj.build_tcp(dp=packet['TCP_SPORT'],
sp=packet['TCP_DPORT'],
control=TH_RST,
seq=packet['TCP_ACK_NUM'],
ack=packet['TCP_SEQ_NUM'] + 1)
iptag = inj.build_ipv4(prot=IPPROTO_TCP,
dst=socket.inet_aton(packet['IP_SRC']),
src=socket.inet_aton(packet['IP_DST']))
ethtag = inj.build_ethernet(dst=inj.hex_aton(packet['ETH_SHOST']),
src=inj.hex_aton(packet['ETH_DHOST']))
inj.write()
del inj
return
def pkt_builder(self, packet):
self.wire = libnet.context(LINK, self.iface)
tcptag = self.wire.build_tcp(
dp = packet['TCP_SPORT'],
sp = packet['TCP_DPORT'],
control = TH_RST,
seq = packet['TCP_ACK_NUM'],
ack = packet['TCP_SEQ_NUM']+1,
payload = self.unique_id
)
iptag = self.wire.build_ipv4(
prot = IPPROTO_TCP,
dst = socket.inet_aton(packet['IP_SRC']),
src = socket.inet_aton(packet['IP_DST'])
)
ethtag = self.wire.build_ethernet(
dst = self.wire.hex_aton(packet['ETH_SHOST']),
src = self.wire.hex_aton(packet['ETH_DHOST'])
)
# Check if the dstination IP and network interface
if not (options.dstip and options.netif):
print "\nError: Options -i interface and -d host are mandatories.\n"
parser.print_help()
sys.exit(0)
#Test if ICMP Type is REQUEST or REPLY
if options.iechorep:
itype = ICMP_ECHOREPLY
else:
itype = ICMP_ECHO
#Initialize libnet context
inj = libnet.context(RAW4, options.netif)
if not inj:
print "\nInitialization failed! Please check if you have rights or if you have entered a valid network interface or valid dst IP\n."
parser.print_help()
sys.exit(0)
if options.srcip == 0:
options.srcip = inj.get_ipaddr4()
else:
options.srcip = inj.name2addr4(options.srcip, RESOLVE)
# With PyLibnet you have to start to building packets from the upper layer. In this case ICMP
icmptag = inj.build_icmpv4_echo(type=itype, code=1, seq=1, payload=options.payload)
options.dstip = inj.name2addr4(options.dstip, RESOLVE)
#!/usr/bin/python
import sys
import libnet
from libnet.constants import *
# params:1 - The injection type, 2 - Device name
l = libnet.context(LINK, 'eth0')
# Let's get the network byte ordered representation of this IP
dst_ip = l.name2addr4('10.0.0.9', DONT_RESOLVE)
dst = 'ffffffffffff'
dst_mac = dst.decode("hex")
src = '001d92e08f26'
src_mac = src.decode("hex")
arp_tag = l.autobuild_arp(
1,
src_mac,
dst_ip,
dst_mac,
dst_ip,
)
eth_tag = l.autobuild_ethernet(
dst_mac,
0x0806,
)
# Now let's write the packet and check for an error
# tcp syn google.com
import time
"""
Created on Tue Nov 20 09:06:42 2012
@author: Leniy
#伪造dns请求
"""
#!/usr/bin/python
import sys
import libnet
from libnet.constants import *
l = libnet.context(
RAW4, # The injection type
'eth0' # Device name
)
dst_ip = l.name2addr4(
'10.0.0.197', # Let's get the network byte ordered representation of this IP
DONT_RESOLVE
)
src_ip = l.name2addr4(
'10.0.0.31', # Let's get the network byte ordered representation of this IP
DONT_RESOLVE
)
#query
import struct
query=struct.pack('b3sb4sb3sbbbbb',3,'www',4,'sina',3,'com',0,0,1,0,1)
l.extend(['in-addr', 'arpa'])
return toquery(l, TYPE.PTR, query_class)
if __name__ == '__main__':
# Parse the arguments
parser = argparse.ArgumentParser(description='Creates and injects a UDP-based DNSV4 IN A query.')
parser.add_argument('-i', metavar='interface', required=True, help='the injection interface.')
parser.add_argument('-d', metavar='destination', required=True, help='the destination to resolve')
parser.add_argument('-n', metavar='nameserver', required=True, help='DNS server.')
parser.add_argument('-q', metavar='query_type', required=False, help='DNS query type (e.g. A, MX, NS, etc.).', default='A', choices=filter(lambda n: not(n.startswith('__')), dir(TYPE)))
parser.add_argument('-c', metavar='query_class', required=False, help='DNS query type (e.g. A, MX, NS, etc.).', default='IN', choices=filter(lambda n: not(n.startswith('__')), dir(CLASS)))
args = parser.parse_args(sys.argv[1:])
c = libnet.context(device=args.i, injection_type=RAW4)
print 'Building DNS getheader:'
dns_ptag = c.build_dnsv4(id=3,flags=256,num_q=1,num_anws_rr=0,num_auth_rr=0,num_addi_rr=0,payload=build_query(args.d, eval('TYPE.%s' % args.q), eval('CLASS.%s' % args.c)))
print c.getheader(dns_ptag)
print 'Building UDP getheader:'
udp_ptag = c.build_udp(dp=53)
print c.getheader(udp_ptag)
print 'Building IPv4 getheader:'
ipv4_ptag = c.build_ipv4(dst=c.name2addr4('4.2.2.1', DONT_RESOLVE), prot=17)
print c.getheader(ipv4_ptag)
print 'Sending packet:'
print c.getpacket()
c.write()
# Controls
# Check if the dstination IP and network interface
if not (options.dstip and options.netif):
print "\nError: Options -i interface and -d host are mandatories.\n"
parser.print_help()
sys.exit(0)
#Test if ICMP Type is REQUEST or REPLY
if options.iechorep:
itype = ICMP_ECHOREPLY
else:
itype = ICMP_ECHO
#Initialize libnet context
inj = libnet.context(RAW4, options.netif)
if not inj:
print "\nInitialization failed! Please check if you have rights or if you have entered a valid network interface or valid dst IP\n."
parser.print_help()
sys.exit(0)
if options.srcip == 0:
options.srcip = inj.get_ipaddr4()
else:
options.srcip = inj.name2addr4(options.srcip, RESOLVE)
# With PyLibnet you have to start to building packets from the upper layer. In this case ICMP
icmptag = inj.build_icmpv4_echo(type=itype,
code=1,
seq=1,
"""
Created on Tue Nov 20 09:06:42 2012
@author: Leniy
#伪造dns请求
"""
#!/usr/bin/python
import sys
import libnet
from libnet.constants import *
l = libnet.context(
RAW4, # The injection type
'eth0' # Device name
)
dst_ip = l.name2addr4(
'10.0.0.197', # Let's get the network byte ordered representation of this IP
DONT_RESOLVE)
src_ip = l.name2addr4(
'10.0.0.31', # Let's get the network byte ordered representation of this IP
DONT_RESOLVE)
#query
import struct
query = struct.pack('b3sb4sb3sbbbbb', 3, 'www', 4, 'sina', 3, 'com', 0, 0, 1,
0, 1)
dns_tag = l.build_dnsv4(
