def processP(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(DNSRR): print("PROCESSING : ", scapy_packet.summary()) try: scapy_packet = modify(scapy_packet) except IndexError: pass print("FORWARDING! > ", scapy_packet.summary()) packet.set_payload(bytes(scapy_packet)) packet.accept()
def interp(plugin, nuin): hook = nuin.value(0) family = nuin.value(1) protocol = nuin.value(2) pattrs = (ctypes.POINTER(mnl.Attr) * (nflog.NFULA_MAX + 1)).from_buffer(nuin.value(3)) # pattrs = (ctypes.POINTER(mnl.Attr) * (nflog.NFULA_MAX + 1)).from_address(nuin.value(3)) seq_global = 0 if nuin.is_valid(4): seq_global = nuin.value(4) seq_local = 0 if nuin.is_valid(5): seq_local = nuin.value(5) prefix = "" if nuin.is_valid(6): prefix = nuin.value(6) log.info("hook: %d, family: %d, protocol: %d, prefix: %s, seq - global: %d, local: %d", hook, family, protocol, prefix, seq_global, seq_local) if pattrs[nflog.NFULA_PAYLOAD] is not None: ip = IP(bytes(pattrs[nflog.NFULA_PAYLOAD].contents.get_payload_v())) log.info(ip.summary()) if pattrs[nflog.NFULA_CT]: ct = nfct.Conntrack() ct.payload_parse(pattrs[nflog.NFULA_CT].contents.get_payload_v(), family) b = ct.snprintf(4096, nfct.NFCT_T_UNKNOWN, nfct.NFCT_O_DEFAULT, 0) log.info("conntrack: %s", str(b)) return nurs.NURS_RET_OK
def run(self): while not self.stop_event.is_set(): if not self.in_queue.empty(): plumber_item = self.in_queue.get() self.logger.debug(plumber_item[PlumberPacket].show(dump=True)) if plumber_item[PlumberPacket].message_type == 2: self.logger.info("got Data PlumberPacket!") data = self.protocol(plumber_item[PlumberPacket].data) if hasattr(data, 'chksum'): del data.chksum data_to_send = IP(dst=plumber_item.ip) / data self.logger.debug("sending:\n{0}".format( data_to_send.summary())) response = sr1(data_to_send) self.logger.debug("recieve:\n{0}".format( response.summary())) res_plumber = copy.deepcopy(plumber_item) res_plumber.ip, res_plumber.src_ip = res_plumber.src_ip, response[ IP].dst res_plumber.data = self.protocol( response.getlayer(self.protocol)) self.out_queue.put(res_plumber) self.counter += 1 time.sleep(0.001) return
def interp(plugin, nuin): family = nuin.value(0) res_id = nuin.value(1); pattrs = (ctypes.POINTER(mnl.Attr) * (nfqnl.NFQA_MAX + 1)).from_buffer(nuin.value(2)) ph = pattrs[nfqnl.NFQA_PACKET_HDR].contents.get_payload_as(nfqnl.NfqnlMsgPacketHdr) packet_id = socket.ntohl(ph.packet_id) log.info("res_id: %d, qid: %d", res_id, packet_id) nfq_send_accept(res_id, packet_id) if pattrs[nfqnl.NFQA_PAYLOAD]: ip = IP(bytes(pattrs[nfqnl.NFQA_PAYLOAD].contents.get_payload_v())) log.info(ip.summary()) if pattrs[nfqnl.NFQA_IFINDEX_INDEV]: ifin = pattrs[nfqnl.NFQA_IFINDEX_INDEV].contents.get_u32() log.info("indev: %d", socket.ntohl(ifin)); if pattrs[nfqnl.NFQA_IFINDEX_OUTDEV]: ifout = pattrs[nfqnl.NFQA_IFINDEX_OUTDEV].contents.get_u32() log.info("outdev: %d", socket.ntohl(ifout)); if pattrs[nfqnl.NFQA_CT]: ct = nfct.Conntrack() ct.payload_parse(pattrs[nfqnl.NFQA_CT].contents.get_payload_v(), family) s = ct.snprintf(4096, nfct.NFCT_T_UNKNOWN, nfct.NFCT_O_DEFAULT, 0) log.info("conntrack: %s", s) return nurs.NURS_RET_OK
def forwardDNS(orig_pkt): print "Forwarding: " + orig_pkt[DNSQR].qname response = sr1(IP(dst="8.8.8.8") / UDP(sport=orig_pkt[UDP].sport) / \ DNS(rd=1, id=orig_pkt[DNS].id, qd=DNSQR(qname=orig_pkt[DNSQR].qname)), verbose=0) respPkt = IP(dst=orig_pkt[IP].src) / UDP(dport=orig_pkt[UDP].sport) / DNS() respPkt[DNS] = response[DNS] send(respPkt, verbose=0) return "Responding: " + respPkt.summary()
def process_packet(packet): """ This callback will be called everytime a new packet is redirected to the netfilter queue. :param packet: Incoming packet """ # Convert a netfilter packet to a scapy packet. scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer( DNSRR): # If the packet is a DNS Resource Record, modify it print("[Before]: ", scapy_packet.summary()) try: scapy_packet = modify_packet(scapy_packet) except IndexError: pass print("[After]: ", scapy_packet.summary()) # Set the packet back to a netfilter packet packet.set_payload(bytes(scapy_packet)) # Accept the packet packet.accept()
def getICMPPacket(self): """ 构造ICMP报文 :return: """ try: icmp_packet = IP() / ICMP() icmp_packet.version = int(self.entries[2].get()) icmp_packet.id = int(self.entries[3].get()) icmp_packet.flags = int(self.entries[4].get()) icmp_packet.frag = int(self.entries[5].get()) icmp_packet.ttl = int(self.entries[6].get()) # ip_packet.chksum = str(self.entries[7].get()) icmp_packet.src = str(self.entries[8].get()) icmp_packet.dst = str(self.entries[9].get()) icmp_packet.type = int(self.entries[0].get()) # icmp_packet.chksum = str(self.entries[1].get()) # 获得数据包的二进制值 pkg_raw = raw(icmp_packet) # 构造数据包,自动计算校验和 icmp_packet = IP(pkg_raw) # 去除数据包的IP首部,并构建ICMP对象,这样可以获得ICMP的校验和 pkg_icmp = pkg_raw[20:] pkg_icmp = ICMP(pkg_icmp) print("scapy自动计算的ICMP的校验和为:%04x" % pkg_icmp.chksum) self.entries[1].delete(0, END) self.entries[1].insert(0, hex(pkg_icmp.chksum)) self.entries[7].delete(0, END) self.entries[7].insert(0, hex(icmp_packet.chksum)) icmp_packet.show() self.resultText.insert('end', icmp_packet.summary() + '\n') self.resultText.insert('end', str(icmp_packet) + '\n') return Ether() / icmp_packet except Exception as e: print(e.with_traceback()) finally: pass
ls(IP()) # print('******比如ls(TCP)来查看TCP包的各种默认参数******') # print(ls(TCP())) # # print('******查看scapy指令集******') # print(lsc()) pkt = IP(dst='114.114.114.114') # ls(pkt) print('使用show()方法来查看数据包信息') pkt.show() print('使用summary()方法查看概要信息') print(pkt.summary()) print('使用hexdump(pkt)开查看数据包的字节信息') hexdump(pkt) print('使用 "/" 操作符来给数据包加上一层。例如构造一个TCP数据包,在IP层指明数据包的目的地址。在TCP层可以设定数据包的目的端口等等') tcp_pkt = IP(dst='114.114.114.114') / TCP() tcp_pkt.show() print('数据包的目标端口可以用范围来表示,发送的时候就会发送dport 不同的多个数据包') tcp_pkt = IP(dst='114.114.114.114') / TCP(dport=(22, 33)) # print(tcp_pkt.summary()) for tcp in tcp_pkt: print(tcp.dport) print('如果设置了多个参数为范围的,最后发送的数据包就是笛卡尔积')
""" Date: 2022.04.21 14:23:20 LastEditors: Rustle Karl LastEditTime: 2022.04.21 14:44:37 """ from scapy.layers.inet import IP, ICMP, sr1, raw # 回显 icmp = IP(dst="192.168.4.1") / ICMP() # 时间戳的请求应答格式 icmp = IP(dst="192.168.4.1") / ICMP(type=13) icmp.show() icmp.summary() # 发送和接收数据包 timestamp_reply = sr1(icmp) raw(icmp).hex()
def getIPPacket(self): """ 构造IP数据包 :return: """ # chksum = self.entries[9].get() try: eth = Ether() eth.src = self.entries[0].get() eth.dst = self.entries[1].get() eth.type = int(self.entries[2].get()) ip_packet = IP() ip_packet.versionion = int(self.entries[3].get()) ip_packet.ihl = int(self.entries[4].get()) ip_packet.tos = int(self.entries[5].get()) ip_packet.len = int(self.entries[6].get()) ip_packet.id = int(self.entries[7].get()) ip_packet.flags = int(self.entries[8].get()) ip_packet.frag = int(self.entries[9].get()) ip_packet.ttl = int(self.entries[10].get()) ip_packet.proto = int(self.entries[11].get()) payload = self.entries[16].get() ip_packet.src = self.entries[13].get() ip_packet.dst = self.entries[14].get() # 不含payload计算首部校验和 if payload == '': print("无payload的IP报文") ip_packet.show() checksum_scapy = IP(raw(ip_packet)).chksum # 自主计算验证IP首部检验和并进行填充 print("scapy自动计算的IP首部检验和是:%04x (%s)" % (checksum_scapy, str(checksum_scapy))) # 1.将IP首部和自动设置为0 ip_packet.chksum = 0 # 2.生成ip首部的数据字符串 x = raw(ip_packet) ipString = "".join("%02x" % orb(x) for x in x) # 3.将ip首部的数据字符串转换成字节数组 ipbytes = bytearray.fromhex(ipString) # 4.调用校验和计算函数计算校验和 checksum_self = self.IP_headchecksum(ipbytes) # 5.进行校验和验证 print("验证计算IP首部的检验和是:%04x (%s)" % (checksum_self, str(checksum_self))) # 含payload计算首部校验和 else: print("含有payload的IP报文") ip_packet = ip_packet / payload ip_packet.show() ip_packet.len = 20 + len(payload) checksum_scapy = IP(raw(ip_packet)).chksum print("scapy自动计算的IP首部检验和是:%04x (%s)" % (checksum_scapy, str(checksum_scapy))) ip_packet.chksum = 0 ip_packet.ihl = 5 print('\n 报文长度是:%s' % str(ip_packet.len)) x = raw(ip_packet) ipString = "".join("%02x" % orb(x) for x in x) ipbytes = bytearray.fromhex(ipString) checksum_self = self.IP_headchecksum(ipbytes[0:ip_packet.ihl * 4]) print("验证计算IP首部的检验和是:%04x (%s)" % (checksum_self, str(checksum_self))) if checksum_self == checksum_scapy: print("检验和正确") else: print("检验和不正确") ip_packet.chksum = checksum_self self.entries[12].delete(0, END) self.entries[12].insert(0, hex(ip_packet.chksum)) ip_packet.show() self.resultText.insert('end', ip_packet.summary() + '\n') self.resultText.insert('end', str(ip_packet) + '\n') return eth / ip_packet except Exception as e: print(e.with_traceback()) finally: pass