def out_queue():
"""setup the NF_queue to "rule" the outgoing packets"""
q = nfqueue.queue()
q.open()
# need to be done once
# performed in In.py
#q.unbind(AF_INET6)
#q.bind(AF_INET6)
q.set_callback(callback)
q.create_queue(2)
q.set_queue_maxlen(5000)
# send a Router Solitication to all neighboring routers
# (only at the launch of the program)
if not NDprotector.is_router:
SendRTSol()
return q
def run(cls, template_path=''):
# check if root
if not os.geteuid() == 0:
exit("\nPlease run as root\n")
os_pattern = get_os_pattern(template_path)
# Flush the IP tables first
flush_tables()
# Configure NFQUEUE target
# Capture incoming packets and put in nfqueue 1
os.system('iptables -A INPUT -j NFQUEUE --queue-num 0')
# creation of a new queue object
q = nfqueue.queue()
q.set_callback(ProcessPKT(os_pattern).callback)
q.fast_open(0, socket.AF_INET)
q.set_queue_maxlen(-1)
# process queue for packet manipulation
try:
workers = list()
for i in range(2):
workers.append(gevent.spawn(cls.worker, q))
gevent.joinall(workers)
except KeyboardInterrupt:
# on exit clean up
q.unbind(socket.AF_INET)
q.close()
flush_tables()
print 'Exiting...'
def run(cls, template_path='SIMATIC_300_PLC.txt'):
# check if root
if not os.geteuid() == 0:
exit("\nPlease run as root\n")
os_pattern = get_os_pattern(template_path)
# Flush the IP tables first
flush_tables()
# Configure NFQUEUE target
# Capture incoming packets and put in nfqueue 1
os.system('iptables -A INPUT -j NFQUEUE --queue-num 0')
# creation of a new queue object
q = nfqueue.queue()
q.set_callback(ProcessPKT(os_pattern).callback)
q.fast_open(0, socket.AF_INET)
q.set_queue_maxlen(-1)
# process queue for packet manipulation
try:
workers = list()
for i in range(2):
workers.append(gevent.spawn(cls.worker, q))
gevent.joinall(workers)
except KeyboardInterrupt:
# on exit clean up
q.unbind(socket.AF_INET)
q.close()
flush_tables()
print 'Exiting...'
def fuzzThread(self, button, aFilter):
self.log.info(_("Launching fuzzing process with : filter=\"{0}\"").format(aFilter.get_text()))
## Set Netfilter NFQUEUE
# os.popen("sudo iptables -I OUTPUT -p tcp --dport 80 -j NFQUEUE 2>&1 > /dev/null")
# os.popen("sudo iptables -I OUTPUT -p tcp --sport 80 -j NFQUEUE 2>&1 > /dev/null")
q = nfqueue.queue()
q.open()
try:
q.unbind(socket.AF_INET)
except:
pass
q.bind(socket.AF_INET)
q.set_callback(self.nfqueue_cb)
q.create_queue(0)
q.set_queue_maxlen(5000)
try:
## TODO : do it in a dedicated process
q.try_run()
except:
pass
q.unbind(socket.AF_INET)
q.close()
# os.popen("sudo iptables -D OUTPUT -p tcp --dport 80 -j NFQUEUE 2>&1 > /dev/null")
# os.popen("sudo iptables -D OUTPUT -p tcp --sport 80 -j NFQUEUE 2>&1 > /dev/null")
gobject.idle_add(button.set_sensitive, True)
def run(cls):
# check if root
if not os.geteuid() == 0:
exit("\nPlease run as root\n")
# Configure NFQUEUE target
# Capture incoming packets and put in nfqueue 1
os.system('iptables -A INPUT -j NFQUEUE --queue-num 0')
# creation of a new queue object
q = nfqueue.queue()
q.open()
# creation of the netlink socket, bind to a family and a queue number
q.bind(socket.AF_INET)
q.set_callback(ProcessPKT(OSPattern).start)
q.create_queue(0)
# run endless loop for packet manipulation
try:
q.try_run()
except KeyboardInterrupt:
# on exit clean up
q.unbind(socket.AF_INET)
q.close()
os.system('iptables -F')
sys.exit('Exiting...')
def createNetFilterQueue():
queue = nfqueue.queue()
queue.open()
queue.bind(socket.AF_INET)
queue.set_callback(callback)
queue.create_queue(0)
return queue
def run(self):
q = nfqueue.queue()
if self.verbose:
print "NFQ: open"
q.open()
if self.verbose:
print "NFQ: bind"
q.bind(AF_INET)
if self.verbose:
print "NFQ: setting callback"
q.set_callback(self.cb)
if self.verbose:
print "NFQ: creating queue"
q.create_queue(self.queue)
q.set_queue_maxlen(50000)
if self.verbose:
print "NFQ: trying to run"
try:
q.try_run()
except KeyboardInterrupt, e:
print "NFQ: interrupted"
def start_dns_queue(self):
self.q = nfqueue.queue()
self.q.set_callback(self.nfqueue_callback)
self.q.fast_open(0, socket.AF_INET)
self.q.set_queue_maxlen(5000)
reactor.addReader(self)
self.q.set_mode(nfqueue.NFQNL_COPY_PACKET)
def bind(self): self.q = nfqueue.queue() self.q.open() self.q.bind(socket.AF_INET) self.q.set_callback(self.callback) self.q.create_queue(0) self.q.try_run()
def run(self):
q = nfqueue.queue()
if self.verbose:
print "NFQ: open"
q.open()
if self.verbose:
print "NFQ: bind"
q.bind(AF_INET)
if self.verbose:
print "NFQ: setting callback"
q.set_callback(self.cb)
if self.verbose:
print "NFQ: creating queue"
q.create_queue(self.queue)
q.set_queue_maxlen(50000)
if self.verbose:
print "NFQ: trying to run"
try:
q.try_run()
except KeyboardInterrupt, e:
print "NFQ: interrupted"
def start_dns_queue(self):
self.q = nfqueue.queue()
self.q.set_callback(self.nfqueue_callback)
self.q.fast_open(0, socket.AF_INET)
self.q.set_queue_maxlen(5000)
reactor.addReader(self)
self.q.set_mode(nfqueue.NFQNL_COPY_PACKET)
def go(self): self.q = nfqueue.queue() self.q.open() self.q.bind(socket.AF_INET) self.q.set_callback(self.filter_pkt) self.q.create_queue(0) self.q.try_run()
def __init__(self, cb, nqueue=0, family=AF_INET6, maxlen=5000, map=None):
self._q = queue()
self._q.set_callback(cb)
self._q.fast_open(nqueue, family)
self._q.set_queue_maxlen(maxlen)
self.fd = self._q.get_fd()
asyncore.file_dispatcher.__init__(self, self.fd, map)
self._q.set_mode(NFQNL_COPY_PACKET)
def nfq_setup(self, queueno):
q = nfqueue.queue()
q.set_callback(self.cb)
try:
q.fast_open(queueno, AF_INET)
except RuntimeError, e:
log.error("cannot bind to nf_queue %d: %s. Already in use or not root?" % (queueno, e))
return False
def listen(self):
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(self.callback)
q.create_queue(1)
q.try_run()
print 'hello'
def __init__(self): self.q = nfqueue.queue() self.q.set_callback(Parser().start) self.q.fast_open(0, socket.AF_INET) self.q.set_queue_maxlen(5000) reactor.addReader(self) self.q.set_mode(nfqueue.NFQNL_COPY_PACKET) print '[*] Flushed firewall and forwarded traffic to the queue; waiting for data'
def __init__(self, args):
self.q = nfqueue.queue()
self.q.set_callback(Parser(args).start)
self.q.fast_open(0, socket.AF_INET)
self.q.set_queue_maxlen(5000)
reactor.addReader(self)
self.q.set_mode(nfqueue.NFQNL_COPY_PACKET)
print '[*] Flushed 防火墙 和转发流量 到队列 ; 等待数据 '
def __init__(self, cb, nqueue=0, family=AF_INET, maxlen=5000, map=None): self._q = nfqueue.queue() self._q.set_callback(cb) self._q.fast_open(nqueue, family) self._q.set_queue_maxlen(maxlen) self.fd = self._q.get_fd() asyncore.file_dispatcher.__init__(self, self.fd, map) self._q.set_mode(nfqueue.NFQNL_COPY_PACKET)
def __init__(self, callback, nqueue=0, family=socket.AF_INET, maxlen=5000, map=None): self.queue = nfqueue.queue() self.queue.set_callback(callback) self.queue.fast_open(nqueue, family) self.queue.set_queue_maxlen(maxlen) self.fd = self.queue.get_fd() asyncore.file_dispatcher.__init__(self,self.fd,map) self.queue.set_mode(nfqueue.NFQNL_COPY_PACKET)
def __init__(self):
self.q = nfqueue.queue()
self.q.set_callback(cb)
self.q.fast_open(0, socket.AF_INET)
self.q.set_queue_maxlen(5000)
reactor.addReader(self)
self.q.set_mode(nfqueue.NFQNL_COPY_PACKET)
print '[info] spoofing dns packets'
def __init__(self):
self.q = nfqueue.queue()
self.q.set_callback(queue_cb)
self.q.fast_open(0, socket.AF_INET)
self.q.set_queue_maxlen(5000)
reactor.addReader(self)
self.q.set_mode(nfqueue.NFQNL_COPY_PACKET)
print '[*] Waiting for data'
def __init__(self):
self.q = nfqueue.queue()
self.q.set_callback(Parser().start)
self.q.fast_open(0, socket.AF_INET)
self.q.set_queue_maxlen(5000)
reactor.addReader(self)
self.q.set_mode(nfqueue.NFQNL_COPY_PACKET)
print '[*] Flushed firewall and forwarded traffic to the queue; waiting for data'
def __init__(self):
self.q = nfqueue.queue()
self.q.set_callback(queue_cb)
self.q.fast_open(0, socket.AF_INET)
self.q.set_queue_maxlen(5000)
reactor.addReader(self)
self.q.set_mode(nfqueue.NFQNL_COPY_PACKET)
print '[*] Waiting for data'
def __init__(self, args):
self.q = nfqueue.queue()
self.q.set_callback(Parser(args).start)
self.q.fast_open(0, socket.AF_INET)
self.q.set_queue_maxlen(5000)
reactor.addReader(self)
self.q.set_mode(nfqueue.NFQNL_COPY_PACKET)
print '[*] Flushed 防火墙 和转发流量 到队列 ; 等待数据 '
def main():
global logger
logger = logging.getLogger('miner')
formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s')
file_handler = logging.FileHandler('/var/tmp/miner.log')
file_handler.setFormatter(formatter)
console_handler = logging.StreamHandler()
console_handler.setFormatter(formatter)
logger.addHandler(file_handler)
logger.addHandler(console_handler)
logger.setLevel(logging.INFO) # Normal logging
#logger.setLevel(logging.DEBUG)
logger.info("Starting DevFee-Modifier..")
# Kill existing processes
# try:
# # Search and kill running processes with similar name
# for proc in psutil.process_iter():
# #print ("%s, %s" % (proc.name(), proc.cmdline()))
# if __file__ in proc.cmdline():
# if "python" in proc.cmdline():
# logger.info("Found an existing Python process: " + " ".join(proc.cmdline()))
# # proc.kill()
# # TODO!!!
# except:
# pass # Do nothing for now
# Start iptable and create a queue for net filter
os.system('iptables -A OUTPUT -p tcp --match multiport --dport ' +
",".join(ports) + ' -j NFQUEUE --queue-num 0')
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(callback)
q.create_queue(0)
# Blocking call, exit on keyboard interrupt
try:
q.try_run()
except KeyboardInterrupt:
logger.info(
"KeyboardInterrupt detected, terminating DevFee-Modifier..")
logger.info("Saving address_filter.txt..")
# Save address_filter.txt
with open('address_filter.txt', 'w') as f:
for i in address_filter:
f.write(i + '\n')
q.unbind(socket.AF_INET)
q.close()
def setup_nfqueue(fct, num):
q = nfqueue.queue()
q.open()
q.unbind(socket.AF_INET)
q.bind(socket.AF_INET)
q.set_callback(fct)
q.create_queue(num)
return q
def __init__(self): print '[*] queue started.. waiting for data' self._q = nfqueue.queue() self._q.set_callback(Own().handler) self._q.fast_open(0, socket.AF_INET) self._q.set_queue_maxlen(5000) self.fd = self._q.get_fd() asyncore.file_dispatcher.__init__(self, self.fd, None) self._q.set_mode(nfqueue.NFQNL_COPY_PACKET)
def __init__(self):
self.lock = Lock()
self.rules = Rules()
self.dns = DNSCollector()
self.q = nfqueue.queue()
self.q.set_callback(self.pkt_callback)
self.q.fast_open(0, AF_INET)
self.q.set_queue_maxlen(2 * 1024)
def __init__(self): print '[*] in queue started.. waiting for data' self._q = nfqueue.queue() self._q.set_callback(Own().handler) self._q.fast_open(0, socket.AF_INET) self._q.set_queue_maxlen(5000) self.fd = self._q.get_fd() asyncore.file_dispatcher.__init__(self, self.fd, None) self._q.set_mode(nfqueue.NFQNL_COPY_PACKET)
def __init__(self, cb, nqueue=1, family=AF_INET, maxlen=5000, map=None): self._q = nfqueue.queue() self._q.set_callback(cb) self._q.fast_open(nqueue, family) self._q.set_queue_maxlen(maxlen) self.fd = self._q.get_fd() asyncore.file_dispatcher.__init__(self, self.fd, map) self._q.set_mode(nfqueue.NFQNL_COPY_PACKET) print ' [*] Waiting for packets. To exit press CTRL+C'
def nfq_setup(self, queueno):
q = nfqueue.queue()
q.set_callback(self.cb)
try:
q.fast_open(queueno, AF_INET)
except RuntimeError, e:
log.error(
"cannot bind to nf_queue %d: %s. Already in use or not root?" %
(queueno, e))
return False
def main(): q = nfqueue.queue() q.open() q.bind(socket.AF_INET) q.set_callback(process) q.create_queue(0) try: q.try_run() except KeyboardInterrupt, e: print "interruption"
def __init__(self, queue, callback):
self.queue = nfqueue.queue()
self.queue.set_callback(callback)
self.queue.fast_open(queue, AF_INET)
self.queue.set_queue_maxlen(1024)
self.fd = self.queue.get_fd()
asyncore.file_dispatcher.__init__(self, self.fd, None)
self.queue.set_mode(NFQNL_COPY_PACKET)
def __init__(self, callback, num):
threading.Thread.__init__(self)
self._q = nfqueue.queue()
self._q.set_callback(callback)
self._q.fast_open(num, AF_INET)
self.fd = self._q.get_fd()
asyncore.file_dispatcher.__init__(self, self.fd, None)
self._q.set_mode(nfqueue.NFQNL_COPY_PACKET)
self._stopevent = threading.Event()
def run_queue_blocking(self, callback, num):
q = nfqueue.queue()
q.set_callback(callback)
q.fast_open(num,AF_INET) #Instead of : q.open() and q.bind(socket.AF_INET) and q.create_queue(12)
try:
time.sleep(1)
q.try_run()
except:
q.unbind(AF_INET)
q.close()
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(callback)
q.create_queue(1)
try:
q.try_run() # Main loop
except KeyboardInterrupt:
q.unbind(socket.AF_INET)
q.close()
def __init__(self, config, log, database):
super(Traffic, self).__init__()
self.config = config
self.log = log
self.database = database
self.running = True
self.queue = nfqueue.queue()
self.queue.open()
self.queue.bind(socket.AF_INET)
self.queue.set_callback(self.callback)
self.queue.create_queue(0)
self.load_plugins()
def start(self):
set_ip_forwarding(1)
iptables().NFQUEUE(self.mode)
self.q = nfqueue.queue()
self.q.open()
self.q.bind(socket.AF_INET)
self.q.set_callback(self.modify)
self.q.create_queue(0)
while True:
self.q.try_run()
print("stopped")
def synfinfu(self, ip, port):
# modprobe nfnetlink_queue
# apt-get install nfqueue-bindings-python python-netfilter
#
# current pid will be the queue_id
qid = os.getpid()
log.msg("NFQueue ID: %d" % qid)
# we gonna set up the queue
nfq = nfqueue.queue()
nfq.open()
try:
nfq.bind(socket.AF_INET)
except RuntimeError as rte:
log.err(
"umm... %s ... maybe nfqueue.unbind() wasn't successful last time... :/"
% rte)
log.err(
"try this: rmmod nfnetlink_queue; modprobe nfnetlink_queue")
exit(1)
nfq.set_callback(self.__synfin)
nfq.create_queue(qid)
log.msg("NFQueue up")
# we need the rules
# I tried to use python-netfilter but its undocumented
# finally I figured out how to use but just cant use together with nfqueue
os.system(
"iptables -A OUTPUT -p tcp --tcp-flags ALL SYN -d %s --dport %d -j NFQUEUE --queue-num %d"
% (ip, port, qid))
os.system(
"iptables -A OUTPUT -p tcp --tcp-flags ALL SYN -d %s --dport %d -j DROP"
% (ip, port))
log.msg("iptables rules up")
log.msg(
"now you can try to connect to %s:%d with your favourite client" %
(ip, port))
# os.system("iptables -L OUTPUT")
try:
nfq.try_run()
except KeyboardInterrupt:
log.msg("kbd interrupt... ")
os.system(
"iptables -D OUTPUT -p tcp --tcp-flags ALL SYN -d %s --dport %d -j NFQUEUE --queue-num %d"
% (ip, port, qid))
os.system(
"iptables -D OUTPUT -p tcp --tcp-flags ALL SYN -d %s --dport %d -j DROP"
% (ip, port))
log.msg("iptables rules down")
nfq.unbind(socket.AF_INET)
nfq.close()
log.msg("NFQueue down")
exit(1)
def __init__(self, queue_num, callback):
threading.Thread.__init__(self)
self.queueNum = queue_num
try:
self.queue = nfqueue.queue()
self.queue.set_callback(callback)
self.queue.fast_open(queue_num, socket.AF_INET)
self.queue.set_queue_maxlen(Filter.MAX_QUEUE_LEN)
except RuntimeError as e:
print("RuntimeError: %s" % (os.strerror(ctypes.get_errno())))
raise e
self.running = False
def __init__(self, queue_num, callback):
threading.Thread.__init__(self)
self.queueNum = queue_num
try:
self.queue = nfqueue.queue()
self.queue.set_callback(callback)
self.queue.fast_open(queue_num, socket.AF_INET)
self.queue.set_queue_maxlen(Filter.MAX_QUEUE_LEN)
except RuntimeError as e:
print("RuntimeError: %s" % (os.strerror(ctypes.get_errno())))
raise e
self.running = False
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(callback)
q.create_queue(0)
try:
q.try_run() # Main loop
except KeyboardInterrupt:
q.unbind(socket.AF_INET)
q.close()
os.system('iptables -F')
os.system('iptables -X')
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(callback)
q.create_queue(0)
try:
q.try_run() # Main loop
except KeyboardInterrupt:
q.unbind(socket.AF_INET)
q.close()
if path.exists('./restart_iptables'):
os.system('./restart_iptables')
def __init__(self):
# On met dans self.q les paquets present dans la file d'attente
self.q = nfqueue.queue()
# On parse le paquet et on charge la reponse DNS spoofee
self.q.set_callback(cb)
# On cree la socket et on la bind avec la file d'attente 0
self.q.fast_open(0, socket.AF_INET)
self.q.set_queue_maxlen(5000)
reactor.addReader(self)
self.q.set_mode(nfqueue.NFQNL_COPY_PACKET)
if (arg_parser().domain or arg_parser().spoofall
or arg_parser().redirectto):
print '\033[31m[*] DNS Spoofing: Waiting for DNS queries\033[37m'
def main():
q14 = nfqueue.queue()
q8 = nfqueue.queue()
q14.open()
q8.open()
q14.bind(socket.AF_INET)
q8.bind(socket.AF_INET)
q14.set_callback(callback)
q8.set_callback(callback)
q14.create_queue(14)
q8.create_queue(8)
try:
q14.try_run() # Main loop
q8.try_run() # Main loop
except KeyboardInterrupt:
q14.unbind(socket.AF_INET)
q8.close()
def main(): q = nfqueue.queue() q.open() q.bind(socket.AF_INET) q.set_callback(process) q.create_queue(0) try: q.try_run() except KeyboardInterrupt: print "Error al crear el paquete..." q.unbind(socket.AF_INET) q.close() sys.exit(1)
def run_manager(self):
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(self.process)
q.create_queue(0)
try:
print("NFQUEUE ran, socket binded.")
q.try_run()
except:
print(sys.exc_info()[0])
print("NFQUEUE closed, socket unbinded.")
q.unbind(socket.AF_INET)
q.close()
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(process)
q.create_queue(0)
try:
q.try_run()
except KeyboardInterrupt:
print("[Exit] Closing socket.")
q.unbind(socket.AF_INET)
q.close()
sys.exit(1)
def startFirewall():
print 'Starting the Firewall'
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(process)
q.create_queue(0)
try:
q.try_run()
except KeyboardInterrupt:
print "Exiting..."
q.unbind(socket.AF_INET)
q.close()
sys.exit(0)
def main(): app = QtGui.QApplication(sys.argv) mainw = MainWindow() mainw.show() sys.exit(app.exec_()) db.close() q = nfqueue.queue() q.set_callback(cb) q.open() q.create_queue(0) #Same queue number of the rule q.set_queue_maxlen(50000)
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(callback)
q.create_queue(0)
try:
q.try_run() # Main loop
except KeyboardInterrupt:
q.unbind(socket.AF_INET)
q.close()
os.system('iptables -F')
os.system('iptables -X')
sys.exit('losing...')
def listening_queue(cls):
"""queue that listen for outgoing TCP connexions"""
q = nfqueue.queue()
q.open()
q.unbind(AF_INET6)
q.bind(AF_INET6)
q.set_callback(callback)
q.create_queue(5)
q.set_queue_maxlen(5000)
return q
def init(queue):
q = nfqueue.queue()
if (queue == 0):
q.set_callback(cb_nmap)
print " [->] %s: nmap packet processor" % multiprocessing.current_process(
).name
if (queue == 1 and (opts.osgenre or (opts.details_p0f and opts.osgenre))):
q.set_callback(cb_p0f)
print " [->] %s: p0f packet processor" % multiprocessing.current_process(
).name
q.fast_open(queue, AF_INET)
try:
q.try_run()
except KeyboardInterrupt, err:
pass
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(callback)
q.create_queue(2)
try:
q.try_run() # Main loop
except KeyboardInterrupt:
q.unbind(socket.AF_INET)
q.close()
# removing rule
os.system(
'iptables -t filter -D INPUT -p tcp --sport 80 -i enp7s0 -d 10.0.0.101 -j NFQUEUE --queue-num 2'
)
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(process_packet)
q.create_queue(QUEUE_NUM)
try:
hook()
q.try_run()
except KeyboardInterrupt:
unhook()
print("Exit...")
q.unbind(socket.AF_INET)
q.close()
sys.exit(0)
def main():
iptables_to_nfqueue()
packet_queue = nfqueue.queue()
packet_queue.open()
packet_queue.bind(socket.AF_INET)
packet_queue.set_callback(Packet_capture)
packet_queue.create_queue(0)
try:
packet_queue.try_run()
except KeyboardInterrupt:
print ("Exiting...")
packet_queue.unbind(socket.AF_INET)
packet_queue.close()
os.system('sudo iptables -F')
sys.exit(1)