I'm trying to perform a transparent MITM attack with scapy. I've got an Ubuntu machine with two network interfaces, connected each one to a machine. Those machines have same subnet addresses and operate correctly if directly connected. The objective is to be able to be totally transparent, using both interfaces with no IP address and in promisc mode.
The implementation I'm using is the following:
def pkt_callback(pkt):
if pkt.sniffed_on == "enp0s3":
sendp(pkt, iface="enp0s8", verbose=0)
else:
sendp(pkt, iface="enp0s3", verbose=0)
def enable_bridge():
sniff(iface=["enp0s3", "enp0s8"], prn=pkt_callback, store=0)
if __name__ == "__main__":
conf.sniff_promisc=True
enable_bridge()
This is not all the code, but is the main routing part... I can see that packets arrive to both interfaces, but no pinging from one machine to another... Any idea of how to make this work?
Thanks in advance.
EDIT 1:
The full implementation here:
from scapy.all import *
from utils import interfaces, addresses
#from routing import *
from packet_filters import is_mms_packet
from attacks import performAttack
import sys
import os
import time
import datetime
def writePacketInDisk(pkt):
wrpcap("network_logs/network-log-
"+datetime.date.today().strftime("%Y")+"-"
+datetime.date.today().strftime("%B")+"-
"+datetime.date.today().strftime("%d")+".pcap", pkt, append=True)
def pkt_callback_PLC_OPC(pkt):
ret = True
# if is_mms_packet(pkt):
# writePacketInDisk(pkt)
#ret = performAttack(pkt)
return ret
def pkt_callback_OPC_PLC(pkt):
ret = True
# if is_mms_packet(pkt):
# writePacketInDisk(pkt)
#ret = performAttack(pkt)
return ret
def enable_bridge():
print "hello!!"
bridge_and_sniff(interfaces["plc-ccb"], interfaces["opc"],
xfrm12=pkt_callback_PLC_OPC, xfrm21=pkt_callback_OPC_PLC,
count=0, store=0)
#prn = lamba x: x.summary()
print "bye!!"
if __name__ == "__main__":
conf.sniff_promisc=True
enable_bridge()
This is definitely not working... Is the code correct? May be my VM too slow for this task?
This code is correct and should work. You should update to the current development version of Scapy (https://github.com/secdev/scapy/) and see if that was related to an old bug.
As a side note, you can directly use bridge_and_sniff("enp0s3", "enp0s8") instead of writing your own function.
Related
I am still struggling with using data from the callback function, I wrote a class and trying to get the data from the callback function associated with the class, any help would be much appreciated. Do I need to use multi threading or there is an easy way to use it ? When I am calling the class the publisher initializes and then callback keep getting the updated data but I am not sure how can I use this data.
#!/usr/bin/env python3
"""OpenCV feature detectors with ros CompressedImage Topics in python.
This example subscribes to a ros topic containing sensor_msgs
CompressedImage. It converts the CompressedImage into a numpy.ndarray,
then detects and marks features in that image. It finally displays
and publishes the new image - again as CompressedImage topic.
"""
__version__= '0.1'
from moveit_commander.conversions import pose_to_list
from rospy_tutorials.msg import Floats
from rospy.numpy_msg import numpy_msg
from tf import TransformListener
from std_msgs.msg import String
import geometry_msgs.msg
import moveit_commander
import moveit_msgs.msg
from math import pi
import sys, time
import rospy
import copy
VERBOSE=False
class move_xarm:
# global my_data
def __init__(self):
'''Initialize ros publisher and subscriber'''
# publish trajectories for RViz to visualize
self.display_trajectory_publisher = rospy.Publisher('/move_group/display_planned_path',moveit_msgs.msg.DisplayTrajectory,queue_size=20)
self.data_callback_publisher = rospy.Publisher('/callback_data',numpy_msg(Floats),queue_size=1)
self.my_data = None
self.listener()
# subscribed Topic
# self.subscriber = rospy.Subscriber("marker_wrt_base_pose", numpy_msg(Floats), self.callback, queue_size = 1)
if VERBOSE :
print("subscribed to marker_wrt_base_pose")
def listener(self):
# In ROS, nodes are uniquely named. If two nodes with the same
# name are launched, the previous one is kicked off. The
# anonymous=True flag means that rospy will choose a unique
# name for our 'listener' node so that multiple listeners can
# run simultaneously.
rospy.init_node('move_group_python_interface_tutorial', anonymous=True)
rospy.Subscriber("marker_wrt_base_pose", numpy_msg(Floats), self.callback,queue_size = 1)
# spin() simply keeps python from exiting until this node is stopped
rospy.spin()
def callback(self, ros_data):
'''Callback function of subscribed topic.
Here position data get converted into float64'''
if VERBOSE :
print('received data of type: "%s"' % ros_data.format)
self.my_data = ros_data.data
# my_data = my_data.astype('float64')
self.data_callback_publisher.publish(ros_data)
if __name__ == '__main__':
mv = move_xarm()
I resolved this issue,
Create another function out of the class say name use_data(args)
Call use_data in main function and you are good to go.
One of the common problem is use of spin command,they block the main thread from exiting until ROS invokes a shutdown - via a Ctrl + C.
def use_data(args):
ic = move_xarm()
rospy.init_node('move_group_python_interface_tutorial',anonymous=True)
rate = rospy.Rate(5) # ROS Rate at 5Hz
while not rospy.is_shutdown():
do stuff using the variable ic.my_data
rate.sleep()
my problem is, how can i implement threadings to my program, where i have communication BLE with Rpi3.
My program works great, but response is too slow.
Please help with this. Thanks.
BMS_reading:
import gatt
import sys
import time
import threading
class AnyDevice(gatt.Device):
def write(self, characteristic):
self.response=bytearray()
self.bms_write_characteristic.write_value(bytes([0xDD,0xA5,0x03,0x00,0xFF,0xFD,0x77]));
def services_resolved(self):
super().services_resolved()
device_information_service = next(
s for s in self.services
if s.uuid == '0000ff00-0000-1000-8000-00805f9b34fb')
self.bms_read_characteristic = next(
c for c in device_information_service.characteristics
if c.uuid == '0000ff01-0000-1000-8000-00805f9b34fb')
self.bms_write_characteristic = next(
c for c in device_information_service.characteristics
if c.uuid == '0000ff02-0000-1000-8000-00805f9b34fb')
self.bms_read_characteristic.enable_notifications()
self.write(self.bms_read_characteristic)
def characteristic_value_updated(self, characteristic, value):
self.value=value
def write():
self.response+=self.value
if (self.response.endswith(b'w')):
self.response=self.response[4:]
self.SoC=int.from_bytes(self.response[19:20], byteorder = 'big')
self.manager.stop()
write()
#reading loop (I want add threading and read info "SoC")
while True:
address="A4:C1:38:A0:59:EB"
manager = gatt.DeviceManager(adapter_name='hci0')
device = AnyDevice(mac_address=address, manager=manager)
device.connect()
manager.run()
print("Capacity is: "+str(device.SoC)+"%")
TERMINAL <<< Capacity is: 76%
#long delay which i dont want
<<< Capacity is: 76%
I dont know how can i make it.
when i make thread all while loop, the communication does not have time to react and prints bad numbers or errors.
Please help.
--------------------EDITED--PROGRAM--FOR--NOTIFICATION------UPDATE----------
import gatt
import json
import sys
#from gi.repository import GLib
manager = gatt.DeviceManager(adapter_name='hci0')
class AnyDevice(gatt.Device):
def connect_succeeded(self):
super().connect_succeeded()
print("[%s] Připojeno" % (self.mac_address))
def connect_failed(self, error):
super().connect_failed(error)
print("[%s] Connection failed: %s" % (self.mac_address, str(error)))
def disconnect_succeeded(self):
super().disconnect_succeeded()
print("[%s] Disconnected" % (self.mac_address))
self.manager.stop()
def services_resolved(self):
super().services_resolved()
device_information_service = next(
s for s in self.services
if s.uuid == '0000ff00-0000-1000-8000-00805f9b34fb')
self.bms_read_characteristic = next(
c for c in device_information_service.characteristics
if c.uuid == '0000ff01-0000-1000-8000-00805f9b34fb')
self.bms_write_characteristic = next(
c for c in device_information_service.characteristics
if c.uuid == '0000ff02-0000-1000-8000-00805f9b34fb')
print("BMS found")
self.bms_read_characteristic.enable_notifications()
def characteristic_enable_notifications_succeeded(self, characteristic):
super().characteristic_enable_notifications_succeeded(characteristic)
print("BMS request generic data")
self.response=bytearray()
self.bms_write_characteristic.write_value(bytes([0xDD,0xA5,0x03,0x00,0xFF,0xFD,0x77]));
def characteristic_enable_notifications_failed(self, characteristic, error):
super.characteristic_enable_notifications_failed(characteristic, error)
print("BMS notification failed:",error)
def characteristic_value_updated(self, characteristic, value):
self.response+=value
if (self.response.endswith(b'w')):
self.response=self.response[4:]
temperature= (int.from_bytes(self.response[23+1*2:1*2+25],'big')-2731)/10
print("Temperature is: "+str(temperature) + " C")
def characteristic_write_value_failed(self, characteristic, error):
print("BMS write failed:",error)
device = AnyDevice(mac_address="A4:C1:38:A0:59:EB", manager=manager)
device.connect()
manager.run()
Terminal print, even if the value changes and the manager is running:
>>>BMS found
>>>BMS request generic data
>>>Temperature is: 19 C
#there program get stuck even if value is changing
thank you, I edited the program with notifications and as you can see, it supports it.
But I have a problem here that even if the values (temperatures) change and manager in in manager.run (), the terminal will send me only one value and did nothing else even if I heat the device. when I restart the program the value changes again and only one remains. Do I have a code written correctly, please?
Thnak you so much for your time sir.
My assumption is that you are using the gatt-python library.
The line manager.run() is starting the event loop so you do not need to have a while loop in your code.
If the temperature characteristic supports notifications, then turning them on would be the most efficient way of reading the values when they change.
If the device does not have notifications then creating a timed event to read the temperature at the frequency you require would be recommended. The documentation for for timeout_add_seconds isn't always the easiest to understand, but the import is:
from gi.repository import GLib
Then just before you run the event loop call:
GLib.timeout_add_seconds(2, my_callback_to_read_temperature)
I expect gi.repository to be installed on the RPi already but if you need the instructions for installing, then they are at: https://pygobject.readthedocs.io/en/latest/getting_started.html#ubuntu-getting-started
If I have a python script running (with full Tkinter GUI and everything) and I want to pass the live data it is gathering (stored internally in arrays and such) to another python script, what would be the best way of doing that?
I cannot simply import script A into script B as it will create a new instance of script A, rather than accessing any variables in the already running script A.
The only way I can think of doing it is by having script A write to a file, and then script B get the data from the file. This is less than ideal however as something bad might happen if script B tries to read a file that script A is already writing in. Also I am looking for a much faster speed to communication between the two programs.
EDIT:
Here are the examples as requested. I am aware why this doesn't work, but it is the basic premise of what needs to be achieved. My source code is very long and unfortunately confidential, so it is not going to help here. In summary, script A is running Tkinter and gathering data, while script B is views.py as a part of Django, but I'm hoping this can be achieved as a part of Python.
Script A
import time
i = 0
def return_data():
return i
if __name__ == "__main__":
while True:
i = i + 1
print i
time.sleep(.01)
Script B
import time
from scriptA import return_data
if __name__ == '__main__':
while True:
print return_data() # from script A
time.sleep(1)
you can use multiprocessing module to implement a Pipe between the two modules. Then you can start one of the modules as a Process and use the Pipe to communicate with it. The best part about using pipes is you can also pass python objects like dict,list through it.
Ex:
mp2.py:
from multiprocessing import Process,Queue,Pipe
from mp1 import f
if __name__ == '__main__':
parent_conn,child_conn = Pipe()
p = Process(target=f, args=(child_conn,))
p.start()
print(parent_conn.recv()) # prints "Hello"
mp1.py:
from multiprocessing import Process,Pipe
def f(child_conn):
msg = "Hello"
child_conn.send(msg)
child_conn.close()
If you wanna read and modify shared data, between 2 scripts, which run separately, a good solution is, take advantage of the python multiprocessing module, and use a Pipe() or a Queue() (see differences here). This way, you get to sync scripts, and avoid problems regarding concurrency and global variables (like what happens if both scripts wanna modify a variable at the same time).
As Akshay Apte said in his answer, the best part about using pipes/queues, is that you can pass python objects through them.
Also, there are methods to avoid waiting for data, if there hasn't been any passed yet (queue.empty() and pipeConn.poll()).
See an example using Queue() below:
# main.py
from multiprocessing import Process, Queue
from stage1 import Stage1
from stage2 import Stage2
s1= Stage1()
s2= Stage2()
# S1 to S2 communication
queueS1 = Queue() # s1.stage1() writes to queueS1
# S2 to S1 communication
queueS2 = Queue() # s2.stage2() writes to queueS2
# start s2 as another process
s2 = Process(target=s2.stage2, args=(queueS1, queueS2))
s2.daemon = True
s2.start() # Launch the stage2 process
s1.stage1(queueS1, queueS2) # start sending stuff from s1 to s2
s2.join() # wait till s2 daemon finishes
# stage1.py
import time
import random
class Stage1:
def stage1(self, queueS1, queueS2):
print("stage1")
lala = []
lis = [1, 2, 3, 4, 5]
for i in range(len(lis)):
# to avoid unnecessary waiting
if not queueS2.empty():
msg = queueS2.get() # get msg from s2
print("! ! ! stage1 RECEIVED from s2:", msg)
lala = [6, 7, 8] # now that a msg was received, further msgs will be different
time.sleep(1) # work
random.shuffle(lis)
queueS1.put(lis + lala)
queueS1.put('s1 is DONE')
# stage2.py
import time
class Stage2:
def stage2(self, queueS1, queueS2):
print("stage2")
while True:
msg = queueS1.get() # wait till there is a msg from s1
print("- - - stage2 RECEIVED from s1:", msg)
if msg == 's1 is DONE ':
break # ends loop
time.sleep(1) # work
queueS2.put("update lists")
EDIT: just found that you can use queue.get(False) to avoid blockage when receiving data. This way there's no need to check first if the queue is empty. This is no possible if you use pipes.
You could use the pickling module to pass data between two python programs.
import pickle
def storeData():
# initializing data to be stored in db
employee1 = {'key' : 'Engineer', 'name' : 'Harrison',
'age' : 21, 'pay' : 40000}
employee2 = {'key' : 'LeadDeveloper', 'name' : 'Jack',
'age' : 50, 'pay' : 50000}
# database
db = {}
db['employee1'] = employee1
db['employee2'] = employee2
# Its important to use binary mode
dbfile = open('examplePickle', 'ab')
# source, destination
pickle.dump(db, dbfile)
dbfile.close()
def loadData():
# for reading also binary mode is important
dbfile = open('examplePickle', 'rb')
db = pickle.load(dbfile)
for keys in db:
print(keys, '=>', db[keys])
dbfile.close()
This will pass data to and from two running scripts using TCP host socket. https://zeromq.org/languages/python/. required module zmq: use( pip install zmq ).
This this is called a client server communication. The server will wait for the client to send a request. The client will also not run if the server is not running. In addition, this client server communication allows for you to send a request from one device(client) to another device(server), as long as the client and server are on the same network and you change localhost (localhost for the server is marked with: * )to the actual IP of your device(server)( IP help( go into your device network settings, click on your network icon, find advanced or properties, look for IP address. note this may be different from going to google and asking for your ip. I am using IPV6 so. DDOS protection.)) Change the localhost IP of the client to the server IP. QUESTION to OP. Do you have to have script b always running or can script b be imported as a module to script a? If so look up how to make python modules.
I solved the same problem using the lib Shared Memory Dict, it's a very simple dict implementation of multiprocessing.shared_memory.
Source1.py
from shared_memory_dict import SharedMemoryDict
from time import sleep
smd_config = SharedMemoryDict(name='config', size=1024)
if __name__ == "__main__":
smd_config["status"] = True
while True:
smd_config["status"] = not smd_config["status"]
sleep(1)
Source2.py
from shared_memory_dict import SharedMemoryDict
from time import sleep
smd_config = SharedMemoryDict(name='config', size=1024)
if __name__ == "__main__":
while True:
print(smd_config["status"])
sleep(1)
I have written this little script to show current track playing on xmms2 on a notification widget using xmms client and pynotify, so when i run it i can see the widget popup with current artist and title using xmmsclient methods.
Can anybody give some hints about how to detect track change to notify automatically without having to run the script manually?
You connect the client library to a main loop, and register as a listener via the broadcast_ playback_current_id method. If you want the currently playing id when the script starts as well you can call the playback_current_id method.
Here is a small adaptation of tutorial6 in the xmms2-tutorial.git which uses the GLib Mainloop to drive the connection:
import xmmsclient
import xmmsclient.glib
import os
import sys
import gobject
def cb(result):
if not result.is_error():
print "Current: %(artist)s - %(title)s" % result.value()
ml = gobject.MainLoop(None, False)
xc = xmmsclient.XMMS("stackoverflow")
xc.connect()
conn = xmmsclient.glib.GLibConnector(xc)
xc.broadcast_playback_current_id(lambda r: xc.medialib_get_info(r.value(), cb))
ml.run()
I'd like to write a Python script for Amarok in Linux to automatically copy the stackoverflow podcast to my player. When I plug in the player, it would mount the drive, copy any pending podcasts, and eject the player. How can I listen for the "plugged in" event? I have looked through hald but couldn't find a good example.
Update: As said in comments, Hal is not supported in recent distributions, the standard now is udev, Here is a small example that makes use of glib loop and udev, I keep the Hal version for historical reasons.
This is basically the example in the pyudev documentation, adapted to work with older versions, and with the glib loop, notice that the filter should be customized for your specific needing:
import glib
from pyudev import Context, Monitor
try:
from pyudev.glib import MonitorObserver
def device_event(observer, device):
print 'event {0} on device {1}'.format(device.action, device)
except:
from pyudev.glib import GUDevMonitorObserver as MonitorObserver
def device_event(observer, action, device):
print 'event {0} on device {1}'.format(action, device)
context = Context()
monitor = Monitor.from_netlink(context)
monitor.filter_by(subsystem='usb')
observer = MonitorObserver(monitor)
observer.connect('device-event', device_event)
monitor.start()
glib.MainLoop().run()
Old version with Hal and d-bus:
You can use D-Bus bindings and listen to DeviceAdded and DeviceRemoved signals.
You will have to check the capabilities of the Added device in order to select the storage devices only.
Here is a small example, you can remove the comments and try it.
import dbus
import gobject
class DeviceAddedListener:
def __init__(self):
You need to connect to Hal Manager using the System Bus.
self.bus = dbus.SystemBus()
self.hal_manager_obj = self.bus.get_object(
"org.freedesktop.Hal",
"/org/freedesktop/Hal/Manager")
self.hal_manager = dbus.Interface(self.hal_manager_obj,
"org.freedesktop.Hal.Manager")
And you need to connect a listener to the signals you are interested on, in this case DeviceAdded.
self.hal_manager.connect_to_signal("DeviceAdded", self._filter)
I'm using a filter based on capabilities. It will accept any volume and will call do_something with if, you can read Hal documentation to find the more suitable queries for your needs, or more information about the properties of the Hal devices.
def _filter(self, udi):
device_obj = self.bus.get_object ("org.freedesktop.Hal", udi)
device = dbus.Interface(device_obj, "org.freedesktop.Hal.Device")
if device.QueryCapability("volume"):
return self.do_something(device)
Example function that shows some information about the volume:
def do_something(self, volume):
device_file = volume.GetProperty("block.device")
label = volume.GetProperty("volume.label")
fstype = volume.GetProperty("volume.fstype")
mounted = volume.GetProperty("volume.is_mounted")
mount_point = volume.GetProperty("volume.mount_point")
try:
size = volume.GetProperty("volume.size")
except:
size = 0
print "New storage device detectec:"
print " device_file: %s" % device_file
print " label: %s" % label
print " fstype: %s" % fstype
if mounted:
print " mount_point: %s" % mount_point
else:
print " not mounted"
print " size: %s (%.2fGB)" % (size, float(size) / 1024**3)
if __name__ == '__main__':
from dbus.mainloop.glib import DBusGMainLoop
DBusGMainLoop(set_as_default=True)
loop = gobject.MainLoop()
DeviceAddedListener()
loop.run()
Here is a solution in 5 lines.
import pyudev
context = pyudev.Context()
monitor = pyudev.Monitor.from_netlink(context)
monitor.filter_by(subsystem='usb')
for device in iter(monitor.poll, None):
if device.action == 'add':
print('{} connected'.format(device))
# do something very interesting here.
Save this to a file say usb_monitor.py, run python monitor.py. Plug any usb and it will print device details
→ python usb_monitor.py
Device('/sys/devices/pci0000:00/0000:00:14.0/usb1/1-6/1-6:1.0') connected
Device('/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0') connected
Tested on Python 3.5 with pyudev==0.21.0.
I haven't tried writing such a program myself, however I've just looked at the following two links (thanks Google!), which I think will be of help:
dbus-python tutorial (which talks about how to use Python to access D-Bus)
HAL 0.5.10 Specification (which talks about how HAL publishes events to D-Bus)
In particular, read about the org.freedesktop.Hal.Manager interface, and its DeviceAdded and DeviceRemoved events. :-)
Hope this helps!
I think D-Bus would work as Chris mentioned, but if you're using KDE4, you might use the Solid framework in a manner similar to the KDE4 "New Device Notifier" applet.
The C++ source for that applet is here, which shows how to use Solid to detect new devices. Use PyKDE4 for Python bindings to these libraries, as shown here.