scapy

Refactoring and Housekeeping: #!/usr/bin/env python import re from netfilterqueue import NetfilterQueue from scapy.layers.inet import TCP, IP from scapy.packet import Raw def set_load(packet, load): packet[Raw].load = load del packet[IP].len del packet[IP].chksum del packet[TCP].chksum return packet def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP): load = scapy_packet[Raw].load if scapy_packet[TCP].dport == 80: print("[+] Request") load = re.sub(b"Accept-Encoding:.*?\\r\\n", b"", load) elif scapy_packet[TCP].sport

I am trying to sniff an out going http packet using scapy, add a few new http headers in it and send it ahead. The intention here is to only insert new headers while keeping the packet intact. At max any checksum recalculation should be done if needed. Have been through almost all questions on SO but didn't exactly get a solution. Following is what i have done. def parse(pkt): if pkt.haslayer(TCP) and pkt.getlayer(TCP).dport == 80 and pkt.haslayer(Raw): pkt = pkt / "New Header:value\r\n\r\n" # OR i tried this #pkt = pkt.getlayer(Raw).load / Raw.load(load="New Header:value\r\n\r\n") #pkt

Im trying to build a 3 way handshake in Scapy. Using the following code, #!/usr/local/bin/python from scapy.all import * sport = random.randint(1024,65535) # SYN ip=IP(src='172.16.120.5',dst='172.16.100.101') SYN=TCP(sport=sport,dport=443,flags='S',seq=1000) SYNACK=sr1(ip/SYN) # ACK my_ack = SYNACK.seq + 1 ACK=TCP(sport=sport, dport=443, flags='A', seq=1001, ack=my_ack) send(ip/ACK) However on the server I see only SYN_RECV even though the return SYN-ACK is sent and the ACK is sent in return. Here is a capture from the server (172.16.100.101), 08:10:19.455038 IP 172.16.120.5.58972 > 172.16.100

I'm attempting to write a Python script which uses the Scapy module to ping an internal IP range to determine which IP's are online. I've got this so far: #!/usr/bin/python from scapy.all import * conf.verb = 0 for ip in range(0, 256): packet = IP(dst="192.168.0." + str(ip), ttl=20)/ICMP() reply = sr1(packet) if "192.168." in reply.src: print reply.src, "is online" And the program will sit for a while doing nothing, and then if I kill it with CTRL+C I get an error message: Traceback (most recent call last): File "sweep.py", line 7, in <module> if "192.168." in reply.src: AttributeError:

What is DNS Spoofing Sniff the DNSRR packet and show on the terminal. #!/usr/bin/env python from netfilterqueue import NetfilterQueue from scapy.layers.dns import DNSRR,IP def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(DNSRR): print(scapy_packet.show()) packet.accept() queue = NetfilterQueue() queue.bind(0, process_packet) try: queue.run() except KeyboardInterrupt: print('') Analyze the following DNSRR records. ###[ IP ]### version = 4 ihl = 5 tos = 0x0 len = 218 id = 0 flags = DF frag = 0 ttl = 64 proto = udp chksum = 0x25e8 src = 10.0.0.1 dst =

I'm having some issues importing scapy under jython. I've been doing java forever, but python for only a day or two. The simple case to reproduce the problem is: $jython >>> import sys >>> sys.path ['', '/usr/share/jython/Lib', '/usr/lib/site-python', '__classpath__'] >>> from scapy.all import * Traceback (innermost last): File "<console>", line 1, in ? ImportError: no module named scapy If I do these exact same steps under python , everything works. How do I tell jython to use scapy? If it helps, I'm running ubuntu 10.04 and installed jython and scapy via apt-get install You've done the right

I'm parsing a PCAP file and I need to extract TCP flags (SYN, ACK, PSH, URG, ...). I'm using the packet['TCP'].flags value to obtain all the flags at once. pkts = PcapReader(infile) for p in pkts: F = bin(p['TCP'].flags) print F, bin(F), p.summary() # manual flags extraction from F Is there a way to obtain a single TCP flag without manually extract it from packet['TCP'].flags value? Normally, the usual way to handle FLAGS is with a bitmap and bitwise operators. If your Packet class doesn't have specific method to test for flags, the best thing you can do IMHO is to: FIN = 0x01 SYN = 0x02 RST =

Hello I am using nfqueue and scapy and I my goal is to recieve packets at my NFQUEUE, change the payload and resend them. I can change fields like the TTL without any kind of problem, but when it comes to change the payload, I am encoutering problems. When I change the payload, I sniff the packet with wireshark and apparently I send the packet with the payload modified, but the server doesn't answer. This is my code: #!/usr/bin/env python import nfqueue from scapy.all import * def callback(payload): data = payload.get_data() pkt = IP(data) pkt[TCP].payload = str(pkt[TCP].payload).replace("ABC"