问题
I'm running Debian with Python 2.7, and scapy/netfilterqueue.
I've added the following in my iptables:
iptables -A OUTPUT -p tcp --dport 5678 -j NFQUEUE --queue-num 1
And this is my code for getting HTTP packages and changing URL and PORT:
#! /usr/bin/env python2.7
from scapy.all import *
from netfilterqueue import NetfilterQueue
def modify(packet):
pkt = IP(packet.get_payload())
if pkt.haslayer(TCP) and pkt.getlayer(TCP).dport == 5678:
pkt.dst = 'https://my-secure-domain.com'
pkt.dport = 443
del pkt[IP].chksum
del pkt[TCP].chksum
packet.set_payload(str(pkt))
packet.accept()
nfqueue = NetfilterQueue()
nfqueue.bind(1, modify)
try:
print "[*] waiting for data"
nfqueue.run()
except KeyboardInterrupt:
pass
Running the code does retrieve the correct packages, and it seems the .dst and .dport is changed, but I'm getting the following error:
Exception socket.gaierror: gaierror(-2, 'Name or service not known') in 'netfilterqueue.global_callback' ignored
I'm kinda stuck...
回答1:
Just change pkt.dst = 'https://my-secure-domain.com' to pkt[IP].dst = 'my-secure-domain.com' (that's the IP destination, not a URL).
来源:https://stackoverflow.com/questions/46645142/modify-with-scapy-and-netfilterqueue