问题
I'm testing the security infrastructure on my server, running an application that accepts UDP traffic on port 7777. In order to do that, I want to send UDP packets to query for information about the application, but using a spoofed IP source.
Here is the packet I'm trying to send:
https://i.stack.imgur.com/kmUPx.png
I've tried doing this with scapy, but it looks like the packet is not received on the other side, where I have tcpdump listening for UDP packets on port 7777.
This is the code I've tried:
from scapy.all import *
import random
D = 7777 # destination port
opcode = 'd'
target_ip = "1.1.1.1"
ips = target_ip.split('.'); # Target IP
payload = "SAMP{0}{1}{2}{3}{4}{5}{6}".format(chr(int(ips[0])), chr(int(ips[1])), chr(int(ips[2])), chr(int(ips[3])), chr(D & 0xFF), chr(D » 8 & 0xFF), opcode)
ip1 = 84
ip2 = random.randint(1,255)
ip3 = random.randint(1,255)
ip4 = random.randint(1,255)
A = str(ip1) + "." + str(ip2) + "." + str(ip3) + "." + str(ip4)
send(IP(src=A, dst=target_ip)/UDP(dport=D)/Raw(load=payload))
When I run, it says "Sent 1 packet", however I cannot see the packets in the other side when using tcpdump like this:
tcpdump -t -n -v -B 99999 -i gre1 -XX udp dst port 7777
I've tried with two different target IPs, both have port 7777 opened.
The payload I want to send is basically 53 41 4D 50 C0 A8 C8 67 61 1E 69, from a spoofed IP src.
回答1:
FYI you could create a packet template, it will be much easier. Something like
class YourPacket(Packet):
fields_desc = [
StrFixedLenField("head", "SAMP", 4),
IPField("ip", "0.0.0.0"),
ShortField("port", 0),
ByteField("opcode", 0)
]
Then make sure you are sending it on the correct interface. You can add iface=... to send().
Demo:
>>> x = YourPacket(ip="192.168.200.103", port=7777, opcode=ord(b"i"))
>>> x
<YourPacket ip=192.168.200.103 port=7777 opcode=105 |>
>>> hexdump(x)
0000 53 41 4D 50 C0 A8 C8 67 1E 61 69 SAMP...g.ai
>>> send(IP()/UDP(dport=7777)/x)
来源:https://stackoverflow.com/questions/58182300/how-to-spoof-the-ip-address-in-a-udp-packet-with-scapy