[英]Hijacking a client socket
I have set up a server socket (plain raw socket) listening on port A
. 我已经设置了侦听
port A
的服务器套接字(普通原始套接字)。 A client now connects to this server. 客户端现在连接到该服务器。 OS opens up a port for the client for this purpose.
为此,操作系统为客户端打开了一个端口。 Say
port B
is allocated to this client. 假设
port B
已分配给该客户端。 Now my question is, can a 3 rd script connect to this port B
and send data. 现在我的问题是, 第三个脚本可以连接到该
port B
并发送数据吗? Or in other words can I spoof a response to the client as if it was coming from the server? 或者换句话说,我可以欺骗对客户端的响应,就像它是来自服务器一样吗? I tried spoofing it using scapy, but it wasnt working.
我尝试使用船尾欺骗它,但是它没有用。
server.py server.py
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("localhost", A))
s.listen(10)
ns, cli_addr = s.accept()
time.sleep(30) # so that i can trigger my 3rd script
goodclient.py goodclient.py
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("localhost", A))
print s.getsockname() # to get the local port of client - B
s.recv(1024)
badboy.py badboy.py
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("localhost", B)) # connection refused error
s.send("hihihi")
scapybadboy.py scapybadboy.py
pack = IP(src="localhost", dst="localhost") / TCP(sport=A, dport=B) / "Hello"
send(pack) # Packet sent but not received by the client
Because server and client using SOCK_STREAM
sockets, they both aware of TCP session(including port, IP and ( SEQ_NUMBER , ACK_NUMBER )), so when session is already in process, you will have to perform TCP hikacking and IP spoofing in order to send messages in stream. 由于服务器和客户端都使用
SOCK_STREAM
套接字,因此它们都知道TCP会话(包括端口,IP和( SEQ_NUMBER , ACK_NUMBER )),因此,在会话进行中时,您将必须执行TCP hikacking和IP欺骗才能发送消息。在流中。
In other words, you will have to guess(or steal) ACK number of server in order to send fake messages to client using badclient
. 换句话说,您必须猜测(或窃取)服务器的ACK编号,才能使用
badclient
将虚假消息发送给客户端。
However, if you will make somehow goodclient
answer you and not a server you should run the following: 但是,如果您将以某种方式使
goodclient
回答您而不是服务器,则应运行以下命令:
iptables -A FORWARD -j NFQUEUE --queue-num 1
, because your operating system doesn't know about session that you just "opened" with goodclient and it will send RST packet. iptables -A FORWARD -j NFQUEUE --queue-num 1
,因为您的操作系统不知道您刚刚与goodclient“打开”的会话,它将发送RST数据包。 This command will prevent it. 此命令将阻止它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.