简体繁体 English

使用pcapy / impacket更改数据包数据

[英]Changing the packet data with pcapy/impacket

原文 2010-11-20 16:35:17 7 1 python/ impacket/ pcapy

I'm writing a small program in Python on Linux that will intercept packets flying over the wire on specific port from host A to host B. Host C will act as a man in the middle so all traffic will be going through host C (arp poisoning method). 我正在Linux上用Python编写一个小程序，该程序将拦截从主机A到主机B的特定端口上通过电线传输的数据包。主机C将充当中间人，因此所有流量都将通过主机C（arp中毒方法）。 I've written successfuly the part with interception so I can see all the data on the screen but I want additionaly to modify the packets data without changing the header data (of course the cheksum will be changed). 我已经用截取成功地编写了该部分，因此我可以在屏幕上看到所有数据，但是我想额外地修改数据包数据而不更改标头数据（当然，校验和将被更改）。 How can I achieve this using intercepted packets with pcapy/impacket? 如何使用带有pcapy / impacket的截获数据包来实现此目的？

It may be a little fuzzy, but the main idea is presented below. 可能有些模糊，但是下面给出了主要思想。
1. Host A sends 'Hello' to host B (host A and B are arp spoofed so that traffic goes through host C). 1.主机A向主机B发送“ Hello”（主机A和B被欺骗，以便流量通过主机C）。
2. Host C gets the 'Hello' from host A (by default host C redirects 'Hello' to host B, but I want something else - see point 3) 2.主机C从主机A获取“ Hello”（默认情况下，主机C将“ Hello”重定向到主机B，但我想要其他东西-请参见第3点）
3. Host C modifies the 'Hello' to 'Bye' and redirects (kernel's ip_forward?) to host B. 3.主机C将“ Hello”修改为“再见”，并重定向（内核的ip_forward？）到主机B。
4. Host B gets 'Bye'. 4.主机B获得“再见”。

Maybe there is a way using some linux mechanisms to achieve this? 也许有一种方法可以使用一些Linux机制来实现这一目标？ Right now I'm stuck and I would appreciate any ideas. 现在，我陷入困境，我将不胜感激。

1 个解决方案

I prefer scapy for this kind of application. 对于这种应用程序，我更喜欢替罪羊。 It's a powerful python package that allows you to capture, manipulate and transmit packets at various layers of the protocol stack. 它是一个功能强大的python软件包，可让您在协议栈的各个层捕获，处理和传输数据包。

There are several ways to perform your man-in-the-middle attack. 有几种方法可以执行中间人攻击。 I'd probably use the "sniff" function with a filter that captures packets from Host A. I would then specify a callback (via the "prn" parameter) that modifies the packet and retransmits it to host B using "sendp". 我可能会将“嗅探”功能与从主机A捕获数据包的过滤器一起使用。然后，我将指定一个回调（通过“ prn”参数），该回调将修改数据包，然后使用“发送”将其重新发送给主机B。 Note that scapy also includes a built-in "arpcachepoison" function. 请注意，scapy还包括一个内置的“ arpcachepoison”功能。