Changing the packet data with pcapy/impacket
Question
I'm writing a small program in Python on Linux that will intercept packets flying over the wire on specific port from host A to host B. Host C will act as a man in the middle so all traffic will be going through host C (arp poisoning method). I've written successfuly the part with interception so I can see all the data on the screen but I want additionaly to modify the packets data without changing the header data (of course the cheksum will be changed). How can I achieve this using intercepted packets with pcapy/impacket?
It may be a little fuzzy, but the main idea is presented below.
1. Host A sends 'Hello' to host B (host A and B are arp spoofed so that traffic goes through host C).
2. Host C gets the 'Hello' from host A (by default host C redirects 'Hello' to host B, but I want something else - see point 3)
3. Host C modifies the 'Hello' to 'Bye' and redirects (kernel's ip_forward?) to host B.
4. Host B gets 'Bye'.
Maybe there is a way using some linux mechanisms to achieve this? Right now I'm stuck and I would appreciate any ideas.
1 answers
solution1
1 2011-01-04 23:55:27
I prefer scapy for this kind of application. It's a powerful python package that allows you to capture, manipulate and transmit packets at various layers of the protocol stack.
There are several ways to perform your man-in-the-middle attack. I'd probably use the "sniff" function with a filter that captures packets from Host A. I would then specify a callback (via the "prn" parameter) that modifies the packet and retransmits it to host B using "sendp". Note that scapy also includes a built-in "arpcachepoison" function.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.