Change TCP Payload with nfqueue/scapyPython: Rewriting query within TCP payload using nfqueue/scapyMITM and payload injection with pythonHow do you change the size of figures drawn with matplotlib?Capture TCP-Packets with PythonUsing Scapy to send tcp payload: Why a byte is eaten?scapy receive waiting for 2 packetsHow to passively sniff for TCP/HTTP get requestsPython - Scapy and nfqueue change outgoing GET request, set_payload not effecting payloadlibnetfilter_queue: Why can't I see the TCP payload of packets from nfq_get_payload?Python script used to modify tcp packets using nfqueue and scapyPython: Rewriting query within TCP payload using nfqueue/scapyCreating TCP packets properly in Python
Simulate Bitwise Cyclic Tag
XeLaTeX and pdfLaTeX ignore hyphenation
How to determine if window is maximised or minimised from bash script
Does the radius of the Spirit Guardians spell depend on the size of the caster?
A newer friend of my brother's gave him a load of baseball cards that are supposedly extremely valuable. Is this a scam?
Copycat chess is back
How do you conduct xenoanthropology after first contact?
Pick 2 numbers from [-1,1],what is the probability that their sum is greater than 1?
Is there really no realistic way for a skeleton monster to move around without magic?
Can I make popcorn with any corn?
New order #4: World
I’m planning on buying a laser printer but concerned about the life cycle of toner in the machine
how to create a data type and make it available in all Databases?
Can an x86 CPU running in real mode be considered to be basically an 8086 CPU?
How is the claim "I am in New York only if I am in America" the same as "If I am in New York, then I am in America?
Prevent a directory in /tmp from being deleted
What does "enim et" mean?
Download, install and reboot computer at night if needed
Why Is Death Allowed In the Matrix?
Why has Russell's definition of numbers using equivalence classes been finally abandoned? ( If it has actually been abandoned).
Are tax years 2016 & 2017 back taxes deductible for tax year 2018?
Can you lasso down a wizard who is using the Levitate spell?
What are these boxed doors outside store fronts in New York?
Draw simple lines in Inkscape
Change TCP Payload with nfqueue/scapy
Python: Rewriting query within TCP payload using nfqueue/scapyMITM and payload injection with pythonHow do you change the size of figures drawn with matplotlib?Capture TCP-Packets with PythonUsing Scapy to send tcp payload: Why a byte is eaten?scapy receive waiting for 2 packetsHow to passively sniff for TCP/HTTP get requestsPython - Scapy and nfqueue change outgoing GET request, set_payload not effecting payloadlibnetfilter_queue: Why can't I see the TCP payload of packets from nfq_get_payload?Python script used to modify tcp packets using nfqueue and scapyPython: Rewriting query within TCP payload using nfqueue/scapyCreating TCP packets properly in Python
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
Hello I am using nfqueue and scapy and I my goal is to recieve packets at my NFQUEUE, change the payload and resend them.
I can change fields like the TTL without any kind of problem, but when it comes to change the payload, I am encoutering problems.
When I change the payload, I sniff the packet with wireshark and apparently I send the packet with the payload modified, but the server doesn't answer.
This is my code:
#!/usr/bin/env python
import nfqueue
from scapy.all import *
def callback(payload):
data = payload.get_data()
pkt = IP(data)
pkt[TCP].payload = str(pkt[TCP].payload).replace("ABC","GET")
pkt[IP].ttl = 40
print 'Data: '+ str(pkt[TCP].payload)
print 'TTL: ' + str(pkt[IP].ttl)
del pkt[IP].chksum
payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt))
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(callback)
q.create_queue(0)
try:
q.try_run() # Main loop
except KeyboardInterrupt:
q.unbind(socket.AF_INET)
q.close()
main()
I have set this rule for outgoing traffic to port 80: iptables -I OUTPUT -s 192.168.1.10 -p tcp --dport 80 -j NFQUEUE
And, to test it, for example I open telnet to google port 80, do a GET / HTTP/1.1
and this is what I see:
TTL: 40
DATA: GET / HTTP/1.1
Now, if I do ABC / HTTP/1.1
I receive no answer! My telnet just get stuck.
I have also tried on HTTP websites browers to browse something, check on wireshark how my TTL is really changing to 40, then, browse the string "ABC" and my browser again get stuck.
I sniff the request changed to GET but I receive no answer.
Thank is kind of giving me a headache and I would really appreciate if someone with more experience could lead me to the right way. Thank you in advance.
python scapy tcp-ip netfilter packet-injection
add a comment |
Hello I am using nfqueue and scapy and I my goal is to recieve packets at my NFQUEUE, change the payload and resend them.
I can change fields like the TTL without any kind of problem, but when it comes to change the payload, I am encoutering problems.
When I change the payload, I sniff the packet with wireshark and apparently I send the packet with the payload modified, but the server doesn't answer.
This is my code:
#!/usr/bin/env python
import nfqueue
from scapy.all import *
def callback(payload):
data = payload.get_data()
pkt = IP(data)
pkt[TCP].payload = str(pkt[TCP].payload).replace("ABC","GET")
pkt[IP].ttl = 40
print 'Data: '+ str(pkt[TCP].payload)
print 'TTL: ' + str(pkt[IP].ttl)
del pkt[IP].chksum
payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt))
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(callback)
q.create_queue(0)
try:
q.try_run() # Main loop
except KeyboardInterrupt:
q.unbind(socket.AF_INET)
q.close()
main()
I have set this rule for outgoing traffic to port 80: iptables -I OUTPUT -s 192.168.1.10 -p tcp --dport 80 -j NFQUEUE
And, to test it, for example I open telnet to google port 80, do a GET / HTTP/1.1
and this is what I see:
TTL: 40
DATA: GET / HTTP/1.1
Now, if I do ABC / HTTP/1.1
I receive no answer! My telnet just get stuck.
I have also tried on HTTP websites browers to browse something, check on wireshark how my TTL is really changing to 40, then, browse the string "ABC" and my browser again get stuck.
I sniff the request changed to GET but I receive no answer.
Thank is kind of giving me a headache and I would really appreciate if someone with more experience could lead me to the right way. Thank you in advance.
python scapy tcp-ip netfilter packet-injection
3
I think you should trigger recalculation of the TCP checksum field as well, in a similar manner to that of the IP checksum field.
– Yoel
Dec 4 '14 at 15:05
add a comment |
Hello I am using nfqueue and scapy and I my goal is to recieve packets at my NFQUEUE, change the payload and resend them.
I can change fields like the TTL without any kind of problem, but when it comes to change the payload, I am encoutering problems.
When I change the payload, I sniff the packet with wireshark and apparently I send the packet with the payload modified, but the server doesn't answer.
This is my code:
#!/usr/bin/env python
import nfqueue
from scapy.all import *
def callback(payload):
data = payload.get_data()
pkt = IP(data)
pkt[TCP].payload = str(pkt[TCP].payload).replace("ABC","GET")
pkt[IP].ttl = 40
print 'Data: '+ str(pkt[TCP].payload)
print 'TTL: ' + str(pkt[IP].ttl)
del pkt[IP].chksum
payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt))
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(callback)
q.create_queue(0)
try:
q.try_run() # Main loop
except KeyboardInterrupt:
q.unbind(socket.AF_INET)
q.close()
main()
I have set this rule for outgoing traffic to port 80: iptables -I OUTPUT -s 192.168.1.10 -p tcp --dport 80 -j NFQUEUE
And, to test it, for example I open telnet to google port 80, do a GET / HTTP/1.1
and this is what I see:
TTL: 40
DATA: GET / HTTP/1.1
Now, if I do ABC / HTTP/1.1
I receive no answer! My telnet just get stuck.
I have also tried on HTTP websites browers to browse something, check on wireshark how my TTL is really changing to 40, then, browse the string "ABC" and my browser again get stuck.
I sniff the request changed to GET but I receive no answer.
Thank is kind of giving me a headache and I would really appreciate if someone with more experience could lead me to the right way. Thank you in advance.
python scapy tcp-ip netfilter packet-injection
Hello I am using nfqueue and scapy and I my goal is to recieve packets at my NFQUEUE, change the payload and resend them.
I can change fields like the TTL without any kind of problem, but when it comes to change the payload, I am encoutering problems.
When I change the payload, I sniff the packet with wireshark and apparently I send the packet with the payload modified, but the server doesn't answer.
This is my code:
#!/usr/bin/env python
import nfqueue
from scapy.all import *
def callback(payload):
data = payload.get_data()
pkt = IP(data)
pkt[TCP].payload = str(pkt[TCP].payload).replace("ABC","GET")
pkt[IP].ttl = 40
print 'Data: '+ str(pkt[TCP].payload)
print 'TTL: ' + str(pkt[IP].ttl)
del pkt[IP].chksum
payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt))
def main():
q = nfqueue.queue()
q.open()
q.bind(socket.AF_INET)
q.set_callback(callback)
q.create_queue(0)
try:
q.try_run() # Main loop
except KeyboardInterrupt:
q.unbind(socket.AF_INET)
q.close()
main()
I have set this rule for outgoing traffic to port 80: iptables -I OUTPUT -s 192.168.1.10 -p tcp --dport 80 -j NFQUEUE
And, to test it, for example I open telnet to google port 80, do a GET / HTTP/1.1
and this is what I see:
TTL: 40
DATA: GET / HTTP/1.1
Now, if I do ABC / HTTP/1.1
I receive no answer! My telnet just get stuck.
I have also tried on HTTP websites browers to browse something, check on wireshark how my TTL is really changing to 40, then, browse the string "ABC" and my browser again get stuck.
I sniff the request changed to GET but I receive no answer.
Thank is kind of giving me a headache and I would really appreciate if someone with more experience could lead me to the right way. Thank you in advance.
python scapy tcp-ip netfilter packet-injection
python scapy tcp-ip netfilter packet-injection
asked Dec 4 '14 at 12:18
aDoNaDoN
82732037
82732037
3
I think you should trigger recalculation of the TCP checksum field as well, in a similar manner to that of the IP checksum field.
– Yoel
Dec 4 '14 at 15:05
add a comment |
3
I think you should trigger recalculation of the TCP checksum field as well, in a similar manner to that of the IP checksum field.
– Yoel
Dec 4 '14 at 15:05
3
3
I think you should trigger recalculation of the TCP checksum field as well, in a similar manner to that of the IP checksum field.
– Yoel
Dec 4 '14 at 15:05
I think you should trigger recalculation of the TCP checksum field as well, in a similar manner to that of the IP checksum field.
– Yoel
Dec 4 '14 at 15:05
add a comment |
2 Answers
2
active
oldest
votes
I added the line for recalculate the TCP checksum, that was usefull.
That only works if I change payload I don't alter the lenght of it, otherwise, I would need to change the field length of the IP Header, and answering myself, and maybe other people that is looking for this answer, I achieve that just by doing:
payload_before = len(pkt[TCP].payload)
pkt[TCP].payload = str(pkt[TCP].payload).replace("Heading","Other string")
payload_after = len(pkt[TCP].payload)
payload_dif = payload_after - payload_before
pkt[IP].len = pkt[IP].len + payload_dif
I know that I have to change more fields, because sometimes, if you add enough payload for needing to fragment into a new packet, you have to change more fields.
Currently I don't know how to achieve this efficiently but little by little. Hope someone find my solution for altering the payload useful.
Thank for the comment but if you want everything work properly you have to add also 'payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt)+ payload_dif )'
– A STEFANI
Jan 31 '18 at 19:47
Note that if you set a length, checksum... toNone
, Scapy will automatically recalculate the values
– Cukic0d
Feb 4 at 17:09
add a comment |
In the second case, you are tampering the TCP layer as well as the IP layer.
You're letting Scapy fix the IP checksum, but not the TCP one. Change del pkt[IP].chksum
to del pkt[IP].chksum pkt[TCP].chksum
in your code.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f27293924%2fchange-tcp-payload-with-nfqueue-scapy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I added the line for recalculate the TCP checksum, that was usefull.
That only works if I change payload I don't alter the lenght of it, otherwise, I would need to change the field length of the IP Header, and answering myself, and maybe other people that is looking for this answer, I achieve that just by doing:
payload_before = len(pkt[TCP].payload)
pkt[TCP].payload = str(pkt[TCP].payload).replace("Heading","Other string")
payload_after = len(pkt[TCP].payload)
payload_dif = payload_after - payload_before
pkt[IP].len = pkt[IP].len + payload_dif
I know that I have to change more fields, because sometimes, if you add enough payload for needing to fragment into a new packet, you have to change more fields.
Currently I don't know how to achieve this efficiently but little by little. Hope someone find my solution for altering the payload useful.
Thank for the comment but if you want everything work properly you have to add also 'payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt)+ payload_dif )'
– A STEFANI
Jan 31 '18 at 19:47
Note that if you set a length, checksum... toNone
, Scapy will automatically recalculate the values
– Cukic0d
Feb 4 at 17:09
add a comment |
I added the line for recalculate the TCP checksum, that was usefull.
That only works if I change payload I don't alter the lenght of it, otherwise, I would need to change the field length of the IP Header, and answering myself, and maybe other people that is looking for this answer, I achieve that just by doing:
payload_before = len(pkt[TCP].payload)
pkt[TCP].payload = str(pkt[TCP].payload).replace("Heading","Other string")
payload_after = len(pkt[TCP].payload)
payload_dif = payload_after - payload_before
pkt[IP].len = pkt[IP].len + payload_dif
I know that I have to change more fields, because sometimes, if you add enough payload for needing to fragment into a new packet, you have to change more fields.
Currently I don't know how to achieve this efficiently but little by little. Hope someone find my solution for altering the payload useful.
Thank for the comment but if you want everything work properly you have to add also 'payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt)+ payload_dif )'
– A STEFANI
Jan 31 '18 at 19:47
Note that if you set a length, checksum... toNone
, Scapy will automatically recalculate the values
– Cukic0d
Feb 4 at 17:09
add a comment |
I added the line for recalculate the TCP checksum, that was usefull.
That only works if I change payload I don't alter the lenght of it, otherwise, I would need to change the field length of the IP Header, and answering myself, and maybe other people that is looking for this answer, I achieve that just by doing:
payload_before = len(pkt[TCP].payload)
pkt[TCP].payload = str(pkt[TCP].payload).replace("Heading","Other string")
payload_after = len(pkt[TCP].payload)
payload_dif = payload_after - payload_before
pkt[IP].len = pkt[IP].len + payload_dif
I know that I have to change more fields, because sometimes, if you add enough payload for needing to fragment into a new packet, you have to change more fields.
Currently I don't know how to achieve this efficiently but little by little. Hope someone find my solution for altering the payload useful.
I added the line for recalculate the TCP checksum, that was usefull.
That only works if I change payload I don't alter the lenght of it, otherwise, I would need to change the field length of the IP Header, and answering myself, and maybe other people that is looking for this answer, I achieve that just by doing:
payload_before = len(pkt[TCP].payload)
pkt[TCP].payload = str(pkt[TCP].payload).replace("Heading","Other string")
payload_after = len(pkt[TCP].payload)
payload_dif = payload_after - payload_before
pkt[IP].len = pkt[IP].len + payload_dif
I know that I have to change more fields, because sometimes, if you add enough payload for needing to fragment into a new packet, you have to change more fields.
Currently I don't know how to achieve this efficiently but little by little. Hope someone find my solution for altering the payload useful.
answered Dec 9 '14 at 13:06
aDoNaDoN
82732037
82732037
Thank for the comment but if you want everything work properly you have to add also 'payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt)+ payload_dif )'
– A STEFANI
Jan 31 '18 at 19:47
Note that if you set a length, checksum... toNone
, Scapy will automatically recalculate the values
– Cukic0d
Feb 4 at 17:09
add a comment |
Thank for the comment but if you want everything work properly you have to add also 'payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt)+ payload_dif )'
– A STEFANI
Jan 31 '18 at 19:47
Note that if you set a length, checksum... toNone
, Scapy will automatically recalculate the values
– Cukic0d
Feb 4 at 17:09
Thank for the comment but if you want everything work properly you have to add also 'payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt)+ payload_dif )'
– A STEFANI
Jan 31 '18 at 19:47
Thank for the comment but if you want everything work properly you have to add also 'payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(pkt), len(pkt)+ payload_dif )'
– A STEFANI
Jan 31 '18 at 19:47
Note that if you set a length, checksum... to
None
, Scapy will automatically recalculate the values– Cukic0d
Feb 4 at 17:09
Note that if you set a length, checksum... to
None
, Scapy will automatically recalculate the values– Cukic0d
Feb 4 at 17:09
add a comment |
In the second case, you are tampering the TCP layer as well as the IP layer.
You're letting Scapy fix the IP checksum, but not the TCP one. Change del pkt[IP].chksum
to del pkt[IP].chksum pkt[TCP].chksum
in your code.
add a comment |
In the second case, you are tampering the TCP layer as well as the IP layer.
You're letting Scapy fix the IP checksum, but not the TCP one. Change del pkt[IP].chksum
to del pkt[IP].chksum pkt[TCP].chksum
in your code.
add a comment |
In the second case, you are tampering the TCP layer as well as the IP layer.
You're letting Scapy fix the IP checksum, but not the TCP one. Change del pkt[IP].chksum
to del pkt[IP].chksum pkt[TCP].chksum
in your code.
In the second case, you are tampering the TCP layer as well as the IP layer.
You're letting Scapy fix the IP checksum, but not the TCP one. Change del pkt[IP].chksum
to del pkt[IP].chksum pkt[TCP].chksum
in your code.
answered Dec 5 '14 at 7:20
PierrePierre
4,54912240
4,54912240
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f27293924%2fchange-tcp-payload-with-nfqueue-scapy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
I think you should trigger recalculation of the TCP checksum field as well, in a similar manner to that of the IP checksum field.
– Yoel
Dec 4 '14 at 15:05