使用Scapy作为MITM即时更改数据包 [英] Altering packets on the fly with scapy as a MITM

问题描述

假设我设法处于客户端与服务器之间的通信中间(假设我打开了一个热点，并使客户端仅通过我的计算机连接到服务器).

Assuming I managed to be in the middle of the communication between a client and a server (let's say that I open up a hotspot and cause the client to connect to the server only through my machine).

如何在不中断自己与其他服务的通信的情况下更改客户端发送和接收的数据包?必须有一种方法可以通过我的脚本路由客户端既发送又要接收的所有数据包(在转发给他之前).

How can I alter packets that my client sends and receives without interrupting my own communication with other services? There must be a way to route all of the packets the client both sends and is about to receive (before forwarding them to him) through my script.

我认为实现此目标的正确方向是使用iptables，但不确定确切的参数适合进行此工作.我已经有以下简单的脚本:

I think that the correct direction of going about accomplishing this is with iptables but not sure exactly what arguments would fit to make this work. I already have the following simple script:

hotspotd start #a script that runs dnsmasq as both a DNS and DHCP server, configures and starts a hotspot
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface wlan0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE 
#wlan0 is the interface on which the hotspot is.
#eth0 is the interface that is connected to the internet

现在，这非常适合于被动MITM-我可以看到客户端发送和接收的所有内容.但是现在我想加强它，并重定向他通过我发送和接收的每条消息.

Now, this perfectly works for a passive MITM - I can see everything that the client sends and receives. But now I want to step it up and redirect every message he sends and receives through me.

我的最终目的是使我能够执行以下脚本:

My eventual purpose is to get to a level where I could execute the following script:

from scapy.all import *
from scapy_http.http import *

def callback(pkt):
   #Process the packet here, see source and destination addresses, ports, data
   send(pkt)

sniff(filter='port 666', prn=callback) #Assuming all relevant packets are redirected to port 666

我如何完成重定向客户端发送和即将接收的每个数据包?

How do I accomplish redirecting every packet the client sends and is-about-to-receive?

推荐答案

您可以使用 NFQUEUE 具有 Python绑定.

NFQUEUE是一个用户空间队列，它是有效的iptables目标.您可以将一些流量重定向到NFQUQUE:

NFQUEUE is a userspace queue that is a valid iptables target. You can redirect some traffic to the NFQUQUE:

iptables -I INPUT -d 192.168.0.0/24 -j NFQUEUE --queue-num 1

然后从您的代码访问数据包:

Then access the packets from your code:

from netfilterqueue import NetfilterQueue

def print_and_accept(pkt):
    print(pkt)
    pkt.accept()

nfqueue = NetfilterQueue()
nfqueue.bind(1, print_and_accept)
try:
    nfqueue.run()
except KeyboardInterrupt:
    print('')

nfqueue.unbind()

请注意pkt.accept()呼叫.这会将判决返回到nfqueue，告诉它应该接受数据包-即，允许其沿内核中的正常路径继续运行.要修改数据包，而不是对其进行accept修改，您需要将其复制，返回drop判决，最后以包含的修改内容重新发送.

Note the pkt.accept() call. This returns a verdict to the nfqueue, telling it that it should accept the packet - i.e. allow it to continue along its normal route in the kernel. To modify a packet, instead of accepting it, you'd need to copy it, return a drop verdict, and finally resend it with the included modifications.

这篇关于使用Scapy作为MITM即时更改数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！