如何使用scapy欺骗UDP数据包中的IP地址 [英] How to spoof the IP address in a UDP packet with scapy

问题描述

我正在我的服务器上测试安全基础设施，运行一个在端口 7777 上接受 UDP 流量的应用程序.为了做到这一点，我想发送 UDP 数据包来查询有关应用程序的信息，但使用了欺骗性 IP来源.

这是我要发送的数据包:

https://i.stack.imgur.com/kmUPx.png

我已经尝试使用 scapy 执行此操作，但看起来数据包未在另一端接收到，在那里我使用 tcpdump 侦听端口 7777 上的 UDP 数据包.

这是我试过的代码:

from scapy.all import *随机导入D = 7777 #目的端口操作码 = 'd'target_ip = "1.1.1.1"ips = target_ip.split('.');#目标IP有效载荷 = "SAMP{0}{1}{2}{3}{4}{5}{6}".format(chr(int(ips[0])), chr(int(ips[1])), chr(int(ips[2])), chr(int(ips[3])), chr(D & 0xFF), chr(D » 8 & 0xFF), 操作码)ip1 = 84ip2 = random.randint(1,255)ip3 = random.randint(1,255)ip4 = random.randint(1,255)A = str(ip1) + "."+ str(ip2) + "."+ str(ip3) + "."+ str(ip4)发送(IP(src=A, dst=target_ip)/UDP(dport=D)/Raw(load=payload))

当我运行时，它说Sent 1 packet"，但是当像这样使用 tcpdump 时我看不到另一端的数据包:

tcpdump -t -n -v -B 99999 -i gre1 -XX udp dst 端口 7777

我尝试了两个不同的目标 IP，都打开了端口 7777.

<块引用>

我要发送的payload基本上是53 41 4D 50 C0 A8 C8 67 61 1E69，来自欺骗性 IP src.

解决方案

仅供参考，您可以创建一个数据包模板，这样会容易得多.类似的东西

class YourPacket(Packet):fields_desc = [StrFixedLenField("head", "SAMP", 4),IPField("ip", "0.0.0.0"),ShortField("端口", 0),ByteField("操作码", 0)]

然后确保您在正确的界面上发送它.您可以将 iface=... 添加到 send().

演示:

<预><代码>>>>x = YourPacket(ip="192.168.200.103", port=7777, opcode=ord(b"i"))>>>X<YourPacket ip=192.168.200.103 端口=7777 操作码=105 |>>>>十六进制转储(x)0000 53 41 4D 50 C0 A8 C8 67 1E 61 69 SAMP...g.ai>>>发送(IP()/UDP(dport=7777)/x)

I'm testing the security infrastructure on my server, running an application that accepts UDP traffic on port 7777. In order to do that, I want to send UDP packets to query for information about the application, but using a spoofed IP source.

Here is the packet I'm trying to send:

https://i.stack.imgur.com/kmUPx.png

I've tried doing this with scapy, but it looks like the packet is not received on the other side, where I have tcpdump listening for UDP packets on port 7777.

This is the code I've tried:

from scapy.all import *
import random

D = 7777 # destination port
opcode = 'd'
target_ip = "1.1.1.1"
ips = target_ip.split('.'); # Target IP

payload = "SAMP{0}{1}{2}{3}{4}{5}{6}".format(chr(int(ips[0])), chr(int(ips[1])), chr(int(ips[2])), chr(int(ips[3])), chr(D & 0xFF), chr(D » 8 & 0xFF), opcode)

ip1 = 84
ip2 = random.randint(1,255)
ip3 = random.randint(1,255)
ip4 = random.randint(1,255)

A = str(ip1) + "." + str(ip2) + "." + str(ip3) + "." + str(ip4)

send(IP(src=A, dst=target_ip)/UDP(dport=D)/Raw(load=payload))

When I run, it says "Sent 1 packet", however I cannot see the packets in the other side when using tcpdump like this:

tcpdump -t -n -v -B 99999 -i gre1 -XX udp dst port 7777

I've tried with two different target IPs, both have port 7777 opened.

The payload I want to send is basically 53 41 4D 50 C0 A8 C8 67 61 1E 69, from a spoofed IP src.

解决方案

FYI you could create a packet template, it will be much easier. Something like

class YourPacket(Packet):
    fields_desc = [
        StrFixedLenField("head", "SAMP", 4),
        IPField("ip", "0.0.0.0"),
        ShortField("port", 0),
        ByteField("opcode", 0)
    ]

Then make sure you are sending it on the correct interface. You can add iface=... to send().

Demo:

>>> x = YourPacket(ip="192.168.200.103", port=7777, opcode=ord(b"i"))
>>> x
<YourPacket  ip=192.168.200.103 port=7777 opcode=105 |>
>>> hexdump(x)
0000  53 41 4D 50 C0 A8 C8 67 1E 61 69                 SAMP...g.ai
>>> send(IP()/UDP(dport=7777)/x)

这篇关于如何使用scapy欺骗UDP数据包中的IP地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！