|
from scapy.all import *
|
|
|
|
'''
|
|
Note: linux might send an RST for forged SYN packets. Disable it by executing:
|
|
#> iptables -A OUTPUT -p tcp --tcp-flags RST RST -s <src_ip> -j DROP
|
|
'''
|
|
|
|
dst = "192.168.56.1"
|
|
dport = 8080
|
|
sport = random.randint(1024,65535)
|
|
seq = random.randint(1, 50000)
|
|
|
|
pkt = IP(dst = dst)
|
|
|
|
# 3whs start
|
|
|
|
# SYN
|
|
pkt_syn = pkt/TCP(sport = sport, dport = dport, seq = seq, flags = 'S')
|
|
|
|
# SYN/ACK
|
|
pkt_syn_ack = sr1(pkt_syn, verbose = 0)
|
|
|
|
# ACK
|
|
seq += 1
|
|
if pkt_syn_ack.ack != seq:
|
|
print 'Bad ACK number !'
|
|
|
|
ack = pkt_syn_ack.seq + 1
|
|
pkt_ack = pkt/TCP(sport = sport, dport = dport, seq = seq, ack = ack, flags = 'A')
|
|
send(pkt_ack)
|
|
|
|
# 3whs end
|
|
|
|
http_req = '\r\n'.join(['GET /index.html HTTP/1.1'
|
|
,'Host: {}'.format(dst)
|
|
,'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0'
|
|
,'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
|
|
,'Accept-Language: en-US,en;q=0.5'
|
|
,'Accept-Encoding: gzip, deflate'
|
|
,'Connection: keep-alive'
|
|
,'\r\n'])
|
|
|
|
pkt_http_req = pkt/TCP(sport = sport, dport = dport, seq = seq, ack = ack, flags = 'AP')/http_req
|
|
pkt_fin_ack = pkt/TCP(sport = sport, dport = dport, seq = seq + len(http_req), ack = ack, flags = 'AF')
|
|
|
|
# Send GET request
|
|
send(pkt_http_req)
|
|
# Send FIN/ACK just after GET request
|
|
send(pkt_fin_ack)
|
|
|
|
# Receive GET answer
|
|
pkt_http_resp = sniff(filter = 'tcp', count = 1)
|
|
print str(pkt_http_resp[0].payload)[40:]
|
|
|
|
# Send RST/ACK after response
|
|
pkt_rst_ack = pkt/TCP(sport = sport, dport = dport, seq = seq + len(http_req) + 1, ack = ack + len(str(pkt_http_resp[0].payload)[40:]), flags = 'AR')
|
|
send(pkt_rst_ack)
|