Last active
October 19, 2015 03:37
-
-
Save averagesecurityguy/7e5fdf9803c460b3352b to your computer and use it in GitHub Desktop.
Scapy WTF???
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The goal of this script is to complete a three-way handshake with a netcat listener on port 8888. Tcpdump | |
| # shows the SYN packet being sent but I'm getting a RST/ACK instead of a SYN/ACK packet from netcat. I've | |
| # configured Iptables to drop any RST packets where the source and destination are the same as the server's | |
| # IP address, but the output from iptables -L -nv shows the rule is not being hit. Any ideas what is going on? | |
| # | |
| # I think I've decided that scapy is good for processing pcaps or gathering stats while sniffing traffic but | |
| # for actually sending packets, it sucks. I know I can create the socket with Python and use the stream with | |
| # Scapy but I really don't want to do that. | |
| # Suppress Scapy IPv6 warning | |
| import logging | |
| logging.getLogger("scapy.runtime").setLevel(logging.ERROR) | |
| # Begin our Scapy script. | |
| from scapy.all import * | |
| server = '10.0.2.15' # This is the local server where the script is running from. This breaks for some reason. | |
| sport = 65535 | |
| dport = 8888 | |
| timeout= 5 | |
| def handshake(src, dst, sport, dport): | |
| ip = Ether()/IP(src=src, dst=dst) | |
| tcp = TCP(sport=sport, dport=dport, flags='S') | |
| print 'SYN\n---' | |
| print (ip/tcp).summary() | |
| print 'SYN_ACK\n-------' | |
| sa = srp1(ip/tcp, timeout=timeout) | |
| print sa.summary() | |
| print 'ACK\n---' | |
| tcp = TCP(sport=dport, dport=sport, flags="A", seq=sa[TCP].ack, ack=sa[TCP].seq+1) | |
| print (ip/tcp).summary() | |
| print 'SOCK\n----' | |
| sock = send(ip/tcp/'TEST', timeout=timeout) | |
| print sock.summary() | |
| print('Send packet...') | |
| handshake(server, server, sport, dport) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Send packet... | |
| SYN | |
| --- | |
| Ether / IP / TCP 10.0.2.15:65535 > 10.0.2.15:8888 S | |
| SYN_ACK | |
| ------- | |
| Begin emission: | |
| Finished to send 1 packets. | |
| * | |
| Received 1 packets, got 1 answers, remaining 0 packets | |
| Ether / IP / TCP 10.0.2.15:8888 > 10.0.2.15:65535 RA / Padding | |
| ACK | |
| --- | |
| Ether / IP / TCP 10.0.2.15:8888 > 10.0.2.15:65535 A | |
| SOCK | |
| ---- | |
| Begin emission: | |
| *Finished to send 1 packets. | |
| Received 1 packets, got 1 answers, remaining 0 packets | |
| Ether / IP / TCP 10.0.2.15:65535 > 10.0.2.15:8888 R / Padding |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Chain INPUT (policy ACCEPT 26 packets, 2430 bytes) | |
| pkts bytes target prot opt in out source destination | |
| Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| Chain OUTPUT (policy ACCEPT 13 packets, 1113 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP tcp -- any any 10.0.2.15 10.0.2.15 tcp flags:RST/RST |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 18:51:14.934289 IP 10.0.2.15.65535 > 10.0.2.15.8888: Flags [S], seq 0, win 8192, length 0 | |
| 18:51:14.934675 IP 10.0.2.15.8888 > 10.0.2.15.65535: Flags [R.], seq 0, ack 1, win 0, length 0 | |
| 18:51:14.941400 IP 10.0.2.15.8888 > 10.0.2.15.65535: Flags [.], seq 1:5, ack 1, win 8192, length 4 | |
| 18:51:14.941630 IP 10.0.2.15.65535 > 10.0.2.15.8888: Flags [R], seq 1, win 0, length 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Suppress Scapy IPv6 warning | |
| import logging | |
| logging.getLogger("scapy.runtime").setLevel(logging.ERROR) | |
| # Begin our Scapy script. | |
| from scapy.all import * | |
| server = 'google.com' # Using a non-local server made the script work. | |
| port = 80 | |
| timeout = 5 | |
| def handshake(dst, port): | |
| ip = Ether()/IP(dst=dst) | |
| tcp = TCP(dport=port, flags='S') | |
| print 'SYN\n---' | |
| print (ip/tcp).summary() | |
| sa = srp1(ip/tcp, timeout=timeout) | |
| print '\nSYN_ACK\n-------' | |
| print sa.summary() | |
| print '\nACK\n---' | |
| tcp = TCP(sport=sa[TCP].dport, dport=sa[TCP].sport, flags="A", seq=sa[TCP].ack, ack=sa[TCP].seq+1) | |
| print (ip/tcp).summary() | |
| sock = srp1(ip/tcp, timeout=timeout) | |
| print '\nSOCK\n----' | |
| print sock.summary() | |
| print('Send packet...') | |
| handshake(server, port) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This worked for me between two VM's... are you sending it to a nc on the same host? if so, try between two different hosts.
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
server = '192.168.187.136'
sport = random.randint(1024,65535)
dport = 8888
timeout = 5
my_seq = random.randint(1,50000)
def handshake(src, dst, sport, dport, my_seq):
ip = IP(dst=dst)
syn = ip/TCP(sport=sport, dport=dport, seq=my_seq, flags='S')
print 'SYN\n---'
print (ip/syn).summary()
print('Send packet...')
handshake(server, server, sport, dport, my_seq)