fqrouter · December 11, 2015 07:09
diff --git a/http_host_filtering_observer.py b/http_host_filtering_observer.py
 from netfilterqueue import NetfilterQueue
 import subprocess
 import signal
 import dpkt
 import traceback
 import socket
 import sys

 TARGET_IP = '173.252.110.27'

 def observe_http_tcp_reset(nfqueue_element):
    try:
        ip_packet = dpkt.ip.IP(nfqueue_element.get_payload())
        tcp_packet = ip_packet.tcp
        print(repr(tcp_packet))
        if TARGET_IP == socket.inet_ntoa(ip_packet.src):
            if dpkt.tcp.TH_RST & tcp_packet.flags:
                sys.stdout.write('* ')
            print('ttl: %s, window: %s' % (ip_packet.ttl, tcp_packet.win))
        nfqueue_element.accept()
    except:
        traceback.print_exc()
        nfqueue_element.accept()

 nfqueue = NetfilterQueue()
 nfqueue.bind(0, observe_http_tcp_reset)

 def clean_up(*args):
    subprocess.call('iptables -D OUTPUT -p tcp --dst {} -j QUEUE'.format(TARGET_IP), shell=True)
    subprocess.call('iptables -D INPUT -p tcp --src {} -j QUEUE'.format(TARGET_IP), shell=True)

 signal.signal(signal.SIGINT, clean_up)

 try:
    subprocess.call('iptables -I INPUT -p tcp --src {} -j QUEUE'.format(TARGET_IP), shell=True)
    subprocess.call('iptables -I OUTPUT -p tcp --dst {} -j QUEUE'.format(TARGET_IP), shell=True)
    print('running..')
    nfqueue.run()
 except KeyboardInterrupt:
    print('bye')
diff --git a/result.txt b/result.txt
 TCP(seq=1456875367, off_x2=160, win=14520, sum=36818, dport=80, sport=59841)
 TCP(seq=3356420015L, off_x2=160, ack=1456875368, win=14480, sum=51637, flags=18, dport=59841, sport=80)
 ttl: 75, window: 14480
 TCP(seq=1456875368, off_x2=128, ack=3356420016L, win=908, sum=11586, flags=16, dport=80, sport=59841)
 TCP(seq=1456875368, off_x2=128, ack=3356420016L, win=908, sum=60659, flags=24, dport=80, sport=59841, data='GET / HTTP/1.1\r\nHost: www.facebook.com\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n')
 TCP(seq=3356420016L, ack=1456875447, win=318, sum=55402, flags=20, dport=59841, sport=80)
 * ttl: 156, window: 318
 TCP(seq=3356421476L, ack=1456875447, win=319, sum=53941, flags=20, dport=59841, sport=80)
 * ttl: 157, window: 319
 TCP(seq=3356424396L, ack=1456875447, win=320, sum=51020, flags=20, dport=59841, sport=80)
 * ttl: 158, window: 320
 TCP(seq=3356420016L, win=13324, sum=9274, flags=4, dport=59841, sport=80)
 * ttl: 96, window: 13324
 TCP(seq=3356420015L, off_x2=160, ack=1456875368, win=14480, sum=51039, flags=18, dport=59841, sport=80)
 ttl: 75, window: 14480
 TCP(seq=1456875368, win=0, sum=35271, flags=4, dport=80, sport=59841)
 TCP(seq=3356420016L, off_x2=128, ack=1456875447, win=29, sum=11690, flags=16, dport=59841, sport=80)
 ttl: 75, window: 29
 TCP(seq=1456875447, win=0, sum=35192, flags=4, dport=80, sport=59841)
	from netfilterqueue import NetfilterQueue
	import subprocess
	import signal
	import dpkt
	import traceback
	import socket
	import sys

	TARGET_IP = '173.252.110.27'

	def observe_http_tcp_reset(nfqueue_element):
	try:
	ip_packet = dpkt.ip.IP(nfqueue_element.get_payload())
	tcp_packet = ip_packet.tcp
	print(repr(tcp_packet))
	if TARGET_IP == socket.inet_ntoa(ip_packet.src):
	if dpkt.tcp.TH_RST & tcp_packet.flags:
	sys.stdout.write('* ')
	print('ttl: %s, window: %s' % (ip_packet.ttl, tcp_packet.win))
	nfqueue_element.accept()
	except:
	traceback.print_exc()
	nfqueue_element.accept()

	nfqueue = NetfilterQueue()
	nfqueue.bind(0, observe_http_tcp_reset)

	def clean_up(*args):
	subprocess.call('iptables -D OUTPUT -p tcp --dst {} -j QUEUE'.format(TARGET_IP), shell=True)
	subprocess.call('iptables -D INPUT -p tcp --src {} -j QUEUE'.format(TARGET_IP), shell=True)

	signal.signal(signal.SIGINT, clean_up)

	try:
	subprocess.call('iptables -I INPUT -p tcp --src {} -j QUEUE'.format(TARGET_IP), shell=True)
	subprocess.call('iptables -I OUTPUT -p tcp --dst {} -j QUEUE'.format(TARGET_IP), shell=True)
	print('running..')
	nfqueue.run()
	except KeyboardInterrupt:
	print('bye')
	TCP(seq=1456875367, off_x2=160, win=14520, sum=36818, dport=80, sport=59841)
	TCP(seq=3356420015L, off_x2=160, ack=1456875368, win=14480, sum=51637, flags=18, dport=59841, sport=80)
	ttl: 75, window: 14480
	TCP(seq=1456875368, off_x2=128, ack=3356420016L, win=908, sum=11586, flags=16, dport=80, sport=59841)
	TCP(seq=1456875368, off_x2=128, ack=3356420016L, win=908, sum=60659, flags=24, dport=80, sport=59841, data='GET / HTTP/1.1\r\nHost: www.facebook.com\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n')
	TCP(seq=3356420016L, ack=1456875447, win=318, sum=55402, flags=20, dport=59841, sport=80)
	* ttl: 156, window: 318
	TCP(seq=3356421476L, ack=1456875447, win=319, sum=53941, flags=20, dport=59841, sport=80)
	* ttl: 157, window: 319
	TCP(seq=3356424396L, ack=1456875447, win=320, sum=51020, flags=20, dport=59841, sport=80)
	* ttl: 158, window: 320
	TCP(seq=3356420016L, win=13324, sum=9274, flags=4, dport=59841, sport=80)
	* ttl: 96, window: 13324
	TCP(seq=3356420015L, off_x2=160, ack=1456875368, win=14480, sum=51039, flags=18, dport=59841, sport=80)
	ttl: 75, window: 14480
	TCP(seq=1456875368, win=0, sum=35271, flags=4, dport=80, sport=59841)
	TCP(seq=3356420016L, off_x2=128, ack=1456875447, win=29, sum=11690, flags=16, dport=59841, sport=80)
	ttl: 75, window: 29
	TCP(seq=1456875447, win=0, sum=35192, flags=4, dport=80, sport=59841)