I have implemented a custom packet/protocol in scapy and sent it to a device on the network. The custom protocol is a hardware broadcast to discover the receiving devices mac address.
Using wireshark, I have confirmed that the device is responding to the packet, however when I do the following:
def check_connections(interface):
src_mac = get_if_hwaddr(interface)
dest_mac = 'FF:FF:FF:FF:FF:FF'
packet = Narp(dest=dest_mac, src=src_mac)
response = srp1(packet, iface=interface, verbose=False, timeout=2)
print response
response is nonetype, meaning scapy did not perceive a response.
In wireshark the packet being sent from the responding device is being addressed to the same hardware interface I used to send the packet from.
Any idea what could be causing scapy to not identify the incoming packet as a response?
You need to implement a way for Scapy to match the answers.
Have a look at https://stackoverflow.com/a/27974093/5459467. It explains that you'll need to implement answers.
You can find quite a few code examples online.
Related
I want to send a packet with scapy to another interface.
I have the wlan2 interface and i want my packet (that i generate) to be send there.
I've tried using send with iface but it has no effect.
I also tried using srp and just sendp but i am getting this strange result:
answer = srp(pkt[Ether]/ip/new_pkt/html1, iface="wlan2")
pkt[Ether] is a valid pkt that comes from the wlan2 interface and i can sniff it.
i am trying to generate an http response packet using its Ethernet layer.
But my response is always going to another interface and i think this is the problem.
Wireshark Ethernet II
The packets are grey...
The question is how to fix this? how do i send a legit packet to the wlan2 interface.
I have a program (.exe) that gets certain info from a server, and I wanted to be able to get that info from the command line too. I started netcat and listened on the port the program uses to communicate with its target, because I wanted to know what "requests" to make from a script, and I received this over netcat, plain text:
net.tcp://[my ip address]:41012/Lapis.Btouch/ServerInfo
I tried sending exactly that to the target (replacing my IP for its IP) using socket.send() but it wouldn't return anything. What does that mean and how can I get the data?
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('[server ip address]',41012))
while True:
s.send('net.tcp://[server ip address]:41012/Lapis.Btouch/ServerInfo')
response = s.recv(1024)
print response
s.close()
That's the code I'm using to send the request to the target server. It won't return anything, so I think I'm not making the request in the right way. Thanks for any help.
Try capture your network packet on port 41012, via tcpdump or wireshark or ...
Then check:
does your code send the request?
does the response returned to you?
If the answer for question (1) is False, problem is side of you and your machine. so go and solve it (review your code, check your firewall and ...)
If the answer of question (1) is True, but server doesn't send any response (this case often not happened) review your request format (check you URL or test it via browser or ...). also based on the server you connect to, maybe needed to your machine's IP recognized for server (I mean some server only give response to requests, that come from known IP addresses, in this case you need introduce yourself to server (e.g. add your IP to trusted list on server), before sending request)
Last case, if answer of both questions are correct (I guess it's your problem), you most correct your code (response = s.recv(1024)) why do you used 1024 for your response length?. Use correct and accurate parameters.
In python exist several methods for receiving response via socket (from server), search stackoverflow and you can find useful tips and commands. commands like use non-blocking ways, ascync ways and ...
I'm writing a simple OpenVPN client (with Python & Scapy & [scapy-ssl_tls]
) which should connect to OpenVPN server.
I open UDP socket in Python and with Scapy I define my own OpenVPN layer on top of UDP (according to OpenVPN specs) and send packets on it (just like original client would).
I am able to successfully send initial P_CONTROL_HARD_RESET_CLIENT_V2 message and receive response from server, which is P_CONTROL_HARD_RESET_SERVER_V2, then I send P_ACK_V1 message.
Keep in mind I generate all session ids correctly.
Now when I send first P_CONTROL_V1 message, which is essentially TLS ClientHello on top of OpenVPN layer, I get a P_ACK_V1 acknowledgement from server but that's it. Note that this ACK does only mean that server received OpenVPN message, not necessarily TLS data. I'm supposed to get ServerHello and all the remaining stuff but server does not send anything after ACK.
I compared the packet format and all network layers of my sent packet with communication of real client (image below) and pretty much all the fields are identical.
Wireshark combines and assembles packets automatically when it has the full handshake, so little tricky to compare it.
I also tried replaying complete ClientHello message from previous real client communication (I generated my own local time though) but results were the same - ACK and then nothing.
I also checked server logs and didn't find any errors or anything what could help me.
I create my TLS packet like this (with more options):
pack = openvpn(opcode=0x20, session_id=ses, message_packet_id_array_length=0, message_packet_id=0000)/TLSRecord()/TLSHandshake()/TLSClientHello()
openvpn is a layer I defined myself in Scapy.
Any ideas why I don't get ServerHello?
EDIT: considering that I don't get any alerts from server I'm pretty sure server does not even see my ClientHello for some reason.
Apparently Message Packet-ID must be 1 (or more). Now I get response from server.
Official specification only mentions that Packet-id is for replay protection though..
I am currently working on a project where I need to send packets to a particular networking hardware, receive responses back, and generate packets based on the response in real time.
I came across Scapy, and to my understanding it is capable of doing the first two parts: sending and receiving. Is it possible through Python to retrieve the necessary fields in a response and respond back?
Thanks!
If I understand what you mean, you have (at least) two options with Scapy:
The clean one is to create an AnsweringMachine that matches your needs (you have several examples in Scapy's code).
The dirty (but maybe quicker if that's what you need) one is to give as prn parameter to sniff() a function that will receive the packet, craft an answer (or anything you like) and send() it on the network.
As an example, this code will send RST-ACK packets to any TCP packet seen with SYN flag on:
def rst(p):
ans = IP(src=p[IP].dst, dst=p[IP].src)/TCP(
flags='RA',
sport=p[TCP].dport,
dport=p[TCP].sport,
seq = 0,
ack = p[TCP].seq + 1,
)
send(ans, verbose=False)
return "%s\n => %s" % (p[IP].summary(), ans.summary())
sniff(iface="eth0", filter="tcp and tcp[tcpflags] & tcp-syn == tcp-syn",
prn=rst)
I'm trying to write a proof of concept code, which will automatically spoof packets to a thick-client application.
I've chosen python as the language of choice. I have found resources to help me monitor for packets using scapy or other similar libraries.
How do I go about spoofing the packet.
Eg. Scenario :
Client C, Server S
C sends get request R(HTTP) to S
Proxy_python intercepts request R
Proxy_python crafts a HTTP response (r)
Proxy_python sends r to C
Essentially a MiTm on C. Is this possible. One condition to note is that, the proxy i'm writing should not need any configuration to get redirected to. It should ubiquotously listen for all packets.
Which makes me ask me another question : Can I make the python proxy listen to a particular PID ?
At least to answer the question regarding whether you can tie a PID to the packets being sent, this is not something that is explicitly included within the packet data. However, you can determine which port the process is sending traffic on and associate packets on that port to the process. I would reference this question for some information on how to get that port info. Hope this helps a little, not sure exactly what else you are looking for at the moment.