Skip to content
Browse files

2 new scripts

  • Loading branch information...
1 parent 7892a6c commit 92257bb479f5b16e92c4d474153834938fe77b9f @rep committed
Showing with 87 additions and 0 deletions.
  1. +43 −0 acksyns.py
  2. +44 −0 fakedns.py
View
43 acksyns.py
@@ -0,0 +1,43 @@
+#!/usr/bin/python
+
+import sys
+import os
+import struct
+
+from scapy.all import IP, TCP, send, sniff
+
+IFACE = "vboxnet0"
+MYIP = "192.168.56.1"
+IGNORE_PORTS = [22,]
+
+def rand32():
+ return struct.unpack("I", os.urandom(4))[0]
+
+def iptables_drop_resets():
+ os.system("iptables -A OUTPUT -o {0} -p tcp -s {1} --tcp-flags RST RST -j DROP".format(IFACE, MYIP))
+
+def main():
+ iptables_drop_resets()
+
+ def pcb(p):
+ if not p.haslayer(TCP):
+ return
+
+ ipl = p.getlayer(IP)
+ tcpl = p.getlayer(TCP)
+
+ print p.summary()
+
+ if tcpl.flags == 2 and ipl.dst == MYIP and not tcpl.dport in IGNORE_PORTS:
+ print "SYN from", ipl.src, tcpl.sport, "to port", tcpl.dport
+ rp = IP(src=ipl.dst, dst=ipl.src, flags='DF', id=0)/TCP(sport=tcpl.dport, dport=tcpl.sport, ack=tcpl.seq+1, seq=rand32(), flags="SA")
+ send(rp)
+
+ # for some reason the bpf does not work sometimes...
+ ps = sniff(store=0, iface=IFACE, prn=pcb, filter="tcp")
+
+ return 0
+
+if __name__ == "__main__":
+ try: sys.exit(main())
+ except KeyboardInterrupt: pass
View
44 fakedns.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+
+import sys
+import socket
+
+from scapy.all import DNS, DNSRR, DNSQR
+
+ANSWER_WITH = "192.168.56.1"
+BIND_TO = ANSWER_WITH
+
+def resolve_or_fake(name):
+ try: r = socket.gethostbyname(name)
+ except socket.gaierror: return ANSWER_WITH
+ return r or ANSWER_WITH
+
+def main():
+ udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+ udps.bind((BIND_TO,53))
+
+ while 1:
+ data, addr = udps.recvfrom(1024)
+
+ p = DNS(data)
+
+ rp = DNS(id=p.id, qr=1, qdcount=p.qdcount)
+ rp.qd = p[DNSQR]
+
+ if p.opcode == 0:
+ rp.ancount = 1
+ rp.rcode = 0
+ answer_ip = resolve_or_fake(p.qd[0].qname)
+ rp.an = DNSRR(rrname=p.qd[0].qname, ttl=60, rdlen=4, rdata=answer_ip)
+ print " - Responding to {0} with {1}.".format(p.qd[0].qname, answer_ip)
+ else:
+ # servfail
+ rp.ancount = 0
+ rp.rcode = 2
+ print " ! Query opcode {0}, answering servfail.".format(p.opcode)
+
+ udps.sendto(rp.build(), addr)
+
+if __name__ == "__main__":
+ try: sys.exit(main())
+ except KeyboardInterrupt: pass

0 comments on commit 92257bb

Please sign in to comment.
Something went wrong with that request. Please try again.