https://www.youtube.com/watch?

https://www.youtube.com/watch?v=LvaII2PEwcQ&t=619s Scapy is the packet manipulation tools that make easy to create and manipulate packets We can use scapy create customer packet for test certain vulnerable such as Firewall vulnerability we can modify the source address bypass the firewall # Send the message across internet Generate a packet with varied source IP to destination IP This could be done fore varied purpose, such as test the Network configuration or security measures. ## Spoofing Packet Hide identities or test local network syntax forward slash separate the protocol sample ``` >>> send(IP(src="10.0.0.1",dst="192.168.1.254")/ICMP()/"meowhecker") . Sent 1 packets. ``` python Script ``` from scapy.all import * packets = IP(src="10.0.0.1",dst="192.168.1.254")/ICMP()/"meowhecker" send(packets) ``` ![](https://hackmd.io/_uploads/Byszs9ghh.png) # Network Sniffing ![](https://hackmd.io/_uploads/H1tip9gn3.png) python script ```python from scapy.all import * def parsePacket(pkt): if pkt.haslayer(IP): print pkt.summary() print pkt.show() print pkt[IP] sniff(prn=parsePacket,iface="h2-eth0") ``` ``` summary() Ether / IP / ICMP 10.0.0.1 > 192.168.1.254 echo-request 0 / Raw show() ###[ Ethernet ]### dst = 82:3e:2a:32:75:c4 src = 8e:a9:67:00:b8:1c type = IPv4 ###[ IP ]### version = 4 ihl = 5 tos = 0x0 len = 38 id = 1 flags = frag = 0 ttl = 64 proto = icmp chksum = 0xae2f src = 10.0.0.1 dst = 192.168.1.254 \options \ ###[ ICMP ]### type = echo-request code = 0 chksum = 0xe9df id = 0x0 seq = 0x0 ###[ Raw ]### load = 'meowhecker' pkt[IP] None E&@?/ ??meowhecker ``` # nfqueue+packet Intercept ```python import socket from scapy.all import IP import netfilterqueue import os os.system('iptables -A INPUT -j NFQUEUE --queue-num 0') def packetParse(payload): data = payload.get_payload() pkt = IP(data) # 打印封包資訊 print("Received Packets:") print(pkt.summary()) print("=" * 40) # 接受封包並繼續處理 payload.accept() def main(): # os.system('iptables -A INPUT -j NFQUEUE --queue-num 0') #Instance queue = netfilterqueue.NetfilterQueue() #Configuration queue.bind(0, packetParse) try: queue.run() #Main loop except KeyboardInterrupt: queue.unbind() #server to server concat #Rule delete os.system('iptables -D INPUT -j NFQUEUE --queue-num 0') if __name__ == "__main__": main() ``` # DOS ![](https://hackmd.io/_uploads/HJT_T9xh2.png)