0

I try to develop a MITM attack tool, first tried arp poisoning, then sniffing and filter specific packet (both of them with scapy) if there is a match with my filter I need to alter it on the fly so, create a copy of this packet then manipulate TCP data and send it. But the last step doesn't work. Does it correct manipulate for copying packet?

    from netfilterqueue import NetfilterQueue
    from scapy.all import *
    from scapy.error import Scapy_Exception
    import os
    import sys
    import threading
    import signal

    def Inspector (packet):
        if packet[TCP].payload :
            tcp_data = str(packet[TCP].payload)

            if 'Open' in tcp_data:
                packet_data = tcp_data.split('(')
                a= copy.deepcopy(packet)                                                        # First Copy The packet
                packet.drop()                                                                           # Second Drop it
                if 'Up' in tcp_data :
                    payload_O = packet_data[0] + '(' + 'Down//inject'
                    a[TCP].data = payload_O
                    send(a)
            else :
                packet.accept()

    def  main():
        try:
            print '[*] Starting Queue '
            nfqueue.run_socket()
            sniff(filter="tcp port 2626", prn=inspector, store=0)

    if __name__ == "__main__":
        main()
GPrathap
  • 7,336
  • 7
  • 65
  • 83
learner
  • 61
  • 1
  • 7

1 Answers1

0

It is not possible to intercept a packet using scapy. What your code might do is send another packet following the original one.

The best way to create a MITM tool is by ARP poisoning. You can have a look at scapy tutorials such as in:

Of course, your tool will only be used in a security purpose, as you know that such pratice is illegal

Cukic0d
  • 5,111
  • 2
  • 19
  • 48