How can I spoof a Ping reply with Scapy?

Question

What's the simplest way to spoof a ping reply with Scapy? I have a compiled script that keep pinging a certain domain and I need to investigate it's behavior when it receive a ping reply. I thought Scapy would be my best option to do so, but I can't figured it out.

So far I've found the class scapy.layers.inet.ICMPEcho_am, but trying to import it from scapy.layers.inet throws an ImportError. Beside, I also need to fake a DNS respond, and I'm even more clueless on that.

Thanks in advance for any hint, solution, etc.

score 0 · Answer 1 · answered Dec 08 '20 at 15:12

0

A ping (echo) reply is just an ICMP packet with a type and code of 0:

IP(src="FAKE INITIATOR ADDRESS", dst="THE SERVER ADDRESS") / ICMP(type=0, code=0)

or, alternatively:

IP(src="FAKE INITIATOR ADDRESS", dst="THE SERVER ADDRESS") / ICMP(type="echo-reply", code=0)

Obviously, "FAKE INITIATOR ADDRESS" and "THE SERVER ADDRESS" should be replaced by strings that hold the fake client address and the server address that you're spoofing a reply to.

The code=0 isn't actually necessary since 0 is the default, but I figured explicit it nice.

answered Dec 08 '20 at 15:12

Carcigenicate

43,494
9
68
117

Thanks for the answer. This work for IP ping, but I need to respond for a domain ping. – B. Bergeron Dec 08 '20 at 15:47
@3Nd_R1m You can put domains instead of IP addresses in each field. It will resolve them for you. – Carcigenicate Dec 08 '20 at 16:08

score 0 · Answer 2 · answered Aug 12 '21 at 14:28

I made this program to send spoof IPv6 pings on a given interface. You need to take care of proper sequence number also in the packet

def sniffer(interface):
    #scapy.sniff(iface=interface, filter="icmp6 && ip6[40] == 128", store=False, prn=process_packet)
    scapy.sniff(iface=interface,filter="icmp6", store=False, prn=process_packet)

def process_packet(packet):
    print("DUMP\n")
    print(packet.show())
    print(packet[Ether].src)
    print(Ether().src)
    if packet[Ether].src == Ether().src:
        print("OUTGOING PACKET")
        print(packet[IPv6].dst)
        if packet.haslayer(ICMPv6EchoRequest):
            print("OUTGOING ECHO REQUEST")
            reply_packet = Ether(dst=packet[Ether].src)\
                           /IPv6(dst=packet[IPv6].src,
                            src=packet[IPv6].dst) \
                           / ICMPv6EchoReply(seq=packet[ICMPv6EchoRequest].seq,
                                             id=0x1)
            scapy.sendp(reply_packet, iface="Wi-Fi")
    else:
        print("INCOMING PACKET")


interface = "Wi-Fi"
sniffer(interface)

How can I spoof a Ping reply with Scapy?

2 Answers2