Skip to content

Instantly share code, notes, and snippets.

@d0nutptr

d0nutptr/TCPeek.py

Created June 19, 2017 01:56
Show Gist options
  • Save d0nutptr/14a5a47847a64b65e200e23cfd59b230 to your computer and use it in GitHub Desktop.
Save d0nutptr/14a5a47847a64b65e200e23cfd59b230 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
TCPeek.py
#!/usr/bin/python
from __future__ import print_function
import os
import sys
import re
from random import randint
from scapy.all import *
from netfilterqueue import NetfilterQueue
target_ip = "192.168.1.108"
target_payload = "USER 123456789101112\r\n"
replacement_payload = "USER anonymous\r\n"
def transform(package):
tcp = package.getlayer(TCP)
payload = str(tcp.payload)
if (type(tcp.payload) != NoPayload):
del package.chksum
del tcp.chksum
package.len = None
tcp.payload.remove_payload()
tcp = Raw(re.sub(target_payload, replacement_payload, payload, flags=re.MULTILINE))
package.load = bytes(tcp)
print("New contents: ", package)
return package
def filter_packets(netpackage):
package = IP(netpackage.get_payload())
tcp = package.getlayer(TCP)
payload = str(tcp.payload)
print(re.search(target_payload, payload))
if ((target_ip == None or target_ip == package.dst) and bool(re.search(target_payload, payload))):
print(type(netpackage))
print("Found valid packet!: ", package.dst)
print("Current contents: ", package);
netpackage.set_payload(bytes(transform(package)))
netpackage.accept()
if os.geteuid() != 0:
print('Must run as root!')
exit(1)
# ip forwarding
with open('/proc/sys/net/ipv4/ip_forward', 'w') as f:
print('1\n', file=f)
# ip tables
os.system('iptables -I OUTPUT -p tcp -j NFQUEUE --queue-num 99')
#create queue
nfqueue = NetfilterQueue()
nfqueue.bind(99, filter_packets)
try:
print("waiting for TCP packets")
nfqueue.run()
except KeyboardInterrupt:
pass
finally:
nfqueue.unbind()
os.system('iptables -F OUTPUT')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment