Created
May 11, 2019 21:25
-
-
Save darkarnium/7099ef329f7abce6cfbe349c2548c58d to your computer and use it in GitHub Desktop.
Build a PCAP for a Payload
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import struct | |
| def _pcap_hdr(): | |
| pcap_hdr_s = bytearray([ | |
| 0xd4, 0xc3, 0xb2, 0xa1, # Magic_number. | |
| 0x02, 0x00, # Major version number. | |
| 0x04, 0x00, # Minor version number. | |
| 0x00, 0x00, 0x00, 0x00, # GMT to local correction. | |
| 0x00, 0x00, 0x00, 0x00, # Accuracy of timestamps. | |
| 0x00, 0x00, 0x04, 0x00, # Max length of packets (octets). | |
| 0x01, 0x00, 0x00, 0x00, # Data link type. | |
| ]) | |
| return pcap_hdr_s | |
| def _cap_hdr(cap_sz): | |
| cap_hdr_s = bytearray() | |
| cap_hdr_s.extend([ | |
| 0xb0, 0xe8, 0xd6, 0x5c, # Timestamp seconds. | |
| 0x15, 0x59, 0x03, 0x00, # Timestamp micro seconds. | |
| ]) | |
| cap_hdr_s.extend( | |
| struct.pack("I", cap_sz), # Number of octets saved. | |
| ) | |
| cap_hdr_s.extend( | |
| struct.pack("I", cap_sz), # Actual size of packet. | |
| ) | |
| return cap_hdr_s | |
| def _ether_hdr(): | |
| ether_hdr_s = bytearray() | |
| ether_hdr_s.extend([ | |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, # Destination address. | |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, # Source address. | |
| 0x08, 0x00, # Protocol. | |
| ]) | |
| return ether_hdr_s | |
| def _ip_hdr(ip_sz): | |
| ip_hdr_s = bytearray() | |
| ip_hdr_s.extend([ | |
| 0x45, # Version << 4 | header length >> 2 | |
| 0x00, # Type of service. | |
| ]) | |
| ip_hdr_s.extend( | |
| struct.pack(">H", ip_sz), # Total length. | |
| ) | |
| ip_hdr_s.extend([ | |
| 0x9e, 0xa3, # Identification | |
| 0x40, 0x00, # Flags. | |
| 0x40, # TTL. | |
| 0x06, # Protocol. | |
| 0xff, 0xff, # Checksum. | |
| 0x7f, 0x00, 0x00, 0x01, # Source address. | |
| 0x7f, 0x00, 0x00, 0x01, # Destination address. | |
| ]) | |
| # Checksum hack. | |
| return ip_hdr_s | |
| def _tcp_hdr(): | |
| tcp_hdr_s = bytearray() | |
| tcp_hdr_s.extend([ | |
| 0xab, 0x9c, # Source port. | |
| 0x0c, 0xea, # Destination port. | |
| 0x7d, 0x5c, 0x66, 0x64, # Sequence number. | |
| 0x19, 0x82, 0xe8, 0x30, # Acknowledgement number. | |
| 0x80, 0x18, # Flags. | |
| 0x0e, 0x35, # Window size. | |
| 0xfe, 0x38, # Checksum. | |
| 0x00, 0x00, # Urgent pointer. | |
| 0x01, 0x01, 0x08, 0x0a, # Options. | |
| 0xe9, 0xed, 0x69, 0xe7, # | |
| 0xe9, 0xed, 0x50, 0xa1, # | |
| ]) | |
| return tcp_hdr_s | |
| # Alright, build the capture. The sizes will need to be adjusted based on | |
| # the size of the payload. | |
| with open('output.pcap', 'wb') as fin: | |
| pl = bytearray([ | |
| 0x41, 0x41, 0x41, 0x41, | |
| 0x41, 0x41, 0x41, 0x41, | |
| 0x41, 0x41, 0x41, 0x41, | |
| 0x41, 0x41, 0x41, 0x41, | |
| ]) | |
| # Calculate the size of the relevant chunks for building the PCAP. | |
| ip_sz = len(_ip_hdr(0)) + len(_tcp_hdr()) + len(pl) | |
| pcap_sz = len(_pcap_hdr()) + len(_cap_hdr(0)) | |
| capture_sz = ip_sz + len(_ether_hdr()) | |
| # Debug. | |
| print '[-] PCAP Header Size: {}'.format(pcap_sz) | |
| print '[-] Capture Size: {}'.format(capture_sz) | |
| print '[-] IP Size: {}'.format(ip_sz) | |
| # Build it! | |
| fin.write(_pcap_hdr()) | |
| fin.write(_cap_hdr(capture_sz)) | |
| fin.write(_ether_hdr()) | |
| fin.write(_ip_hdr(ip_sz)) | |
| fin.write(_tcp_hdr()) | |
| fin.write(pl) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment