Created
November 29, 2019 10:33
-
-
Save reuniware/e18b4b8ca279d553b67a910830bd5554 to your computer and use it in GitHub Desktop.
Log UDP and TCP requests (Python/NetfilterQueue/Scapy)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # apt-get install build-essential python-dev libnetfilter-queue-dev | |
| # pip install NetfilterQueue | |
| # sudo apt-get install python-netfilterqueue | |
| # iptables -F | |
| # iptables -F -t nat | |
| # iptables -I FORWARD -j NFQUEUE --queue-num 0 | |
| # arpspoof -i eth0 192.168.1.200 -t 192.168.1.1 | |
| # arpspoof -i eth0 192.168.1.1 -t 192.168.1.200 | |
| from netfilterqueue import NetfilterQueue | |
| import scapy.all as scapy | |
| import re | |
| import os | |
| import logging | |
| from scapy.layers.inet import IP, TCP, UDP | |
| from scapy.modules.winpcapy import pcap | |
| from datetime import datetime | |
| # LOG_FILENAME = datetime.now().strftime('logfile_%H_%M_%S_%d_%m_%Y.log') | |
| LOG_FILENAME = datetime.now().strftime('logfile_%d_%m_%Y.log') | |
| os.system("rm " + LOG_FILENAME) | |
| for handler in logging.root.handlers[:]: | |
| logging.root.removeHandler(handler) | |
| logging.basicConfig(filename=LOG_FILENAME, level=logging.DEBUG, format='%(asctime)s :: %(message)s') | |
| # logging.info('Forecastiong Job Started...') | |
| # logging.debug('abc method started...') | |
| os.system("echo '1' > /proc/sys/net/ipv4/ip_forward") | |
| os.system("iptables -F") | |
| os.system("iptables -F -t nat") | |
| os.system("iptables -A FORWARD -j NFQUEUE --queue-num 0") | |
| ip_src = "" | |
| ip_dst = "" | |
| src_port = 0 | |
| dst_port = 0 | |
| def print_and_accept(input_packet): | |
| global ip_src, ip_dst, dst_port, src_port | |
| packet = scapy.IP(input_packet.get_payload()) | |
| if UDP in packet: | |
| packet_type = "UDP" | |
| if TCP in packet: | |
| packet_type = "TCP" | |
| if IP in packet: | |
| ip_src = packet[IP].src | |
| ip_dst = packet[IP].dst | |
| src_port = packet[IP].sport | |
| dst_port = packet[IP].dport | |
| packet_len = input_packet.get_payload_len() | |
| log_str = "(" + packet_type + ")" + " " + ip_src + ":" + str(src_port) + " -> " + ip_dst + ":" + str( | |
| dst_port) + " size = " + str(packet_len) | |
| print(log_str) | |
| logging.info(log_str) | |
| input_packet.accept() | |
| # packet.drop() | |
| nf_queue = NetfilterQueue() | |
| nf_queue.bind(0, print_and_accept) | |
| try: | |
| nf_queue.run() | |
| except KeyboardInterrupt: | |
| os.system("iptables -F") | |
| os.system("iptables -F -t nat") | |
| print("Gettin' out") | |
| nf_queue.unbind() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment