Professional Documents
Culture Documents
SCAPY(https://scapy.readthedocs.io/en/latest/introduction.html)
❖ Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets.
❖ This capability allows construction of tools that can probe, scan or attack networks.
❖ It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them,
match requests and replies, and much more.
❖ Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or
network discovery.
❖ It can replace hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark.
❖ Scapy also performs very well on a lot of other specific tasks that most other tools can’t handle, like
sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP
cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.
Simple Example
❖ To use Scapy, we can write a Python Program, then execute the Program using Python.
❖ We should run Python using root privilege because the privilege is required for spoofing packets
FIG 2
❖ FIG2 shows the output when the code in FIG 1 is run.
2
Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
SNIFFING and SPOOFING
Interactive Mode
❖ Python also allows us to get into interactive mode as shown below
❖ Then run our program one line at a time at the Python prompt
3
Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
SNIFFING and SPOOFING
Packet Sniffing
FIG 4:SNIFF.PY(1)
❖ For each packet captured, the call back function print_pkt () will be invoked
❖ The function defined in 1 will print out some information about the packet
4
Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
SNIFFING and SPOOFING
❖ From any other machine, ping the machine which has the program sniff.py
❖ The bottom half of the composite diagram below shows sniff.py capturing packets and printing
characteristics defined in the program.
FIG 5: SNIFF.PY(2)
❖ When invoking sniff (), we can set a filter to specify the type of packets that need to be captured.
❖ To spoof a packet, we first create the headers at different layers, and then stack them together to form a
complete packet
❖ The fields that are not set by us either use a default value or will be calculated by Scapy
5
Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
SNIFFING and SPOOFING
1
2
3
4
FIG 6: SPOOF.PY
❖ Line 1 creates an IP object from the IP class; a class attribute being defined for each IP field
❖
❖ In our code we set the source and destination IP addresses in the IP header
❖ For the other header fields, default values will be used. We can print values using the show () method
❖ Line 2 creates an ICMP object. The default ICMP type is echo request
❖ In Line 3, we stack two header objects ip and icmp together to form a new object
❖ It now means adding the icmp object as the payload of the ip and modifying the fields of ip
accordingly
FIG 7
6
Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
SNIFFING and SPOOFING
❖ We need to set the source and destination ports in the UDP header and also add a payload to the packet
and a payload(string)
❖ When they are stacked together, they form a complete packet, and is sent out using send ()
❖ If we run a UDP server on the destination machine 10.0.2.15 (yours will be different),
“using nc -luv 9090” we should be able to get the “Hello UDP!” message (the data) on the server
7
Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
SNIFFING and SPOOFING
8
Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)