few hints for a new scapy user

Scapy Users,

I've a small issue which I hope you'll consider it as too simple.
With the nfqueue binding solution in python, i try to intercept and
modify the packets passing through my interfaces.
For example,

A user send an http request :
- The tcp layer creates the 3 way handshake
- the HTTP layer send a PUSH/ACK Raw packet containing some HTTP GET REQUEST.

I try to intercept the HTTP GET REQUEST and modify it. A sort of
signature based redirector :)
But the following code, do not work properly. No response from the
server and a lot of TCP Retransmission packet.
---------------------------------------------------------------
''' Retrieves the packet from the kernel level to userland '''
packet = IP(raw.get_data())
''' Computes the new HTTP payload '''
payload = "GET /test.html HTT [......]
''' Replace the original payload in the TCP packet '''
packet[TCP].load = Raw(payload)
''' Please, recompute the tcp chksum ...'''
del(packet[TCP].chksum)
''' Send the modifyed packet '''
send(packet)
---------------------------------------------------------------

I think my problem is due to an invalid chksum, maybe from the TCP Layer.
What do you think of this problem ?

Re: few hints for a new scapy user

Hello Georges,

You are correct with forcing checksum calculation using del().
However if the length of the new payload is different from the
previous one, TCP sequence numbers will be wrong. Maybe it's the
problem here?
To modify packets at HTTP layer, I would recommend using a
(transparent) proxy so you don't have to deal with TCP issues, only
with HTTP.

Sincerely,
StalkR

On Thu, Dec 2, 2010 at 10:04, Georges Bossert <gbossert <at> gmail.com> wrote:
> Scapy Users,
>
> I've a small issue which I hope you'll consider it as too simple.
> With the nfqueue binding solution in python, i try to intercept and
> modify the packets passing through my interfaces.
> For example,
>
> A user send an http request :
> - The tcp layer creates the 3 way handshake
> - the HTTP layer send a PUSH/ACK Raw packet containing some HTTP GET REQUEST.
>
> I try to intercept the HTTP GET REQUEST and modify it. A sort of
> signature based redirector :)
> But the following code, do not work properly. No response from the
> server and a lot of TCP Retransmission packet.
> ---------------------------------------------------------------

Re: Issues Implementing Field Support for 802.15.4 FCF Field

Ryan Speers <rmspeers <at> gmail.com> writes:

> 
> or if it should be done  
> with stringing together different fields (like 2BitField, 2BitField,  
> 2BitField, BitField, ..., 3BitField or something).
> 

Yeah, you'd want to use BitField and BitEnumField for this.  The third argument
is the number of bits in the field.  For example, see the first three fields in
Dot11 (in scapy.layers.dot11).

---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org

few hints for a new scapy user

Hello Georges,

Since you are using nfqueue to intercept and modify the content of a
packet, I think the "natural" way to re-inject the packet would be to
use the set_verdict_modified method rather than the send() function.

Applied to your code, it should be something like this:
raw.set_verdict_modified(nfqueue.NF_ACCEPT,str(packet), len(str(packet))

Regards,
	Tony

P.-S.: I apology to break the thread, but I just subscribed to the ML
to answer this message.

---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org

Re: few hints for a new scapy user

On 07/12/2010 11:25, Tony Cheneau wrote:
> Hello Georges,
>   
Hello Tony,
> Since you are using nfqueue to intercept and modify the content of a
> packet, I think the "natural" way to re-inject the packet would be to
> use the set_verdict_modified method rather than the send() function.
> Applied to your code, it should be something like this:
> raw.set_verdict_modified(nfqueue.NF_ACCEPT,str(packet), len(str(packet))
>   
In fact, what I'm working on, is a system which would allow me to modify
the packet
on IP and TCP layers. Example, I want to be able to modify the TCP
session in which an HTTP packet is sent, like closing the current TCP
session with an RST and re-open a new session to send the current packet.
It means that for one packet received, i want to be able to send
multiple packets. I'm not sure nfqueue allows me to this.

Am I right ?
Thx,
Georges
> Regards,
> 	Tony
>   
> P.-S.: I apology to break the thread, but I just subscribed to the ML
> to answer this message.
>   

---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org

Re: Re: few hints for a new scapy user

Hello Georges,

OK, I see better now. Did you try to check the validity of the packet
you sent through the send() function ? If you are using IPv4 (and I
assume you are), there is a checksum field here as well.

In any case, you may want to drop the original packet by calling the
set_verdict method with nfqueue.NF_DROP before exiting the
nfqueue callback function.

Regards,
	Tony

> On Tue, 07 Dec 2010 11:56:22 +0100,
> Georges Bossert <gbossert <at> gmail.com> wrote :
> 
> On 07/12/2010 11:25, Tony Cheneau wrote:
> > Hello Georges,
> >   
> Hello Tony,
> > Since you are using nfqueue to intercept and modify the content of a
> > packet, I think the "natural" way to re-inject the packet would be
> > to use the set_verdict_modified method rather than the send()
> > function. Applied to your code, it should be something like this:
> > raw.set_verdict_modified(nfqueue.NF_ACCEPT,str(packet),
> > len(str(packet)) 
> In fact, what I'm working on, is a system which would allow me to
> modify the packet
> on IP and TCP layers. Example, I want to be able to modify the TCP
> session in which an HTTP packet is sent, like closing the current TCP

Re: Re: few hints for a new scapy user

Dear Tony,

I'm sorry I should have say it before, the problem was fixed by StalkR
who remembered me
to recompute the length field of an IP packet.
So now it's working.

Georges.

On 07/12/2010 13:24, Tony Cheneau wrote:
> Hello Georges,
>
> OK, I see better now. Did you try to check the validity of the packet
> you sent through the send() function ? If you are using IPv4 (and I
> assume you are), there is a checksum field here as well.
>
> In any case, you may want to drop the original packet by calling the
> set_verdict method with nfqueue.NF_DROP before exiting the
> nfqueue callback function.
>
> Regards,
> 	Tony
>
>
>   
>> On Tue, 07 Dec 2010 11:56:22 +0100,
>> Georges Bossert <gbossert <at> gmail.com> wrote :
>>
>> On 07/12/2010 11:25, Tony Cheneau wrote:
>>     

scapy bug on mac os x

Hello scapy users,

I'm working on mac os x and I have installed scapy via macport. But
it's impossible to have scapy working fine:

$ sudo scapy
Traceback (most recent call last):
 File "/opt/local/bin/scapy", line 25, in <module>
   interact()
 File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/scapy/main.py",
line 245, in interact
   scapy_builtins = __import__("all",globals(),locals(),".").__dict__
 File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/scapy/all.py",
line 22, in <module>
   from route import *
 File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/scapy/route.py",
line 158, in <module>
   conf.route=Route()
 File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/scapy/route.py",
line 18, in __init__
   self.resync()
 File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/scapy/route.py",
line 27, in resync
   self.routes = read_routes()
 File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/scapy/arch/unix.py",
line 83, in read_routes
   ifaddr = scapy.arch.get_if_addr(netif)
 File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/scapy/arch/__init__.py",
line 32, in get_if_addr
   return socket.inet_ntoa(get_if_raw_addr(iff))

Re: scapy bug on mac os x

Self Unsubscribing (was: scapy bug on mac os x)

Heya,

On 13.12.2010 01:46, Michael Chua wrote:
> Unsubscribe me from this list!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Please
> 
Your Shift key seems to be stuck. You better fix that before you try to
communicate with the outside world.

Also, you can perfectly do that on your own. If you read the header,
you'll see a:
List-Unsubscribe: <mailto:scapy.ml-unsubscribe <at> secdev.org>

So just write there and you'll find help.

Cheers,
  Tobi