我想問,如何欺騙的IP地址,但沒有任何外部模塊?到現在爲止,我一直在使用Scapy模塊,但我想自己做,看看它是如何完成的,也許會學到新的東西。下面是Scapy的模塊的代碼:欺騙IP地址沒有任何外部模塊通過Python
from scapy.all import *
SPOOFED_PACKET = IP(src=SRC_IP, dst=DST_IP)/TCP(sport=SRC_PORT, dport=DST_PORT)/PAYLOAD
send(SPOOFED_PACKET)
"""Demonstrates how to construct and send raw Ethernet packets on the
network.
You probably need root privs to be able to bind to the network interface,
e.g.:
$ sudo python sendeth.py
"""
from socket import *
def sendeth(src, dst, eth_type, payload, interface = "eth0"):
"""Send raw Ethernet packet on interface."""
assert(len(src) == len(dst) == 6) # 48-bit ethernet addresses
assert(len(eth_type) == 2) # 16-bit ethernet type
s = socket(AF_PACKET, SOCK_RAW)
# From the docs: "For raw packet
# sockets the address is a tuple (ifname, proto [,pkttype [,hatype]])"
s.bind((interface, 0))
return s.send(src + dst + eth_type + payload)
if __name__ == "__main__":
print("Sent %d-byte Ethernet packet on eth0" %
sendeth("\xFE\xED\xFA\xCE\xBE\xEF",
"\xFE\xED\xFA\xCE\xBE\xEF",
"\x7A\x05",
"hello"))
要包含的IPv4報頭:
"""Demonstrates how to construct and send raw Ethernet packets on the
network.
You probably need root privs to be able to bind to the network interface,
e.g.:
$ sudo python sendeth.py
"""
from socket import *
def sendeth(ethernet_packet, payload, interface = "eth0"):
"""Send raw Ethernet packet on interface."""
s = socket(AF_PACKET, SOCK_RAW)
# From the docs: "For raw packet
# sockets the address is a tuple (ifname, proto [,pkttype [,hatype]])"
s.bind((interface, 0))
return s.send(ethernet_packet + payload)
def pack(byte_sequence):
"""Convert list of bytes to byte string."""
return b"".join(map(chr, byte_sequence))
if __name__ == "__main__":
# Note that this example contains HARDCODED packets, meaning that
# it will ONLY work on the system it was designed for.
# I got these values by sending a ping while running Wireshark.
# You can do so yourself. Another way to construct these manually is to use
# the impacket library (sudo pip install impacket)
# src=fe:ed:fa:ce:be:ef, dst=52:54:00:12:35:02, type=0x0800 (IP)
ethernet_packet = [0x52, 0x54, 0x00, 0x12, 0x35, 0x02, 0xfe, 0xed, 0xfa,
0xce, 0xbe, 0xef, 0x08, 0x00]
# src=10.0.2.15, dst=195.88.54.16 (vg.no), checksum, etc.
ipv4_header = [0x45, 0x00, 0x00, 0x54, 0x05, 0x9f, 0x40, 0x00, 0x40, 0x01,
0x2f, 0x93, 0x0a, 0x00, 0x02, 0x0f, 0xc3, 0x58, 0x36, 0x10]
# echo (ping) request, checksum 2b45, etc
icmp_ping = [0x08, 0x00, 0x2b, 0x45, 0x11, 0x22, 0x00, 0x02, 0xa9, 0xf4, 0x5c,
0x53, 0x00, 0x00, 0x00, 0x00, 0xf5, 0x7b, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e,
0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37]
payload = "".join(map(chr, ipv4_header + icmp_ping))
# Construct Ethernet packet with an IPv4 ICMP PING request as payload
r = sendeth(pack(ethernet_packet),
pack(ipv4_header + icmp_ping))
print("Sent Ethernet w/IPv4 ICMP PING payload of length %d bytes" % r)
我有三個關於這個代碼的問題。 (1)我應該把什麼推入變量'eth_type'? (2)什麼是print(「在eth0上發送的%d字節以太網數據包」sendeth(「\ xFE \ xED \ xFA \ xCE \ xBE \ xEF」, 「\ xFE \ xED \ xFA \ xCE \ xBE \ xEF「, 」\ x7A \ x05「, 」hello「))'? (3)變量'src'&'dst'是否應該是包含'(IP,PORT)'的元組? – Kesi
'eth_type'應該是與正確的EtherType(https://en.wikipedia.org/wiki/EtherType)相對應的rax十六進制。 'print'語句同時發送和打印以太網幀。而'src'和'dst'是MAC地址,因爲這是以太網層,而不是IP層 – StephenG
感謝那個'eth_type',但我剛剛意識到,我到現在爲止誤解了'以太網幀',所以現在我知道,我正在尋找在「Payload」中更改「SRC_IP」和「DST_IP」。你能告訴我,這可以做什麼?感謝您的回答 – Kesi
可以從頭開始構建數據包,填充以正確的順序正確字節字節數組。然後將其發送到原始套接字。 –
看到這:https://gist.github.com/cslarsen/11339448 –