analitics

Pages

Showing posts with label scapy. Show all posts
Showing posts with label scapy. Show all posts

Sunday, January 8, 2023

Python 3.11.0 : The scapy python module - part 003.

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.
First, you need to install it with pip tool: pip install scapy --user.
I used with WinPcap from this webpage, but you will see the recomandation is to use Npcap.
#!/usr/bin/env python3
import os
print(os.sys.path)
from scapy.all import *

def mysniff(interface):
    sniff(iface=interface, store=False, prn=process_sniffed_packet)

def process_sniffed_packet(packet):
    pyperclip.copy(str(packet))
    print(packet)

mysniff("Realtek PCIe GbE Family Controller")
The running result is something like this:
...
WARNING: WinPcap is now deprecated (not maintained). Please use Npcap instead
Ether / IP / TCP 104.244.42.2:https > 192.168.0.143:55478 PA / Raw
Ether / IP / TCP 192.168.0.143:55478 > 104.244.42.2:https PA / Raw
Ether / IP / TCP 192.168.0.143:55478 > 104.244.42.2:https PA / Raw
Ether / IP / TCP 104.244.42.2:https > 192.168.0.143:55478 A / Padding
Ether / IP / TCP 104.244.42.2:https > 192.168.0.143:55478 A / Padding
Ether / ARP who has 192.168.0.1 says 192.168.0.206 / Padding
...

Sunday, October 21, 2018

The scapy python module - part 002.

This is another python tutorial about scapy python module.
The last was made on Linux and now I used Windows 10 OS.
Let's install this python module with python version 2.7.13 and pip.
C:\>cd Python27

C:\Python27>cd Scripts

C:\Python27\Scripts>pip install scapy
Collecting scapy
  Downloading scapy-2.3.3.tgz (1.4MB)
    100% |################################| 1.4MB 736kB/s
  In the tar file c:\users\mythcat\appdata\local\temp\pip-26vi9x-unpack\scapy-2.3.3.tgz 
the member scapy-2.3.3/README is invalid: unable to resolve link inside archive
Installing collected packages: scapy
  Running setup.py install for scapy ... done
Successfully installed scapy-2.3.3
The next step is to deal with
C:\Python27\Scripts>python
Python 2.7.13 (v2.7.13:a06454b1afa1, Dec 17 2016, 20:42:59) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import scapy
>>> from scapy import *
>>> dir(scapy)
['VERSION', '_SCAPY_PKG_DIR', '__builtins__', '__doc__', '__file__', '__name__', '__package__',
 '__path__', '_version', '_version_from_git_describe', 'base_classes', 'config', 'dadict', 'data',
 'error', 'os', 'plist', 'pton_ntop', 're', 'subprocess', 'supersocket', 'themes', 'utils', 
'with_statement']

This is not working on WINDOWS

Wednesday, April 5, 2017

The scapy python module - part 001.

Today I will start with scapy python module.
This is a good python module to deal and interact with network packets.
[root@localhost mythcat]# pip install scapy
Collecting scapy
  Downloading scapy-2.3.3.tgz (1.4MB)
    100% |████████████████████████████████| 1.4MB 904kB/s 
Building wheels for collected packages: scapy
  Running setup.py bdist_wheel for scapy ... done
  Stored in directory: /root/.cache/pip/wheels/bd/cf/...
Installing collected packages: scapy
Successfully installed scapy-2.3.3
The first test is to test is the echo of Layer 3 ICMP.
Use the superuser shell to run this python script:
from scapy.all import *
dstip=raw_input("enter the ip address \n")
icmp=ICMP()
icmp.type=8
icmp.code=0
ip=IP()
ip.dst=dstip
p=sr1(ip/icmp,timeout=5, verbose=0)
if(p):
        print "Layer 3 is up"
else:
        print "Layer 3 status is down"
The next python script will about arp request:
from scapy.all import *
def arp_display(pkt):
    if pkt[ARP].op == 1: 
        return "Request: " + pkt[ARP].psrc + " is asking about " + pkt[ARP].pdst
    if pkt[ARP].op == 2: 
        return "*Response: " + pkt[ARP].hwsrc + " has address " + pkt[ARP].psrc
print sniff(prn=arp_display, filter="arp", store=0, count=10)
This will read the packages from source and destination and show me what ARP traffic my computer is seeing.