SlideShare une entreprise Scribd logo
1  sur  23
Télécharger pour lire hors ligne
packets, pcap’s & python
BSides London 2014 Scapy Workshop
By Adam Maxwell / @catalyst256
Pre-requites for workshop
1. Have a laptop.
2. Have Scapy installed (VM is fine).
• Kali or BackTrack
• Linux
• Mac OSX
• Windows (you’re on your own)
3. If possible clone this GitHub repo:
• https://github.com/catalyst256/ScapyWrkShop
4. A BSides London Scapy Cheat Card
What are we going to learn today
• Who am I
• Scapy - brief intro
• Write some packets
• Read some packets
• Some cool Scapy features
• Using Scapy with Python
Who am I – The bad stuff
• I don’t work in InfoSec.
• I’m not a network engineer.
• I am VMware Certified (that impressed you
right??).
• I work for an insurance company (someone
has to).
• This is my first EVER workshop (sorry).
Who am I – The slightly better stuff
• I’m the author of “The Very Unofficial Dummies
Guide to Scapy”.
• I hold an OSCP & OSWP and I’ve sat the SANS
SEC503 course.
• Spend far too much time with the 3 P’s:
• Packets
• pcaps
• Python
• I wrote a Maltego Transform set for analyzing
pcap files called sniffMyPackets.
Scapy - A Brief Intro
• Written by Philippe Biondi.
• Based on Python
• Some of the cool stuff it can do:
• Forge packets
• Decode packets
• Send & Receive packets
• ARP Poisoning
• Sniff packets
• Current version: 2.2.0-dev
• Check out: http://bb.secdev.org/scapy/overview
Packets – Vanilla Packet
• Lets create the 3 layers for a TCP packet.
• Now lets view it.
>>> a = Ether()
>>> b = IP()
>>> c = TCP()
>>> a.show()
>>> b.show()
>>> c.show()
Packets – Tweak it a bit
• Lets change the IP destination port
• Lets change the TCP destination port
>>> b.dst = ’1.1.1.1'
>>> c.dport = 80
Packets – The Humble ICMP
• One liner ICMP Packet (Request)
• But wait we didn’t set a ICMP Type.
• The Scapy default for an ICMP packet is type 8
(or echo-request).
>>> i = IP(dst='127.0.0.1')/ICMP()/"HelloWorld"
>>> i
<IP frag=0 proto=icmp dst=127.0.0.1 |<ICMP |<Raw load='HelloWorld' |>>>
>>> ls(ICMP)
type : ByteEnumField = (8)
…
Packets – The Humble ICMP
• Time to release your packet..
• Oh did you want to see the response??
• Change your src IP & dst IP to something
“valid” eg.
>>> sendp(i)
.
Sent 1 packets.
>>>
>>> i[IP].src = '10.1.99.28'
>>> i[IP].dst = '10.1.99.1'
Packets – The Humble ICMP
• Now lets send it and collect the response.
>>> x = sr1(i)
Begin emission:
..Finished to send 1 packets.
.*
Received 4 packets, got 1 answers, remaining 0 packets
>>> x
<IP version=4L ihl=5L tos=0x0 len=38 id=22514 flags=
frag=0L ttl=64 proto=icmp chksum=0x48c6
src=10.1.99.1 dst=10.1.99.28 options=[] |
<ICMP type=echo-reply code=0 chksum=0x0 id=0x0 seq=0x0
|<Raw load='HelloWorld' |>>>
Packets – Something a little different?
• DNS?
• Port Scanner?
• Traceroute?
• This is actually a ICMP & TCP traceroute, default
destination port is 80 (which you can change of course).
>>> p = sr1(IP(dst="8.8.8.8")/UDP()/DNS(rd=1,qd=DNSQR(qname="www.citrix.com")))
>>> p=sr(IP(dst="10.1.99.1")/TCP(dport=[23,80,53,443]))
>>> p=sr(IP(dst="10.1.99.1")/TCP(dport=80))
>>> traceroute (["www.google.com"], maxttl=20)
>>> traceroute(["www.google.com"], dport=443, maxttl=20)
Packets – HTTP GET Request
• HTTP packets require the TCP 3 way
handshake to be completed first.
• Using Python + Scapy it is easier to create the
necessary packets.
• Scapy uses Raw packets which might get
dropped by your Kernel/OS. You may need to
run this command (on Linux).
iptables -A OUTPUT -p tcp --tcp-flags RST RST -s [source IP] -j DROP
Packets – HTTP GET Request
• Using Python the GET Request looks like this:
#!/usr/bin/env python
from scapy.all import *
# Set the GET request
get='GET / HTTP/1.0nn'
# Set your target
ip=IP(dst="www.google.com")
# Create a random source port (not needed but nice to have)
port=RandNum(1024,65535)
# Create the SYN packet
SYN=ip/TCP(sport=port, dport=80, flags="S", seq=666)
# Send SYN and receive SYN,ACK
SYNACK=sr1(SYN)
# Create ACK with GET request
ACK=ip/TCP(sport=SYNACK.dport, dport=80, flags="A", seq=SYNACK.ack, ack=SYNACK.seq + 1) / get
# SEND our ACK-GET request
reply,error=sr(ACK)
# Print the reply
print reply.show()
PCAPS – The 3 R’s
• Reading
>>> pkts = rdpcap('pcap/evidence02.pcap')
>>> pkts
<evidence02.pcap: TCP:490 UDP:52 ICMP:0 Other:30>
>>> pkts.summary()
>>> pkts.nsummary()
>>> pkts[48]
Pull out DNS packets
>>> x = []
>>> for p in pkts:
>>> if p.haslayer(UDP) and p.haslayer(DNS):
>>> x.append(p)
>>>
>>> x.nsummary()
PCAPS – The 3 R’s
• wRiting
>>> wrpcap('pcap/test.pcap', x)
>>> wireshark(x)
>>> wrpcap('pcap/replay1.pcap',x[0])
>>> wireshark(x[0])
PCAPS – The 3 R’s
• Replaying
>>> pkts = rdpcap('pcap/replay1.pcap')
>>> del pkts[0][Ether].dst
>>> del pkts[0][Ether].src
>>> pkts[0][IP].src = '10.1.99.28'
>>> pkts[0][IP].dst = '8.8.8.8'
>>> del pkts[0][IP].chksum
>>> del pkts[0][UDP].chksum
>>> x = srp1(pkts[0])
>>> x.summary()
'Ether / IP / UDP / DNS Ans "smtp.cs.com." '
>>> srploop(pkts[0])
>>> wrpcap(‘pcap/replay2.pcap’, pkts[0])
Python – Importing Scapy
• The quick way
• Turn off “warning messages”
• Turn off verbose in Scapy interactive
from scapy.all import *
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
>>> conf.verb = 0
(default is 2)
Python – Simple Packet Sniffer
• Sniff all the packets
#!/usr/bin/env python
import sys
from scapy.all import *
iface = sys.argv[1]
pkts = sniff(iface=iface, prn=lambda x: x.summary())
Python – Simple Packet Sniffer
• Sniff some of the packets
• Scapy uses Berkeley Packet Filter for filtering
packets when sniffing (same as TCPDUMP).
#!/usr/bin/env python
import sys
from scapy.all import *
iface = sys.argv[1]
pkts = sniff(iface=iface, filter=sys.argv[2], prn=lambda x: x.summary())
sudo ./simplesniffer.py en1 'tcp port 80'
Python – Parse a pcap file
• Looking for HTTP traffic??
def find_http_requests(pkts):
get_requests = []
http_get = 'GET /'
for p in pkts:
if p.haslayer(TCP) and p.haslayer(Raw):
raw = p.getlayer(Raw).load
if http_get in raw:
dstip = p.getlayer(IP).dst
dport = p.getlayer(TCP).dport
srcip = p.getlayer(IP).src
new_raw = p.getlayer(Raw).load
request = ''
host = ''
for t in re.finditer('(GET) (S*)', new_raw):
request = t.group(2)
for s in re.finditer('(Host:) (S*)', new_raw):
host = s.group(2)
talker = request, srcip, dstip, dport, host
if talker not in get_requests:
get_requests.append(talker)
for url, src, dst, port, host in get_requests:
print GREEN + '[+] Web traffic from: ' + str(src) + ' to ' + str(dst) + ' on port ’/
+ str(port) + ' to ' + host + ' for ' + url + END
Python – WiFi Fun??
• Create your own De Auth packets??
• Sniff some beacons??
packet = RadioTap()/Dot11(type=0,subtype=12,addr1=client,addr2=bssid,addr3=bssid)/Dot11Deauth(reason=7)
def sniffBeacons(p):
if p.haslayer(Dot11Beacon):
enc = ''
ssid = p[Dot11Elt].info
bssid = p[Dot11].addr3
channel = int(ord(p[Dot11Elt:3].info))
capability = p.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}{Dot11ProbeResp:%Dot11ProbeResp.cap%}")
rssi = (ord(p.notdecoded[-4:-3])-256)
if re.search("privacy", capability):
enc = 'Y'
else:
enc = 'N'
entity = ssid, bssid, channel, enc, rssi, interface
sniff(iface=interface, prn=sniffBeacons)
The End !!
• Questions??

Contenu connexe

Tendances

Ruby 1.9 And Rails 3.0
Ruby 1.9 And Rails 3.0Ruby 1.9 And Rails 3.0
Ruby 1.9 And Rails 3.0ArrrrCamp
 
zebra & openconfigd Introduction
zebra & openconfigd Introductionzebra & openconfigd Introduction
zebra & openconfigd IntroductionKentaro Ebisawa
 
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014Puppet
 
p4alu: Arithmetic Logic Unit in P4
p4alu: Arithmetic Logic Unit in P4p4alu: Arithmetic Logic Unit in P4
p4alu: Arithmetic Logic Unit in P4Kentaro Ebisawa
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Fluentd and PHP
Fluentd and PHPFluentd and PHP
Fluentd and PHPchobi e
 
iptables and Kubernetes
iptables and Kubernetesiptables and Kubernetes
iptables and KubernetesHungWei Chiu
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-upHungWei Chiu
 
Skydive, real-time network analyzer
Skydive, real-time network analyzer Skydive, real-time network analyzer
Skydive, real-time network analyzer Sylvain Afchain
 
Distributed app development with nodejs and zeromq
Distributed app development with nodejs and zeromqDistributed app development with nodejs and zeromq
Distributed app development with nodejs and zeromqRuben Tan
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuceDb Cooper
 
Anatomy of neutron from the eagle eyes of troubelshoorters
Anatomy of neutron from the eagle eyes of troubelshoortersAnatomy of neutron from the eagle eyes of troubelshoorters
Anatomy of neutron from the eagle eyes of troubelshoortersSadique Puthen
 
OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27Kentaro Ebisawa
 
Troubleshooting common oslo.messaging and RabbitMQ issues
Troubleshooting common oslo.messaging and RabbitMQ issuesTroubleshooting common oslo.messaging and RabbitMQ issues
Troubleshooting common oslo.messaging and RabbitMQ issuesMichael Klishin
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Guillotina: The Asyncio REST Resource API
Guillotina: The Asyncio REST Resource APIGuillotina: The Asyncio REST Resource API
Guillotina: The Asyncio REST Resource APINathan Van Gheem
 

Tendances (20)

Ruby 1.9 And Rails 3.0
Ruby 1.9 And Rails 3.0Ruby 1.9 And Rails 3.0
Ruby 1.9 And Rails 3.0
 
Logging & Docker - Season 2
Logging & Docker - Season 2Logging & Docker - Season 2
Logging & Docker - Season 2
 
zebra & openconfigd Introduction
zebra & openconfigd Introductionzebra & openconfigd Introduction
zebra & openconfigd Introduction
 
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
 
Who Broke My Crypto
Who Broke My CryptoWho Broke My Crypto
Who Broke My Crypto
 
p4alu: Arithmetic Logic Unit in P4
p4alu: Arithmetic Logic Unit in P4p4alu: Arithmetic Logic Unit in P4
p4alu: Arithmetic Logic Unit in P4
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Fluentd and PHP
Fluentd and PHPFluentd and PHP
Fluentd and PHP
 
iptables and Kubernetes
iptables and Kubernetesiptables and Kubernetes
iptables and Kubernetes
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-up
 
Skydive, real-time network analyzer
Skydive, real-time network analyzer Skydive, real-time network analyzer
Skydive, real-time network analyzer
 
Distributed app development with nodejs and zeromq
Distributed app development with nodejs and zeromqDistributed app development with nodejs and zeromq
Distributed app development with nodejs and zeromq
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
 
Anatomy of neutron from the eagle eyes of troubelshoorters
Anatomy of neutron from the eagle eyes of troubelshoortersAnatomy of neutron from the eagle eyes of troubelshoorters
Anatomy of neutron from the eagle eyes of troubelshoorters
 
OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27
 
Troubleshooting common oslo.messaging and RabbitMQ issues
Troubleshooting common oslo.messaging and RabbitMQ issuesTroubleshooting common oslo.messaging and RabbitMQ issues
Troubleshooting common oslo.messaging and RabbitMQ issues
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautam
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
 
Guillotina: The Asyncio REST Resource API
Guillotina: The Asyncio REST Resource APIGuillotina: The Asyncio REST Resource API
Guillotina: The Asyncio REST Resource API
 

En vedette

CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud
 
Finding the Right Balance: Security vs. Performance with Network Storage Systems
Finding the Right Balance: Security vs. Performance with Network Storage SystemsFinding the Right Balance: Security vs. Performance with Network Storage Systems
Finding the Right Balance: Security vs. Performance with Network Storage SystemsArun Olappamanna Vasudevan
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Alert Logic
 
Docker security introduction-task-2016
Docker security introduction-task-2016Docker security introduction-task-2016
Docker security introduction-task-2016Ricardo Gerardi
 
Pythonによる高位設計フレームワークPyCoRAMでFPGAシステムを開発してみよう
Pythonによる高位設計フレームワークPyCoRAMでFPGAシステムを開発してみようPythonによる高位設計フレームワークPyCoRAMでFPGAシステムを開発してみよう
Pythonによる高位設計フレームワークPyCoRAMでFPGAシステムを開発してみようShinya Takamaeda-Y
 
Presentation cloud security the grand challenge
Presentation   cloud security the grand challengePresentation   cloud security the grand challenge
Presentation cloud security the grand challengexKinAnx
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES  IN CLOUD COMPUTINGSOME SECURITY CHALLENGES  IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGHoang Nguyen
 
Cloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleCloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleAlan Quayle
 
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013beltface
 
Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSAPratik Poddar
 
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzChristopher Gerritz
 
Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1iasaglobal
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Webinar: Accelerate Your Cloud Business With CloudHealth
Webinar: Accelerate Your Cloud Business With CloudHealthWebinar: Accelerate Your Cloud Business With CloudHealth
Webinar: Accelerate Your Cloud Business With CloudHealthCloudHealth by VMware
 
Who am i powerpoint
Who am i powerpointWho am i powerpoint
Who am i powerpointbeachgirl122
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 

En vedette (19)

Layer 2 Hackery
Layer 2 HackeryLayer 2 Hackery
Layer 2 Hackery
 
CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution Overview
 
Finding the Right Balance: Security vs. Performance with Network Storage Systems
Finding the Right Balance: Security vs. Performance with Network Storage SystemsFinding the Right Balance: Security vs. Performance with Network Storage Systems
Finding the Right Balance: Security vs. Performance with Network Storage Systems
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
 
Docker security introduction-task-2016
Docker security introduction-task-2016Docker security introduction-task-2016
Docker security introduction-task-2016
 
Pythonによる高位設計フレームワークPyCoRAMでFPGAシステムを開発してみよう
Pythonによる高位設計フレームワークPyCoRAMでFPGAシステムを開発してみようPythonによる高位設計フレームワークPyCoRAMでFPGAシステムを開発してみよう
Pythonによる高位設計フレームワークPyCoRAMでFPGAシステムを開発してみよう
 
Presentation cloud security the grand challenge
Presentation   cloud security the grand challengePresentation   cloud security the grand challenge
Presentation cloud security the grand challenge
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES  IN CLOUD COMPUTINGSOME SECURITY CHALLENGES  IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
 
Cloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleCloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop Sample
 
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
 
Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSA
 
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
 
Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
C2S: What’s Next
C2S: What’s NextC2S: What’s Next
C2S: What’s Next
 
Webinar: Accelerate Your Cloud Business With CloudHealth
Webinar: Accelerate Your Cloud Business With CloudHealthWebinar: Accelerate Your Cloud Business With CloudHealth
Webinar: Accelerate Your Cloud Business With CloudHealth
 
Linkedin 101 ppt
Linkedin 101 pptLinkedin 101 ppt
Linkedin 101 ppt
 
Who am i powerpoint
Who am i powerpointWho am i powerpoint
Who am i powerpoint
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
 

Similaire à BSides London - Scapy Workshop

110864103 adventures-in-bug-hunting
110864103 adventures-in-bug-hunting110864103 adventures-in-bug-hunting
110864103 adventures-in-bug-huntingbob dobbs
 
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018DevOpsDays Tel Aviv
 
Package Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerPackage Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerJianwen Wei
 
SMP implementation for OpenBSD/sgi
SMP implementation for OpenBSD/sgiSMP implementation for OpenBSD/sgi
SMP implementation for OpenBSD/sgiTakuya ASADA
 
IPLOG? A beginner's IDS for the WIN!
IPLOG? A beginner's IDS for the WIN!IPLOG? A beginner's IDS for the WIN!
IPLOG? A beginner's IDS for the WIN!Nathan Gibbs
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...Moabi.com
 
SMP Implementation for OpenBSD/sgi [Japanese Edition]
SMP Implementation for OpenBSD/sgi [Japanese Edition]SMP Implementation for OpenBSD/sgi [Japanese Edition]
SMP Implementation for OpenBSD/sgi [Japanese Edition]Takuya ASADA
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONGoutham Royal
 
13048671.ppt
13048671.ppt13048671.ppt
13048671.pptLyVu51
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawRedspin, Inc.
 
Packaging perl (LPW2010)
Packaging perl (LPW2010)Packaging perl (LPW2010)
Packaging perl (LPW2010)p3castro
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014biicode
 
Plan 9カーネルにおけるTCP/IP実装(未完)
Plan 9カーネルにおけるTCP/IP実装(未完)Plan 9カーネルにおけるTCP/IP実装(未完)
Plan 9カーネルにおけるTCP/IP実装(未完)Ryousei Takano
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bwjktjpc
 
Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?Nelson Brito
 
Go Faster with Ansible (AWS meetup)
Go Faster with Ansible (AWS meetup)Go Faster with Ansible (AWS meetup)
Go Faster with Ansible (AWS meetup)Richard Donkin
 

Similaire à BSides London - Scapy Workshop (20)

Pycon Sec
Pycon SecPycon Sec
Pycon Sec
 
Libpcap
LibpcapLibpcap
Libpcap
 
110864103 adventures-in-bug-hunting
110864103 adventures-in-bug-hunting110864103 adventures-in-bug-hunting
110864103 adventures-in-bug-hunting
 
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Package Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerPackage Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π Supercomputer
 
SMP implementation for OpenBSD/sgi
SMP implementation for OpenBSD/sgiSMP implementation for OpenBSD/sgi
SMP implementation for OpenBSD/sgi
 
IPLOG? A beginner's IDS for the WIN!
IPLOG? A beginner's IDS for the WIN!IPLOG? A beginner's IDS for the WIN!
IPLOG? A beginner's IDS for the WIN!
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
 
SMP Implementation for OpenBSD/sgi [Japanese Edition]
SMP Implementation for OpenBSD/sgi [Japanese Edition]SMP Implementation for OpenBSD/sgi [Japanese Edition]
SMP Implementation for OpenBSD/sgi [Japanese Edition]
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATION
 
13048671.ppt
13048671.ppt13048671.ppt
13048671.ppt
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
 
Packaging perl (LPW2010)
Packaging perl (LPW2010)Packaging perl (LPW2010)
Packaging perl (LPW2010)
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014
 
Plan 9カーネルにおけるTCP/IP実装(未完)
Plan 9カーネルにおけるTCP/IP実装(未完)Plan 9カーネルにおけるTCP/IP実装(未完)
Plan 9カーネルにおけるTCP/IP実装(未完)
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bw
 
Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
 
Go Faster with Ansible (AWS meetup)
Go Faster with Ansible (AWS meetup)Go Faster with Ansible (AWS meetup)
Go Faster with Ansible (AWS meetup)
 

Dernier

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 

Dernier (20)

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 

BSides London - Scapy Workshop

  • 1. packets, pcap’s & python BSides London 2014 Scapy Workshop By Adam Maxwell / @catalyst256
  • 2. Pre-requites for workshop 1. Have a laptop. 2. Have Scapy installed (VM is fine). • Kali or BackTrack • Linux • Mac OSX • Windows (you’re on your own) 3. If possible clone this GitHub repo: • https://github.com/catalyst256/ScapyWrkShop 4. A BSides London Scapy Cheat Card
  • 3. What are we going to learn today • Who am I • Scapy - brief intro • Write some packets • Read some packets • Some cool Scapy features • Using Scapy with Python
  • 4. Who am I – The bad stuff • I don’t work in InfoSec. • I’m not a network engineer. • I am VMware Certified (that impressed you right??). • I work for an insurance company (someone has to). • This is my first EVER workshop (sorry).
  • 5. Who am I – The slightly better stuff • I’m the author of “The Very Unofficial Dummies Guide to Scapy”. • I hold an OSCP & OSWP and I’ve sat the SANS SEC503 course. • Spend far too much time with the 3 P’s: • Packets • pcaps • Python • I wrote a Maltego Transform set for analyzing pcap files called sniffMyPackets.
  • 6. Scapy - A Brief Intro • Written by Philippe Biondi. • Based on Python • Some of the cool stuff it can do: • Forge packets • Decode packets • Send & Receive packets • ARP Poisoning • Sniff packets • Current version: 2.2.0-dev • Check out: http://bb.secdev.org/scapy/overview
  • 7. Packets – Vanilla Packet • Lets create the 3 layers for a TCP packet. • Now lets view it. >>> a = Ether() >>> b = IP() >>> c = TCP() >>> a.show() >>> b.show() >>> c.show()
  • 8. Packets – Tweak it a bit • Lets change the IP destination port • Lets change the TCP destination port >>> b.dst = ’1.1.1.1' >>> c.dport = 80
  • 9. Packets – The Humble ICMP • One liner ICMP Packet (Request) • But wait we didn’t set a ICMP Type. • The Scapy default for an ICMP packet is type 8 (or echo-request). >>> i = IP(dst='127.0.0.1')/ICMP()/"HelloWorld" >>> i <IP frag=0 proto=icmp dst=127.0.0.1 |<ICMP |<Raw load='HelloWorld' |>>> >>> ls(ICMP) type : ByteEnumField = (8) …
  • 10. Packets – The Humble ICMP • Time to release your packet.. • Oh did you want to see the response?? • Change your src IP & dst IP to something “valid” eg. >>> sendp(i) . Sent 1 packets. >>> >>> i[IP].src = '10.1.99.28' >>> i[IP].dst = '10.1.99.1'
  • 11. Packets – The Humble ICMP • Now lets send it and collect the response. >>> x = sr1(i) Begin emission: ..Finished to send 1 packets. .* Received 4 packets, got 1 answers, remaining 0 packets >>> x <IP version=4L ihl=5L tos=0x0 len=38 id=22514 flags= frag=0L ttl=64 proto=icmp chksum=0x48c6 src=10.1.99.1 dst=10.1.99.28 options=[] | <ICMP type=echo-reply code=0 chksum=0x0 id=0x0 seq=0x0 |<Raw load='HelloWorld' |>>>
  • 12. Packets – Something a little different? • DNS? • Port Scanner? • Traceroute? • This is actually a ICMP & TCP traceroute, default destination port is 80 (which you can change of course). >>> p = sr1(IP(dst="8.8.8.8")/UDP()/DNS(rd=1,qd=DNSQR(qname="www.citrix.com"))) >>> p=sr(IP(dst="10.1.99.1")/TCP(dport=[23,80,53,443])) >>> p=sr(IP(dst="10.1.99.1")/TCP(dport=80)) >>> traceroute (["www.google.com"], maxttl=20) >>> traceroute(["www.google.com"], dport=443, maxttl=20)
  • 13. Packets – HTTP GET Request • HTTP packets require the TCP 3 way handshake to be completed first. • Using Python + Scapy it is easier to create the necessary packets. • Scapy uses Raw packets which might get dropped by your Kernel/OS. You may need to run this command (on Linux). iptables -A OUTPUT -p tcp --tcp-flags RST RST -s [source IP] -j DROP
  • 14. Packets – HTTP GET Request • Using Python the GET Request looks like this: #!/usr/bin/env python from scapy.all import * # Set the GET request get='GET / HTTP/1.0nn' # Set your target ip=IP(dst="www.google.com") # Create a random source port (not needed but nice to have) port=RandNum(1024,65535) # Create the SYN packet SYN=ip/TCP(sport=port, dport=80, flags="S", seq=666) # Send SYN and receive SYN,ACK SYNACK=sr1(SYN) # Create ACK with GET request ACK=ip/TCP(sport=SYNACK.dport, dport=80, flags="A", seq=SYNACK.ack, ack=SYNACK.seq + 1) / get # SEND our ACK-GET request reply,error=sr(ACK) # Print the reply print reply.show()
  • 15. PCAPS – The 3 R’s • Reading >>> pkts = rdpcap('pcap/evidence02.pcap') >>> pkts <evidence02.pcap: TCP:490 UDP:52 ICMP:0 Other:30> >>> pkts.summary() >>> pkts.nsummary() >>> pkts[48] Pull out DNS packets >>> x = [] >>> for p in pkts: >>> if p.haslayer(UDP) and p.haslayer(DNS): >>> x.append(p) >>> >>> x.nsummary()
  • 16. PCAPS – The 3 R’s • wRiting >>> wrpcap('pcap/test.pcap', x) >>> wireshark(x) >>> wrpcap('pcap/replay1.pcap',x[0]) >>> wireshark(x[0])
  • 17. PCAPS – The 3 R’s • Replaying >>> pkts = rdpcap('pcap/replay1.pcap') >>> del pkts[0][Ether].dst >>> del pkts[0][Ether].src >>> pkts[0][IP].src = '10.1.99.28' >>> pkts[0][IP].dst = '8.8.8.8' >>> del pkts[0][IP].chksum >>> del pkts[0][UDP].chksum >>> x = srp1(pkts[0]) >>> x.summary() 'Ether / IP / UDP / DNS Ans "smtp.cs.com." ' >>> srploop(pkts[0]) >>> wrpcap(‘pcap/replay2.pcap’, pkts[0])
  • 18. Python – Importing Scapy • The quick way • Turn off “warning messages” • Turn off verbose in Scapy interactive from scapy.all import * import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) >>> conf.verb = 0 (default is 2)
  • 19. Python – Simple Packet Sniffer • Sniff all the packets #!/usr/bin/env python import sys from scapy.all import * iface = sys.argv[1] pkts = sniff(iface=iface, prn=lambda x: x.summary())
  • 20. Python – Simple Packet Sniffer • Sniff some of the packets • Scapy uses Berkeley Packet Filter for filtering packets when sniffing (same as TCPDUMP). #!/usr/bin/env python import sys from scapy.all import * iface = sys.argv[1] pkts = sniff(iface=iface, filter=sys.argv[2], prn=lambda x: x.summary()) sudo ./simplesniffer.py en1 'tcp port 80'
  • 21. Python – Parse a pcap file • Looking for HTTP traffic?? def find_http_requests(pkts): get_requests = [] http_get = 'GET /' for p in pkts: if p.haslayer(TCP) and p.haslayer(Raw): raw = p.getlayer(Raw).load if http_get in raw: dstip = p.getlayer(IP).dst dport = p.getlayer(TCP).dport srcip = p.getlayer(IP).src new_raw = p.getlayer(Raw).load request = '' host = '' for t in re.finditer('(GET) (S*)', new_raw): request = t.group(2) for s in re.finditer('(Host:) (S*)', new_raw): host = s.group(2) talker = request, srcip, dstip, dport, host if talker not in get_requests: get_requests.append(talker) for url, src, dst, port, host in get_requests: print GREEN + '[+] Web traffic from: ' + str(src) + ' to ' + str(dst) + ' on port ’/ + str(port) + ' to ' + host + ' for ' + url + END
  • 22. Python – WiFi Fun?? • Create your own De Auth packets?? • Sniff some beacons?? packet = RadioTap()/Dot11(type=0,subtype=12,addr1=client,addr2=bssid,addr3=bssid)/Dot11Deauth(reason=7) def sniffBeacons(p): if p.haslayer(Dot11Beacon): enc = '' ssid = p[Dot11Elt].info bssid = p[Dot11].addr3 channel = int(ord(p[Dot11Elt:3].info)) capability = p.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}{Dot11ProbeResp:%Dot11ProbeResp.cap%}") rssi = (ord(p.notdecoded[-4:-3])-256) if re.search("privacy", capability): enc = 'Y' else: enc = 'N' entity = ssid, bssid, channel, enc, rssi, interface sniff(iface=interface, prn=sniffBeacons)
  • 23. The End !! • Questions??

Notes de l'éditeur

  1. Wireshark packet summary numbering 1, Scapy starts at 0haslayer &amp; getlayer
  2. Wireshark packet count starts at 1, Scapy starts at 0haslayer &amp; getlayer