我的书签
添加书签
移除书签Packet manipulation
PacketFu Features
- Manipulating TCP protocol
- Manipulating UDP protocol
- Manipulating ICMP protocol
- Packet Capturing - Support TCPdump style[^2]
- Read and write PCAP files
Before installing packetfu gem you’ll need to install and libpcap-dev
- Install packetfu & pcaprub gems
gem install packetfu pcaprub
Get your interface information
require 'packetfu'ifconfig = PacketFu::Utils.ifconfig("wlan0")ifconfig[:iface]ifconfig[:ip_saddr]ifconfig[:eth_saddr]
Get MAC address of a remote host
Read Pcap file
PacketFu::PcapFile.read_packets("file.pcap")
require 'packetfu'def pkts#$config = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface=> "wlan0")).config # set interface$config = PacketFu::Config.new(:iface=> "wlan0").config # use this line instead of above if you face `whoami?': uninitialized constant PacketFu::Capture (NameError)#--> Build TCP/IP##- Build Ethernet header:---------------------------------------pkt = PacketFu::TCPPacket.new(:config => $config , :flavor => "Linux") # IP header# pkt.eth_src = "00:11:22:33:44:55" # Ether header: Source MAC ; you can use: pkt.eth_header.eth_src# pkt.eth_dst = "FF:FF:FF:FF:FF:FF" # Ether header: Destination MAC ; you can use: pkt.eth_header.eth_dstpkt.eth_proto # Ether header: Protocol ; you can use: pkt.eth_header.eth_proto#- Build IP header:---------------------------------------------pkt.ip_v = 4 # IP header: IPv4 ; you can use: pkt.ip_header.ip_vpkt.ip_tos = 0 # IP header: Type of service ; you can use: pkt.ip_header.ip_tospkt.ip_len = 20 # IP header: Total Length ; you can use: pkt.ip_header.ip_lenpkt.ip_id # IP header: Identification ; you can use: pkt.ip_header.ip_idpkt.ip_frag = 0 # IP header: Don't Fragment ; you can use: pkt.ip_header.ip_fragpkt.ip_ttl = 115 # IP header: TTL(64) is the default ; you can use: pkt.ip_header.ip_ttlpkt.ip_proto = 6 # IP header: Protocol = tcp (6) ; you can use: pkt.ip_header.ip_protopkt.ip_sum # IP header: Header Checksum ; you can use: pkt.ip_header.ip_sumpkt.ip_saddr = "2.2.2.2" # IP header: Source IP. use $config[:ip_saddr] if you want your real IP ; you can use: pkt.ip_header.ip_saddrpkt.ip_daddr = "10.20.50.45" # IP header: Destination IP ; you can use: pkt.ip_header.ip_daddr#- TCP header:-------------------------------------------------pkt.payload = "Hacked!" # TCP header: packet header(body)pkt.tcp_flags.ack = 0 # TCP header: Acknowledgmentpkt.tcp_flags.fin = 0 # TCP header: Finishpkt.tcp_flags.psh = 0 # TCP header: Pushpkt.tcp_flags.rst = 0 # TCP header: Resetpkt.tcp_flags.syn = 1 # TCP header: Synchronize sequence numberspkt.tcp_flags.urg = 0 # TCP header: Urgent pointerpkt.tcp_ecn = 0 # TCP header: ECHOpkt.tcp_win = 8192 # TCP header: Windowpkt.tcp_src = 5555 # TCP header: Source Port (random is the default )pkt.tcp_dst = 4444 # TCP header: Destination Port (make it random/range for general scanning)pkt.recalc # Recalculate/re-build whole pkt (should be at the end)#--> End of Build TCP/IPreturn pkt_to_aenddef scanpkt_array = pkts.sort_by{rand}puts "-" * " [-] Send Syn flag".length + "\n" + " [-] Send Syn flag " + "\n"inj = PacketFu::Inject.new(:iface => $config[:iface] , :config => $config, :promisc => false)inj.array_to_wire(:array => pkt_array) # Send/Inject the packet through connectionputs " [-] Done" + "\n" + "-" * " [-] Send Syn flag".lengthendscan
Lets see how we can
This is a simple IDS will print source and destination of any communication has “hacked” payload
require 'packetfu'capture = PacketFu::Capture.new(:iface => "wlan0", :start => true, :filter => "ip")loop docapture.stream.each do |pkt|packet = PacketFu::Packet.parse(pkt)puts "#{Time.now}: " + "Source IP: #{packet.ip_saddr}" + " --> " + "Destination IP: #{packet.ip_daddr}" if packet.payload =~ /hacked/iend
echo "Hacked" | nc -nv 192.168.0.15 4444
return
[^1]:
[^2]: TCPdump Cheat sheet
