본문 바로가기
네트워크

scapy

by ^..^v 2019. 6. 7.
728x90
반응형

scapy

- 파이썬으로 작성된 패킷 조작 도구

- 패킷 디코딩, 전송, 캡처, 수정 등 다양한 기능을 제공

https://www.itlkorea.kr/data/scapy-pocket-guide0.2.pdf

 

지원하는 프로토콜 확인

root@kali:~# scapy
INFO: Can't import python gnuplot wrapper . Won't be able to plot.
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.3.2)
>>> ls()
AH         : AH
ARP        : ARP
  :

 

TCP 헤더 정보를 출력

>>> ls(TCP) 
sport      : ShortEnumField            = (20)
dport      : ShortEnumField            = (80)
seq        : IntField                  = (0)
ack        : IntField                  = (0)
dataofs    : BitField (4 bits)         = (None)
reserved   : BitField (4 bits)         = (0)
flags      : FlagsField (8 bits)       = (2)
window     : ShortField                = (8192)
chksum     : XShortField               = (None)
urgptr     : ShortField                = (0)
options    : TCPOptionsField           = ({})

 

현재 설정되어 있는 TCP 정보를 출력

>>> TCP().display()
###[ TCP ]###
  sport= ftp_data
  dport= http
  seq= 0
  ack= 0
  dataofs= None
  reserved= 0
  flags= S
  window= 8192
  chksum= None
  urgptr= 0
  options= {}

 

사용 가능한 기능을 확인

>>> lsc() 
arpcachepoison      : Poison target's cache with (your MAC,victim's IP) couple
arping              : Send ARP who-has requests to determine which hosts are up
bind_layers         : Bind 2 layers on some specific fields' values
bridge_and_sniff    : Forward traffic between two interfaces and sniff packets exchanged
corrupt_bits        : Flip a given percentage or number of bits from a string
	:

 

현재 설정된 IP 헤더 정보를 출력

>>> IP().display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags= 
  frag= 0
  ttl= 64
  proto= hopopt
  chksum= None
  src= 127.0.0.1
  dst= 127.0.0.1
  \options\

 

변수 활용

>>> ip = IP()
>>> ip.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags= 
  frag= 0
  ttl= 64
  proto= hopopt
  chksum= None
  src= 127.0.0.1
  dst= 127.0.0.1
  \options\

 

현재 IP 헤더에 목적지 주소를 변경

>>> ip.dst="192.168.111.130"
>>> ip.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags= 
  frag= 0
  ttl= 64
  proto= hopopt
  chksum= None
  src= 192.168.111.131
  dst= 192.168.111.130
  \options\

>>> ip=IP(dst="192.168.111.140")
>>> ip.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags= 
  frag= 0
  ttl= 64
  proto= hopopt
  chksum= None
  src= 192.168.111.131
  dst= 192.168.111.140
  \options\

 

레이어를 쌓는 방법

>>> tcp = TCP()
>>> ip = IP()
>>> packet = ip/tcp
>>> packet.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags= 
  frag= 0
  ttl= 64
  proto= tcp
  chksum= None
  src= 127.0.0.1
  dst= 127.0.0.1
  \options\
###[ TCP ]###
     sport= ftp_data
     dport= http
     seq= 0
     ack= 0
     dataofs= None
     reserved= 0
     flags= S
     window= 8192
     chksum= None
     urgptr= 0
     options= {}

 

스니핑

>>> sniff()
^C<Sniffed: TCP:0 UDP:5 ICMP:0 Other:2>
>>> sniff()
^C<Sniffed: TCP:1707 UDP:76 ICMP:0 Other:4>
>>> sf = sniff()
^C>>> sf.display()
0000 Ether / IP / UDP / DNS Qry "www.kali.org." 
0001 Ether / IP / UDP / DNS Qry "www.kali.org." 
0002 Ether / IP / UDP / DNS Ans 
0003 Ether / IP / UDP / DNS Qry "tools.kali.org." 
0004 Ether / IP / UDP / DNS Qry "tools.kali.org." 
0005 Ether / IP / UDP / DNS Qry "www.offensive-security.com." 
0006 Ether / IP / UDP / DNS Qry "www.offensive-security.com." 
0007 Ether / IP / UDP / DNS Ans "192.124.249.10" 
0008 Ether / IP / UDP / DNS Ans "192.124.249.6" 
0009 Ether / IP / UDP / DNS Qry "www.nethunter.com." 
0010 Ether / IP / UDP / DNS Qry "www.nethunter.com." 
0011 Ether / IP / UDP / DNS Ans 
0012 Ether / IP / UDP / DNS Ans "34.198.182.201" 
0013 Ether / IP / UDP / DNS Qry "www.exploit-db.com." 
0014 Ether / IP / UDP / DNS Qry "www.exploit-db.com." 
0015 Ether / IP / UDP / DNS Ans 
0016 Ether / IP / UDP / DNS Ans 
      :

>>> sf = sniff(count=10) ⇐ 10개 패킷만 스니핑 (완료 후 자동 종료됨)
>>> sf.display() ⇐ 스니핑 결과 출력
0000 Ether / IP / UDP / DNS Qry "www.kali.org." 
0001 Ether / IP / UDP / DNS Qry "www.kali.org." 
0002 Ether / IP / UDP / DNS Qry "tools.kali.org." 
0003 Ether / IP / UDP / DNS Qry "tools.kali.org." 
0004 Ether / IP / UDP / DNS Qry "www.offensive-security.com." 
0005 Ether / IP / UDP / DNS Qry "www.offensive-security.com." 
0006 Ether / IP / UDP / DNS Ans 
0007 Ether / IP / UDP / DNS Ans 
0008 Ether / IP / UDP / DNS Ans 
0009 Ether / IP / UDP / DNS Ans "192.124.249.6" 


>>> sf[0].show() ⇐ 스니핑 첫번째 결과 상세내용 출력
###[ Ethernet ]###
  dst= 00:50:56:fd:f9:c0
  src= 00:50:56:34:96:a1
  type= 0x800
###[ IP ]###
     version= 4L
     ihl= 5L
     tos= 0x0
     len= 58
     id= 43230
     flags= DF
     frag= 0L
     ttl= 64
     proto= udp
     chksum= 0x31fe
     src= 192.168.111.131
     dst= 192.168.111.2
     \options\
###[ UDP ]###
        sport= 50619
        dport= domain
        len= 38
        chksum= 0x7762
###[ DNS ]###
           id= 16697
           qr= 0L
           opcode= QUERY
           aa= 0L
           tc= 0L
           rd= 1L
           ra= 0L
           z= 0L
           ad= 0L
           cd= 0L
           rcode= ok
           qdcount= 1
           ancount= 0
           nscount= 0
           arcount= 0
           \qd\
            |###[ DNS Question Record ]###
            |  qname= 'www.kali.org.'
            |  qtype= A
            |  qclass= IN
           an= None
           ns= None
           ar= None
728x90
반응형
저작자표시 비영리 변경금지

'네트워크' 카테고리의 다른 글

TCP SYN Flooding  (0) 2019.06.07
scapy를 이용한 3-way handshaking  (0) 2019.06.07
MTM(Man in The Middle) attack  (0) 2019.06.07
ARP Spoofing  (0) 2019.06.07
Port Scanning  (0) 2019.06.07

관련글

댓글

티스토리툴바