From 732ac7989f0b4d7930e3bd9c7c548e3e15c97885 Mon Sep 17 00:00:00 2001 From: David Westgate Date: Thu, 13 Jun 2024 02:19:58 -0700 Subject: [PATCH] update ttl script --- final/final.md | 2 ++ final/scripts/ttl.py | 9 +++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/final/final.md b/final/final.md index 044ee41..ae872df 100644 --- a/final/final.md +++ b/final/final.md @@ -197,6 +197,8 @@ To wrap up, I will create three MiTM style attacks that can be executed by the p #### 6a. TTL=65 +This is a simple script found in [ttl.py](./scripts/ttl.py). The idea here is to modify all TTL (time-to-live) values in ipv4 and ipv6 packets passing through the pitap and set them to 65, if they are not already 65. This logic could be extended to include any known packet type which contains a TTL field. We also keep a tally of the number of packets modified + #### 6b. #### 6c. \ No newline at end of file diff --git a/final/scripts/ttl.py b/final/scripts/ttl.py index d946c3a..0a773a9 100644 --- a/final/scripts/ttl.py +++ b/final/scripts/ttl.py @@ -1,5 +1,5 @@ import sys -from scapy.all import sniff, send, IP +from scapy.all import sniff, send, IP, IPv6 from datetime import datetime modifications = 0 @@ -9,6 +9,11 @@ def modify_packet(packet): if packet[IP].ttl != 65: packet[IP].ttl = 65 modifications += 1 + elif packet.haslayer(IPv6): + if packet[IPv6].ttl != 65: + packet[IPv6].ttl = 65 + modifications += 1 + #Can be extented with other protocols which have TTL send(packet) @@ -22,7 +27,7 @@ if __name__ == "__main__": start_time = datetime.now() print(f"Script started at: {start_time.strftime('%Y-%m-%d %H:%M:%S')}") - packets = sniff(filter="ip", iface=interface, timeout=30*1, prn=modify_packet) + packets = sniff(filter="ip or ipv6", iface=interface, timeout=30*1, prn=modify_packet) end_time = datetime.now() print(f"Script ended at: {end_time.strftime('%Y-%m-%d %H:%M:%S')}")