diff --git a/final/capture.py b/final/capture.py new file mode 100644 index 0000000..5838f5e --- /dev/null +++ b/final/capture.py @@ -0,0 +1,55 @@ +import os +import signal +import sys +import time +import socket +from scapy.all import sniff, wrpcap +from datetime import datetime +from threading import Event + +def signal_handler(sig, frame): + global stop_event + stop_event.set() + +def capture_traffic(interface, ip, port): + global stop_event + + stop_event = Event() + signal.signal(signal.SIGINT, signal_handler) + signal.signal(signal.SIGTERM, signal_handler) + + def create_filename(interface): + now = datetime.now() + return f"{now.strftime('%Y%m%d_%H%M')}_{interface}_{int(time.time())}.pcap" + + def save_packets(packets, filename): + wrpcap(filename, packets) + print(f"Saved {len(packets)} packets to {filename}") + send_file(filename, ip, port) + + #on the netcat server, run `nc -l -p 5000 > received_file.pcap` + def send_file(filename, ip, port): + with open(filename, 'rb') as f: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.connect((ip, port)) + data = f.read(1024) + while data: + s.send(data) + data = f.read(1024) + s.close() + print(f"Sent {filename} to {ip}:{port}") + + while not stop_event.is_set(): + filename = create_filename(interface) + packets = sniff(iface=interface, timeout=5*60, stop_filter=lambda x: stop_event.is_set()) + save_packets(packets, filename) + +if __name__ == "__main__": + if len(sys.argv) != 4: + print(f"Usage: {sys.argv[0]} ") + sys.exit(1) + + interface = sys.argv[1] + ip = sys.argv[2] + port = int(sys.argv[3]) + capture_traffic(interface, ip, port) \ No newline at end of file diff --git a/final/final.md b/final/final.md index 1475c32..5240177 100644 --- a/final/final.md +++ b/final/final.md @@ -139,7 +139,7 @@ Though things look good, at this point I face a final roadblock in confirming my The issue is that my lousy ISP provided router does not seem to make viewing this possible, either in the web UI or terminal. The terminal claims to provide the command `brctl` but it is broken and returns no output. The terminal also provides an elevated `sh` command which could possibly help but that is locked down by an unknown password. -The next step would be for me to flash a new firmware like OpenWRT on my router to get this information. I can not do that at this time as I run a game server with active players on my network and any issues with the firmware upgrade could cause an extended outage or brick my router. When I aquire another router in the future, this upgrade will then be possible. +The next step would be for me to flash a new firmware like OpenWRT on my router to get this information. I can not do that at this time as I run a game server with active players on my network and any issues with the firmware upgrade risk causing an extended outage or brick my router. When I aquire another router in the future, this upgrade will then be possible. In conclusion, I know pitap is transparent at the network layer, and I think it is also transparent at the link layer but I can not prove it. @@ -151,6 +151,10 @@ Like before, discarded/dropped frames number only 1 or 2 over a period of severa ![reolink](./photos/validation/reolink.png) -### 5. Capture +### 5. Capture + Forward -### 6. Manipulation \ No newline at end of file +Now it is time to do something interesting with pitap by capturing and forwarding the traffic. + +The script [`capture.py`](./capture.py) is intended to do just this. Using scapy, the script works by sniffing all traffic on an interface provided from arguments, and saving those to a unique timestamped file. Every time a file is saved, it attempts to transmit them to a supplied ip address and port with the intention that a listening netcat server can capture and save the contents. + +### 6. Attack \ No newline at end of file