What's the simplest way to spoof a ping reply with Scapy? I have a compiled script that keep pinging a certain domain and I need to investigate it's behavior when it receive a ping reply. I thought Scapy would be my best option to do so, but I can't figured it out.
So far I've found the class scapy.layers.inet.ICMPEcho_am, but trying to import it from scapy.layers.inet throws an ImportError. Beside, I also need to fake a DNS respond, and I'm even more clueless on that.
Thanks in advance for any hint, solution, etc.
A ping (echo) reply is just an ICMP packet with a type and code of 0:
IP(src="FAKE INITIATOR ADDRESS", dst="THE SERVER ADDRESS") / ICMP(type=0, code=0)
or, alternatively:
IP(src="FAKE INITIATOR ADDRESS", dst="THE SERVER ADDRESS") / ICMP(type="echo-reply", code=0)
Obviously, "FAKE INITIATOR ADDRESS" and "THE SERVER ADDRESS" should be replaced by strings that hold the fake client address and the server address that you're spoofing a reply to.
The code=0 isn't actually necessary since 0 is the default, but I figured explicit it nice.
I made this program to send spoof IPv6 pings on a given interface. You need to take care of proper sequence number also in the packet
def sniffer(interface):
#scapy.sniff(iface=interface, filter="icmp6 && ip6[40] == 128", store=False, prn=process_packet)
scapy.sniff(iface=interface,filter="icmp6", store=False, prn=process_packet)
def process_packet(packet):
print("DUMP\n")
print(packet.show())
print(packet[Ether].src)
print(Ether().src)
if packet[Ether].src == Ether().src:
print("OUTGOING PACKET")
print(packet[IPv6].dst)
if packet.haslayer(ICMPv6EchoRequest):
print("OUTGOING ECHO REQUEST")
reply_packet = Ether(dst=packet[Ether].src)\
/IPv6(dst=packet[IPv6].src,
src=packet[IPv6].dst) \
/ ICMPv6EchoReply(seq=packet[ICMPv6EchoRequest].seq,
id=0x1)
scapy.sendp(reply_packet, iface="Wi-Fi")
else:
print("INCOMING PACKET")
interface = "Wi-Fi"
sniffer(interface)
Related
I used the following haproxy configuration in frontend to modify the response header of requests depending on a query string:
frontend my-frontend
acl is-foo urlp(foo) 1
http-response replace-header Set-Cookie "(.*)" "\1; SameSite=None" if is-foo
Depending on my information from the docs the acl should match for all requests like
example.com?a=b&foo=1&bar=2
example.com?foo=1
example.com?a=b&foo=1
And it should not match for requests like
example.com?a=b&foo=0&bar=2
example.com?a=b
example.com?a=b&foo=bar
The actual result is that the acl matches never.
If i invert the if i.e.: if !is-foo the replace-header happens on every request.
So the problem must be the acl which matches never.
I use haproxy 2.0.15
I got it working by myself.
It seems to be the case that urlp(foo) is not present at runtime when it has been executed for http-response.
So we need to store its value in a temporary variable using set-var(custom.name), before. At runtime in if condition we can access it with var(custom.name) and match it against our condition. I used urlp_val() instead of urlp() here because the value will be casted to int immediately.
frontend my-frontend
http-request set-var(txn.foo) urlp_val(foo)
http-response replace-header Set-Cookie "(.*)" "\1; SameSite=None" if { var(txn.foo) eq 1 }
Thank you for traveling.
(Possibly a duplicate of Can't send a keyedMessage to brokers with partitioner.class=kafka.producer.DefaultPartitioner, although the OP of that question didn't mention kafka-python. And anyway, it never got an answer.)
I have a Python program that has been successfully (for many months) sending messages to the Kafka broker, using essentially the following logic:
producer = kafka.KafkaProducer(bootstrap_servers=[some_addr],
retries=3)
...
msg = json.dumps(some_message)
res = producer.send(some_topic, value=msg)
Recently, I tried to upgrade it to send messages to different partitions based on a definite key value extracted from the message:
producer = kafka.KafkaProducer(bootstrap_servers=[some_addr],
key_serializer=str.encode,
retries=3)
...
try:
key = some_message[0]
except:
key = None
msg = json.dumps(some_message)
res = producer.send(some_topic, value=msg, key=key)
However, with this code, no messages ever make it out of the program to the broker. I've verified that the key value extracted from some_message is always a valid string. Presumably I don't need to define my own partitioner, since, according to the documentation:
The default partitioner implementation hashes each non-None key using the same murmur2 algorithm as the java client so that messages with the same key are assigned to the same partition.
Furthermore, with the new code, when I try to determine what happened to my send by calling res.get (to obtain a kafka.FutureRecordMetadata), that call throws a TypeError exception with the message descriptor 'encode' requires a 'str' object but received a 'unicode'.
(As a side question, I'm not exactly sure what I'd do with the FutureRecordMetadata if I were actually able to get it. Based on the kafka-python source code, I assume I'd want to call either its succeeded or its failed method, but the documentation is silent on the point. The documentation does say that the return value of send "resolves to" RecordMetadata, but I haven't been able to figure out, from either the documentation or the code, what "resolves to" means in this context.)
Anyway: I can't be the only person using kafka-python 1.3.3 who's ever tried to send messages with a partitioning key, and I have not seen anything on teh Intertubes describing a similar problem (except for the SO question I referenced at the top of this post).
I'm certainly willing to believe that I'm doing something wrong, but I have no idea what that might be. Is there some additional parameter I need to supply to the KafkaProducer constructor?
The fundamental problem turned out to be that my key value was a unicode, even though I was quite convinced that it was a str. Hence the selection of str.encode for my key_serializer was inappropriate, and was what led to the exception from res.get. Omitting the key_serializer and calling key.encode('utf-8') was enough to get my messages published, and partitioned as expected.
A large contributor to the obscurity of this problem (for me) was that the kafka-python 1.3.3 documentation does not go into any detail on what a FutureRecordMetadata really is, nor what one should expect in the way of exceptions its get method can raise. The sole usage example in the documentation:
# Asynchronous by default
future = producer.send('my-topic', b'raw_bytes')
# Block for 'synchronous' sends
try:
record_metadata = future.get(timeout=10)
except KafkaError:
# Decide what to do if produce request failed...
log.exception()
pass
suggests that the only kind of exception it will raise is KafkaError, which is not true. In fact, get can and will (re-)raise any exception that the asynchronous publishing mechanism encountered in trying to get the message out the door.
I also faced the same error. Once I added json.dumps while sending the key, it worked.
producer.send(topic="first_topic", key=json.dumps(key)
.encode('utf-8'), value=json.dumps(msg)
.encode('utf-8'))
.add_callback(on_send_success).add_errback(on_send_error)
I want to capture outgoing UDP packets sent to IP address 10.24.11.73 and destination port number 32806. so I set
pcap_setdirection(*pchandle, PCAP_D_OUT);
but my problem is the filter string (const char *) passed to
pcap_compile(*pchandle, &program, filter, 0, subnet);
I looked at PCAP-FILTER and tried different string combination but non seems to work.
can some one help me with this issue. what should the filter string be set to in order to capture the intended packets.
I am using WinPcap and Visual Studio
You'd want something like this:
"udp and dst host 10.24.11.73 and dst port 32806"
I am trying to send a mass mailing campaign using PHPList. I have everything working as I need but I am getting an error message from emails sent to Google.
This error occurs in the header of the message:
Received-SPF: permerror (google.com: permanent error in processing during lookup of bounce#planemover.com: exceeds recursive limit) client-ip=xxx.xx.xxx.xx;
Authentication-Results: mx.google.com;
spf=permerror (google.com: permanent error in processing during lookup of bounce#planemover.com: exceeds recursive limit) smtp.mailfrom=bounce#planemover.com
Does anyone know what would cause this error? Will this error cause my domain to be blacklisted?
At the present time, the SPF record on your domain is:
planemover.com. 3600 IN TXT "v=spf1 mx a ip4:71.122.219.173 ip4:71.122.219.172 a:mx1.selling-ac.com include:selling-ac.com include:planemover.com ~all"
It contains an include: directive pointing back at itself. This will result in an infinite loop (or recursion).
You need to remove include:planemover.com from this DNS record. The TTL on this record is 3600 (or 1 hour), so it will take up to 1 hour after that change occurs on all of your hosting nameservers, for this to become effective globally.
Also, in the future, this kind of question is more appropriate for Server Fault. It's probably off-topic here on Stack Overflow.
I have run headfirst into this reject error from exim4:
2010-02-15 01:46:05 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=ender [192.168.20.49] input="HELO 192.168.20.49\r\n"
I have modified my exim4 config to not enforce sync, like so:
smtp_enforce_sync='false'
acl_smtp_connect = nosync nosync:
control = no_enforce_sync
accept
But that doesn't seem to matter. What makes less sense to me is why I'm getting the 554 in the first place. I send a HELO, I wait for a response, and somehow in the midst of that, I manage to generate the "554 Error"
What am I doing wrong in the code below, that makes this fail 99% of the time (yes, it has worked twice). Yes, the socket is blocking, I hang in recv for ~5 seconds waiting for the rejection. On the 2 times when it has worked, it didn't pause at all.
I've tried sending EHLO instead of HELO, no better luck. I've even had grief getting a telnet session to connect and say HELO. However, i can use python smtp (from another machine) to send emails just fine against this same server!
hSocket = _connectServerSocket(server, port);
if (hSocket != INVALID_SOCKET) {
BYTE sReceiveBuffer[4096];
int iLength = 0;
int iEnd = 0;
char buf[4096];
strcpy(buf, "HELO ");
strcat(buf, "192.168.20.49");
strcat(buf, "\r\n");
printf("%s", buf);
if (send(hSocket, (LPSTR)buf, strlen(buf), NO_FLAGS) == SOCKET_ERROR) {
printf("Socket send error: %d\r\n", WSAGetLastError());
return (false);
}
iLength = recv(hSocket,
(LPSTR)sReceiveBuffer+iEnd,sizeof(sReceiveBuffer)-iEnd,
NO_FLAGS);
iEnd += iLength;
sReceiveBuffer[iEnd] = '\0';
Your code should wait for a 220 line from the smtp server before sending the HELO message. See section 3.1 of RFC 2821. That is probably what the Python library does.
There should be several free libraries available that can help you with this, for example libsmtp. Consider spending time on learning one of these instead of patching your own solution (unless your project is to write your own mail solution).