每日彙整: 2018-11-02

樹莓派樹莓派之學習樹莓派之教育

OpenWrt 的世界︰樹莓派 3B 【路由器】移星轉斗《四‧五》 Scapy

一日半夢半醒之間,依稀聽聞網友問︰追過韓劇《賣菜郎傳奇》嗎?答之︰沒有。你不正在 Open Write 耶?趕緊看去!

忽耳不知哪來的抄本,只見裡頭寫道︰

第八七回

邱大委強辯陪睡梗
管甚媽曲解摩天輪

俗言道︰真人不說假話,明人不做暗事。

諸位既來指教,何不打開天窗說亮話,直接抖露講明白。

……

剛欲細讀,突然月光耀眼,不復記憶也☻

醒後琢磨這個沒頭沒尾之夢境,能跟近日苦思冥想『 Scapy 』名字由來有甚關係呢??不過不想『名不正,言不順』,感覺『怪怪的 』而已☺

莫非遇着了『巧合現象』!!

春天

春花二

春花三

春花四

春花一

瑞士知名心理學家 Carl Gustav Jun 提出了一個『共時性』理論,用於解釋因果律說明的現象』──  夢境成真,說曹操曹操到… ──,這些『表面』上沒有因果關聯的事件,卻著『深層』的意義聯繫,常常取決於個人的『主觀經驗』。一九五二年榮格在《論共時性 On Synchronicity 》一文中說︰
他認為共時性是一種巧合現象,並不局限於心理的領域,事件可以從『心靈母體之內』與『外於人之世界』,一般是由一方或由另一方跨進了人的『意識』,但當兩者偶然同時發生時便稱為『共時性』現象。
有人說了一則逸事
一八零五年,法國詩人Deschamps 曾為陌生人Monsieur de Fontgibu 邀請吃乾果布丁。十年後他在巴黎某餐廳想點乾果布丁吃時,侍者告訴他最後的一個已給了另一位客人,那人卻是 de Fontgibu 。到了 1832 年,Deschamps 在一個飯局上正吃著乾果布丁,跟朋友聊起以往之事。剛一講起,此時de Fontgibu 就現身了。

雖然依稀似曾相識,但是這個理論卻很難用科學方法證實。

─── 摘自《知未知‧既未濟

於是眼花地再三再四圈點檢讀︰

Scapy

Scapy is a packet manipulation tool for computer networks,[1][2] written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery.

Scapy provides a Python interface into libpcap, (WinPCap/Npcap on Windows), in a similar way to that in which Wireshark provides a view and capture GUI. It can interface with a number of other programs to provide visualisation including Wireshark for decoding packets, GnuPlot for providing graphs, graphviz or VPython for visualisation, etc.

Scapy supports Python version 3 since 2018 (scapy 2.4.0+).

Kamene (http://github.com/phaethon/kamene) is an independent fork of scapy. Initially, it was created with a purpose to add python3 support to scapy and was named scapy3k. Since 2018, it is renamed to kamene and continues independent development.

 

Scapy

Packet crafting for Python2 and Python3

  • Scapy
  • Scapy versions
  • GPLv2
  • Join the chat at https://gitter.im/secdev/scapy

About Scapy

What is Scapy

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc. Seeinteractive tutorial and the quick demo: an interactive session (some examples may be outdated).

What makes scapy different from most other networking tools

First, with most other tools, you won’t build something the author did not imagine. These tools have been built for a specific goal and can’t deviate much from it. For example, an ARP cache poisoning program won’t let you use double 802.1q encapsulation. Or try to find a program that can send, say, an ICMP packet with padding (I said padding, not payload, see?). In fact, each time you have a new need, you have to build a new tool.

Second, they usually confuse decoding and interpreting. Machines are good at decoding and can help human beings with that. Interpretation is reserved for human beings. Some programs try to mimic this behavior. For instance, they say “this port is open” instead of “I received a SYN-ACK”. Sometimes they are right. Sometimes not. It’s easier for beginners, but when you know what you’re doing, you keep on trying to deduce what really happened from the program’s interpretation to make your own, which is hard because you lost a big amount of information. And you often end up using tcpdump -xX to decode and interpret what the tool missed.

Third, even programs which only decode do not give you all the information they received. The network’s vision they give you is the one their author thought was sufficient. But it is not complete, and you have a bias. For instance, do you know a tool that reports the padding?

Scapy tries to overcome those problems. It enables you to build exactly the packets you want. Even if I think stacking a 802.1q layer on top of TCP has no sense, it may have some for somebody else working on some product I don’t know. Scapy has a flexible model that tries to avoid such arbitrary limits. You’re free to put any value you want in any field you want and stack them like you want. You’re an adult after all.

In fact, it’s like building a new tool each time, but instead of dealing with a hundred line C program, you only write 2 lines of Scapy.

After a probe (scan, traceroute, etc.) Scapy always gives you the full decoded packets from the probe, before any interpretation. That means that you can probe once and interpret many times, ask for a traceroute and look at the padding for instance.

Scapy Project

Scapy runs natively on Linux, and on most Unixes with libpcap, libdnet and their respective python wrapper (see scapy’s installation page). The same code base now runs natively on both Python 2 and Python 3.

  • Scapy ≥ 2.4.x needs Python2 ≥ 2.7, or Python3 ≥ 3.4.
  • Scapy ≥ 2.x needs Python2 ≥ 2.7.
  • Scapy 1.x needs Python2 ≥ 2.5. Scapy 1.x is now deprecated.

Introduction

About Scapy

Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.

In other words, Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It can replace hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark).

_images/testing-taxonomy.pngScapy also performs very well on a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.

The idea is simple. Scapy mainly does two things: sending packets and receiving answers. You define a set of packets, it sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage over tools like Nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet.

On top of this can be build more high level functions, for example, one that does traceroutes and give as a result only the start TTL of the request and the source IP of the answer. One that pings a whole network and gives the list of machines answering. One that does a portscan and returns a LaTeX report.

終究得回到出處︰

secdev

Me

  • If you like what I do, you can

……

 

………

If you trust me, you can trust my website

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Issuer: C=FR, ST=IdF, L=Paris, O=secdev.org, OU=secdev.org, CN=*.secdev.org
SHA1 Fingerprint=EA:EE:C0:3F:53:B8:C8:AD:6A:05:24:32:85:F4:54:8D:87:21:34:7D
MD5 Fingerprint=0D:07:6B:00:E7:86:C6:3C:B8:55:EB:02:6A:FC:E0:9C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIMfI3Xuj/Xz2aQ+IRAmKbAKC25LEoT753HUqMfqNLyh0/LikftwCfbDlv
Ju6Rwb59JxlZIR+J6TKwE78=
=wexP
-----END PGP SIGNATURE-----

 

啊哈☆『S』『c』『a』實有『多義』,其一是

『S』end 『c』reate packets 『a』ttack