While I was re-writing the Spoof plugin for MITMf I came across the "pythonic" way of using Nfqueue with python.
Previously the plugin was using code from dnspoof.py for DNS tampering, which used the nfqueue-bindings python library from here.
Problem was that it was a pain to setup: you had to manually compile the bindings since the package in almost every distros repository is extremely out of date.
Also the library syntax wasn't exactly pretty, and sometimes it threw random errors for no apparent reason.
The alternative to this is the python-netfilterqueue library, which provides a much nicer syntax but unfortunately does not currently implement the full API for libnetfilter_queue, most importantly it lacks the
packet.set_payload()function call for altering packet data.
So at this point I was going to implement the function call myself since I was getting desperate, then I noticed that the repo had two un-merged pull requests:
To which my reaction was quite like this:
Huge props to @fqrouter, he really did an awesome job! you can find his fork here.
So now, after installing it, all we need to do to get everything working is set an iptables rule specifying the queue number (In my case I was interested in DNS requests, change this to your needs):
iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1
then use the following code to actually modify the packet with the help of scapy:
#! /usr/bin/env python2.7
from scapy.all import *
from netfilterqueue import NetfilterQueue
def modify(packet):
pkt = IP(packet.get_payload()) #converts the raw packet to a scapy compatible string
#modify the packet all you want here
packet.set_payload(str(pkt)) #set the packet content to our modified version
packet.accept() #accept the packet
nfqueue = NetfilterQueue()
#1 is the iptabels rule queue number, modify is the callback function
nfqueue.bind(1, modify)
try:
print "[*] waiting for data"
nfqueue.run()
except KeyboardInterrupt:
pass
Easy peasy!!
Go Top