-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhttp_fast_openlap.pcap
executable file
·72 lines (58 loc) · 2.55 KB
/
http_fast_openlap.pcap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/env python
# -*- coding: ascii -*-
from scapy.all import *
import argparse
import time
import binascii
cmd_desc = 'Template for sending data with scapy over TCP'
parser = argparse.ArgumentParser(description = cmd_desc)
parser.add_argument("--url", help = "URL to GET | default = '/'",
type = str, nargs = '?', const = 1, default = '/')
parser.add_argument("--overlap-url", help = "URL to GET | default = '/overlap'",
type = str, nargs = '?', const = 1, default = '/overlap')
parser.add_argument("--host", help = "HTTP Host | default = 'www.example.com'",
type = str, nargs = '?', const = 1, default = 'www.example.com')
parser.add_argument("--wait-time", help = "How long to wait before resetting connection | default = 0.5 sec",
type = float, nargs = '?', const = 1, default = 0.5)
parser.add_argument("--tfo-cookie", help = "TCP Fast Open Cookie to use | default = deadbeefdeadbeef",
type = str, nargs = "?", const = 1, default = 'deadbeefdeadbeef')
parser.add_argument('ip', help = 'Destination IP Address')
parser.add_argument('port', help = 'Destination TCP Port | default = 80',
type = int, nargs = '?', const = 1, default = 80)
args = parser.parse_args()
# IP arguments
dst_ip = args.ip
# TCP arguments
dst_port = args.port
src_port = random.randint(1024,65535)
tcp_seq = random.randint(0,4294967295)
wait_time = args.wait_time
tcp_fast_open_cookie = args.tfo_cookie
# HTTP arguments
http_url = args.url
http_overlap_url = args.overlap_url
http_host = args.host
# HTTP header
http_data = "GET " + http_url + " HTTP/1.1\r\nHost: " + http_host + "\r\n\r\n"
http_overlap_data = "GET " + http_overlap_url + " HTTP/1.1\r\nHost: " + http_host + "\r\n\r\n"
# IP header
ip = IP(dst = dst_ip)
# SYN packet
syn = TCP(sport = src_port, dport = dst_port, flags = 'S', seq = tcp_seq, options=[(34, binascii.unhexlify(tcp_fast_open_cookie))])/http_data
tcp_seq = tcp_seq + 1
# SYN-ACK response packet
syn_ack_resp = sr1(ip/syn)
tcp_ack = syn_ack_resp.seq
tcp_ack = tcp_ack + 1
# ACK packet
ack = TCP(sport = src_port, dport = dst_port, flags = 'A', seq = tcp_seq, ack = tcp_ack)
send(ip/ack)
# Send overlap packet
http_overlap = TCP(sport = src_port, dport = dst_port, flags = 'A', seq = tcp_seq, ack = tcp_ack)
send(ip/http_overlap/http_overlap_data)
tcp_seq = tcp_seq + len(http_overlap_data)
# Wait for response
time.sleep(wait_time)
# Close connection with TCP reset
reset = TCP(sport = src_port, dport = dst_port, flags = 'R', seq = tcp_seq, ack = 0)
send(ip/reset)