2) write a little python script using [0] netfilterqueue and [1] scapy
from scapy.all import IP, TCP
from netfilterqueue import NetfilterQueue
# Callback function for handling packets in the NFQUEUE
def packet_callback(packet):
pkt = IP(packet.get_payload())
# Modify only outgoing TCP packets to the target IP
if pkt.haslayer(TCP) and pkt[TCP].dport == 3560 and pkt[TCP].dport == 3561:
# Set the reserved bit to 1
# 6 ist DN und evil
# 2 ist DN
# 4 is evil
pkt.flags |= 4
del pkt[IP].chksum
del pkt[TCP].chksum
pkt.show2()
pkt.show()
# Print a message indicating packet modification
print("Modified packet:", pkt.summary())
# Update the packet payload
packet.set_payload(bytes(pkt))
# Accept the modified packet
packet.accept()
# Set up the NFQUEUE handler
nfqueue = NetfilterQueue()
nfqueue.bind(1, packet_callback)
try:
# Run the main loop
nfqueue.run()
except KeyboardInterrupt:
# Cleanup on keyboard interrupt
nfqueue.unbind()
3) analyze your packages with wireshark and find that your script works!
4) be sad because the response never arrives and your packages are treated as if they hadn't set the evil flag :(
EDIT: YES! I didn't see that he does 2 checks and the second uses a different port. NOW I'M EVIL!
1) add the check IP on the site to NFQUEUE
2) write a little python script using [0] netfilterqueue and [1] scapy 3) analyze your packages with wireshark and find that your script works!4) be sad because the response never arrives and your packages are treated as if they hadn't set the evil flag :(
EDIT: YES! I didn't see that he does 2 checks and the second uses a different port. NOW I'M EVIL!
[0] https://github.com/oremanj/python-netfilterqueue
[1] https://scapy.readthedocs.io/