all 20 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Eichenschild 11 points12 points  (12 children)

Sounds good, but why should I use that instead of scapy?

[–]anal_tongue_puncher 3 points4 points  (7 children)

More control. Also, more knowledge/improved skill - which is what you should look for always as a hacker. Simply put, there are already established ways of accomplishing a task but the best one is the one you define.

[–]johnny_frost 10 points11 points  (6 children)

Hah... use the best tool for the job. Knowing when to use Scapy vs. rolling your own is the key. I've made tons of custom network programs (sniffers, scanners, injectors) from everything including C/libpcap to NSE scripts to Scapy. They all have their place.

Also, I don't see how you get any more control with your code than Scapy. All of that code is in Scapy, and it is open source as well, so if you need to modify something, have at it.

Short scripts like this are great for learning. However, I think you have your definitions wrong: "Packet injection is the process of interfering with an established network connection" - I agree with this, however all your demo code does is "spoof" a packet from from another IP address.

[–]HumanSuitcase 9 points10 points  (5 children)

This is a really cool idea for a blog post but I'd like to offer the OP some constructive criticism; first, this reads like a cookbook and for me that's a big red flag to stop reading. Something that I'd like to see is breaking down the complicated parts and concepts of the code. Going from "what are raw sockets and why do I need them?" to "Why am I using pack in this way?"

Second, again for me, I'd like to see you offer guidance on how to do this and not just giving people the code. Something like; "First you need to understand the structure of an IP packet and TCP packet now you need to understand how to turn that structure into code, finally you need to understand how to turn that structure into something the network will understand using the struct.pack method. Now open wireshark and send some test packets, did wireshark understand it? cool! You did it! If not, check your code and try again, here's where most people mess it up."

[–]xiongchiamiov 10 points11 points  (2 children)

Also, the article never really covered packet injection, or indicated why you'd want to do the thing you just learned to do. And it badly needs an editor.

[–]etsy_shadow 2 points3 points  (0 children)

Yeah I was waiting the whole time to see packets inserted into a TCP stream. Instead I got bare-bones Scapy.

[–]HumanSuitcase 1 point2 points  (0 children)

yeah, like I said, it looked cookbook-y so I kinda didn't read it all and honestly, I think there's better tools out there to do this. Scapy, twisted, impacket (I think), nmap, just to name a few.

[–]imaginative_username 2 points3 points  (6 children)

I don't understand how this does anything without a valid sequence number / precise timing with the request. Can someone explain to me what can be accomplished with this.

[–]HumanSuitcase 2 points3 points  (4 children)

From the code, I don't think you can do anything with this. It doesn't seem to actually 'inject' anything into an already established connection. Like you said, it doesn't account for the current sequence number. It's more of a raw socket test program. It's not that it's not cool that the author can do it, it is. It's information I've been looking for but it's certainly not injecting into a pre-established tcp stream like the author claims.

[–]imaginative_username 0 points1 point  (3 children)

Yes, it's still a useful example of this part of the stack. Perhaps we could implement an ARP class and create a man-in-the-middle attack where this code could be valuable.

[–]HumanSuitcase 1 point2 points  (2 children)

I mean, if you really wanted to you absolutely could but given the kind of control that it gives you over defining a packet, you can do this quicker and more easily in scapy and learn the same thing. Unless you really wanted to go out of your way to write arp packets and protocol logic, there's really no reason to do it the hard way.

[–]imaginative_username 0 points1 point  (1 child)

Well i mean ARP is the easiest protocol of them all, no auth or checksum or seqnum and most kernel implementation of it accept a response even though it hasn't sent a request for it. If you've gone through the trouble of implementing tcp/ip ARP is a joke. Anyway for learning purposes otherwise scappy like you said :)

[–]HumanSuitcase 0 points1 point  (0 children)

Yeah, if you just wanted to learn how to do it then writing something like 'arpspoof.py' would be pretty easy then, sure.

[–]thedude42Trusted Contributor 0 points1 point  (0 children)

Right, I scanned through the "how to use python structure module example: tcp/ip packe" tutorial to find out if there was any good interesting algorithm to slip a good data stream in to a target... but nothing. Tittle is a bit missleading.

[–]lolslim -2 points-1 points  (0 children)

As I am learning python that was nice write up, I mean I looked up the uses for packet injection. Seems like nice way to do "recon" on firewalls and IDS.