I am using scapy for 3-way handshake and sending get request and receiving response. But I am getting a TCP packet in response with FIN flag set. I am expecting HTTP packet with requested page. Where am I going wrong ?
import sys import socket from scapy.all import * # 3 way handshake ip=IP(dst="webs.com") SYN=TCP(sport=80, flags="S", seq=100, dport=80) SYNACK=sr1(ip/SYN) my_ack = SYNACK.seq + 1 ACK=TCP(sport=80, flags="A", seq=101, ack=my_ack, dport=80) send(ip/ACK) # request PUSH = TCP(sport=80, dport=80, flags='PA', seq=102, ack=my_ack) payload = "GET / HTTP/1.1\r\nHost: webs.com\r\nConnection: keep-alive\r\nCache-Control: max-age=0\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/58.0.3029.110 Chrome/58.0.3029.110 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.8\r\n\r\n" reply= sr1(ip/PUSH/payload, timeout=10) Wireshark result
2 Answers
Answers 1
Your machine is sending a RST packet. The RST packet is being sent by the kernel.
http://www.packetlevel.ch/html/scapy/scapy3way.html.
Try dropping the RST packet through iptables.
iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.43.119 -j DROP
Answers 2
Looks like you're using a wrong sequence number when you send the request:
PUSH = TCP(sport=80, dport=80, flags='PA', seq=11, ack=my_ack) seq should be 101, not 11, since you used 100 for SYN. Changing it seems to fix the problem.
Also if you do not change the source port in your tests and you do not shut down the TCP connection properly or do not wait for 120 seconds between your tests the server might consider the new packets to belong to a previous connection and send something that you do not expect in response (depends on the state of the server connection).
0 comments:
Post a Comment