NetfilterQueue使用scapy拒绝数据包

时间:2015-05-06 14:59:36

标签: python soap scapy netfilter

我正在尝试为SOAP数据包创建防火墙,我使用NetfilterQueue来拦截数据包,我只验证包含实际SOAP请求的数据包,但是NetfilterQueue函数pckt.drop()没有警告请求被拒绝的客户端,在这种情况下客户端不断重新发送数据包,我尝试发送HTTP 403错误,但它没有影响该过程,就像客户端没有收到它一样所有,可能是我做错了什么,如果有人可以帮助我,我会非常感激,这是我的python脚本:

from scapy.all import *
from netfilterqueue import NetfilterQueue
from scapy.layers import inet

def isSOAP(pkt):
    message=str(IP(pkt.get_payload())[TCP].payload)
    if(len(message)>0 and message.find("xml")>-1 and message.find("soap")>-1):
        return True
    else:
        return False

def check_signatures(pkt):
    if (isSOAP(pkt)):
        message=str(IP(pkt.get_payload())[TCP].payload)
        if is_attack(message):
            print "detected as attack"
            log_attack(pkt)
            pkt.drop()
            send_403(IP(pkt))
        else:
            print "normal message"
            log_normal(message,IP(pkt.get_payload()).src)
            pkt.accept()
    else:
        pkt.accept()

def send_403(pkt):
    AckNr=pkt[TCP].seq+len(pkt[TCP].payload)
    seqNr=pkt[TCP].ack
    port=pkt.sport
    html1="HTTP/1.1 403 OK\x0d\x0aDate: Wed, 29 Sep 2010 20:19:05 GMT\x0d\x0aServer: Testserver\x0d\x0aConnection: Keep-Alive\x0d\x0aContent-Type: text/html; charset=UTF-8\x0d\x0aContent-Length: 291\x0d\x0a\x0d\x0a<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\"><html><head><title>Testserver</title></head><body bgcolor=\"black\" text=\"white\" link=\"blue\" vlink=\"purple\" alink=\"red\"><p><font face=\"Courier\" color=\"blue\">-Welcome to test server-------------------------------</font></p></body></html>"
    ip=IP(src=pkt.dst, dst=pkt.src)
    TCP_SYNACK=TCP(sport=80, dport=port, flags="A", seq=seqNr, ack=AckNr)
    ANSWER=sr1(ip/TCP_SYNACK)
    data1=TCP(sport=80, dport=port, flags="PA", seq=seqNr, ack=AckNr, options=[('MSS', 1460)])
    ackdata1=sr1(ip/data1/html1)
    SeqNr=ackdata1.ack
    Bye=TCP(sport=80, dport=port, flags="RA", seq=SeqNr, ack=AckNr, options=[('MSS', 1460)])
    send(ip/Bye)

nfqueue = NetfilterQueue()
nfqueue.bind(1, check_signatures)
try:
    nfqueue.run()
except KeyboardInterrupt:
    print

0 个答案:

没有答案