Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    gpotter2
    @gpotter2
    Without loading the entire file it's not possible. A packet in a pcap begins where the previous one ends.
    dorty3541
    @dorty3541
    hello, everyone. Is there any example or manual so I can craft the packets to simulate the whole ike negotiation with the vendor device such as fortigate/cisco?
    agarusa
    @agarusa
    Hi! I went through some docs and some code and it seems that docs are not about latest release (2.4.5) but more like about current repository state. There some functions and classes from docs are absent in release but present in current repository. Was this done intended or is it a bug of documentation, that those structures got into 2.4.5-docs?
    infern0d
    @infern0d:matrix.org
    [m]
    You are absolutely correct, the "latest" (default) doc relates to the current repo. You can find the "stable" = released doc over https://scapy.readthedocs.io/en/stable/
    bhdrozgn
    @bhdrozgn
    How can we write packets sniffed with AsyncSniffer to a pcap file without using prn?
    bhdrozgn
    @bhdrozgn

    How can we write packets sniffed with AsyncSniffer to a pcap file without using prn?

    Okay, I just achieved this by applying the same thing used in sniff method to my AsyncSniffer object:

    from scapy.utils import wrpcap
    from scapy.compat import cast
    from scapy.plist import PacketList
    
    def write_async(capture):
        capture = cast(PacketList, capture.results)
        wrpcap('capture.pcap', capture)
    stryngs
    @stryngs

    Hello all,

    The other day I was working on WEP encryption and decryption with scapy and I came across what I consider a bug in 2.4.5.

    A Python3 example:

    import binascii
    import pyDot11
    from rc4 import rc4
    from scapy.all import *
    
    keyText = '0123456789'
    pkts = rdpcap('../PCAPs/ICMPs/wep_pings.pcap')
    pkt = pkts[0]
    
    iVal = pkt[Dot11WEP].iv.decode('latin1')
    seed = pyDot11.wepCrypto.seedGen(iVal, keyText).decode('latin1')
    stream = rc4(pkt.wepdata.decode('latin1'), iVal+ seed)

    A Python2 example:
    ```

    stryngs
    @stryngs
    ... and my long drawn up post deleted itself, lovely
    Without going into it detailed again let me ask. Is there a reason that hexstr() works differently in Python3 than it did in Python2?
    In [60]: hexstr(stream, onlyhex = 1)
    Out[60]: 'C2 AA C2 AA 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 C3 B0 3B C3 80 C2 A8 64 C2 88 C3 80 C2 A8 64 C2 94 08 00 C2 9D 65 C3 87 06 00 00 C2 9C C3 99 C3 B6 C2 B9 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
    With some modifications:
    newStream = []
    newStream.append(" ".join(map(lambda stream:"%02x"%ord(stream), stream)))
    newStream = "  ".join(newStream)
    
    In [65]: newStream
    Out[65]: 'aa aa 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 f0 3b c0 a8 64 88 c0 a8 64 94 08 00 9d 65 c7 06 00 00 9c d9 f6 b9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
    the object newStream is the expected output. Thanks for any assistance.
    infern0d
    @infern0d:matrix.org
    [m]
    It's not clear how it's working differently on Python 2 and 3 when reading your examples :/?
    stryngs
    @stryngs
    C2 AA C2 AA -vs- aa aa
    hexstr() is adding C2 to the start of it, twice.
    stryngs
    @stryngs
    @infern0d:matrix.org ^
    stryngs
    @stryngs
    I miss the "old style" way whereby you could do str(<scapy object>) and it would print out the repr. I built pyDot11 around that modeling. The shift for pyDot11 over to Python3 is fun for sure. We can now decrypt WEP natively using Python3 and scapy 2.4.5.
    2 replies
    It will handle Open, WEP or WPA; each with their own trick aside from Open for pure injection.
    The stream obj ^^ debugging took me some time as I kept following the math for RC4 and couldn't wrap my head around the diffs for 2v3; I had "assumed" hexstr() was the same as I had no reason to think otherwise as far as the bytes, their accuracy and order go.
    For the PCAPs in question:
    https://github.com/stryngs/pyDot11
    There is also now a question of Dot11FCS being missing in a unique and interesting way for ICMP these days vs when I took the PCAP of the wep traffic from years back.
    As those bytes don't change it must therefore be the "scapy interpretation".
    BMWE
    @BMWE
    Hi,
    I'd like to know what are the exact parameters passed to tshatk/tcpdump. How can I do that?
    10 replies
    infern0d
    @infern0d:matrix.org
    [m]
    stryngs (stryngs): hexstr works fine as long as you pass it bytes in both cases. I can't reproduce your issue
    stryngs
    @stryngs
    @infern0d:matrix.org The string in question that converts incorrectly when using hexstr() is:
    '\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01\xf0;\xc0\xa8d\x88\xc0\xa8d\x94\x08\x00\x9de\xc7\x06\x00\x00\x9c\xd9\xf6\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
    infern0d
    @infern0d:matrix.org
    [m]
    you parsing it as bytes right?
    stryngs
    @stryngs
    Python2 style:
    hexstr(stream, onlyhex = 1)
    Out[4]: 'aa aa 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 f0 3b c0 a8 64 88 c0 a8 64 94 08 00 9d 65 c7 06 00 00 9c d9 f6 b9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
    infern0d
    @infern0d:matrix.org
    [m]
    I don't see the b'
    stryngs
    @stryngs
    Python3 style:
    hexstr(x, onlyhex = 1)                                                                                                                                                                                     
    Out[8]: 'C2 AA C2 AA 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 C3 B0 3B C3 80 C2 A8 64 C2 88 C3 80 C2 A8 64 C2 94 08 00 C2 9D 65 C3 87 06 00 00 C2 9C C3 99 C3 B6 C2 B9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
    Bytes are not used. I'm simply showing a diff between the method Python2 vs Python3.
    In the current format one cannot trust the contents of hexstr =(
    infern0d
    @infern0d:matrix.org
    [m]
    this function is meant to handle bytes what do you mean bytes are not used
    stryngs
    @stryngs
    If Python2 and Python3 both behaved the same for 2.4.5 it would be considered a non-issue you know?
    gpotter2
    @gpotter2
    The issue is just that you are not passing the bytes as bytes
    Pass it as bytes, you'll get the same result
    You should document yourself about the differences between Python 2 and 3 when it comes to bytes
    stryngs
    @stryngs
    In [12]: stream                                                                                                                                                                                                    
    Out[12]: 'ªª\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01ð;À¨d\x88À¨d\x94\x08\x00\x9deÇ\x06\x00\x00\x9cÙö¹\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
    
    In [13]: stream.encode()                                                                                                                                                                                           
    Out[13]: b'\xc2\xaa\xc2\xaa\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01\xc3\xb0;\xc3\x80\xc2\xa8d\xc2\x88\xc3\x80\xc2\xa8d\xc2\x94\x08\x00\xc2\x9de\xc3\x87\x06\x00\x00\xc2\x9c\xc3\x99\xc3\xb6\xc2\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
    
    In [14]: hexstr(stream.encode())                                                                                                                                                                                   
    Out[14]: 'C2 AA C2 AA 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 C3 B0 3B C3 80 C2 A8 64 C2 88 C3 80 C2 A8 64 C2 94 08 00 C2 9D 65 C3 87 06 00 00 C2 9C C3 99 C3 B6 C2 B9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ..........E..T..@.@...;....d......d......e.................................................................'
    .encode incorrectly changes the intended stream bytes
    \xaa \xaa
    gpotter2
    @gpotter2
    You are missing the b'' !!!!
    You are converting a wrong string to wrong bytes
    image.png
    this is python 3
    it's working just fine
    stryngs
    @stryngs
    In [9]: stream
    Out[9]: '\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01\xf0;\xc0\xa8d\x88\xc0\xa8d\x94\x08\x00\x9de\xc7\x06\x00\x00\x9c\xd9\xf6\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
    
    In [10]: stream.encode()
    ---------------------------------------------------------------------------
    UnicodeDecodeError                        Traceback (most recent call last)
    <ipython-input-10-db32f268970b> in <module>()
    ----> 1 stream.encode()
    
    UnicodeDecodeError: 'ascii' codec can't decode byte 0xaa in position 0: ordinal not in range(128)
    I also cannot use "bytes" with respect to WEP or WPA decryption, at least not using the methods and techniques I did with Python2.
    gpotter2
    @gpotter2
    Yes you should use bytes. You cannot not use bytes on Python 3
    stryngs
    @stryngs
    Alright, I'll read it.