Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    BMWE
    @BMWE
    I'd like to know what are the exact parameters passed to tshatk/tcpdump. How can I do that?
    10 replies
    infern0d
    @infern0d:matrix.org
    [m]
    stryngs (stryngs): hexstr works fine as long as you pass it bytes in both cases. I can't reproduce your issue
    stryngs
    @stryngs
    @infern0d:matrix.org The string in question that converts incorrectly when using hexstr() is:
    '\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01\xf0;\xc0\xa8d\x88\xc0\xa8d\x94\x08\x00\x9de\xc7\x06\x00\x00\x9c\xd9\xf6\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
    infern0d
    @infern0d:matrix.org
    [m]
    you parsing it as bytes right?
    stryngs
    @stryngs
    Python2 style:
    hexstr(stream, onlyhex = 1)
    Out[4]: 'aa aa 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 f0 3b c0 a8 64 88 c0 a8 64 94 08 00 9d 65 c7 06 00 00 9c d9 f6 b9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
    infern0d
    @infern0d:matrix.org
    [m]
    I don't see the b'
    stryngs
    @stryngs
    Python3 style:
    hexstr(x, onlyhex = 1)                                                                                                                                                                                     
    Out[8]: 'C2 AA C2 AA 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 C3 B0 3B C3 80 C2 A8 64 C2 88 C3 80 C2 A8 64 C2 94 08 00 C2 9D 65 C3 87 06 00 00 C2 9C C3 99 C3 B6 C2 B9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
    Bytes are not used. I'm simply showing a diff between the method Python2 vs Python3.
    In the current format one cannot trust the contents of hexstr =(
    infern0d
    @infern0d:matrix.org
    [m]
    this function is meant to handle bytes what do you mean bytes are not used
    stryngs
    @stryngs
    If Python2 and Python3 both behaved the same for 2.4.5 it would be considered a non-issue you know?
    gpotter2
    @gpotter2
    The issue is just that you are not passing the bytes as bytes
    Pass it as bytes, you'll get the same result
    You should document yourself about the differences between Python 2 and 3 when it comes to bytes
    stryngs
    @stryngs
    In [12]: stream                                                                                                                                                                                                    
    Out[12]: 'ªª\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01ð;À¨d\x88À¨d\x94\x08\x00\x9deÇ\x06\x00\x00\x9cÙö¹\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
    
    In [13]: stream.encode()                                                                                                                                                                                           
    Out[13]: b'\xc2\xaa\xc2\xaa\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01\xc3\xb0;\xc3\x80\xc2\xa8d\xc2\x88\xc3\x80\xc2\xa8d\xc2\x94\x08\x00\xc2\x9de\xc3\x87\x06\x00\x00\xc2\x9c\xc3\x99\xc3\xb6\xc2\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
    
    In [14]: hexstr(stream.encode())                                                                                                                                                                                   
    Out[14]: 'C2 AA C2 AA 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 C3 B0 3B C3 80 C2 A8 64 C2 88 C3 80 C2 A8 64 C2 94 08 00 C2 9D 65 C3 87 06 00 00 C2 9C C3 99 C3 B6 C2 B9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ..........E..T..@.@...;....d......d......e.................................................................'
    .encode incorrectly changes the intended stream bytes
    \xaa \xaa
    gpotter2
    @gpotter2
    You are missing the b'' !!!!
    You are converting a wrong string to wrong bytes
    image.png
    this is python 3
    it's working just fine
    stryngs
    @stryngs
    In [9]: stream
    Out[9]: '\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01\xf0;\xc0\xa8d\x88\xc0\xa8d\x94\x08\x00\x9de\xc7\x06\x00\x00\x9c\xd9\xf6\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
    
    In [10]: stream.encode()
    ---------------------------------------------------------------------------
    UnicodeDecodeError                        Traceback (most recent call last)
    <ipython-input-10-db32f268970b> in <module>()
    ----> 1 stream.encode()
    
    UnicodeDecodeError: 'ascii' codec can't decode byte 0xaa in position 0: ordinal not in range(128)
    I also cannot use "bytes" with respect to WEP or WPA decryption, at least not using the methods and techniques I did with Python2.
    gpotter2
    @gpotter2
    Yes you should use bytes. You cannot not use bytes on Python 3
    stryngs
    @stryngs
    Alright, I'll read it.
    stryngs
    @stryngs

    Hmm. I'd go so far as to say this is a deeper issue

    >>> print(chr(0xaa).encode())
    b'\xc2\xaa'

    At least now I understand why Python2 and Python3 have differences with hexstr()

    This explains where the extra chars come in at...:
    hexstr(x, onlyhex = 1)                                                                                                                                                                                     
    Out[8]: 'C2 AA C2
    So yes, I will agree scapy is doing what Python3 is instructing it to do, which sadly means there is no PEP style fix for this =(
    However, some hackery based off hexstr itself and we've fixed the flaw
    newStream = []
    newStream.append(" ".join(map(lambda stream:"%02x"%ord(stream), stream)))
    newStream = "  ".join(newStream)
    Anywho, I'll be quiet now and let that soak, cheers!
    bhdrozgn
    @bhdrozgn
    Scapy can't process 802.11ax frames when radiotap header has HE_MU field.
    pkt.show() function returns raw bytes, we can't access layers or fields since no layer defined for that frame. Is there a way to access some fields when this is the case?
    2 replies
    stryngs
    @stryngs
    Would anyone here be interested in a workshop on how to leverage scapy for 802.11 concepts? Encryption/Decryption/etc.
    Leonard Crestez
    @cdleonard
    Gentle ping for secdev/scapy#3358 again? It's fully tested but did not receive any review comments
    Eyni, Kave
    @dewebdes

    Decrypt SSL/TSL with specific Private Key

    I have the original certificate, and I want to show HTTPS sniffed traffic in plaint UTF-8 text

    For example, in HTTP traffic we can use this code:
    readable_payload = bytes(packet[TCP].payload).decode('UTF8','replace')

    But for HTTPS this just show unreadable random characters.

    I was read ant test below resources, But not useful:
    https://github.com/secdev/scapy/blob/master/doc/notebooks/tls/notebook2_tls_protected.ipynb
    https://github.com/tintinweb/scapy-ssl_tls

    I want a clean solution like this article that use TSHARK , But I must use SCAPY because I spent too much time on develop my firewall with scapy:
    https://minnmyatsoe.com/2016/01/26/using-tshark-to-decrypt-ssl-tls-packets/

    jacontre-c
    @jacontre-c
    Hi people, around possible ways to do pcap file parsing speed improvements: is there a way to unload L2 protocol types? so capture only focus on applying parsers to the packet, that are known before hand that are applicable? (so instead of checking for ethernet, 802.11, BLE, etc it only applies 802.11 and everything else is returned as RAW)
    stryngs
    @stryngs
    Hello @jacontre-c -- Here is an example where I do what you speak of, but not necessarily L2; you'll have to trace and replace accordingly.
    https://github.com/stryngs/workshops/blob/master/DC28/blRip.py#L34
    2 replies
    agudek
    @agudek
    Hi all, looking at the _IP6PrefixField class in layers.inet6 I noticed the field length gets calculated as the length of the remainder of the packet. Am I reading this correctly, or is there another way of indicating this fields length? If not, this behaviour might fail in situations where this field is not the last field in the packet
    Leonard Crestez
    @cdleonard
    how do I make p.sprintf("%IPv6.nh%") appear as numeric?
    type(p[IPV6].nh) is a number nut I don't understand how sprintf is different
    apparently p.sprintf("%r,IPV6.nh%") does the job but not p.sprintf("%d,IPV6.nh%")
    Sabry Tarek
    @SabryTarek
    Hello folks, I want to save all domains that the user opened in the web browser. I tried to use Scapy but I get only HTTP requests.
    wireless90
    @wireless90
    Hi peeps how do we sniff eapol frames? I tried sniffing and set lfilter to lambda x: EAPOL in x
    1 reply
    And used my android phone to disconnect and reconnect
    But nothing captured
    Matt Keeter
    @mkeeter
    Weird question for folks: should I expect Scapy to detect UDP echo messages that have raw data attached to them?
    If I do something like sr(IPv6(dst="fe80::4:6ff:fe08:a0c") / UDP(dport=7)), then I get a packet back immediately (and see the whole thing in tcpdump)