Thursday, February 17, 2011

evilbitchanger

I've been learning scapy, which is an awesome tool. I have a colleague who is doing some research and had a need for a tool that could modify IP packets in arbitrary ways either from a pcap file or on packets in real time. The prototype sets the IP evil bit, recalculates the checksum and forwards the new packet.

Web page here.

Code hosted here.

2 comments:

  1. Hello Sir , I am using evibitchanger. I am getting error that

    ------------------------------------------------------
    Traceback (most recent call last):
    File "./evilbitchanger.py", line 162, in
    main()
    File "./evilbitchanger.py", line 158, in main
    sniffsend('eth1', 'eth0', options.filter)
    File "./evilbitchanger.py", line 120, in sniffsend
    prn=lambda x:evilsend(x.payload))
    File "/home/manan/Script/scapy.py", line 11153, in sniff
    r = prn(p)
    File "./evilbitchanger.py", line 120, in
    prn=lambda x:evilsend(x.payload))
    File "./evilbitchanger.py", line 89, in evilsend
    ip_packet.flags |= 3
    File "/home/manan/Script/scapy.py", line 5158, in __getattr__
    fld,v = self.getfield_and_val(attr)
    File "/home/manan/Script/scapy.py", line 5154, in getfield_and_val
    return self.payload.getfield_and_val(attr)
    File "/home/manan/Script/scapy.py", line 5154, in getfield_and_val
    return self.payload.getfield_and_val(attr)
    File "/home/manan/Script/scapy.py", line 5972, in getfield_and_val
    raise AttributeError(attr)
    AttributeError: flags

    ------------------------------------------------------
    can you tell me where i am facing error. I am new to python and i have hard coded input and output interface to eth0 and eth1.

    ReplyDelete
    Replies
    1. Sorry for the late reply. I just now enabled comment notifications.

      The error is that the argument going to evilsend doesn't have a "flags" attribute. This implies that it's not an IP packet. I suspect the problem is that you're not passing in a filter (via -f) or the filter you're passing in is allowing non-IP packets (ARP, DHCP, etc) to be passed in.

      Delete