December 13, 2020 at 4:34 pm #49842
I’m in the code injector section and I can’t seem to get it to work correctly. My code runs without error capturing all the request and changing the load, so accept
encoding section of the load is blank. But after running and using the iptables my browser just won’t load I get no responses in my terminal and it’s just stuck at white space. If screenshots are needed I can provide but I did everything that Zaid did and it just won’t load any responses. I’m using website.org also for an HTTP site.December 14, 2020 at 6:26 pm #49876
Are you trying this in the local or remote host?
Can you share your code please?
DiegoDecember 14, 2020 at 8:59 pm #49881
Two screenshots of my code : https://imgur.com/a/ZN10tUc
I’m trying to test this on my local computer. Haven’t moved on to trying this with a remote device yet.December 15, 2020 at 6:44 pm #49916
When you said you are trying it on the local computer do you mean kali? Or which exact computer?
Also I’ll suggest to write the code as showed in the course, I mean import scapi.all as scapy, and your mod function seems a bit odd, why are you getting the payload ther? and why are you converting it to bytes using utf-8? Are you using python 2 or 3?
Let me know.
DiegoDecember 16, 2020 at 4:43 pm #49949
I’m running iptables on the output and input chains on my local computer. It is not Kali but it’s my own Debian based creation. I’m using python 3.7 and some things are different because the course is a little outdated some of the commands he uses are depreciated or just not working. I had to make the changes I did to stop the errors. All the other programs work as intended with scapy.all import *, so I don’t see why that would be the problem. I took out the first two lines of the mod function I left those in when I was trying to figure out the problem, sorry. In the above screenshot I also sent the wrong packet to the mod function I sent the original netfilterqueue packet that’s why I was using IP(get_payload()). I fixed all that and reverted to what I had, sending the scapy pkt from the main process function to the mod function with the modified load. Now the mod function is just like Zaid’s, setting the pkt[Raw].load to the new load and deleting the len and chksums from UDP and TCP layers.
After changing those few lines the program still does not work. Running it on my computer it never receives any responses in the terminal or in my browser. My browser is Firefox and it just forever loads with a white screen.
I’m wondering if it could be that I need to set a new lens for the UDP and TCP layers? But I thought Zaid said they are automatically fixed to the right number after we delete them.December 16, 2020 at 6:40 pm #49953
As you are learning it would be better to follow all the instructions as in the lectures, I mean using custom kali and the syntax as showed by Zaid, I reapeat this is for learning purposes, and once the scripts work you can use your custom Debian machine and the syntax you want, this will also help to spot the error in your custom script. I don’t know the specifics of your custom Debian so I can’t tell if there’s any networking issue, did the DNS and file interceptor worked as expected?
Can you share the result of iptables -L and iptables -t nat -L after setting the rules for INPUT and OUTPUT?
DiegoDecember 17, 2020 at 12:15 am #49960
I rewrote the code to match what Zaid did again and attached the screenshots to this post.
I also attached the screenshots for the iptables commands you asked for.
I was able to get the DNS spoofer to work with an HTTP site and everything else before that, other than the file interceptor because I didn’t know any HTTP sites that had downloads on their site. Why would me using my own operating system be a problem Zaid says we don’t have to use Kali in the course.December 17, 2020 at 6:54 pm #49979
As I mentioned above I suggested using custom kali for learning purposes, if you have plenty knowledge on using linux then use your custom distro, I never try to said that it was a problem but if you are not familiar with linux then it can be harder to spot where the issue is, but do it as you wish.
If there’s no info being displayed in screen while running the script and the browser window does not load at all then there are some networking issues, can you share the results of the other iptables command I mentioned? And here is site that use http that you can use to test the file interceptor:
And another problem here might be running the scripts as a normal user, will suggest to run them as root, logging ig as root would be prefered.
DiegoDecember 17, 2020 at 9:34 pm #49985
So I thought I did run all the commands you posted, but I did them again and posted the screenshots. Also, thank you for the site.
Another thing when I tried to run sudo iptables -t nat or –table, I get command not found. I run the script with sudo every time it won’t let me run unless it has root.And there is output to the screen it catches all the request just no responses.December 18, 2020 at 7:15 pm #50023
The command should be failling because you are missing -L, look what I wrote avobe, iptables -t nat -L, so if you are not getting repsonses it should be because some packets are stucked, try to flush iptables first:
iptables –table nat –flush
iptables –table nat –delete-chain
iptables -P FORWARD ACCEPT
Enable port forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Then run the proper iptables rules again and try it once more.
Let me know how it goes!
DiegoDecember 19, 2020 at 2:55 am #50036
Do I need to IP forward if I’m using this on my local device and not another computer?December 19, 2020 at 7:15 pm #50046
Yeah, that won’t affect the performance of the script, did flushing iptables work?
Let me know.
DiegoDecember 20, 2020 at 5:50 am #50062
Ok so I ran the correct iptables command ‘iptables -t nat -L’ and there were no queues in the chains everything with policy accept.
I ran it before running the script and during getting the same output. The file interceptor scripted worked just fine with the site you gave me. And flushing iptables didn’t work it made the browser start getting responses and load the page yes but i was still unable to see any responses in my terminal.December 20, 2020 at 5:57 am #50063December 21, 2020 at 6:40 pm #50122
Which website did you use this last time for testing the code injector? It was an http site right? If so then look at the code source page and verify if the code has been injected.
Let me know.
- You must be logged in to reply to this topic.