CODEWITHSUNDEEP
httpcode-injectionscapyintercept
phoebus
phoebus

Reputation: 1329

Python Scapy - Intercept and modify http packet on localhost

I have apache2 running on localhost and I want to intercept and modify an http request from my localhost. By modifying I want to change the Accept-Encoding attribute of the header to 'identity'. Using Burp-Suite, it works just fine. However, using my scapy script it seems that the packet is already sent because the http response is still encoded.

The scapy script:

from scapy.all import *

def intercept(pkt):

   if pkt.haslayer(Raw):
      http_content = pkt.getlayer(Raw).load

      http_content = http_content.replace("Accept-Encoding: gzip, deflate", "Accept-Encoding: identity")
      pkt[Raw].load = http_content         
      print pkt.show()
      send(pkt)

def main():
   sniff(iface='lo', filter='tcp port 80', prn=intercept)

if __name__ == '__main__':
   main()

This is what I get back as a response:

<skipped>
###[ Raw ]###
           load      = 'HTTP/1.1 200 OK\r\nDate: Thu, 11 Aug 2016 09:34:38 GMT\r\nServer: Apache/2.4.23 (Debian)\r\nLast-Modified: Thu, 11 Aug 2016 09:34:25 GMT\r\nETag: "7d-539c878b8f8fd-gzip"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 103\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x03\xb3\xc9(\xc9\xcd\xb1\xe3\xb2\xc9HML\xb1\xe3RPP\xb0)\xc9,\xc9I\xb5\xf3H\xcd\xc9\xc9W\x08\xcf/\xcaI\xb1\xd1\x87\x08q\xd9\xe8CT\xd9$\xe5\xa7TB\x14g\x18!\xabT\x04\xaa0\x82H\x14@\xc5\x13\xd3\x133\xf3\xf4\xf4\xf4l\xf4\x0b@\x06@t\x02\x95\x81m\x05\x00\x1c\x95F\x1d}\x00\x00\x00'

which is encoded.

Can someone help?

Upvotes: 4

Views: 6862

Answers (1)

coder
coder

Reputation: 12972

Well as far as I know scapy doesn't give you the ability to modify packets that are already created by your system. Of course you can craft and inspect packets but cannot modify already created packets. As it is correctly pointed out here Scapy sniffs packets without interfering with the host's IP stack. But for Linux you could try to combine scapy with the nfqueue module. The nfqueue module lets you modify(using scapy) packets that meet a certain iptables rule.

Upvotes: 6

Related Questions