1 of 23

Slide Notes

DownloadGo Live

Scapy

Published on Feb 03, 2016

No Description

View Outline

MORE DECKS TO EXPLORE

PRESENTATION OUTLINE

1.

Scapy

An Introduction by Jesús Pedrosa
Photo by Stuck in Customs
2.

Roadmap

  • Review of python fundamentals
  • Opening a capture file
  • Browsing through the packets
  • Modifying the packets
  • Writing our changes
  • Behind the scenes
  • What comes next...
Photo by mgaloseau
3.

Review of python fundamentals

Photo by Juliana Coutinho
4.

Everything is an object...

  • Object oriented programming
  • Syntax my_object.my_function(my_arguments)
  • Usage of OOP paradigm for entity definition
Photo by jurvetson
5.

Importing modules

  • Using the dir() function to locate functions
  • The __doc__ property
  • Adding our directory to the sys.path
Photo by jurvetson
6.

Classes and instances

  • A simple def class(object)
  • A simple def function(self)
Photo by jurvetson
7.

Beware of the references

  • What to look for when things go south
  • Copy.deepcopy() and other goodies
  • Is this over already?
Photo by jurvetson
8.

Now this just doesn't seem right...

  • Your best friend: the Pdb module
  • Setting a breakpoint
  • Traversing the code
  • Printing variables
Photo by jurvetson
9.

Opening a capture

And not dying in the process
Photo by Editor B
10.

The terminal

  • Autocompletion
  • Including our own modules
  • Using it like python
  • Watch for the hidden exception
Photo by _Harry Lime_
11.

The basics

  • rdpcap("name_of_my_capture.pcap")
  • Be sure to pass a pcap/cap file.
  • The result can be viewed as a set of packets:
Photo by _Harry Lime_
12.

The basics II

  • It can also be shown as a list with the show() method:>>> mycapture.show() 0000 Ether / IP / TCP 192.168.1.104:47096 > 192.168.1.102:8080 S 0001 Ether / IP / TCP 192.168.1.102:8080 > 192.168.1.104:47096 SA 0002 Ether / IP / TCP 192.168.1.104:47096 > 192.168.1.102:8080 A 0003 Ether / IP / TCP 192.168.1.104:47096 > 192.168.1.102:8080 PA / HTTP / Raw
Photo by _Harry Lime_
13.

The structure of a capture

  • The capture: appending and slicing
  • The packet: creating packets from raw bytes vs creating a base packet and populating
  • The field: types of fields
  • The field: "what if I want to add a new field?"
  • The value: The three representations of values
Photo by _Harry Lime_
14.

Browsing through the capture

Photo by delphwynd
15.

When things get boring, automate!

  • Looping through
  • Finding a specific something in the something that matches the something
  • Layers: stacking and using constructors
  • Example - Merging captures: appending and checking timestamps, sequence numbers and ack's
Photo by Kuba Bożanowski
16.

Modifying packets

Cleaning up the mess...
Photo by Timm Suess
17.

I can do that, hold my beer!

  • Changing the value of the tcp timestamp
  • Regenerating the checksum on tcp
  • Regenerating the checksum on IP
Photo by thebarrowboy
18.

Writing our changes

That'all very well but I want to save it!
Photo by laura0509
19.

Creating our first capture

  • Saving with wrpcap()
  • Checking how are we doing on wireshark
  • A glimpse on how the sinergy between scapy and tshark works
Photo by The U.S. Army
20.

Behind the scenes

The who's who and the what's what
Photo by seanpanderson
21.

Capture dissection

  • The packet class
  • The dissect() method
  • The guess_payload_class() method
  • The field class
  • The getfield() method
  • The addfield() method
  • THe i2m() method
Photo by frankieleon
22.

What comes next

Superpowers and such
Photo by Crystl
23.

End of the trial version...

  • Creating a new protocol
  • Sniffing traffic
  • Injecting traffic
  • Creating a traffic generator
Photo by Walt Stoneburner

Friend of Haiku Deck