How to spoof the IP address in a UDP packet with scapy

1
votes

I'm testing the security infrastructure on my server, running an application that accepts UDP traffic on port 7777. In order to do that, I want to send UDP packets to query for information about the application, but using a spoofed IP source.

Here is the packet I'm trying to send:

https://i.stack.imgur.com/kmUPx.png

I've tried doing this with scapy, but it looks like the packet is not received on the other side, where I have tcpdump listening for UDP packets on port 7777.

This is the code I've tried:

from scapy.all import *
import random

D = 7777 # destination port
opcode = 'd'
target_ip = "1.1.1.1"
ips = target_ip.split('.'); # Target IP

payload = "SAMP{0}{1}{2}{3}{4}{5}{6}".format(chr(int(ips[0])), chr(int(ips[1])), chr(int(ips[2])), chr(int(ips[3])), chr(D & 0xFF), chr(D ยป 8 & 0xFF), opcode)

ip1 = 84
ip2 = random.randint(1,255)
ip3 = random.randint(1,255)
ip4 = random.randint(1,255)

A = str(ip1) + "." + str(ip2) + "." + str(ip3) + "." + str(ip4)

send(IP(src=A, dst=target_ip)/UDP(dport=D)/Raw(load=payload))

When I run, it says "Sent 1 packet", however I cannot see the packets in the other side when using tcpdump like this:

tcpdump -t -n -v -B 99999 -i gre1 -XX udp dst port 7777

I've tried with two different target IPs, both have port 7777 opened.

The payload I want to send is basically 53 41 4D 50 C0 A8 C8 67 61 1E 69, from a spoofed IP src.

1
pythonsocketsnetworkingudpscapy
"but using a spoofed IP source" - to what end? โ€“ Jean-Paul Calderone
It is possible that IP is receiving the packet, but UDP is dropping the datagram because you have not properly calculated the (optional for IPv4) checksum using the spoofed IPv4 address. If you do not want to use the checksum field, it must be set to all zeroes. โ€“ Ron Maupin
@Jean-PaulCalderone I have an application that works via UDP requests and it's prone to denial of service attacks by traffic saturation, using spoofed UDP requests. I'm trying to improve my infrastructure to defend against that, therefore I need a way of testing it. โ€“ Tryhard3r

1 Answers

1
votes

FYI you could create a packet template, it will be much easier. Something like 

class YourPacket(Packet):
    fields_desc = [
        StrFixedLenField("head", "SAMP", 4),
        IPField("ip", "0.0.0.0"),
        ShortField("port", 0),
        ByteField("opcode", 0)
    ]

Then make sure you are sending it on the correct interface. You can add iface=... to send().

Demo:

>>> x = YourPacket(ip="192.168.200.103", port=7777, opcode=ord(b"i"))
>>> x
<YourPacket  ip=192.168.200.103 port=7777 opcode=105 |>
>>> hexdump(x)
0000  53 41 4D 50 C0 A8 C8 67 1E 61 69                 SAMP...g.ai
>>> send(IP()/UDP(dport=7777)/x)