This book gives you the skills you need to use Python for penetration testing, with the help of detailed code examples. This book has been updated for Python 3.6.3 and Kali Linux 2018.1.About This Bookâą Detect and avoid various attack types that put the privacy of a system at riskâą Leverage Python to build efficient code and eventually build a robust environmentâą Learn about securing wireless applications and information gathering on a web serverWho This Book Is ForIf you are a Python programmer, a security researcher, or an ethical hacker and are interested in penetration testing with the help of Python, then this book is for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.What You Will Learnâą The basics of network pentesting including network scanning and sniffingâą Wireless, wired attacks, and building traps for attack and torrent detectionâą Web server footprinting and web application attacks, including the XSS and SQL injection attackâą Wireless frames and how to obtain information such as SSID, BSSID, and the channel number from a wireless frame using a Python scriptâą The importance of web server signatures, email gathering, and why knowing the server signature is the first step in hackingIn DetailThis book gives you the skills you need to use Python for penetration testing (pentesting), with the help of detailed code examples.We start by exploring the basics of networking with Python and then proceed to network hacking. Then, you will delve into exploring Python libraries to perform various types of pentesting and ethical hacking techniques. Next, we delve into hacking the application layer, where we start by gathering information from a website. We then move on to concepts related to website hackingâsuch as parameter tampering, DDoS, XSS, and SQL injection.By reading this book, you will learn different techniques and methodologies that will familiarize you with Python pentesting techniques, how to protect yourself, and how to create automated programs to find the admin console, SQL injection, and XSS attacks.Style and approachThe book starts at a basic level and moves to a higher level of network and web security. The execution and performance of code are both taken into account.
When I was pursuing my Master of engineering (M.E) degree, I used to sniff the networks in my friends' hostel with my favorite tool, Cain and Abel. My friends would usually surf e-commerce websites. The next day, when I told them that the shoes they were shopping for were good, they would be amazed. They always wondered how I got this information. Well, this is all due to sniffing the network.
In this chapter, we will study sniffing a network, and will cover the following topics:
The concept of a sniffer
The types of network sniffing
Network sniffing using Python
Packet crafting using Python
The ARP spoofing concept and implementation by Python
Testing security by custom-packet crafting
Introducing a network sniffer
Sniffing is a process of monitoring and capturing all data packets that pass through a given network using software (an application) or a hardware device. Sniffing is usually done by a network administrator. However, an attacker might use a sniffer to capture data, and this data, at times, might contain sensitive information, such as a username and password. Network admins use a switch SPAN port. The switch sends one copy of the traffic to the SPAN port. The admin uses this SPAN port to analyze the traffic. If you are a hacker, you must have used the Wireshark tool. Sniffing can only be done within a subnet. In this chapter, we will learn about sniffing using Python. However, before this, we need to know that there are two sniffing methods. They are as follows:
Passive sniffing
Active sniffing
Passive sniffing
Passive sniffing refers to sniffing from a hub-based network. By placing a packet sniffer on a network in the promiscuous mode, a hacker can capture the packets within a subnet.
Active sniffing
This type of sniffing is conducted on a switch-based network. A switch is smarter than a hub. It sends packets to the computer after checking in a MAC table. Active sniffing is carried out by using ARP spoofing, which will be explained further in the chapter.
Implementing a network sniffer using Python
Before learning about the implementation of a network sniffer, let's learn about a particular struct method:
struct.pack(fmt, v1, v2, ...): This method returns a string that contains the values v1, v2, and so on, packed according to the given format
struct.unpack(fmt, string): This method unpacks the string according to the given format
Let's discuss the code in the following code snippet:
First, import the struct module, and then pack the 1, 2, and 3 integers in the hhl format. The packed values are like machine code. Values are unpacked using the same hhl format; here, h means a short integer and l means a long integer. More details are provided in the subsequent sections.
Consider the situation of the client-server model; let's illustrate it by means of an example.
Run the struct1.py. file. The server-side code is as follows:
The client-side code accepts the message and unpacks it in the given format.
The output for the client-side code is as follows:
C:network>python unstruc.py
â» â„ (1, 2, 3)
The output for the server-side code is as follows:
G:PythonNetworkingprogram>python struct1.py connected by ('192.168.0.11', 1417)
Now, you should have a decent idea of how to pack and unpack the data.
Format characters
We have seen the format in the pack and unpack methods. In the following table, we have C-type and Python-type columns. It denotes the conversion between C and Python types. The Standard size column refers to the size of the packed value in bytes:
Format
C type
Python type
Standard size
x
pad byte
no value
c
char
string of length 1
1
b
signed char
integer
1
B
unsigned char
integer
1
?
_Bool
bool
1
h
short
integer
2
H
unsigned short
integer
2
i
int
integer
4
I
unsigned int
integer
4
l
long
integer
4
L
unsigned long
integer
4
q
long long
integer
8
Q
unsigned long long
integer
8
f
float
float
4
d
double
float
8
s
char[]
string
p
char[]
string
P
void *
integer
Let's check what will happen when one value is packed in different formats:
We packed the number 2 in three different formats. From the preceding table, we know that b and B are one byte each, which means that they are the same size. However, h is two bytes.
Now, let's use the long int, which is eight bytes:
>>> struct.pack('q',2)'x02x00x00x00x00x00x00x00'
If we work on a network, ! should be used in the following format. ! is used to avoid the confusion of whether network bytes are little-endian or big-endian. For more information on big-endian and little-endian, you can refer to the Wikipedia page on Endianness:
You can see the difference when using ! in the format.
Before proceeding to sniffing, you should be aware of the following definitions:
PF_PACKET: It operates at the device-driver layer. The pcap library for Linux uses PF_PACKET sockets. To run this, you must be logged in as a root. If you want to send and receive messages at the most basic level, below the internet protocol layer, then you need to use PF_PACKET.
Raw socket: It does not care about the network layer stack and p...
