Your Fly Is Open

Netmenaces and Other Internet Stupidity

Starting April

2021-04-01 2 min read Tricks

I’m just going to leave this here…

It’s a little something that I put together for today. Seems appropriate…

Please let me know what you think it does.

#!/usr/bin/env python3
# this python script MUST be run as root

# also, once this is running, it is necessary to run the
# following iptables command designating the appropriate device:
# iptables -A OUTPUT -o <device> -j NFQUEUE --queue-num 3514

from scapy.all import *
from netfilterqueue import NetfilterQueue

def doIt(packet):
	scapypkt = IP(packet.get_payload())
	scapypkt[IP].flags |= 4
	del scapypkt[IP].chksum
	packet.set_payload(bytes(scapypkt))
	packet.accept()

# bind the callback function to the queue
nfqueue = NetfilterQueue()
nfqueue.bind(3514, doIt)

try:
	nfqueue.run()
except KeyboardInterrupt:
	pass

XOXOXO

-TL
Tom Liston
Owner, Principal Consultant
Bad Wolf Security, LLC
Mastodon: @tliston@infosec.exchange
Twitter (yes, I know… X): @tliston
April 1, 2021

P.S.: It’s probably NOT the best idea to actually do this for all of your network traffic. I tested it by adding -p ICMP to the iptables command, and it actually works and does a fine job… That being said, I take NO responsibility.

P.P.S.: I finally gave into temptation and I’ve been running it on all traffic for quite a while now. I even pushed this update to the site just now with it running. It’s working like a charm - color me impressed.

Hint #1:

echo 'VGhlIG51bWJlciAzNTE0IGlzIGludm9sdmVkIGluIGFsbCBvZiB0aGlzIHNvbWVob3cuCg==' | base64 -d

Hint #2:

echo 'VGhpcyBoYXMgc29tZXRoaW5nIHRvIGRvIHdpdGggYSBnZW50bGVtYW4gbmFtZWQgU3RldmUgQmVsbG92aW4uCg==' | base64 -d