-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlogspoof.py
More file actions
executable file
·30 lines (23 loc) · 862 Bytes
/
logspoof.py
File metadata and controls
executable file
·30 lines (23 loc) · 862 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#!/usr/bin/env python
# Script for spoofing and re-sending syslog messages.
from socket import *
from scapy.all import IP,UDP,send
# Setup destination variable
destination = "192.168.0.33"
# Setup field that the source lies in
sourcefield = 3
# Setup UDP socket listening on port 514
sock = socket(AF_INET6, SOCK_DGRAM)
sock.bind(('', 514))
# Setup program loop for reading data from socket and forwarding \
# to destination spoofed as source as defined in message
while 1:
# Read data from socket
data, clientaddr = sock.recvfrom(4096)
# Determine address to spoof based off of syslog message
spoofedsource = gethostbyname("%s" %(data.split()[sourcefield]))
# Try to send message back out with spoofed source in IP packet
try:
send(IP(src=spoofedsource, dst=destination)/UDP(sport=42114, dport=514)/data.rstrip())
except Exception as e:
raise