ForgeSpider plugins use Scapy to send forged packets to targets.
As well as the common metadata, ForgeSpider plugins also require a
variable, containing the number of different packets that should be generated
for each target.
For example, if you had two different packets to be sent:
class ForgeSpiderPlugin(ForgeSpider, PluggableSpider): packets = 2
As ForgeSpider uses Scapy, you will need to import any features from Scapy you wish to use in order to construct your packets. Scapy provides a flexible toolbox for packet forging, to learn more please refer to the Scapy project’s documentation.
The heart of a ForgeSpider is the
forge() function. This function takes two
arguments, the job containing the target information and the sequence number.
This function will be called the number of times set in the packets metadata
variable and seq will be set to the number of times the function has been
called for this job.
The function must return a Scapy Layer 3 packet. As a very basic example, a function that forges a TCP SYN first, then a TCP RST:
def forge(self, job, seq): sport = 0 while sport < 1024: sport = int(RandShort()) l4 = TCP(sport=sport, dport=job['dp']) ip = IP(src=self.source, dst=job['dip']) if seq == 0: l4.flags = "S" if seq == 1: l4.flags = "R" return ip/l4
As jobs may be for both IPv4 and IPv6 targets, you should account for this and
build your packets using the correct Scapy functions for the IP version.
ForgeSpider also supports the
--connect option and you can use this to
modify the type of packets generated in the forge function.