shramos / polymorph Goto Github PK

Hello Santiago,

I'm trying to use the sleep function from the time module, but when I import in the function, I get an error

Exception ignored in: 'netfilterqueue.global_callback'
Traceback (most recent call last):
  File "/home/andres/polymorph/venv/lib/python3.8/site-packages/polymorph/interceptor.py", line 69, in linux_modify
    pkt = function(self.packet)
TypeError: 'module' object is not callable

how could I use sleep in a function?

thank you

Can you enable autocomplete for functions files?
Actually I can autocomplete with polymorph commands, but no with the arguments suported by functions -i
In the example, it would be ideal to autocomplete with the results of functions -sa, that is, in this case, with sniff_icmp

Hi again,
I installed the last version 2.0.5 but the error still appears, is not solved as you said in #17

Hi,

Your project is great. I have an question about the intercept function. I would like to interrupt traffic to a server. But if i use the following command no traffic is reach the internet.

intercept -ipt "iptables -I OUTPUT -j NFQUEUE --queue-num 1"

If i use:

intercept -ipt "iptables -I INPUT -j NFQUEUE --queue-num 1"

the intercept function shows me that the paket is change, but wireshark does not shows me the change.

What i do wrong?

Best regards,

Ibonok

Hi,

After upgrading polymorph to version 2.0.6, I get this error:

Traceback (most recent call last):
File "/usr/bin/polymorph", line 7, in <module> from polymorph.UI.maininterface import MainInterface
File "/usr/venvs/polymorph/lib/python3.8/site-packages/polymorph/UI/maininterface.py", line 5, in <module> from polymorph.UI.interface import Interface
File "/usr/venvs/polymorph/lib/python3.8/site-packages/polymorph/UI/interface.py", line 9, in <module> from polymorph.utils import set_ip_forwarding
File "/usr/venvs/polymorph/lib/python3.8/site-packages/polymorph/utils.py", line 5, in <module> from scapy.sendrecv import sniff
File "/usr/venvs/polymorph/lib/python3.8/site-packages/scapy/sendrecv.py", line 35, in <module> import scapy.route # noqa: F401
File "/usr/venvs/polymorph/lib/python3.8/site-packages/scapy/route.py", line 199, in <module> conf.route = Route()
File "/usr/venvs/polymorph/lib/python3.8/site-packages/scapy/route.py", line 27, in __init__ self.resync()
File "/usr/venvs/polymorph/lib/python3.8/site-packages/scapy/route.py", line 33, in resync from scapy.arch import read_routes
File "/usr/venvs/polymorph/lib/python3.8/site-packages/scapy/arch/__init__.py", line 27, in <module> from scapy.arch.bpf.core import get_if_raw_addr
File "/usr/venvs/polymorph/lib/python3.8/site-packages/scapy/arch/bpf/core.py", line 30, in <module> LIBC = cdll.LoadLibrary(find_library("libc"))
File "/usr/pyenv/versions/3.8.7/lib/python3.8/ctypes/util.py", line 330, in find_library _get_soname(_findLib_gcc(name)) or _get_soname(_findLib_ld(name))
File "/usr/pyenv/versions/3.8.7/lib/python3.8/ctypes/util.py", line 147, in _findLib_gcc if not _is_elf(file):
File "/usr/pyenv/versions/3.8.7/lib/python3.8/ctypes/util.py", line 99, in _is_elf with open(filename, 'br') as thefile:
FileNotFoundError: [Errno 2] No such file or directory: b'liblibc.a'

Hi @shramos, thanks for updating this project! We are using it as a tool in networking courses.
I'm trying to install Polymorph on a EC2 instance with Ubuntu.
For installation I did:
apt-get install build-essential python-dev libnetfilter-queue-dev tshark tcpdump python3-pip wireshark
pip3 install git+https://github.com/kti/python-netfilterqueue
pip3 install polymorph
then I added to path:
export PATH="$PATH:/home/ubuntu/.local/bin/"
I got ModuleNotFoundError for "dateutil" and "texttable". So I manually installed it.
pip3 install dateutils and pip3 install texttable
I finally can launch polymorph with his main interface but when I try to capture I get:

PH > capture
[+] Waiting for packets...

(Press Ctr-C to exit)

[!] Exception: Error processing the previous command. More info:

name 'os' is not defined

I tried with a Ubuntu/Kali container getting same error as well.

Hi, is there a recommended Linux distro and version polymorph is known to work against?

I have tried with CentOS 7 as well as via LudwigEnglbrecht's docker image, but always hit issues.

Definitely there is some dependency on specific version of tshark: if I use tshark 2.6, I hit the 'int' object is not subscritable issue seen at #20 (comment).

I am also wondering if there is dependency on specific version of libnetfilter_queue-devel?

With CentOS 7, tshark 2.2, workaround mentioned in #8, I still hit issues when trying to capture from localhost:

PH > capture -i lo
[+] Waiting for packets...

(Press Ctr-C to exit)

^C[ERROR] Parsing field: eth.dst
[ERROR] Parsing field: eth.src
[ERROR] Parsing field: eth.type
[ERROR] Parsing field: ip.version
[ERROR] Parsing field: ip.hdr_len
[ERROR] Parsing field: ip.dsfield
[ERROR] Parsing field: ip.len
[ERROR] Parsing field: ip.id
[ERROR] Parsing field: ip.flags
[ERROR] Parsing field: ip.frag_offset
[ERROR] Parsing field: ip.ttl
[ERROR] Parsing field: ip.proto
[ERROR] Parsing field: ip.checksum
[ERROR] Parsing field: ip.src
[ERROR] Parsing field: ip.addr
[ERROR] Parsing field: ip.src_host
[ERROR] Parsing field: ip.host
[ERROR] Parsing field: ip.dst
[ERROR] Parsing field: ip.dst_host
[ERROR] Parsing field: icmp.type
[ERROR] Parsing field: icmp.code
[ERROR] Parsing field: icmp.checksum
[ERROR] Parsing field: icmp.ident
[ERROR] Parsing field: icmp.seq
[ERROR] Parsing field: icmp.seq_le
[ERROR] Parsing field: icmp.data_time
[ERROR] Parsing field: icmp.data_time_relative
[ERROR] Parsing field: data

Thanks in advance. This looks like a super useful utility!

When I intercept packet applying precondition and executions and try to stop intercept with Ctrl + C im getting:
Exception ignored in: 'netfilterqueue.global_callback' Traceback (most recent call last): File "/home/ubuntu/.local/lib/python3.6/site-packages/polymorph/interceptor.py", line 75, in linux_modify packet.accept() KeyboardInterrupt
until several seconds until I can Ctrl + C without getting error and come back to capture menu.

Hello first of all many thanks for the project. It is exactly what I am looking for. I have a question about the dissector. I want to dissect the OPC UA protocol but it is not recognized by tshark. I know that wireshark has a working dissector for that protocol. So tshark should have one too, right?
I also know that my captured packets contain OPC UA messages. Can I define a specific protocol for the dissector? What else can cause this behavior?

Here is a screenshot of my captures packets after the dissect command. As you can the see the opc ua part of the packet ist just RAW.DATA

I'd be happy to get some advice or an inspiration.
Thanks.

To know better which version of polymorph is installed, can you add --version argument?

I think that with this I have no more things to contribute to your project. It's great and I'll help to massify it
Thank you very much

Hi,
I installed version 2.0.5 and when I use the command "intercept -localhost", this message appears:

[!] Exception: Error processing the previous command. More info:
Command 'iptables -I OUTPUT -j NFQUEUE --queue-num 1' returned non-zero exit status 127.

Then, i installed the package "iptables" and the message change:

[!] Exception: Error processing the previous command. More info:
Command 'ip6tables -I OUTPUT -j NFQUEUE --queue-num 1' returned non-zero exit status 3.

Dear @shramos,
when i try to delete an existing function it returns there's no function in the list. Only fix at the moment is restart Polymorph to unset list of applying functions.

PH:cap/t10 > functions -s
+-------+----------------------------------------------------------------------+
| Order |                              Functions                               |
+=======+======================================================================+
| 0     | def icmpReader(packet):                                              |
|       |     if packet['IP']['proto'] == 1:                                   |
|       |         if packet['ICMP']['type'] == 8:                              |
|       |             print("Request from "+ packet['IP']['src']+ " to         |
|       | "+packet['IP']['addr'])                                              |
|       |             return packet                                            |
|       |         elif packet['ICMP']['type'] == 0:                            |
|       |             print("Reply from "+ packet['IP']['src']+ " to           |
|       | "+packet['IP']['addr'])                                              |
|       |             return packet                                            |
|       |     return None                                                      |
|       |                                                                      |
|       |                                                                      |
|       |                                                                      |
+-------+----------------------------------------------------------------------+
| 1     | def TTLModifier(packet):                                             |
|       |     from random import randint                                       |
|       |     if packet['IP']['proto'] == 1 and packet['IP']['src'] ==         |
|       | '172.17.0.2':                                                        |
|       |         packet['IP']['ttl'] = random.randint(100, 120)               |
|       |         return packet                                                |
|       |     return None                                                      |
|       |                                                                      |
|       |                                                                      |
+-------+----------------------------------------------------------------------+
| 2     | def sniff_icmp(packet):                                              |
|       |     from random import randint                                       |
|       |     packet['IP']['ttl'] = randint(120,124)                           |
|       |     return packet                                                    |
|       |                                                                      |
+-------+----------------------------------------------------------------------+

PH:cap/t10 > functions -d sniff_icmp
[!] The function sniff_icmp is not in the list

PH:cap/t10 > functions -d 2
[!] The function 2 is not in the list

Thanks for helping!

Hi,

I'm trying to create a function which filters for GOOSE messages.

First i setup polymorph to be in capture mode with a goose filter(capture -i lo -f goose). So I inject a single GOOSE message (attached is the pcap) via tcpreplay (tcpreplay -i lo Single\ GOOSE.pcapng) into the lo and it is detected and a template generated. But then when i go to use intercept -localhost and i inject again, the packet never appears. The function i am using to verify this is:

def funco(packet):
print("hi")
return packet

So when i inject a packet, of any kind, i should see hi printed on the terminal, but I never see a "hi" when i inject a GOOSE message. I can confirm via wireshark that the messages are appearing at my lo.

Any help would be appreciated

Using:
Ubuntu 20.04
python 3.8
polymorph 2.0.5 (installed via pip3)

Single GOOSE.zip

When I launch polymorph command in a python3.7 virtualenv, I get an error loop

Unhandled exception in event loop:
File "/usr/pip3/lib/python3.7/site-packages/polymorph/deps/prompt_toolkit/eventloop/coroutine.py", line 90, in step_next new_f = coroutine.throw(exc)

File "/usr/pip3/lib/python3.7/site-packages/polymorph/deps/prompt_toolkit/history.py", line 57, in _start_loading item_callback=add_string))

File "/usr/pip3/lib/python3.7/site-packages/polymorph/deps/prompt_toolkit/eventloop/coroutine.py", line 86, in step_next new_f = coroutine.send(None)

Any solution to fix this ?

Hi,

Im trying to capture packets that contains the Constrained Application Protocol but i cant succeed.
CoAP uses UDP with the port 5683, im capturing with only BFG notation "udp" and without filters but i cant reach to the packets.

At the same time, i capture the packets with Wireshark.

My env:
SO: Ubuntu 18.04
Kernel: Linux 4.15.0-43-generic

Can be interesting if the fw can deal with the possibility to inject or register "external" conditions stored outside the library.

This will be great to ensure that the real logic of our conditions can be easily mantained outside the library, being able to avoid troubles with virtualenv executions, library upgrades, ...

This idea can be also applied for the stored templates.

It takes sense @shramos? If it, I can support you for the development of this functionality

Hi Santiago, thanks for your quickly responses
Probably is not an issue, but most software allow to write commands with spaces at the end of line. In this case, it gave me a lot of headaches detect why the error appears, specially when you copy/paste code.

hi everyone! , i've trying install polymoprh and i can't install netfilterqueue. this is my error:

Building wheels for collected packages: NetfilterQueue
Running setup.py bdist_wheel for NetfilterQueue ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-ynn0l5e_/NetfilterQueue/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" bdist_wheel -d /tmp/pip-wheel-rjbzwt18 --python-tag cp37:
running bdist_wheel
running build
running build_ext
building 'netfilterqueue' extension
creating build
creating build/temp.linux-x86_64-3.7
x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.7m -c netfilterqueue.c -o build/temp.linux-x86_64-3.7/netfilterqueue.o
netfilterqueue.c: In function ‘__pyx_f_14netfilterqueue_6Packet_set_nfq_data’:
netfilterqueue.c:2150:68: warning: passing argument 2 of ‘nfq_get_payload’ from incompatible pointer type [-Wincompatible-pointer-types]
2150 | __pyx_v_self->payload_len = nfq_get_payload(__pyx_v_self->_nfa, (&__pyx_v_self->payload));
| ~^~~~~~~~~~~~~~~~~~~~~~~
| |
| char **
In file included from netfilterqueue.c:440:
/usr/include/libnetfilter_queue/libnetfilter_queue.h:122:67: note: expected ‘unsigned char **’ but argument is of type ‘char **’
122 | extern int nfq_get_payload(struct nfq_data *nfad, unsigned char **data);
| ~~~~~~~~~~~~~~~~^~~~
netfilterqueue.c: In function ‘__pyx_pf_14netfilterqueue_6Packet_4get_hw’:
netfilterqueue.c:2533:17: warning: implicit declaration of function ‘PyString_FromStringAndSize’; did you mean ‘PyBytes_FromStringAndSize’? [-Wimplicit-function-declaration]
2533 | __pyx_t_3 = PyString_FromStringAndSize(((char *)__pyx_v_self->hw_addr), 8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
| PyBytes_FromStringAndSize
netfilterqueue.c:2533:15: warning: assignment to ‘PyObject *’ {aka ‘struct _object ’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
2533 | __pyx_t_3 = PyString_FromStringAndSize(((char )__pyx_v_self->hw_addr), 8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
| ^
netfilterqueue.c: In function ‘__Pyx_PyCFunction_FastCall’:
netfilterqueue.c:6436:13: error: too many arguments to function ‘(PyObject * ()(PyObject , PyObject * const, Py_ssize_t))meth’
6436 | return (((__Pyx_PyCFunctionFast)meth)) (self, args, nargs, NULL);
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
netfilterqueue.c: In function ‘__Pyx__ExceptionSave’:
netfilterqueue.c:7132:21: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
7132 | *type = tstate->exc_type;
| ^~~~~~~~
| curexc_type
netfilterqueue.c:7133:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
7133 | *value = tstate->exc_value;
| ^~~~~~~~~
| curexc_value
netfilterqueue.c:7134:19: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
7134 | *tb = tstate->exc_traceback;
| ^~~~~~~~~~~~~
| curexc_traceback
netfilterqueue.c: In function ‘__Pyx__ExceptionReset’:
netfilterqueue.c:7141:24: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
7141 | tmp_type = tstate->exc_type;
| ^~~~~~~~
| curexc_type
netfilterqueue.c:7142:25: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
7142 | tmp_value = tstate->exc_value;
| ^~~~~~~~~
| curexc_value
netfilterqueue.c:7143:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
7143 | tmp_tb = tstate->exc_traceback;
| ^~~~~~~~~~~~~
| curexc_traceback
netfilterqueue.c:7144:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
7144 | tstate->exc_type = type;
| ^~~~~~~~
| curexc_type
netfilterqueue.c:7145:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
7145 | tstate->exc_value = value;
| ^~~~~~~~~
| curexc_value
netfilterqueue.c:7146:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
7146 | tstate->exc_traceback = tb;
| ^~~~~~~~~~~~~
| curexc_traceback
netfilterqueue.c: In function ‘__Pyx__GetException’:
netfilterqueue.c:7201:24: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
7201 | tmp_type = tstate->exc_type;
| ^~~~~~~~
| curexc_type
netfilterqueue.c:7202:25: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
7202 | tmp_value = tstate->exc_value;
| ^~~~~~~~~
| curexc_value
netfilterqueue.c:7203:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
7203 | tmp_tb = tstate->exc_traceback;
| ^~~~~~~~~~~~~
| curexc_traceback
netfilterqueue.c:7204:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
7204 | tstate->exc_type = local_type;
| ^~~~~~~~
| curexc_type
netfilterqueue.c:7205:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
7205 | tstate->exc_value = local_value;
| ^~~~~~~~~
| curexc_value
netfilterqueue.c:7206:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
7206 | tstate->exc_traceback = local_tb;
| ^~~~~~~~~~~~~
| curexc_traceback
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

Failed building wheel for NetfilterQueue
Running setup.py clean for NetfilterQueue
Failed to build NetfilterQueue
Installing collected packages: NetfilterQueue, pydivert
Running setup.py install for NetfilterQueue ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-ynn0l5e_/NetfilterQueue/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-jk1h5c1v/install-record.txt --single-version-externally-managed --compile --user --prefix=:
running install
running build
running build_ext
building 'netfilterqueue' extension
creating build
creating build/temp.linux-x86_64-3.7
x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.7m -c netfilterqueue.c -o build/temp.linux-x86_64-3.7/netfilterqueue.o
netfilterqueue.c: In function ‘__pyx_f_14netfilterqueue_6Packet_set_nfq_data’:
netfilterqueue.c:2150:68: warning: passing argument 2 of ‘nfq_get_payload’ from incompatible pointer type [-Wincompatible-pointer-types]
2150 | __pyx_v_self->payload_len = nfq_get_payload(__pyx_v_self->_nfa, (&__pyx_v_self->payload));
| ~^~~~~~~~~~~~~~~~~~~~~~~
| |
| char **
In file included from netfilterqueue.c:440:
/usr/include/libnetfilter_queue/libnetfilter_queue.h:122:67: note: expected ‘unsigned char **’ but argument is of type ‘char **’
122 | extern int nfq_get_payload(struct nfq_data *nfad, unsigned char **data);
| ~~~~~~~~~~~~~~~~^~~~
netfilterqueue.c: In function ‘__pyx_pf_14netfilterqueue_6Packet_4get_hw’:
netfilterqueue.c:2533:17: warning: implicit declaration of function ‘PyString_FromStringAndSize’; did you mean ‘PyBytes_FromStringAndSize’? [-Wimplicit-function-declaration]
2533 | __pyx_t_3 = PyString_FromStringAndSize(((char *)__pyx_v_self->hw_addr), 8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
| PyBytes_FromStringAndSize
netfilterqueue.c:2533:15: warning: assignment to ‘PyObject *’ {aka ‘struct _object ’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
2533 | __pyx_t_3 = PyString_FromStringAndSize(((char )__pyx_v_self->hw_addr), 8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
| ^
netfilterqueue.c: In function ‘__Pyx_PyCFunction_FastCall’:
netfilterqueue.c:6436:13: error: too many arguments to function ‘(PyObject * ()(PyObject , PyObject * const, Py_ssize_t))meth’
6436 | return (((__Pyx_PyCFunctionFast)meth)) (self, args, nargs, NULL);
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
netfilterqueue.c: In function ‘__Pyx__ExceptionSave’:
netfilterqueue.c:7132:21: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
7132 | *type = tstate->exc_type;
| ^~~~~~~~
| curexc_type
netfilterqueue.c:7133:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
7133 | *value = tstate->exc_value;
| ^~~~~~~~~
| curexc_value
netfilterqueue.c:7134:19: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
7134 | *tb = tstate->exc_traceback;
| ^~~~~~~~~~~~~
| curexc_traceback
netfilterqueue.c: In function ‘__Pyx__ExceptionReset’:
netfilterqueue.c:7141:24: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
7141 | tmp_type = tstate->exc_type;
| ^~~~~~~~
| curexc_type
netfilterqueue.c:7142:25: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
7142 | tmp_value = tstate->exc_value;
| ^~~~~~~~~
| curexc_value
netfilterqueue.c:7143:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
7143 | tmp_tb = tstate->exc_traceback;
| ^~~~~~~~~~~~~
| curexc_traceback
netfilterqueue.c:7144:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
7144 | tstate->exc_type = type;
| ^~~~~~~~
| curexc_type
netfilterqueue.c:7145:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
7145 | tstate->exc_value = value;
| ^~~~~~~~~
| curexc_value
netfilterqueue.c:7146:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
7146 | tstate->exc_traceback = tb;
| ^~~~~~~~~~~~~
| curexc_traceback
netfilterqueue.c: In function ‘__Pyx__GetException’:
netfilterqueue.c:7201:24: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
7201 | tmp_type = tstate->exc_type;
| ^~~~~~~~
| curexc_type
netfilterqueue.c:7202:25: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
7202 | tmp_value = tstate->exc_value;
| ^~~~~~~~~
| curexc_value
netfilterqueue.c:7203:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
7203 | tmp_tb = tstate->exc_traceback;
| ^~~~~~~~~~~~~
| curexc_traceback
netfilterqueue.c:7204:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
7204 | tstate->exc_type = local_type;
| ^~~~~~~~
| curexc_type
netfilterqueue.c:7205:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
7205 | tstate->exc_value = local_value;
| ^~~~~~~~~
| curexc_value
netfilterqueue.c:7206:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
7206 | tstate->exc_traceback = local_tb;
| ^~~~~~~~~~~~~
| curexc_traceback
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

----------------------------------------

Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-ynn0l5e_/NetfilterQueue/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-jk1h5c1v/install-record.txt --single-version-externally-managed --compile --user --prefix=" failed with error code 1 in /tmp/pip-install-ynn0l5e_/NetfilterQueue/

Hola, después de intentar hacer cualquier captura de paquetes, al presionar Ctrl+C arroja el siguiente mensaje

Kali fue actualizado para poder instalarlo, ya reinstalé Polymorph pero sigue sin funcionar. Se intentó en modo Host-Only y en Modo NAT pero siempre arroja lo mismo.

No sé si a alguien más le ha pasado lo mismo.

Gracias y saludos.

TENGO UN ERROR CUANDO EJECUTO

capture -f icmp

paro el trafico y me sale "no packets have been captured"

Hi @shramos
I detected that polymorph when read packet['ETH']['src'], only reads 00:00:00:00:00:00
If I change the mac address value, I can't see the modification on packets

.

Hi @shramos,
While trying to modify some RTSP traffic, I noticed that the RTSP layer was weirdly parsed.

You can see that the TCP payload is correct but in the RTSP layer there is some stuff missing, instead, there is a blank space.

I also noticed this problem when you are working with functions, the "request" variable inside the layer is used in the response packets. For example, using this function:

You get both the request and the response:

Thanks in advance!

Hello,
I have installed Poymorph (great project, by the way!), but I can't launch it.
When I type Polymorph in the prompt, a series of unhandled exception arises.

I think I have understood that it depends from the prompt_toolkit module, but I am unable to fix it. Any ideas of what to change?
Damn Python 3.7.

If you capture 6 packets and try to read template number 6, the app crash with this error:

A message reminding the valid range of templates to choose could be good instead of crash the program.

Hi,
the Dockerfiles of polymorph need to be updated since the used image is no longer available via docker-hub:

Please note, kalilinux/kali-linux-docker is the former official image, it’s no longer updated. Don’t use it. source

Please find attached the updated Dockerfiles with the new base image and the necessary adjustment for using python-netfilterqueue.

Dear @shramos, please check if could be useful :-)

Dockerfile.txt
Dockerfile-victim.txt

Hi, I have a problem when trying to intercept traffic in localhost, I have created a function but it seems that it doesn't run or do anything for several minutes (that's why I used "ctrl + c" at the end). Maybe there is some mistake in the function logic? Could it be something else?

Using ping, as explained in the wiki I had no problems at all.
Thank you in advance for your help.

Hi Santiago,
I tried to test the new polymorph version but when I run the command 'capture', appears the error 'network is down'.
How you configure the interface?
In help, does not appear the flag to specify a specific interface.

Hi,
while trying to capture some traffic in polymorph 2.0.5, I added a basic filter and I got the following error:

At first I thought it was a tshark error, but this filter works fine in tshark

Any ideas why is this happening ??

Thanks!

Hi, I'm trying to modify some packets but the tool doesn't work.
I have already python 3.8.2 installed and have installed Polymorph as you said to do.
When I'm creating the function in the captured template the added functions don't work at all.
I continue to see the "[*] Waiting for packets..." message but nothing happens, even if ICMP packets are travelling.
I've followed what you said in the guide:

The strange thing is that it captures the packets as normal, but if I want to do another thing it doesn't work..

I tried to send ICMP packets from the local machine where polymorph is running and from another one in the same network and it doesn't work with both

Hi @shramos

#24 I'm having a similar issue with the RTMP

By the time I try to use Polymorph with Nginx Server and VLC client to capture packets between them, I always get this capture structure from wireshark,
Wireshark

I'm not able to filter some packets using functions with strings, this means that, everytime that I want to filter them using a function like this one;

I get something like this as response:

As you can see from this image above, the function was able to found 15 packets with a header.csid = 3, the weird part of this, is that when I try to see those packets on wireshark I only get 5 of them;

In order to try fixing this issue, I changed the type of the field 'string' as bytes, Then I run the function again, and I got this;

I attached also the structure of the header.csid field:

If you need to try by yourself, I linked my repository that I'm using for the server and the client;

Github

Thanks in advance!

I upgraded to 2.0.4 but when I press Ctrl+C, polymorph crashes

Been trying to modify some DNP3 (scada) packets, and am having issues with the decoding.
Although the DNP3 protocol is automatically picked up (I assume from wireshark), the template / layer / fields are not all correct. Specifically the application layer slices seem to be using the wrong start byte.

From example here you see that al.fragment starts at byte 0. In actual fact the DNP3 message doesnt start until byte 54 (05 64). The al.fragment should start at byte 65 (E5).

If I open in wirehark then the packet does get correctly decoded so I'm not sure why the template is wrong.

How exactly does Polymorph load in filters from wireshark/tshark?

I tried to use the struct -f to recalcaute it, however cannot get the syntax correct here "Wrong syntax for referring to the fields. Please use 'this.field' syntax". There is only 1 example I can find in documentation which doesnt help.

I also tried to instead make my own layer / structure.. however cannot get how to create the structs at all.

Finally I could ignore the structure completely to manipluate my packet if I could maniplute the hex directly in a function then write back to raw, however I simply cannot get the bytes to convert to hex in a function. I tried using binascii.hexlify (works fine directly in python but not within my function inside Polymorph), I tried using bytes_hex (from scapy) and I tried using Polymorphs raw2hex as well. I want to get the same output as "dump -hexstr" but cannot seem to make that work within a function.

Thanks in advance.. .this a great project.