#!/usr/bin/python3 # -*- coding: utf-8 -*- # TCP raw socket import socket, sys from struct import * # checksum functions needed for calculation checksum def checksum(msg): s = 0 # loop taking 2 characters at a time for i in range(0, len(msg), 2): w = ord(msg[i]) + (ord(msg[i + 1]) << 8) s = s + w s = (s >> 16) + (s & 0xFFFF) s = s + (s >> 16) # complement and mask to 4 byte short s = ~s & 0xFFFF return s # create a raw socket try: s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) except socket.error as msg: print( "Socket could not be created. Error Code : " + str(msg[0]) + " Message " + msg[1] ) sys.exit() # tell kernel not to put in headers, since we are providing it, # when using IPPROTO_RAW this is not necessary # s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) # now start constructing the packet packet = "" source_ip = "192.168.1.101" dest_ip = "192.168.1.1" # or socket.gethostbyname('www.google.com') # ip header fields ip_ihl = 5 ip_ver = 4 ip_tos = 0 ip_tot_len = 0 # kernel will fill the correct total length ip_id = 54321 # Id of this packet ip_frag_off = 0 ip_ttl = 255 ip_proto = socket.IPPROTO_TCP ip_check = 0 # kernel will fill the correct checksum # Spoof the source ip address if you want to ip_saddr = socket.inet_aton(source_ip) ip_daddr = socket.inet_aton(dest_ip) ip_ihl_ver = (ip_ver << 4) + ip_ihl # the ! in the pack format string means network order ip_header = pack( "!BBHHHBBH4s4s", ip_ihl_ver, ip_tos, ip_tot_len, ip_id, ip_frag_off, ip_ttl, ip_proto, ip_check, ip_saddr, ip_daddr, ) # tcp header fields tcp_source = 1234 # source port tcp_dest = 80 # destination port tcp_seq = 454 tcp_ack_seq = 0 tcp_doff = 5 # 4 bit field, size of tcp header, 5 * 4 = 20 bytes # tcp flags tcp_fin = 0 tcp_syn = 1 tcp_rst = 0 tcp_psh = 0 tcp_ack = 0 tcp_urg = 0 tcp_window = socket.htons(5840) # maximum allowed window size tcp_check = 0 tcp_urg_ptr = 0 tcp_offset_res = (tcp_doff << 4) + 0 tcp_flags = ( tcp_fin + (tcp_syn << 1) + (tcp_rst << 2) + (tcp_psh << 3) + (tcp_ack << 4) + (tcp_urg << 5) ) # the ! in the pack format string means network order tcp_header = pack( "!HHLLBBHHH", tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags, tcp_window, tcp_check, tcp_urg_ptr, ) user_data = "Hello, how are you" # pseudo header fields source_address = socket.inet_aton(source_ip) dest_address = socket.inet_aton(dest_ip) placeholder = 0 protocol = socket.IPPROTO_TCP tcp_length = len(tcp_header) + len(user_data) psh = pack("!4s4sBBH", source_address, dest_address, placeholder, protocol, tcp_length) psh = psh + tcp_header + user_data tcp_check = checksum(psh) # print tcp_checksum # make the tcp header again and fill the correct checksum, # remember checksum is NOT in network byte order tcp_header = ( pack( "!HHLLBBH", tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags, tcp_window, ) + pack("H", tcp_check) + pack("!H", tcp_urg_ptr) ) # final full packet - syn packets dont have any data packet = ip_header + tcp_header + user_data # Send the packet finally - the port specified has no effect # put this in a loop if you want to flood the target s.sendto(packet, (dest_ip, 0)) # put the above line in a loop like while 1: if you want to flood