# Cyber-MITM-Attack-Lab

This lab demonstrates low-level packet manipulation, local redirection with iptables, and HTTP traffic inspection using Scapy—core skills for understanding practical man-in-the-middle (MITM) techniques on plaintext HTTP.

## Files

- sniffer1.py – Scapy-based sniffer/forwarder that:
  - Listens for redirected outbound HTTP packets on port 8080
  - Prints [HTTP] host/path when it recognizes an HTTP request
  - Prints [CENSORED] and drops any request containing the keyword frankenstein
  - Forwards permitted traffic to real destination port 80 and logs "Your packet has been forwarded to port 80"
- lab2setup.sh – Adds iptables rules: DNAT outbound TCP dport 80 (non-root) to local :8080 and drops RST/RST,ACK packets to keep flows stable
- lab2teardown.sh – Removes the iptables rules added during setup
- index.html – A self-contained HTML demo that explains the lab, shows example output, and includes a small client-side simulation of the decision logic

## Requirements

- Linux
- Python 3
- scapy (pip3 install scapy)
- iptables (run scripts with sudo/root)

## Quick start

0) Install dependencies (one time)

pip3 install scapy

1) Setup redirection rules

sudo ./lab2setup.sh

2) Run the sniffer

sudo python3 sniffer1.py

3) Generate HTTP traffic (e.g., using a non-root browser or curl http://example.com/), observe console logs, then stop with Ctrl+C.

4) Optional cleanup

sudo ./lab2teardown.sh

## How to test (examples)

Run these in a separate, non-root terminal while the sniffer is running. Because the iptables rule excludes root, do not prefix with sudo.

Forwarded (no body → may show "No Payload Found"):

curl http://example.com/books

Forwarded (POST body allowed):

curl -X POST -d "q=hello" http://example.com/search

Censored (POST body contains the keyword):

curl -X POST -d "q=frankenstein" http://example.com/search

Expected console snippets:

[HTTP] example.com/books
Your packet has been forwarded to port 80

[HTTP] example.com/search
[CENSORED]

## HTML demo

- Open index.html directly in your browser to read an overview and try the client-side simulation of the censor/forward logic.
- If you prefer a local server:

python3 -m http.server 8000
# then open http://localhost:8000/index.html

The demo includes a link back to the full source on GitHub so you can explore the code in context.

Also see the consolidated view at all-in-one.html, which shows the code, README content, and lab PDFs in one place.

## Notes

- Applies only to plaintext HTTP, not HTTPS/TLS.
- Simplistic keyword filter and no TCP stream reassembly (expects a request within a single packet for the demo).

# Cyber-MITM-Attack-Lab (snapshot)
Low-level packet manipulation, local redirection, and HTTP traffic inspection using Scapy.
See live README via tab above for latest content.
def get_payload(pkt):
    if not (IP in pkt and TCP in pkt):
        return b""

    # start from IP layer and walk the payload chain
    layer = pkt[IP]
    while hasattr(layer, "payload") and type(layer.payload) is not NoPayload:
        layer = layer.payload

    if hasattr(layer, "load"):
        return layer.load
    return b""

def packet_sniffer(pkt):
    if not (IP in pkt and TCP in pkt):
        print("No payload")
        return

    # only handle packets going to port 8080
    if pkt[TCP].dport != 8080:
        return

    payload = get_payload(pkt)

    info = http_info(payload)
    if info:
        host, path = info
        print(f"[HTTP] {host}{path}")

    if CENSOR in payload:
        print("[CENSORED]")
        return

    ip = pkt[IP]
    tcp = pkt[TCP]
    new_pkt = IP(src=ip.src, dst=ip.dst, ttl=ip.ttl, tos=ip.tos)/TCP(
        sport=tcp.sport, dport=80, seq=tcp.seq, ack=tcp.ack,
        flags=tcp.flags, window=tcp.window, options=tcp.options)

    if payload:
        new_pkt = new_pkt/payload

    del new_pkt[IP].chksum
    del new_pkt[TCP].chksum
    send(new_pkt, verbose=0)
    print("Your packet has been forwarded to port 80")

if __name__ == "__main__":
    print("The packet sniffer is starting now. Type Ctrl+C to stop sniffing:")
    try:
        sniff(prn=packet_sniffer, filter="tcp and port 8080", store=0)
    except KeyboardInterrupt:
        print("Stopped.")

#!/bin/bash

echo "Welcome to the program!"
echo "First, the code will setup the iptables, and drop RST packets."
echo "-"

sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner root --dport 80 -j DNAT --to :8080
sudo iptables -I OUTPUT -p tcp --tcp-flags ALL RST,ACK -j DROP
sudo iptables -I OUTPUT -p tcp --tcp-flags ALL RST -j DROP
sudo iptables -I INPUT -p tcp --tcp-flags ALL RST -j DROP
sudo iptables -I INPUT -p tcp --tcp-flags ALL RST,ACK -j DROP

echo "Now, run sniffer1.py"

echo "Now that you have ended the program, the bash script will now delete the iptable changes we made."
echo "-"

sudo iptables -t nat -D OUTPUT -p tcp -m owner ! --uid-owner root --dport 80 -j DNAT --to :8080
sudo iptables -D OUTPUT -p tcp --tcp-flags ALL RST,ACK -j DROP
sudo iptables -D OUTPUT -p tcp --tcp-flags ALL RST -j DROP
sudo iptables -D INPUT -p tcp --tcp-flags ALL RST -j DROP
sudo iptables -D INPUT -p tcp --tcp-flags ALL RST,ACK -j DROP

echo "Thank-you for using our program!"

• Lab2.pdf
• Lab2_jpotapenko.pdf