This lab demonstrates low-level packet manipulation, local redirection with iptables, and HTTP traffic inspection using Scapy—core skills for understanding practical man-in-the-middle (MITM) techniques on plaintext HTTP.
Transparency: The HTML demo pages (
index.html,all-in-one.html) and some explanatory UI content were generated with AI assistance. The underlying lab source files (sniffer1.py, shell scripts, original README notes) remain authored manually and unchanged in intent.
This repository contains everything you need to run the lab. No additional files are required beyond what's in this repo.
sniffer1.py– Scapy-based sniffer/forwarder that:- Listens for redirected outbound HTTP packets on port 8080
- Prints
[HTTP] host/pathwhen it recognizes an HTTP request - Prints
[CENSORED]and drops any request containing the keywordfrankenstein - Forwards permitted traffic to real destination port 80 and logs "Your packet has been forwarded to port 80"
lab2setup.sh– Adds iptables rules: DNAT outbound TCP dport 80 (non-root) to local :8080 and drops RST/RST,ACK packets to keep flows stablelab2teardown.sh– Removes the iptables rules added during setupindex.html– A self-contained HTML demo that explains the lab, shows example output, and includes a small client-side simulation of the decision logicall-in-one.html– Consolidated page that displays the code, README content, and links to the PDFs in one placeREADME.md– This detailed guideReadMe.txt– A shorter, original readme for the labLab2.pdf,Lab2_jpotapenko.pdf– Lab handout/notes (viewable from the all-in-one page)
- Linux
- Python 3
- scapy (
pip3 install scapy) - iptables (run scripts with sudo/root)
- Install dependencies (one time)
pip3 install scapy- Setup redirection rules
sudo ./lab2setup.sh- Run the sniffer
sudo python3 sniffer1.py-
Generate HTTP traffic (e.g., using a non-root browser or
curl http://example.com/), observe console logs, then stop with Ctrl+C. -
Optional cleanup
Run these in a separate, non-root terminal while the sniffer is running. Because the iptables rule excludes root, do not prefix with sudo.
Forwarded (no body → may show "No Payload Found"):
curl http://example.com/booksForwarded (POST body allowed):
curl -X POST -d "q=hello" http://example.com/searchCensored (POST body contains the keyword):
curl -X POST -d "q=frankenstein" http://example.com/searchExpected console snippets:
[HTTP] example.com/books
Your packet has been forwarded to port 80
[HTTP] example.com/search
[CENSORED]
sudo ./lab2teardown.sh- Open
index.htmldirectly in your browser to read an overview and try the client-side simulation of the censor/forward logic. - If you prefer a local server:
python3 -m http.server 8000
# then open http://localhost:8000/index.htmlThe demo includes a link back to the full source on GitHub so you can explore the code in context.
Also see the consolidated view at all-in-one.html, which shows the code, README content, and lab PDFs in one place. The top of that page includes tab-style buttons to switch between files without opening new pages.
- Applies only to plaintext HTTP, not HTTPS/TLS.
- Simplistic keyword filter and no TCP stream reassembly (expects a request within a single packet for the demo).
- No output? Ensure you're generating plaintext HTTP (port 80) and that the sniffer is running with
sudo. - Requests not redirected? Confirm iptables rules were applied (
sudo ./lab2setup.sh) and that your test client is non-root. - HTTPS pages won't show up here by design; use
http://instead ofhttps://for testing.