#!/usr/bin/env python

"""
Script to open TCP connection and send 1 HTTP GET request containing
a specific string, and header
Usage:
./http.py <IP_of_target>
There is only one mandatory argument, which is the target IP address.
If other arguments are omitted, will send a preconfigured URL string 
10 times
Optional arguments are : 
./http.py <IP_of_target> |HTTP GET STRING| |Max requests|
e.g.
./http.py 10.10.10.10 'GET / HTTP/1.1\r\n' 100
 """
from scapy.all import *
import random
import sys
import socket
import time

dest = sys.argv[1]
src_net = '2a06:d1c1:1234::'
src = src_net+str(random.randint(1,9999))
sport=random.randint(1025,65500)
dport = 80

def packet_callback(pkt):
    #pkt.show()
    MTU = 1400
    try:
        if len(pkt[IPv6]) >= MTU or True:
            out_ack = pkt[IPv6]
            m_ip = IPv6()
            m_ip.dst = pkt[IPv6].src
            m_ip.src = pkt[IPv6].dst
            m_ip.protocol = 1
            m_icmp = ICMPv6PacketTooBig(mtu=MTU)
        
            m_ip_org = IPv6()
            m_ip_org.src = pkt[IPv6].src
            m_ip_org.dst = pkt[IPv6].dst
        
            m_tcp_org = TCP()
            m_tcp_org.sport = out_ack[TCP].sport
            m_tcp_org.dport = out_ack[TCP].dport
            m_tcp_org.flags = out_ack[TCP].flags
            m_tcp_org.seq = out_ack[TCP].seq
            m_tcp_org.ack = out_ack[TCP].ack
            pl = out_ack[TCP].payload.load[:1]
        
            icmp_pmtu = (m_ip/m_icmp/m_ip_org/m_tcp_org/pl)
            send(icmp_pmtu)
        else:
            print('Small Packet:')
            out_ack = send(IPv6(src=pkt[IPv6].dst, dst=pkt[IPv6].src) / TCP(dport=pkt[IPv6].sport, sport=pkt[IPv6][TCP].dport,seq=pkt[IPv6][TCP].ack, ack=pkt[IPv6][TCP].seq + 1, flags='A'))
    except:
        pass


def create_con(src, dest, dport, sport):
    getStr = 'GET /.well-known/acme-challenge/test.bin HTTP/1.1\r\nHost: www.aperture-labs.org\r\nUser-Agent: curl/8.1.2\r\nAccept: */*\r\n\r\n'
    #getStr = 'GET /.well-known/acme-challenge/test.bin HTTP/1.1\r\nHost: mirror.home.aperture-labs.org\r\nUser-Agent: curl/8.1.2\r\nAccept: */*\r\n\r\n'
    #getStr = 'GET /iso/grml64-full_2022.11.iso HTTP/1.1\r\nHost: mirror.home.aperture-labs.org\r\nUser-Agent: curl/8.1.2\r\nAccept: */*\r\n\r\n'
    #getStr = 'GET /test.bin HTTP/1.1\r\nHost: localhost\r\nUser-Agent: curl/8.1.2\r\nAccept: */*\r\n\r\n'

    syn = IPv6(src=src, dst=dest) / TCP(sport=sport, dport=dport, flags='S')

    #GET SYNACK
    syn_ack = sr1(syn)



    out_ack = send(IPv6(src=src, dst=dest) / TCP(dport=dport, sport=syn_ack[TCP].dport,seq=syn_ack[TCP].ack, ack=syn_ack[TCP].seq + 1, flags='A'))
    #Send the HTTP GET
    time.sleep(1)
    s = AsyncSniffer(prn=packet_callback, filter="host "+src+" and tcp and port "+str(sport), store=0)
    s.start()
    resp = sr1(IPv6(src=src, dst=dest) / TCP(dport=dport, sport=syn_ack[TCP].dport,seq=syn_ack[TCP].ack, ack=syn_ack[TCP].seq + 1, flags='P''A') / getStr)

    time.sleep(6000)

    s.stop()

create_con(src, dest, dport, sport)


#print(resp)
#counter += 1