Who's Online
There are currently, 150 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
The Professional Security Testers Warehouse for the CEH V7 GPEN CPTS CREST GCIH GREM OPST: Packet Crafting
[ Go to Home | Select a New Topic ] |
|
T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC
Posted by cdupuis on Thursday, 13 January 2011 @ 13:50:42 EST (2895 reads)
Topic Packet Crafting
T50 Sukhoi PAK FA Mixed Packet Injector (f.k.a. F22 Raptor) is a tool designed to perform "Stress Testing". It is a powerful and an unique packet injection tool, that is capable of:
1. Send sequentially (i.e., ALMOST on the same time) the following protocols:
- ICMP: Internet Control Message Protocol
- IGMP: Internet Group Management Protocol
- TCP: Transmission Control Protocol
- UDP: User Datagram Protocol
2. Send an (quite) incredible amount of packets per second, making it a “second to none” tool:
- More than 1,000,000 pps of SYN Flood (+50% of the network’s uplink) in a 1000BASE-T Network (Gigabit Ethernet).
- More than 120,000 pps of SYN Flood (+60% of the network’s uplink) in a 100BASE-TX Network (Fast Ethernet).
3. Perform “Stress Testing” on a variety of network infrastructure, network devices and security solutions in place.
4. Simulate Denial-of-Service attacks, validating the Firewall rules and Intrusion Detection System/Intrusion Prevention System policies.
Further information can be found @ http://fnstenv.blogspot.com (demo video and source code).
PS: Yes, there are some "anti-kiddo" tricks, so, please, don't blame me for doing that...
The new version of the "T50 Sukhoi PAK FA Mixed Packet Injector" (v5.2-NG) will be unleashed on "WEB Security Forum" (http://websecforum.com.br/evento/) on April 9th-10th 2011 / São Paulo, Brazil).
The next release will include:
1. New License: It is still not licensed under GPL or any other common Open-source license, but the source code will be available and the use of any piece of source code for any free or commercial software is denied.
2. CIDR Support: Classless Inter-Domain Routing support for destination IP address, using a really tiny C algorithm. This would allow the "T50 Sukhoi PAK FA Mixed Packet Injector" to simulate DDoS in a laboratory environment.
001 netmask = ~(0xffffffff>>cidr);
002 hostid = (int)(pow(2,(32-cidr))-2);
003 __1st_host = (ntohl(addr)&netmask)+1;
004 __lst_host = (ntohl(addr)&netmask)+hostid;
3. TEN NEW Protocols: TEN (10) more protocols supported by "T50 Sukhoi PAK FA Mixed Packet Injector" (IGMPv3, EGP, DCCP, RSVP, RIPv1, RIPv2, GRE, ESP, AH and EIGRP).
4. Exotic Protocols: Advanced options and protocol crafting for EIGRP and GRE were added, allowing users to make any combination while using those exotic protocols. By the way, EIGRP is a proprietary protocol developed by CISCO Systems, Inc.
5. TCP Options Support: TCP Options (MSS, NOP, EOL, WSCALE, TSTAMP, T/TCP CC and SACK) are supported to improve the TCP protocol.
6. DATA Payload Support: The data payload support is back, and it can be rand or user defined.
Best regards.
Nelson Brito
Security Researcher
http://fnstenv.blogspot.com/
Announcing PCapR
Posted by cdupuis on Friday, 06 February 2009 @ 12:57:07 EST (2204 reads)
Topic Packet Crafting
Anonymous writes "It's something like web 2.0 meets packets. Has a whole lot of stupid packet tricks (tm), not to mention you can convert any packet into a DoS generator.
What is pcapr?
Packets are fundamental to how applications and systems communicate with each other and as far as we can tell, there's no simple way for people to access specific packet sequences to learn, understand, troubleshoot and/or debug these systems.
pcapr exists as a repository of these packets, providing full-text search, automatic tagging, viewing and editing of these packets. Where can I find more information on pcaps?
Wikipedia, Tcpdump and Wireshark all have lots of information about pcaps.
Is there a mailing list for pcapr?
Yes, there is a forum to discuss about features, capabilities, enhancement and bugs.
In short, pcapr does to packets what flickr does to pictures.
Automatic protocol tagging, full-text search on packet summaries (try searching for "gssapi"), decodes/stream-reassembly/ip-rewrites/fragmentation in your browser,etc.
"
Tcpreplay 3.0.RC1 released
Posted by boss on Monday, 16 April 2007 @ 21:22:03 EDT (2092 reads)
Topic Packet Crafting
PReplay -- A windows packet replay tool
Posted by boss on Wednesday, 24 January 2007 @ 07:38:40 EST (2333 reads)
Topic Packet Crafting
cdupuis writes "Hi All,
For some of my work i wanted to replay the traffic which i captured using the ethereal. I searched the net but i have not found any good tool for windows (there are many for *nix) so i decided to code my own.
So here it is: PReplay
A traffic replay tool. i hope it will be helpful to you all.
From the read me:
PReplay is a utility to send the captured data. Its main feature is that it will keep the time diffrence between two packets (not very accuratly but it works with some micro/millisecond diffrence) it reads the capture file and then determine the time diffrence for the next packet.
You can give list of capture file which you want to send in the Preplay.ini in the [SendingFileName] section as bellow:
1=IPDump.cap
2=IPDump2.cap
The ; character is used for comment and that line will not be read. You can comment out the file name which you dont want to send as [SendingFileName]
1=IPDump.cap
;2=IPDump2.cap
In the example above, it will not send 2nd file.
SendingFilePath, here you can specify teh directoy which contains the captured files. download this tool from here:
http://secgeeks.com/preplay_a_pcap_traffic_replay_tool.html
or
http://secgeeks.com/PReplay.zip
Regards,
SecGeek
http://www.secgeeks.com "
ISIC -- IP Stack Integrity Checker
Posted by boss on Tuesday, 23 January 2007 @ 19:40:23 EST (2334 reads)
Topic Packet Crafting
cdupuis writes "Current Owner: Shu Xiao sxiao@cisco.com
Original Creator: Mike Frantzen frantzen@w4g.org
Version: 0.07 isic-0.07.tgz (MD5 checksum: 29f70c9bde9aa9128b8f7e66a315f9a4)
Description:
ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.)
It generates piles of pseudo random packets of the target protocol. The packets be given tendancies to conform to. Ie 50% of the packets generated can have IP Options. 25% of the packets can be IP fragments... But the percentages are arbitrary and most of the packet fields have a configurable tendancy.
The packets are then sent against the target machine to either penetrate its firewall rules or find bugs in the IP stack.
ISIC also contains a utility generate raw ether frames to examine hardware implementations. Starting from version 0.07, ISIC includes utilities (*sic6) to test IPv6 protocol stack. These would of course need IPv6 enabled in the system as a prerequisite.
Other Uses:
Other novel uses people have found for ISIC include IDS testing, stack fingerprinting, breaking sniffers and barraging the IRC kiddie. Libnet 1.1.x
Warning:
ISIC may break shit, melt your network, knock out your firewall, or singe the fur off your cat"
Netw version 5.34 has been released
Posted by boss on Thursday, 06 April 2006 @ 08:20:43 EDT (2085 reads)
Topic Packet Crafting
Anonymous writes "Hello,
Version 5.34 of netw is now available.
Netwox contains 221 tools to find and solve network problems.
Netwag is a graphical front end for netwox.
Netwox was created with the library netwib.
** download **
You can read more about netwib/netwox/netwag and download them at :
http://www.laurentconstantin.com/en/netw/#download
http://go.to/laurentconstantin/ [backup server]
http://laurentconstantin.est-la.com/ [backup server]
** changes **
Netwib 5.34.0 includes the following changes :
++ fixed bugs ++
- During compilation of libnetwib.so dynamic library, GCCLIB was
missing.
++ major evolutions ++
- Support of Tru64 Unix.
++ minor evolutions ++
- New functions netwib_buf_casecmp(), netwib_buf_cmp_str() and
netwib_buf_casecmp_str().
Netwox 5.34.0 includes the following changes :
No change in this version.
Netwag 5.34.0 includes the following changes :
No change in this version.
Regards,
Laurent Constantin
#=> Explore my project: http://vigilance.aql.fr/accueil_en.php
"
KArp, the Kernel ARP hijacking patch for Linux
Posted by boss on Sunday, 19 March 2006 @ 08:23:15 EST (6388 reads)
Topic Packet Crafting
cdupuis writes "KArp is a linux patch that allows one to implement ARP hijacking in the kernel, but control it easily via userland. You may configure, enable and disable KArp via ProcFS or the sysctl mechanism.
KArp is implemented almost on the device driver level. Any ethernet driver (including 802.11 drivers) is supported. The KArp code is lower than the actual ARP code in the network stack, and thus will respond to ARP requests faster than a normal machine running a normal network stack, even if the machine we're spoofing has a CPU twice as fast as ours!
Currently, linux-2.6.16-rc6 is supported, but KArp is easy to port to other releases.
This code was written to help facilitate a MiM project.
WARNING KArp was written to beat the race in responding to an ARP Request from a target (victim) machine. It is *not* meant as an tool to flood a victim with ARP information. This means that some operating systems (MacOSX) that ingest unsolicited ARP responses may still obtain the actual MAC address of the machine we're impersonating. Linux, however, only accepts the fastest response. If you want to flood a machine with fake ARP responses, use a userland tool. However, there may be a delay mechanism implemented later that allows us to *lose* the race for lazy operating
systems, forcing them to ingest our address.
Get details at: http://aversion.net/~north/karp/
contact the author: don "north" bailey"
ARP Tools 1.0 has been released
Posted by boss on Wednesday, 08 March 2006 @ 08:11:33 EST (6720 reads)
Topic Packet Crafting
cdupuis writes "ARP Tools is collection of libnet and libpcap
based ARP utilities.
It currently contains:
ARP
Discover (arpdiscover), an Ethernet scanner based
on ARP protocol;
ARP Flood (arpflood), an ARP
request flooder; and
ARP Poison (arppoison), for
poisoning switches' MAC address tables.
Get it from: http://www.burghardt.pl/wiki/software/arptools
"
Scapy 1.0.3 has been released
Posted by boss on Sunday, 29 January 2006 @ 19:50:32 EST (2176 reads)
Topic Packet Crafting
cdupuis writes "Scapy is a powerful interactive packet manipulation program. It is able to forge
or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and
replies, and much more. It can easily handle most classical tasks like
scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace
hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).
It also performs
very well at a lot of other specific tasks that most other tools can't handle,
like sending invalid frames, injecting your own 802.11 frames,
combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on
WEP encrypted channel, ...), etc.
See details at: http://www.secdev.org/projects/scapy/
"
Scapy Packet Crafting tool
Posted by boss on Monday, 22 August 2005 @ 00:00:00 EDT (2358 reads)
Topic Packet Crafting
What is ScapyScapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc.
What makes scapy different from most other networking toolsFirst, with most other tools, you won't build someting the author did not imagine. These tools have been built for a specific goal and can't deviate much from it. For example, an ARP cache poisoning program won't let you use double 802.1q encapsulation. Or try to find a program that can send, say, an ICMP packet with padding (I said padding, not payload, see?). In fact, each time you have a new need, you have to build a new tool.
Second, they usually confuse decoding and interpreting. Machines are good at decoding and can help human beings with that. Interpretation is reserved to human beings. Some programs try to mimic this behaviour. For instance they say "this port is open" instead of "I received a SYN-ACK". Sometimes they are right. Sometimes not. It's easier for beginners, but when you know what you're doing, you keep on trying to deduce what really happened from the program's interpretation to make your own, which is hard because you lost a big amount of information. And you often end up using tcpdump -xX to decode and interpret what the tool missed.
Third, even programs which only decode do not give you all the information they received. The network's vision they give you is the one their author thought was sufficient. But it is not complete, and you have a bias. For instance, do you know a tool that reports the padding ?
Scapy tries to overcome those problems. It enables you to build exactly the packets you want. Even if I think stacking a 802.1q layer on top of TCP has no sense, it may have some for somebody else working on some product I don't know. Scapy has a flexible model that tries to avoid such arbitrary limits. You're free to put any value you want in any field you want, and stack them like you want. You're an adult after all.
In fact, it's like building a new tool each time, but instead of dealing with a hundred line C program, you only write 2 lines of Scapy.
After a probe (scan, traceroute, etc.) Scapy always gives you the full decoded packets from the probe, before any interpretation. That means that you can probe once and interpret many times, ask for a traceroute and look at the padding for instance.
Scapy ProjectScapy runs natively on Linux, and on most Unixes with libpcap, libdnet and their respective python wrapper (see scapy's portability page).
Scapy needs Python 2.3 or upcomming versions.
Download
Netw, Netwox, and Netwag Update
Posted by boss on Wednesday, 27 October 2004 @ 19:17:44 EDT (2109 reads)
Topic Packet Crafting
Hello,
Version 5.26 of netw is now available.
Netwox contains 197 tools to find and solve network problems.
Netwag is a graphical front end for netwox.
Netwox was created with the library netwib.
** download **
You can read more about netwib/netwox/netwag and download them at :
http://www.laurentconstantin.com/en/netw/#downloadhttp://go.to/laurentconstantin/ [backup server]
http://laurentconstantin.est-la.com/ [backup server]
Netwib 5.26.0 includes the following changes :
++ fixed bugs ++
- Under Solaris, network devices with two or more IP addresses were not retrieved in network configuration. The first address was set but not the others.
- Under BSD, additional routing table entries were not retrieved. It was due to specially formed socket addresses not been decoded.
++ minor evolutions ++
- Creation of function netwib_show_array_fmt32 which is frequently used.
++ internal evolutions (not seen by end users) ++
- Timezone selection is done in netwib_init().
Netwox 5.26.0 includes the following changes :
++ fixed bugs ++
- If url contains a fragment ( http://server/#frag), it has to be suppressed (http://server/) to download the file. This worked with Apache, but IIS replied with a 400 error code.
++ minor evolutions ++
- Tool 185 can be used like a load balancer.
++ documentation
There are no big changes in this version. So, you can take time to read documentation. File netwox-doc_html/html/examples.html is the most important to read.
You can also install and try netwag. Netwag 5.26.0 includes the following changes :
++ evolutions ++
No change in this version
++ documentation
There are no big changes in this version. So, you can take time to read documentation. File netwag-doc_html/html/lessons.html is the most important to read.
Regards,
Laurent Constantin
Netw tools Version 5.23 of netw is now available.
Posted by boss on Tuesday, 31 August 2004 @ 11:52:03 EDT (1855 reads)
Topic Packet Crafting
NOTE FROM CLEMENT:
Netwox is the McGyver knife to network problems. It can also be used very effectively by a security tester to perform all kind of tests that you would only find by combining a whole series of other tools. This is a one man gang tool. Take a few minutes to get used to it and I am sure you will like the power of what it can do.
Netwox contains 190 tools to find and solve network problems. Netwag is a graphical front end for netwox. Netwox was created with the library netwib.
You can read more about netwib/netwox/netwag and download them at :
http://www.laurentconstantin.com/en/netw/#downloadhttp://go.to/laurentconstantin/ [backup server]
http://laurentconstantin.est-la.com/ [backup server]
Netwib 5.23.0 includes the following changes :
- Under Yellow Dog Linux, a crash occurred in netwib_buf_append_fmt and similar functions. It was due to a va_list passed as value to sub-functions, instead of passed as reference/pointer. A va_list is special and should be treated as opaque. Thanks to Joseph E. Sacco for reporting and solving the problem.
Netwox 5.23.0 includes the following changes :
++ major evolutions ++
- Tool 180: SNTP/NTP client displaying date/time.
- Tool 181: SNTP/NTP server providing a central time to clients.
- Tool 182: obtain the size of a web file.
- Tool 183-5: TCP/UDP relays.
- Tool 186: sleep for less than one second.
- Tool 187: display date and time.
- Tool 188: SYSLOG server
- Tool 189: SMTP server logging commands and data.
- Tool 190: A commonly requested feature.
++ minor evolutions ++
- Searching description led to a lot of false positives. Now, search is only done in title and synonyms.
- Traceroute tools have a new parameter --min-ttl to set starting TTL.
HPING3 will be delayed a bit
Posted by boss on Wednesday, 14 January 2004 @ 10:47:10 EST (6811 reads)
Topic Packet Crafting
Salvatore Sanfilippo sent an email today to warn security testers that HPING3 will be slightly delayed.
His son is severely sick and he is attending to his good care. It is nice to see that he has his priorities straight by putting his family and kids first.
I hope his son will get well soon from the sever bronchopneumonia he is suffering.
We will be thinking about you and pray for his well being during this hard time.
Clement
Packit 0.6.0 Released
Posted by boss on Monday, 02 June 2003 @ 21:23:51 EDT (5636 reads)
Topic Packet Crafting
Hello all,
Just thought I'd let you know that this morning Packit 0.6.0 was released to http://packit.sourceforge.net
It should also be available shortly on http://www.packetfactory.net
Check out http://packit.sourceforge.net/ChangeLog for a list of changes.
Description:
Packit is a network auditing tool. Its value is derived from its ability to customize, inject, monitor, and manipulate IP traffic. By allowing you to define (spoof) nearly all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet header options, Packit can be useful in testing firewalls, intrusion detection systems, port scanning, simulating network traffic, and general TCP/IP auditing. Packit is also an excellent tool for learning TCP/IP.
Packit requires libnet 1.1 or greater as well as libpcap. It has been successfully compiled and tested to run on FreeBSD, NetBSD, OpenBSD, MacOS X and Linux.
Thanks
Darren Bounds
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
Old Articles
There isn't content right now for this block.
|
[Criptography] DES Modes