Penetration Testing: Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?

From: Kary Rogers <kdr7 () msstate edu>
Date: Wed, 13 Apr 2005 11:30:02 -0500


On Apr 12, 2005, at 1:17 PM, João Campello wrote:


The question is:

  - Does already exist such a tool, module or whatever way to change
arbitrary headers of IP packets on-the-fly or will I have to (try to)
write one? =)

Cheers,

João Paulo Campello,
Network Security Analyst,
Tempest Security Technologies.

I think you can do this with divert sockets. I've used divert socketson FreeBSD and MacOS X to change TCP flags. There's a how-to forlinux:http://www.faqs.org/docs/Linux-mini/Divert-Sockets-mini-HOWTO.html


From the introduction:

"Ever wish you could intercept packets traveling up or down the IPstack of your host? And I'm not talking about listening in, like rawsockets or libpcap (tcpdump). I mean literally stop the packet fromfurther propagating through the IP stack and then (possibly after somechanges), reinjecting it back? Well, the time to dream is over, becausedivert sockets for Linux are here!

Divert sockets do exactly that - they filter out certain packets basedon firewall specifications and bring them to you in user space. Youthen have the freedom of simply reinjecting them back as if nothinghappened, mangling them first and then reinjecting them, or notreinjecting them at all.

As the name suggests, this mechanism utilizes a special type of RAWsocket called divert (IPPROTO_DIVERT) that allow you to receive andsend on them just like regular sockets. The difference is that a divertsocket is bound to a port, into which the firewall can be instructed tosend certain packets. Anything that a firewall can filter out can besent into a divert socket.

Divert sockets first appeared as part of FreeBSD. Divert sockets underLinux is a port of this mechanism that strives to be source-codecompatible in terms of user-space programs that utilize it."


HTH,


--
Kary Rogers
Network Analyst
Network Services
Mississippi State University

By Date By Thread

Current thread:

Any way to automatically change arbitrary headers of IP packets on-the-fly? João Paulo Caldas Campello (Apr 12)
- Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? Lynx (Apr 13)
- Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? Vladimir Parkhaev (Apr 13)
- Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? Kary Rogers (Apr 13)
  - Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? João Paulo Caldas Campello (Apr 17)
- <Possible follow-ups>
- Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? Sebastian Muñiz (Apr 13)
- Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? Foundation Linux (Apr 13)
- Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? João Paulo Caldas Campello (Apr 17)