Category:Traffic Manipulation and Active MITM

From SecurityForest


Traffic Manipulation

  • Hping Image:Lin.jpg Image:Bsd.jpg : ping on Steroids
Hping assembles and sends custom ICMP/UDP/TCP packets and displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.
http://www.hping.org
  • Nemesis Image:Lin.jpg Image:Bsd.jpg: Packet Injection Simplified
The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux. The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts. If you enjoy Nemesis, you might also want to look at hping2. They complement each other well.
http://www.packetfactory.net/projects/nemesis/
The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system, Minewt, a user space NAT/MAT router, Linkcat, which presents a Ethernet link to stdio, Paratrace, which traces network paths without spawning new connections, and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space.
http://www.doxpara.com/read.php/code/paketto.html
  • Fragroute Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg : Tool for Intercepting, Modifying and Rewriting Egress Traffic
Fragroute intercepts, modifies, and rewrites egress traffic, implementing most of the attacks described in the Secure Networks IDS Evasion paper (http://www.insecure.org/stf/secnet_ids/secnet_ids.html). It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Like Dsniff, and Libdnet, this excellent tool was written by Dug Song.
http://www.monkey.org/~dugsong/fragroute/
  • Scapy Image:Lin.jpg : Powerful, Interactive Packet Manipulation Tool written in Python
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, packet sniffer, etc. It can currently be used as a replacement for many popular traffic manipulation/analysis tools, including hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.
Scapy uses the Python interpreter as a command interface, meaning you can assign variables, use loops, define functions, and so on. If you give a file as parameter when you run Scapy, your session (variables, functions, intances, ...) will be saved when you leave the interpreter, and restored the next time you run Scapy.
Currently runs only on Linux.
http://www.cartel-securite.fr/pbiondi/projects/scapy.html
Download v0.9.17 (http://www.cartel-securite.fr/pbiondi/python/scapy-0.9.17.tar.gz)
  • Packit Image:Lin.jpg Image:Bsd.jpg Image:Mac.jpg: Easy network injection and capture
Packit (Packet toolkit) is a network auditing tool which have the ability to customize, inject, monitor, and manipulate IP traffic. By allowing you to define (spoof) nearly all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet header options, Packit can be useful in testing firewalls, intrusion detection/prevention systems, port scanning, simulating network traffic, and general TCP/IP auditing...
http://packit.sourceforge.net/
  • tcpreplay Image:Lin.jpg Image:Bsd.jpg : Toolset for Replaying Captured Network Traffic
tcpreplay is a BSD-style licensed set of tools to replay saved tcpdump files at arbitrary speeds. It provides a variety of features for replaying traffic for both passive sniffer devices as well as inline devices such as routers, firewalls, and the new class of inline IDS's.
http://tcpreplay.sourceforge.net/
  • Packet Excalibur Image:Win.jpg Image:Lin.jpg : Multi-platform, Graphical, Scriptable Network Packet Creation Engine
Packet Excalibur is a powerful, scriptable tool for creating arbitrary packets, allowing you to sniff and spoof packets from a single interface, build scripts, and define additional protocols in text files.
http://www.securitybugware.org/excalibur
Download Win32 (http://www.securitybugware.org/excalibur/PacketExcalibur_1.0.2_win32.exe)
Download Linux (http://www.securitybugware.org/excalibur/PacketExcalibur_1.0.2_win_lin_src.tar.bz2)
  • netwox Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg : Network Testing Toolbox
Netwox is a complete set of 197 tools (http://www.laurentconstantin.com/common/netw/netwox/download/v5/toollist.txt) for network management and troubleshooting, ranging from simple implementations of tools like ping(1) and traceroute(1) to SNMP, WHOIS, and DHCP clients/servers and tools for generating and spoofing arbitrary packets.
Part of the netw (http://www.laurentconstantin.com/en/netw/) project. TCL/TK GUI available here (http://www.laurentconstantin.com/en/netw/netwag/).
http://www.laurentconstantin.com/en/netw/netwox
Download (http://www.laurentconstantin.com/en/netw/#download)

Active MiTM

  • dsniff Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg: A suite of powerful network auditing and penetration-testing tools
This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
http://www.monkey.org/~dugsong/dsniff , http://www.datanerds.net/~mike/dsniff.html
  • ettercap Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg: In case you still thought switched LANs provide much extra security
Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
http://www.ettercap.com , http://ettercap.sourceforge.net
Cain & Abel is a free password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary & Brute-Force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also a great tool for arp spoofing and MITM attacks. Source code is not provided.
http://www.oxid.it
  • ARPToXin Image:Win.jpg : Flexible ARP poisoning tool for Windows
ARPToxin is a command line program, with preset "modes" of operation for performing different ARP-based attacks. It also allows you to modify any field in an ARP packet, making it very flexible. Unlike other tools, ARPToxin can input a hostname/IP/MAC for any field and convert it to the necessary format.
Uses WinPcap.
http://www.phrite.net/default.php?page=tools&id=1
  • ARP0c Image:Win.jpg Image:Lin.jpg : Simple ARP poisoning tool
ARP0c is a simple tool that uses ARP poisoning and an internal bridging engine for intercepting connections on a switched network.
http://www.phenoelit.de/arpoc/index.html
  • arp-sk Image:Win.jpg Image:Lin.jpg : Swiss-army knife tool for the ARP protocol
arp-sk is a powerful tool for generating arbitrary ARP packets. It was designed to regroup the functionalities provided by arpsniff, arptool and arping.
http://www.arp-sk.org
Yersinia implements several attacks for the following protocols: Spanning Tree (STP), Cisco Discovery (CDP), Dynamic Host Configuration (DHCP), Hot Standby Router (HSRP), Dynamic Trunking (DTP), 802.1q and VLAN Trunking (VTP), helping the pen-tester in different tasks, e.g: Becoming the root role in the Spanning Tree. Creating virtual CDP neighbors. Setting up rogue DHCP Servers. Becoming the active router in a HSRP scenario. Enabling trunk. Performing ARP spoofing over VLAN Hopping. Adding/deleting VLANs (via VTP). more... It is a multithreaded application with three main modes: command line, network client and ncurses GUI, allowing multiple users to launch multiple attacks simultaneously.
http://yersinia.sf.net/

Articles in category "Traffic Manipulation and Active MITM"

There are 0 articles in this category.
Retrieved from "http://www.securityforest.com/wiki/index.php/Category:Traffic_Manipulation_and_Active_MITM"
Advertisement