Packet Manipulation

SipSak

Sipsak is a voip sip router hacking utility

Iodine

iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.

Tcpflow

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis.

tcpflow understands sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery. However, it currently does not understand IP fragments; flows containing IP fragments will not be recorded properly.

Ptunnel

Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. At first glance, this might seem like a rather useless thing to do, but it can actually come in handy in some cases. The following example illustrates the main motivation in creating ptunnel:

Hping 3

hping is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de-facto tools for security auditing and testing of firewalls and networks, and was used to exploit the Idle Scan scanning technique now implemented in the Nmap port scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in a very short time.

TcpDump

a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.

Jasager

Jasager is an implementation of Karma designed to run on OpenWrt on the Fon. It will probably run on most APs with Atheros wifi cards but it was designed with the Fon in mind as it is a nice small AP which gives it a lot of scope for use in penetration tests and other related fun.

A quick highlight of features:
•Web interface showing currently connected clients with their MAC address, IP address (if assigned) and the SSID they associated with
•The web interface allows control of all Karma features and can either run fully featured through AJAX enabled browsers or just as well through lynx
•Auto-run scripts on both association and IP assignment
•Full logging for later review
•Pluggable module system for easy extensibility
•Basic command line interface so you don't have to remember the different iwpriv commands

XMLmao

XMLmao is a configurable XML/XPath injection testbed. XMLmao allows
you to exploit XML/XPath injection flaws, but furthermore allows
a large amount of control over the manifestation of the flaws.

XMLmao is based on the idea of SQLol, an earlier release which
allows for SQL injection exploitation.

Fragroute

fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998.
It features a simple ruleset language to:
delay
duplicate
drop
fragment
overlap
print
reorder
segment
source-route
or otherwise monkey with
all outbound packets destined for a target host, with minimal support for randomized or probabilistic behavior.

Surf Jack

Session Hijacking tool

A tool which allows one to hijack HTTP connections to steal cookies - even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.

Syndicate content