Security Basics mailing list archives
On-the-fly altering of payload under Linux
From: Rene <secmailinglist () googlemail com>
Date: Fri, 20 Jul 2007 00:58:13 +0200
Hi everyone, I'm looking for possibilities to change the payload of packets sent with TCP or UDP on the fly. It would be great if it worked like a transparent proxy, but that would be a bonus, it's not a must-have. I created a small application layer protocol, that sends messages in the form of packets. Every packet header starts with 0xAA 0xAA, followed by a 16 bit packet length. Now I want to capture these packets, alter their content (like replace every 0x49 with 0x59, or always set the 20th bit to zero, while ignoring the packet header info) and send the changed ones. I know I could write a program that does this, but I want to see if there are ways to do it using existing programs. What I tried so far: I made netcat listen for incoming packets, then piped the received data to sed. The problem is that sed only really works with text, not with binary data, and it waits for a linefeed character before actually doing anything. I tried to replace sed with a little program I found, called replace, which can explicitly replace binary data. Didn't work like I wanted, too, because, like I said, I want to exclude the protocol header from this. I also tried netsed, but I wasn't able to let it run in UDP mode, which is a must (I had a look at the source, but I'm not a good C programmer. I think I figured out what's wrong, but I don't know enough C to fix it). I found tons of different programs to generate packets, but none so far that let me alter them. I hope somebody here has some ideas how I could accomplish this. It doesn't matter if it's a single application that does it, or if it's a clever combination of different programs. One last thing: English is not my native language, so if I said something that doesn't make sense or needs clarification please tell me. Thanks in advance, Rene
Current thread:
- On-the-fly altering of payload under Linux Rene (Jul 20)