PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: hamster and ferret problems

From: Robin Wood <robin () digininja org>
Date: Wed, 29 Feb 2012 15:05:39 +0000
On 29 February 2012 13:26, Joshua Wright <jwright () hasborg com> wrote:

On 2/29/2012 7:22 AM, Robin Wood wrote:


Hi
Is anyone still using Hamster and Ferret? I was trying to play with it
but ferret just keeps seg faulting on me and so never gives any data
to hamster. This is the crash:

$ ./ferret -r sniff-2012-02-29-eth.pcap
[0] ./ferret
[1] -r
[2] sniff-2012-02-29-eth.pcap
-- FERRET 1.2.0 - 2008 (c) Errata Security
-- build = Feb 28 2012 15:07:17 (64-bits)
-- libpcap version 1.2.1
sniff-2012-02-29-eth.pcap
proto="DNS", query="A", ip.src=[192.168.0.2], name="bsides.2bli2.com"
unknown record type
Segmentation fault

 From the debugging I've managed to do it looks like something to do
with the unknown record type getting parsed somewhere and causing the
problem but my C isn't good enough to work out what the unknown record
is and how to kill it off before it gets parsed.



You need to compile it with the "-g3 -ggdb" flags, then run it inside gdb.
 Something like:

# gdb ferret
gdb> run -r sniff-2012-02-29-eth.pcap

When it crashes, issue a "bt" to show the backtrace of where it crashed.
 You can probably just comment out the DNS parser.


I'll give it a go. I really need to learn to debug things on this
level, I can do scripts any day but never got round to learning gdb.


I use WiFiSheep on my Kindle Fire for an alternative catch-all-cookies
sidejacking attack.  Otherwise I use Firesheep with Firefox 3.6.12 and write
my own handlers.


I'll give it a try. I missed getting in on the hype of Firesheep so
never really played with it, I thought it just did the sites it knew
about rather than any site.

Robin


-Josh
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: