Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (no subject)

From: Jeff Blaum <jblaum02 () gmail com>
Date: Thu, 17 Dec 2009 01:50:15 -0800
Wow, is you're site still down Dan? </omfg>

"Dan Kaminsky" <dan () doxpara com> wrote:


Easily the best environment for packet manipulation is scapy.

The most guaranteed to work approach involves putting a system with two
interfaces in as an attacker, and running two scapy processes that copy

frames

received on one interface onto the other one.  Of course, your copier

parses

the frames, changes what needs to be changed, fixes up checksums, etc.

There are other approaches that are preferable for all sorts of reasons,

but

the above means you don't need to fight with ARP or addresses or firewall
rules or the kernel.  (Proxy ARP, mangle tables, yadda yadda yadda.)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: