Using Scapy dissectors in Metasploit

[sylvain.sarmejeanne.ml at gmail.com (Sylvain SARMEJEANNE)]

H D Moore a ?crit :
> This looks like a great library to use from within Metasploit, however 
> there is one problem with the current file layout. Scruby stores all of 
> its include files in the same directory as "scruby.rb". This means that 
> the $LOAD_PATH/$: must be set to include this directory. Since the scruby 
> include files have a somewhat generic naming convention ("help.rb", etc) 
> this will cause problems when other code of the same name is required.
>
> Two solutions:
>
> A) Modify scruby to place all files except "scruby.rb" into a "scruby/" 
> subdirectory. This means we can add the "scruby.rb" file to the load path 
> without having namespace conflicts. So instead of:
>
> require "help"
>
> It would read:
>
> require "scruby/help"
>
> B) Add the scruby load path, require "scruby", and remove the scruby load 
> path afterwards.
>
> Would you be willing to make the change listed for the first solution? 
> Metasploit is already running into issues with the rails includes, since 
> they set the load path to include ".".  Anything else we can do to limit 
> overlap/confusion in the load path would reduce problems in the future.

OK, version 0.2.1 of Scruby fixes this issue.

> Thanks, and nice work!

Thank you!

> -HD
>
> On Thursday 27 September 2007 14:22, Sylvain SARMEJEANNE wrote:
> > Hi everyone,
> > I have been developing Scruby [1] for a couple of months, a kind of
> > Scapy clone in Ruby. It is not (and will never be) as exhaustive as
> > Scapy, but it may be useful as it allows the use of Scapy dissectors in
> > Metasploit modules.
> >
> > With Scruby, network protocols can be implemented easily; so do file
> > formats (e.g. something like
> > RIFF()/ANI(:headersize=>36)/ANI("putyourpayloadhere")/ANI("overflow")
> > could be a fast way to write an exploit skeleton for MS07-017).


-- 
Sylvain SARMEJEANNE