Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Using Scapy dissectors in Metasploit

From: hdm at metasploit.com (H D Moore)
Date: Sat, 29 Sep 2007 01:33:19 -0500
I started on integration, but ran into a bunch of issues:

* Scruby uses globals to store configuration. This is fine for a console 
script, but very bad for a giant pile of code like the Framework. $conf 
is not guaranteed unique nor unmolested. 

* Calling Scruby's methods from another class/outside of the module scope 
is tricky. The same applies to the :prn callback for the sniff method. 
For the Framework to use Scruby, we need to instantiate a Class that 
provides methods we can call. If I overlooked something simple, please 
let me know.

These should all be fixable, though it may require some code 
reorganization. I am happy to help with the effort and have already 
started some local changes here to get things working.

-- examples --
# Scruby uses global variables which can conflict with other modules
@before = global_variables
require "scruby"
@after  = global_variables
@diff   = @after - @before
p @diff
# 
["$IS_WINDOWS", "$IS_LINUX", "$layer_bounds", "$IS_BSD", "$HAVE_LIBDNET", "$aware_proto", "$conf", "$IS_OPENBSD"]


# Scruby is a module, not a class:
# a = Scruby.new
# error: undefined local variable or method `new' for Scruby

# Scruby's module doesn't work as a mixin
class MyScruby
        @@before = self.methods
        include Scruby
        @@after = self.methods
        @@diff  = @@after - @@before
        
        # No new methods by including Scruby
        # p @@diff
end

# This fails because sniff is not a method on the class
# MyScruby.sniff(:intf => 'eth0')
# error: undefined method `sniff' for MyScruby:Class (NoMethodError)

# The current sniff method doesn't have a way to yield back to the caller
# This means that even if it can be called from a class, theres no clean
# way to pass back the data via :prn


On Friday 28 September 2007 13:19, H D Moore wrote:

Looks good -- I will integrate pcaprub/scruby tonight and configure an
exploit mixin to use them. Pcaprub is missing a few methods, but these
are easy to integrate from my pcapx codebase. ?I do have two more
feature requests for scruby, if you don't mind:
Previous By Date Next
Previous By Thread Next

Current thread: