Nmap Development mailing list archives
Re: Ncat lua execution
From: Martin Holst Swende <martin () swende se>
Date: Thu, 16 Jan 2014 21:30:06 +0100
On 2014-01-15 21:04, Martin Holst Swende wrote:
On 2014-01-15 20:57, Jacek Wielemborek wrote:15/01/2014 20:49:24 Martin Holst Swende<martin () swende se>:Hi, I've started experimenting a bit with Ncat and the "new" Ncat lua execution. My first experiment wast to make a generic logging SSL/TCP proxy. That's easy: ncat --listen --ssl --ssl-cert test-cert.pem --keep-open --ssl-key test-key.pem -o output.log --hex-dump output-hex.log --sh-exec "ncat --ssl www.dn.se 443" Now, I would also like to modify the traffic on the fly, in either direction. Using a lua-script which converts ASCII-characters to uppercase in http-responses would be a good starting point. Is that kind of modification possible with the new scripting capabilities? After reading up a bit on how ncat command execution works, it seems that the command execution is more aimed at "net-enabling" processes which are otherwise not network-enabled, but perhaps some clever pipe wizardry can be used to achieve the effect I am aiming for..?
Answering my own email here, just for completeness sake. There was some pipe wizardry that could be applied, allowing me to do the processing in python.
Ignoring the SSL-things, this is the listener side. The web server is the target I want to proxy to:
#python -m SimpleHTTPServer & ncat -l --sh-exec "upper| ncat localhost 8000 | upper"
[1] 8053 Serving HTTP on 0.0.0.0 port 8000 ... 127.0.0.1 - - [16/Jan/2014 21:18:43] "GET / HTTP/1.0" 200 -And the "client" connects to the mitm-station, which modifies the traffic in both directions:
#ncat localhost
get / http/1.0
HTTP/1.0 200 OK
SERVER: SIMPLEHTTP/0.6 PYTHON/2.7.5+
DATE: THU, 16 JAN 2014 20:18:43 GMT
CONTENT-TYPE: TEXT/HTML; CHARSET=UTF-8
The "upper" is a python script which looks like this:
#!/usr/bin/python
import sys
def transmit(data):
sys.stdout.write(data)
sys.stdout.flush()
return ""
def read():
x = sys.stdin.readline()
while x:
yield x
x = sys.stdin.readline()
for line in read():
transmit(line.upper())
The "readline" stuff within the python script is not suitable for binary
data, in which case the sys.stdin.read(1) should be used instead, and
possibly the -U flag is needed, I'm not sure. More pythonic ways of
reading, such as "for line in fileinput.input()" fails, since that lazy
construction does not start reading until the connection is closed.
This method of throwing together a scriptable, ssl-enabled tcp proxy for mitm logging/tampering scenarios is awesome. And by that I don't mean that I'm awesome, I mean that Ncat is awesome and I only now noticed :)
Regards, Martin _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ncat lua execution Martin Holst Swende (Jan 15)
- Re: Ncat lua execution Jacek Wielemborek (Jan 15)
- Re: Ncat lua execution Martin Holst Swende (Jan 15)
- Re: Ncat lua execution Martin Holst Swende (Jan 16)
- Re: Ncat lua execution Martin Holst Swende (Jan 15)
- Re: Ncat lua execution Jacek Wielemborek (Jan 15)