Why use Scapy? Blue Team. Red Team. Test IDS/IPS Test Firewall Learn more about TCP/IP (down and dirty) Application response(fuzzing)



Similar documents
Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

Network Packet Analysis and Scapy Introduction

Hacking Techniques & Intrusion Detection. Ali Al-Shemery arabnix [at] gmail

Host Fingerprinting and Firewalking With hping

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN

Scapy. On-the-fly Packet Generation by Dienstag, 10. Januar 12

Firewalls. Chien-Chung Shen

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CIT 480: Securing Computer Systems. Firewalls

EKT 332/4 COMPUTER NETWORK

How to Secure RHEL 6.2 Part 2

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

CIT 480: Securing Computer Systems. Firewalls

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Firewall implementation and testing

CSE543 - Computer and Network Security Module: Firewalls

ip6tables testing ip6tables Oliver Eggert (Universität Potsdam) ft6: firewall tester for IPv6 Folie 1 von 12

+ iptables. packet filtering && firewall

IP Firewalls. an overview of the principles

CSC574 - Computer and Network Security Module: Firewalls

Load Balancing SIP Quick Reference Guide v1.3.1

Main functions of Linux Netfilter

Module: Firewalls. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Linux: 20 Iptables Examples For New SysAdmins

Linux Routers and Community Networks

CIS 433/533 - Computer and Network Security Firewalls

CS Computer and Network Security: Firewalls

EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL

Firewalls (IPTABLES)

Linux MDS Firewall Supplement

Assignment 3 Firewalls

Python Scripting with Scapy

ipchains and iptables for Firewalling and Routing

Lab - Observing DNS Resolution

Stateful Firewalls. Hank and Foo

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Linux Networking: IP Packet Filter Firewalling

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008

Linux Firewall Wizardry. By Nemus

CS Computer and Network Security: Firewalls

Linux Firewall. Linux workshop #2.

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

CSE 127: Computer Security. Network Security. Kirill Levchenko

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Secure use of iptables and connection tracking helpers

Network Traffic Analysis

Project 2: Firewall Design (Phase I)

Network forensics 101 Network monitoring with Netflow, nfsen + nfdump

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Chapter 11. User Datagram Protocol (UDP)

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Course Title: Penetration Testing: Security Analysis

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from

How do I get to

TCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca

Firewalls. Pehr Söderman KTH-CSC

NAT & IP Masquerade. Internet NETWORK ADDRESS TRANSLATION INTRODUCTION. NAT & IP Masquerade Page 1 of 5. Internal PC

Guideline for setting up a functional VPN

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

disect Systems Logging Snort alerts to Syslog and Splunk PRAVEEN DARSHANAM

Network Layers. CSC358 - Introduction to Computer Networks

Denial of Service Attacks and Countermeasures. Extreme Networks, Inc. All rights reserved. ExtremeXOS Implementing Advanced Security (EIAS)

Lab Objectives & Turn In

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm,

Understanding Layer 2, 3, and 4 Protocols

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

TECHNICAL NOTES. Security Firewall IP Tables

Troubleshooting Tools

Host Discovery with nmap

How to Turn a Unix Computer into a Router and Firewall Using IPTables

The server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.

Chapter 12 Supporting Network Address Translation (NAT)

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Building a Home Gateway/Firewall with Linux (aka Firewalling and NAT with iptables )

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Solution of Exercise Sheet 5

Introduction Présentation de scapy. Scapy. Easy Packet Handling. Etienne Maynier. Capitole du Libre 24 Novembre 2012

Using TestLogServer for Web Security Troubleshooting

Attack Lab: Attacks on TCP/IP Protocols

Network-Oriented Software Development. Course: CSc4360/CSc6360 Instructor: Dr. Beyah Sessions: M-W, 3:00 4:40pm Lecture 2

Worksheet 9. Linux as a router, packet filtering, traffic shaping

Packet filtering with Linux

Firewall Implementation

Lab Module 3 Network Protocol Analysis with Wireshark

Attacking the TCP Reassembly Plane of Network Forensics Tools

Firewall Examples. Using a firewall to control traffic in networks

Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks

IP Filter/Firewall Setup

Transcription:

Scapy What is Scapy Why use Scapy? Important concepts to keep in mind Crafting your first packet Sending and Receiving Packets/Frames Basic examples and dealing with the OS's TCP/IP stack using iptables Quick discussion of the Super Socket

What is Scapy A Python framework used for crafting and transmitting packets. Capable of Sniffing or replaying packets for troubleshooting or fuzzing network services. Can be used as the interactive Python interpreter or the framework can be imported as a python module and used for further coding Everything is an object!

Why use Scapy? Blue Team Test IDS/IPS Test Firewall Learn more about TCP/IP (down and dirty) Application response(fuzzing) Red Team Fire teh lazorz (DOS/DDOS) More Fuzzing Penetration Testing

Important Concepts Everything is an Object treat it as such IP(), TCP(), UDP(), ICMP() Important commands to remember: help() - displays help ls() - displays packet classes lsc() - displays commands available to you When assigning Field Values(either works) ip=ip(src= 1.2.3.4, dst= google.com ) ip=ip() ip.src= 1.2.3.4 ip.dst= google.com

Important Concepts Continued Displaying Values of Variables ls(ip) shows what you have set and default vaules ip shows only what you have set ip.show() - omits variable classes and default values Assembling the Network Layers packet=ip(dst= 1.2.3.4 )/TCP(flags= S,dport=443) frame=ether(type=0x8100)/dot1q(vlan=99)/packet Payload attribute Will Display all the layers after the initial

Crafting your first packet ICMP echo(type 8) request to dst 192.168.1.103 send(ip(dst= 192.168.1.103 )/ICMP(type=8)) Using Variables packet=ip(dst= 192.168.1.103 )/ICMP(type=8) send(packet) Inoking Scapy into a python script #! /usr/bin/python from scapy.all import * i=ip(dst= 192.168.1.1 ) t=tcp(dport=80, flags= S ) packet = i/t send(packet)

Sending and Receiving Frames (Layer 2) sendp() - layer 2 sending srp() - send and receive on Layer 2 srp1() - send and receive a single response Packets (Layer 3) send() - layer 3 sending sr() - layer 3 send and receive sr1() - send and receive a single response

Basic Examples Start a TCP connection sr1(ip(dst= 192.168.1.1 )/TCP(flags= S, dport=80,seq=100)) Send to Multiple IPs and Listen for responses sr(ip(dst=[ 192.168.1.1, 192.168.1.2 ])/ICMP()) Send to Multiple ports and see responses sr(ip(dst= 192.168.1.1 )/TCP(dport=[80, 443, 22,445])) Then to view them: ans,unans=_ ans.summary()

Fuzzing Values More useful features send(ip(dst= 192.168.1.1 )/fuzz(icmp(code=0, seq=0, id=0)), loop=1) This will fuzz all values what are not assigned and stay in a loop until you Ctrl+C out of it. conf allows you to modify default values and change scapy configurations Conf.route shows the routing table scapy will use Wireshark Interface wireshark(packet) will launch a wireshark interface showing the packet you crafted

Cooked Sockets / Raw Sockets and IP Tables Cooked sockets uses Native TCP/IP Stack Kernel builds packet Assigns correct IP/UDP/TCP header values You supply the payload Raw Sockets circumvents Native TCP/IP Stack You build packet You assign header values You supply the payload

IP Tables helps us Block TCP Outbound Resets iptables -A OUTPUT -p tcp tcp-flags RST RST -s 192.168.1.1 -d 192.168.1.2 destination-port 80 -j DROP Block UDP Outbound ICMP port unreachables iptables -A OUTPUT -s 192.168.1.1 -d 192.168.1.2 -p ICMP icmp-type port-unreachable Call IPTables in your python script Import subprocess cmd = [iptables rules] subprocess.call(cmd, shell=false)

A look at the Three-way Hand Shake #!/usr/bin/python from scapy.all import * ip=ip(src="192.168.1.1", dst="192.168.1.2") SYN=TCP(sport=1030, dport=80, flags="s", seq=10) SYNACK=TCP(sr1(ip/SYN) my_ack =SYNACK.seq + 1

Super Socket Network socket is a function that opens, reads, writes, and closes an instance of network communications Using both Scapy sniff to read DNS query and send to write new spoofed responses requires the use of two separate sockets This method takes to longer and will never beat the DNS server Scapy uses a super-socket which takes care of both reading and writing with a single socket Less time and can beat the server

In closing Scapy is a very useful tool for: Gaining an in depth knowledge of the TCP/IP stack Great tool for security/network analysts and testers Great features: Cross Platform Easily read, write, craft packets on the fly Easily incorporate Scapy into an existing python script Replay pcaps back onto the network

Sources SANS Security Course: Power Packet Crafting with Scapy Research done on Wikipedia http://webstersprodigy.net/2012/07/06/some-practical-arp-poison-attacks-with-scapyiptables-and-burp/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information