On Wed, Apr 6, 2011 at 5:46 PM, Brijesh Patel <[email protected]> wrote: > Hi, > I am working on my proposal for Packet Manipulator : new audits. I ran > some test using audits, even my packet manipulator crashed twice > due to some segmentation fault ( unable to produce same results again ) > while running DNS spoof, poised some ARP tabels :). I found fuzzing > capability of scapy very powerful and easy to use. Finally I want to propose > following things in my proposal based on my understanding. > 1) Use scapy fuzzer capability in generating custom sequences of > packet in PM. Instead of user filling in the details of all the fields he > can just fill the fields that he wants and generate fields randomly in > repeated fashion and can run tests. As in the current version, we will be > modifying the capability of modifying properties of packet manually and use > fuzzing for rest of the fields. ( I thought this is what you meant to say to > add fuzzing capability to the PM ) and even use it in audits to test any > entity and find vulnerabilities by repeatedly firing the fuzzed packets and > see if it crashes. My plan was to create a wrapper which every audit plugins > can use to have such functionality.
Yes that's the point. Remember that in your proposal you have also to evaluate the GUI modification this feature will introduce in the PM interface(how to provide to the end user the fuzzing capabilities you are going to implement, which widgets are needed, ..). Moreover which are the pattern you are going to support (like loading a predefined set of strings from an input file in order to fuzz a specific field, or if you will simply rely on the capabilities that the backend provides). I think also that it could be interesting to implement a fuzzing engine for UMPA itself and make a kind of joint proposal among PM and UMPA projects. I think that UMPA can certainly benefit from this. > 2) Add a functionality to just right click on packets and find the > packets related to that particular conversation. Is this like TCP/UDP conversation reassembling feature of wireshark? > 3) Add audit for routing protocols. I have OSPF particularly in > mind and exploiting the vulnerabilities specified > in http://tools.ietf.org/html/draft-ietf-rpsec-ospf-vuln-02. That can be a nice part of your proposal, and if you find time probably should be interesting to also add the support to others routing protocols. It should be not a demanding activity. > 4) If time permits I would also like to add some GUI for user > friendliness, like we can double click on packet and analyze properties and > layers in a different window. (like in wireshark ) You can further extend this point by implementing a kind of interaction with wireshark/tshark. > 5) As you said of parallelizing sniffing, hijacking, and tracking > is also a way to optimize audits. Good idea but actually python is quite limiting in this. The only way to achieve some kind of parallelism exploitation is to write some C extension. > > Waiting for your feedback. Please suggest if I can improve on > something. > -Brijesh -- Best regards, Francesco Piccinno ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
