One Article Review
| Source |  RedTeam PL |
|---|---|
| Identifiant | 1798885 |
| Date de publication | 2020-02-04 18:49:09 (vue: 2020-07-09 15:05:43) |
| Titre | Network data manipulation on the fly |
| Texte | AbstractVarious type of security assessments ranging from regular penetration testing, through red teaming operations up to breaking IoT/ICS devices and SCADA involves playing with binary network protocols what requires intercepting and modification of network data between client and the target. Sniffing of the network traffic is not a big deal as we have tools like Wireshark, Tcpdump or Scapy, however modification is more challenging because we would need to have kind of an interface to read the network data, filter it, modify on the fly and send it back to the target host in almost real time. In addition, it would be perfect if such tool could auto handle multiple connections in parallel and be scriptable.One time I found a tool called maproxy |
| Envoyé | Oui |
| Condensat | def /login/ /usr/bin/env 22/tcp 2222 2222/tcp 26:28 3rd 443 44818 63+10: : :63 :all :data abstractvarious access accomplished achieve action= addition against almost also applications are are:on argument arguments article assessments assume asynchronous attention auto back banner based because been being benefit between bidirectional big binary breaking c2p called can canape case cases challenging change checking cip class client client: code: com com/ctxis/canape com/drk1wi/modlishka com/kgretzky/evilginx2 com/muraenateam/muraena com/zferentz/maproxy/tree/master/demos comments common complex compression compressiondata connect connection connections connects content control controllers core could course crafted credentials custom customizable data deal def default deflate delivered demo demonstration describe destination device devices different direction disable documentation domain done drives dummy31337 dumnyssh easily easy effect effect:as encode encrypted end enhanced environments establish ethernet ethernet/ip ethernet/ipi ethernet” evilginx example explanatory facebok facebook factory=loggingsessionfactory fairly familiar features field file files filter first fly focus following following:network form found from fully gain general generates get goal:the going got guess gzip handle handy has have header headerdata heavily highlighted highly host host: hostname how however html http https://github https://pypi https://redteam i/o ics ics/scada ideas identification identity identity;q=0 implement including incoming indcomm indicates industrial infinite inject instance instead interaction intercepting interesting interface involves ioloop ioloopimport iot/ics just kind ladder landing last let library like like:device list listen listening local localhost logging loggingsession login looks lot make manipulation many maproxy mature message messing method methods mimic misled modes:tcp:tcp modification modificationanother modifications modified modify modlishka modules more most multiple muraena name name:case need needed network networking not number off one openssh operate operations opinion options=true order org/project/maproxy/ original overviewthe p2s packets page pagethere parallel partial pemlogging pemssl2ssl penetration perfect performed phishing pl/ playing plc popular port port:welcoming possibly practical pretty print programmable programming proper protocol protocols proxified proxy proxybased proxyserver proxyserverserver purpose purposes py:# pycase pycertificate pyfor pyprivatekey pyssl2tcp pytcp2ssl pytcp2tcp python pythonimport quickly quite ranging read real red registered regular relays relies replace replacement replacing requested requires response response returns reuse reverse run running same scada scapy scenario screenshot script script:# script:as scriptable scripts search second security see self send server servers: service session shodan show showing side similar simple sniffer sniffing software solutions something sophisticated specific spent squatted ssh ssl ssl:ssl ssl:tcp standard start stream stuff successfully such super takes target tcp tcp2tcp tcp:ssl tcpdump teaming tested testing these things those through time too tool tools tornado traffic try turned twice two type typical typo unencrypted universal unveiled use using usually utf version very victims visible want way web website well what where whether which who wireshark within wordin working would wrapping written x00 x0c your “dumnyssh” “ni |
| Tags | Tool |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.