One use case for this script is for network admins to sniff their network's outgoing traffic and determine the security of the sites their users need; this will facilitate contacting the domain admins of those sites in order to tell them to tighten up their security.
@kousu we spoke about how best to implement this. It's not really feasible to get Python running on most people's routers so we need a way to get traffic from them onto the machine running this script.
I have done some research and have come up with two different methods. I'm open to other strategies if you can think of some:
1. Position the listening host running this script as a Person-in-the-Middle
(E.g. this post and this post.) Idea: Basically create a "virtual network interface" and sniff traffic off of that using port forwarding
Pros: Should work in most cases; Network admins should be able to monitor what's going over the wire and set up the rules they need; Can sniff traffic live
Cons: This essentially now also becomes a hacking tool. That's fine with me because security and hacking are really two sides of one coin and dependent on context: nmap is technically a hacking tool but also vital for administering a network; Also this approach requires more configuration with iptables and forwarding etc.
2. Run the script on a text file of hosts
Idea: Pass a text file of hosts into the program and evaluate those. We can add this as a command line argument, e.g. running the script in --live mode or --list mode, where the former uses scapy to sniff traffic like it does now, and the latter just grades a list of domains. The script doesn't necessarily need to sniff DNS traffic live if there is a list of IPs to grade.
Pros: Easier to set-up; reduces utility as a hacking tool
Cons: The preparation of the IPs list: there might be a way to export requested hosts from the router (especially if it's running something like Tomato) but this could be tricky for some vendors/firmware.
One use case for this script is for network admins to sniff their network's outgoing traffic and determine the security of the sites their users need; this will facilitate contacting the domain admins of those sites in order to tell them to tighten up their security.
@kousu we spoke about how best to implement this. It's not really feasible to get Python running on most people's routers so we need a way to get traffic from them onto the machine running this script.
I have done some research and have come up with two different methods. I'm open to other strategies if you can think of some:
1. Position the listening host running this script as a Person-in-the-Middle
(E.g. this post and this post.) Idea: Basically create a "virtual network interface" and sniff traffic off of that using port forwarding
Pros: Should work in most cases; Network admins should be able to monitor what's going over the wire and set up the rules they need; Can sniff traffic live
Cons: This essentially now also becomes a hacking tool. That's fine with me because security and hacking are really two sides of one coin and dependent on context:
nmapis technically a hacking tool but also vital for administering a network; Also this approach requires more configuration withiptablesand forwarding etc.2. Run the script on a text file of hosts
Idea: Pass a text file of hosts into the program and evaluate those. We can add this as a command line argument, e.g. running the script in
--livemode or--listmode, where the former uses scapy to sniff traffic like it does now, and the latter just grades a list of domains. The script doesn't necessarily need to sniff DNS traffic live if there is a list of IPs to grade.Pros: Easier to set-up; reduces utility as a hacking tool
Cons: The preparation of the IPs list: there might be a way to export requested hosts from the router (especially if it's running something like Tomato) but this could be tricky for some vendors/firmware.
Let me know what you think.