vikstrous
commented
10 years ago Another approach might be to use BPF to just get all the packets and then deal with them ourselves: https://en.wikipedia.org/wiki/Berkeley_Packet_Filter
Open vikstrous opened 10 years ago
vikstrous
commented
10 years ago Another approach might be to use BPF to just get all the packets and then deal with them ourselves: https://en.wikipedia.org/wiki/Berkeley_Packet_Filter
fwilliams
commented
10 years ago BPF looks quite a bit more primitive than iptables for doing packet routing. That being said, if we deploy this to real world machines and we depend on iptables, then we will either require that iptables exist on the system or somehow bundle our own version of it with our tool and hope it doesn't clash with other firewalls. I think for the purpose of prototyping and testing, using iptables or nftables (which I need to look at a bit more) might make more sense.
Additionally, using tools like iptables/nftables means we can have a few bash scripts to set up our environment for testing. If we need anything more fancy down the line it can always be added without any real overhead since we'll just write code against the assumption that packet routing exists and our modules receive the correct data.
vikstrous
commented
10 years ago We can work at many different levels of the stack. The easiest way MITM attacks are done these days is by setting up a local server that listens on some port and having iptables or something send traffic to it. That's the approach of MITM proxy and ssl strip. This is already not too hard to do. I think I want to focus on being able to execute more complex attacks that 1. span multiple ports like ftp 2. are in all kinds of protocols... like icmp
iptables already has a nice pipeline and a way to route packets at multiple levels of the OSI model. We might be able to just write a frontend for configuring iptables and a collection of iptables modules. This idea requires more investigation. We might also want to consider nftables. What do you guys think?