HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 24 guests and 1 member online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Network Packet Injection
Ethical Hacker Community Forums
November 23, 2008, 04:37:23 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Network Packet Injection  (Read 2370 times)
0 Members and 1 Guest are viewing this topic.
zapacila89
Newbie
*
Offline Offline

Posts: 2


View Profile
« on: April 07, 2008, 11:56:34 PM »
Hi


Sorry if it`s in the wrong sections, maybe the moderators will move it right.
I`m new to the website and not much familiar. Anyways..\

I have a flash application that connect to a server via socket connection. NOT HTTP. So when the connection is established between the server an client, i want to be able to inject some packets of my own.
I have tried the WireShark and other sniffing and capture applications, non of them worked i sent the packets and the client or server doesn't seam to get them.

I also tought of another way: creating a application layer, that will intercep the client packets  modifies them internaly and then redirect them to sever, and vice-versa when the server send to client my application should intercept modify and then send the packets to client as they would be from  the server. But this doent work because the application doesnt use DNS to find the host and its direct IP connect. Is there a way to fool the client in connecting to my local machine? a fake IP or soemthing like that?

If the concept above doesn't work... is there really a way of injecting packets into an established socket connection between to machines? To fool the client to think he received it from the server?
Logged
shawal
Jr. Member
**
Offline Offline

Posts: 86


View Profile
« Reply #1 on: April 08, 2008, 11:38:52 AM »
where did you try sniffing? did you try on both the client, and the server? did you try runing both on the same machine?  for packet injection check hping and nemesis
Logged
RHCE, GIAC GCIH.
apollo
Newbie
*
Offline Offline

Posts: 42


View Profile WWW
« Reply #2 on: April 08, 2008, 11:45:52 PM »
People may be able to give you some more information if you can describe what you want to do with the packets between the client and the server.  If you are trying to get the server to do something it isn't supposed to, if you can determine the protocol that is being used, it may be easier to write your own basic client outside of flash.  If you are needing to only change one type of packet, you may be able to do a man-in-the-middle type attack where you intercept the whole conversation and act as a relay between the client and server, and write automated modifications of the packets that you specifically want modified. 
Logged
zapacila89
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #3 on: April 09, 2008, 03:02:30 AM »
Quote from: apollo on April 08, 2008, 11:45:52 PM
you may be able to do a man-in-the-middle type attack where you intercept the whole conversation and act as a relay between the client and server, and write automated modifications of the packets that you specifically want modified. 

I dont have acces to server. so i just sniff conversations between server and client
it uses TCP/IP protocol to connect and establish a connection on server:2002 via socket so no HTTP request. it has no encryption just plain XML

the problems with "intercepting the whole conversation and act as a relay between the client and server" is that i cannot fool the client in conneting to me .. he connects directly to server via IP adress. if i could fool him connecting to my local machine then i can play the intercepting game. but ..


For Apllo: i want to change the packets values, the actually contents of it. (xml) an modify some values and then release them to server

I also tried to make my own client but its actually harder coz i dont know how to interpret every commnand sent from server to client.

Anyway. another question is there a way of hajacking the opened socket connection?


also the  man-in-the-middle type attack  is a very interesting point but still i need the client to force to connect to me it would be great
Logged
Bogwitch
Newbie
*
Offline Offline

Posts: 48

Senno Ekto Gamat


View Profile
« Reply #4 on: April 09, 2008, 03:43:21 AM »
Would I be right in saying you do not have access to the server AND the client?
Logged
CISSP, C|EH, C|HFI
RoleReversal
Sr. Member
****
Offline Offline

Posts: 457


View Profile WWW
« Reply #5 on: April 09, 2008, 05:01:40 AM »
zapacila89,

I'm going to brush of the possible legal/ethical issues with this situation as the solution has already been suggested. What you need is a MitM vector.

I'm assuming that you are on the same physical LAN as either the client or server? If not, you could have a whole heap of difficulty getting anything working. There are plenty of resources already on this site related to this, Brian's Cain & Abel stuff for example.

However, as you are posting this on Ethical-hacker.net I'd suggest that there is likely a simpler way to achieve your goals assuming you have authorisation to make the changes you are discussing.
Logged
A little bit of sanity:
http://www.infosanity.co.uk
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 2347


Editor-In-Chief


View Profile WWW
« Reply #6 on: April 09, 2008, 11:11:34 AM »
I only wish to reiterate the fact that this site is meant for security professionals, ethical hackers, pen testers, etc. Not only access is needed but also permission. These are 2 very different things. And it appears as though you may not have either.

Kudos to the EH-Net Members who consistantly remind new contributors of the focus of this site.

Thanks to all for your understanding,
Don
Logged
CISSP, MCSE, CEH, Security+ SME
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.041 seconds with 24 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
During the most recent election, I:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.