The Ethical Hacker Network - Network Packet Injection

zapacila89

Newbie

Offline

Posts: 2

Network Packet Injection

« on: April 07, 2008, 11:56:34 PM »

Hi

Sorry if it`s in the wrong sections, maybe the moderators will move it right.
I`m new to the website and not much familiar. Anyways..\

I have a flash application that connect to a server via socket connection. NOT HTTP. So when the connection is established between the server an client, i want to be able to inject some packets of my own.
I have tried the WireShark and other sniffing and capture applications, non of them worked i sent the packets and the client or server doesn't seam to get them.

I also tought of another way: creating a application layer, that will intercep the client packets modifies them internaly and then redirect them to sever, and vice-versa when the server send to client my application should intercept modify and then send the packets to client as they would be from the server. But this doent work because the application doesnt use DNS to find the host and its direct IP connect. Is there a way to fool the client in connecting to my local machine? a fake IP or soemthing like that?

If the concept above doesn't work... is there really a way of injecting packets into an established socket connection between to machines? To fool the client to think he received it from the server?


	Logged

shawal

Jr. Member

Offline

Posts: 88

Re: Network Packet Injection

« Reply #1 on: April 08, 2008, 11:38:52 AM »

where did you try sniffing? did you try on both the client, and the server? did you try runing both on the same machine? for packet injection check hping and nemesis


	Logged

RHCE, GIAC GCIH.

apollo

Full Member

Offline

Posts: 146

Re: Network Packet Injection

« Reply #2 on: April 08, 2008, 11:45:52 PM »

People may be able to give you some more information if you can describe what you want to do with the packets between the client and the server. If you are trying to get the server to do something it isn't supposed to, if you can determine the protocol that is being used, it may be easier to write your own basic client outside of flash. If you are needing to only change one type of packet, you may be able to do a man-in-the-middle type attack where you intercept the whole conversation and act as a relay between the client and server, and write automated modifications of the packets that you specifically want modified.


	Logged

CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+

zapacila89

Newbie

Offline

Posts: 2

Re: Network Packet Injection

« Reply #3 on: April 09, 2008, 03:02:30 AM »

Quote from: apollo on April 08, 2008, 11:45:52 PM

you may be able to do a man-in-the-middle type attack where you intercept the whole conversation and act as a relay between the client and server, and write automated modifications of the packets that you specifically want modified.

I dont have acces to server. so i just sniff conversations between server and client
it uses TCP/IP protocol to connect and establish a connection on server:2002 via socket so no HTTP request. it has no encryption just plain XML

the problems with "intercepting the whole conversation and act as a relay between the client and server" is that i cannot fool the client in conneting to me .. he connects directly to server via IP adress. if i could fool him connecting to my local machine then i can play the intercepting game. but ..

For Apllo: i want to change the packets values, the actually contents of it. (xml) an modify some values and then release them to server

I also tried to make my own client but its actually harder coz i dont know how to interpret every commnand sent from server to client.

Anyway. another question is there a way of hajacking the opened socket connection?

also the man-in-the-middle type attack is a very interesting point but still i need the client to force to connect to me it would be great


	Logged

Bogwitch

Jr. Member

Offline

Posts: 51

Senno Ekto Gamat

Re: Network Packet Injection

« Reply #4 on: April 09, 2008, 03:43:21 AM »

Would I be right in saying you do not have access to the server AND the client?


	Logged

CISSP, C|EH, C|HFI

Andrew Waite

Hero Member

Offline

Posts: 928

Re: Network Packet Injection

« Reply #5 on: April 09, 2008, 05:01:40 AM »

zapacila89,

I'm going to brush of the possible legal/ethical issues with this situation as the solution has already been suggested. What you need is a MitM vector.

I'm assuming that you are on the same physical LAN as either the client or server? If not, you could have a whole heap of difficulty getting anything working. There are plenty of resources already on this site related to this, Brian's Cain & Abel stuff for example.

However, as you are posting this on Ethical-hacker.net I'd suggest that there is likely a simpler way to achieve your goals assuming you have authorisation to make the changes you are discussing.


	Logged

-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk

don

Editor-In-Chief
Administrator
Hero Member

Online

Posts: 4165

Editor-In-Chief

Re: Network Packet Injection

« Reply #6 on: April 09, 2008, 11:11:34 AM »

I only wish to reiterate the fact that this site is meant for security professionals, ethical hackers, pen testers, etc. Not only access is needed but also permission. These are 2 very different things. And it appears as though you may not have either.

Kudos to the EH-Net Members who consistantly remind new contributors of the focus of this site.

Thanks to all for your understanding,
Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

Pages: [1] Go Up

« previous next »