.

Network Packet Injection

<<

zapacila89

Newbie
Newbie

Posts: 2

Joined: Mon Apr 07, 2008 11:45 pm

Post Mon Apr 07, 2008 11:56 pm

Network Packet Injection

Hi


Sorry if it`s in the wrong sections, maybe the moderators will move it right.
I`m new to the website and not much familiar. Anyways..\

I have a flash application that connect to a server via socket connection. NOT HTTP. So when the connection is established between the server an client, i want to be able to inject some packets of my own.
I have tried the WireShark and other sniffing and capture applications, non of them worked i sent the packets and the client or server doesn't seam to get them.

I also tought of another way: creating a application layer, that will intercep the client packets  modifies them internaly and then redirect them to sever, and vice-versa when the server send to client my application should intercept modify and then send the packets to client as they would be from  the server. But this doent work because the application doesnt use DNS to find the host and its direct IP connect. Is there a way to fool the client in connecting to my local machine? a fake IP or soemthing like that?

If the concept above doesn't work... is there really a way of injecting packets into an established socket connection between to machines? To fool the client to think he received it from the server?
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Tue Apr 08, 2008 11:38 am

Re: Network Packet Injection

where did you try sniffing? did you try on both the client, and the server? did you try runing both on the same machine?  for packet injection check hping and nemesis
RHCE, GIAC GCIH.
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Tue Apr 08, 2008 11:45 pm

Re: Network Packet Injection

People may be able to give you some more information if you can describe what you want to do with the packets between the client and the server.  If you are trying to get the server to do something it isn't supposed to, if you can determine the protocol that is being used, it may be easier to write your own basic client outside of flash.  If you are needing to only change one type of packet, you may be able to do a man-in-the-middle type attack where you intercept the whole conversation and act as a relay between the client and server, and write automated modifications of the packets that you specifically want modified. 
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

zapacila89

Newbie
Newbie

Posts: 2

Joined: Mon Apr 07, 2008 11:45 pm

Post Wed Apr 09, 2008 3:02 am

Re: Network Packet Injection

apollo wrote: you may be able to do a man-in-the-middle type attack where you intercept the whole conversation and act as a relay between the client and server, and write automated modifications of the packets that you specifically want modified. 


I dont have acces to server. so i just sniff conversations between server and client
it uses TCP/IP protocol to connect and establish a connection on server:2002 via socket so no HTTP request. it has no encryption just plain XML

the problems with "intercepting the whole conversation and act as a relay between the client and server" is that i cannot fool the client in conneting to me .. he connects directly to server via IP adress. if i could fool him connecting to my local machine then i can play the intercepting game. but ..


For Apllo: i want to change the packets values, the actually contents of it. (xml) an modify some values and then release them to server

I also tried to make my own client but its actually harder coz i dont know how to interpret every commnand sent from server to client.

Anyway. another question is there a way of hajacking the opened socket connection?


also the  man-in-the-middle type attack  is a very interesting point but still i need the client to force to connect to me it would be great
<<

Bogwitch

Jr. Member
Jr. Member

Posts: 51

Joined: Wed Aug 16, 2006 3:29 am

Post Wed Apr 09, 2008 3:43 am

Re: Network Packet Injection

Would I be right in saying you do not have access to the server AND the client?
CISSP, C|EH, C|HFI
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Apr 09, 2008 5:01 am

Re: Network Packet Injection

zapacila89,

I'm going to brush of the possible legal/ethical issues with this situation as the solution has already been suggested. What you need is a MitM vector.

I'm assuming that you are on the same physical LAN as either the client or server? If not, you could have a whole heap of difficulty getting anything working. There are plenty of resources already on this site related to this, Brian's Cain & Abelstuff for example.

However, as you are posting this on Ethical-hacker.net I'd suggest that there is likely a simpler way to achieve your goals assuming you have authorisation to make the changes you are discussing.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Apr 09, 2008 11:11 am

Re: Network Packet Injection

I only wish to reiterate the fact that this site is meant for security professionals, ethical hackers, pen testers, etc. Not only access is needed but also permission. These are 2 very different things. And it appears as though you may not have either.

Kudos to the EH-Net Members who consistantly remind new contributors of the focus of this site.

Thanks to all for your understanding,
Don
CISSP, MCSE, CSTA, Security+ SME

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software