Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 17:50

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 
Author Message
 Post subject: SUDPPIPE - how to use
PostPosted: 22 Mar 2010 06:39 

Joined: 06 Mar 2010 09:00
Posts: 10
Hey guys. I'm looking for a bit of info on how to use sudppipe.

Essentially, It sounds like it sits between a program and the internet and intercepts the udp pipe and has the ability to read packets and inject other packets if need be. 1st off, is this correct.

Here's a scenario, I listen for a specific packet, I see it come across the wire, I want to send another packet to the sender of the 1st.

Is this scenario something that sudppipe is good for. I'm using my CS:Source server as a testing field for learning about packet discovery and vulnerabilities. That's where this is coming from.

Thanks for any response you can give.

Trevor


Top
 Profile  
 
 
 Post subject: Re: SUDPPIPE - how to use
PostPosted: 22 Mar 2010 13:53 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
Quote:
Simple UDP proxy/pipe 0.4.1 (sudppipe) .image.
advanced UDP proxy/datapipe/packets forwarder and modifier with multiple functions.
a datapipe is like a minimalistic proxy which acts as a bridge for connecting to a specific host, so the input connection can be any UDP client while the output is ever the same IP:port (clients->stcppipe->target).


but i assume you have already read this before, i have never used it before myself, so can't really help in this, however if you wish to analyze and resend the packets in order to find vulnerabilites, i suggest you using CommView instead and to permanently modify packets in order to make exploit for others to use, then you can use Luigi's proxocket (very good tool) or WPE pro (which doesn't work sometimes).
i have quite a lot of experience on this field, just haven't used sudppipe.


Last edited by Sethioz on 26 Mar 2010 21:56, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: SUDPPIPE - how to use
PostPosted: 22 Mar 2010 15:25 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
sudppipe is like an udp proxy that can use only a fixed destination.
so basicly its jobs can be:
- linking 2 udp services on the same or different computers
- dumping the content of the packets sent/received
- using some small external plugins for editing the packets sent/received
- particular "crazy" tests like sending the same packet multiple time or sending it to multiple destinations and so on

judging your specific case I guess it's better to use proxocket (because it's easier to use) but sudppipe can do the same job as I demonstrated with my Source's proof-of-concepts (the plugins are compatibles with both the tools)


Top
 Profile  
 
 Post subject: Re: SUDPPIPE - how to use
PostPosted: 26 Mar 2010 01:19 

Joined: 06 Mar 2010 09:00
Posts: 10
Thanks for the response, both of you.

So, it sounds like Sudppipe would do the trick but it's probably easier to use Proxocket.

So, 2 questions on that.

1. would Sudppipe use a myproxocket type plugin, or is it something else? Essentially, am I re-compiling sudppipe with new code in it, or making another .dll file to go along side it, like proxocket.
2. With Proxocket, if I'm using myrecvfrom to figure out when a certain packet arrives, how do I cause the app to send a new packet that I build?

Essentially, what I don't really know is how the individual functions in myproxocket work with eachother. I would think that I would be triggering a mysend function to send the new packet, but I'm really not sure.

Could you point me in the right direction on this one? Do I need another utility to actually send the packet, then call that utility from within myrecvfrom?

Thanks again.

Trevor


Top
 Profile  
 
 Post subject: Re: SUDPPIPE - how to use
PostPosted: 26 Mar 2010 21:58 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
what is it, what you exactly want to achieve ?
are you trying to replace the "string" in the packet sent and/or recieved ?


Top
 Profile  
 
 Post subject: Re: SUDPPIPE - how to use
PostPosted: 27 Mar 2010 04:30 

Joined: 06 Mar 2010 09:00
Posts: 10
Right now I don't have a specific thing in mind.

But, with that said. The exact scenario I want is to have something like proxocket loaded with a program, any program, and then, when a packet is received that meets whatever criteria I want, I want to generate a new packet (completely non related to the existing packet) and send that new packet back to the sender of the original packet.

Sorry if that's a bit confusing. If I were to simplify it, I would say...

N1 sends packets to n2. When packet x from n1 is detected, send completely new packet (generated) back to n1.


Top
 Profile  
 
 Post subject: Re: SUDPPIPE - how to use
PostPosted: 27 Mar 2010 18:29 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
this is question for Luigi, im not sure if proxocket and/or sudppipe can do that.

i got the point, if you recieve a packet, then you want to send totally custom packet back as response, like in msn you can make auto answer.


Top
 Profile  
 
 Post subject: Re: SUDPPIPE - how to use
PostPosted: 30 Mar 2010 23:52 

Joined: 06 Mar 2010 09:00
Posts: 10
Yah, that's pretty much it. If these 2 apps aren't the correct ones, I'm fine reading up on another one and if need be, posting a new topic accordingly.

Thanks for your help guys, its very much appreciated.


Top
 Profile  
 
 Post subject: Re: SUDPPIPE - how to use
PostPosted: 01 Apr 2010 15:59 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
Quote:
1. would Sudppipe use a myproxocket type plugin, or is it something else?

proxocket can use only the plugins written for itself (myproxocket.dll) while sudppipe can use both those for proxocket (probably with some limitations in some complex things I guess) and those for itself.

I have not added the support for sudppipe plugins in proxocket because they are mainly "view-only" plugins useful for example for decompressing the packets or doing some other very very basic operations (indeed you can't even know if they are incoming or outgoing packets).

Quote:
2. With Proxocket, if I'm using myrecvfrom to figure out when a certain packet arrives, how do I cause the app to send a new packet that I build?

you can do it by using that part of code in the myproxocket.c example located in proxocket.zip
I refer to the part that goes from line 123 to 166 (remember to call init_myproxocket and free_myproxocket in DllMain), so that when you want to send a packet in any moment you can use real_sendto... it should work (not tested):
Code:
real_sendto(s, "DATA", 4, flags, from, *fromlen);


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: