Architecture of a Proactive Security Tool |
| |
|
Till now we have discussed the operation of security tools in two different categories: Sniffers and Injectors. It is time, we combined both these logics together in a single tool - a proactive security tool.
Such a security tool will sniff packets, decide what to do based on the gathered information and then inject packets to influence the network logic as it wants to. This is as powerful as it can get !
In this tutorial we will discuss a generic architecture of such a tool. Please download this presentation and follow the next video.
|
|
|
|
Let us try to code the above logic into a framework which could use while coding any proactive tool.
More on IPC is available here and on Multithreaded programming here.
Please download the following code and watch the next video. |
|
|
| |
In the next video we will see how we can use the framework described above to send messages between the sniffer and injection threads. To keep it simple we will be sending an integer from the injection thread to the sniffer thread.
Please download this code and have a look at the video. |
|
|
|
That was easy ! Try playing around with the data in the message so that you reach a good comfort level while dealing with IPC.
Now lets do some real coding !
In the next video we will use the framework created above to make an ARP Denial of Service tool. This tool will sniff the network for Arp requests and spoof an Arp reply to those requests. As you can imagine this will disrupt legitimate network connection. This example is also the starting point in making man in the middle tools using ARP. Please have a look at this for more info on the art of "Arp Spoofing". There is also a cool flash presentation available here on the same.
Download this code and follow the video. |
|
|
| |
Cool !! wasn't it? Run the above code with caution! If left unsupervised then it could bring down the whole network!
This bring us to the end of this section. The point i wanted to make was that a security tool is most powerful when it actively probes the network (sniffs) and responds to it accordingly (injects). There are many ways to formulate the architecture of such a proactive tool. I have just laid out one of the simplest one. I would encourage you to use the above layout and try writing your own tools.
Hope you had fun! Please send me your feedback here. |
|
| |
| |
| |
| |
