forked from andrewg-felinemenace/PCAP-Generation-Tools
-
Notifications
You must be signed in to change notification settings - Fork 1
x00itachi/PCAP-Generation-Tools
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
pcap generation tools
--------------------
0. Requirements
1. Using pgt
2. Using pft
3. Using pftlib from python
--[ 0. Requirements
The pgt tools require python 2.6 and scapy (I used version 2.1.0).
--[ 1. Using pgt
Using pgt is relatively straight forward:
# Generate the file we want to simulate captures for
$ echo '<html><head><title>evil exploit</title></head><body>t</body></html>' > evil.html
# Ask it to generate the pcaps for us
$ python pgt.py evil.html
[*] Doing FTP
[*] output/evil.html/FTP_upload_active.pcap...
[*] output/evil.html/FTP_upload_passive.pcap...
[*] output/evil.html/FTP_download_active.pcap...
[*] output/evil.html/FTP_download_passive.pcap...
[*] Doing Email
[*] output/evil.html/POP3_base64.pcap...
[*] output/evil.html/POP3_7or8bit.pcap...
[*] output/evil.html/POP3_quopri.pcap...
[*] output/evil.html/IMAP_base64.pcap...
[*] output/evil.html/IMAP_7or8bit.pcap...
[*] output/evil.html/IMAP_quopri.pcap...
[*] output/evil.html/SMTP_base64.pcap...
[*] output/evil.html/SMTP_7or8bit.pcap...
[*] output/evil.html/SMTP_quopri.pcap...
[*] Doing HTTP
[*] output/evil.html/HTTP_GET_raw_raw.pcap ...
[*] output/evil.html/HTTP_GET_raw_chunked.pcap ...
[*] output/evil.html/HTTP_GET_gzip_raw.pcap ...
[*] output/evil.html/HTTP_GET_gzip_chunked.pcap ...
[*] output/evil.html/HTTP_GET_deflate_raw.pcap ...
[*] output/evil.html/HTTP_GET_deflate_chunked.pcap ...
[*] output/evil.html/HTTP_POST_raw_raw.pcap ...
[*] output/evil.html/HTTP_POST_raw_chunked.pcap ...
[*] output/evil.html/HTTP_POST_gzip_raw.pcap ...
[*] output/evil.html/HTTP_POST_gzip_chunked.pcap ...
[*] output/evil.html/HTTP_POST_deflate_raw.pcap ...
[*] output/evil.html/HTTP_POST_deflate_chunked.pcap ...
And that's it, it's generated a bunch of pcaps for us, and applied a bunch of
common encoding.
--[ 2. Using pft
pft can create brand new pcaps from a file. This is very useful when the
pcap you have been given doesn't have TCP handshake / socket shutdown,
bad checksums, missing ack's, etc.
To prepare the input file, use wireshark on the bad pcap, locate the tcp stream
you would like to rebuild, right click on it, select "follow this tcp stream",
then display it as C arrays. Click the save as button, and save the C arrays
somewhere.
Then run fgt.py as:
$ python fgt.py -w --port <destination port> carrays
and it will generate a carrays.pcap for you.
--[ 3. Using pgtlib from python
Using pgtlib via python is relatively straight forward:
>>> from pgtlib import * # Import functions/classes
>>> pcap = PCAP('output.pcap') # create a new pcap file
>>> conn = pcap.tcp_conn_to_server(8481) # create a new tcp stream to port 8481
# and write it to the above pcap
>>> conn.to_server("from client to server") # send some data to the server
>>> conn.to_client("from server to client") # send some data to the client
>>> conn.finish() # perform the fin/ack shutdown
# sequence
>>> pcap.close() # close the pcap file
About
PGT allows you to generate pcaps using python without touching the network in any way. It is dependent upon scapy.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- Python 100.0%