Saturday, 27 December 2008

After a long while...


After a long while Hugo & I decided to prepare the new Inguma version (Release 0.1.0) with some new features. There are new modules in the new version, as the ASNQuery module or the NMap fronted both created by Hugo, and new features & tools.

The 2 most interesting new tools added to the framework are, for sure, the PCAP-based fuzzer and the OpenDis Binary Navigator.

The PCAP based fuzzer works this way: Record with your favourite sniffer a session communicating with your target server application, save the recorded session as one PCAP file and create a new PCAP based fuzzer as the following:

import sys
from scapy import *
from fuzzpcap import *
from lib import libfuzz

def main(pcapFile, dest, destPort):

replayList = []

pktList = rdpcap(pcapFile)

for pkt in pktList:
tcpPkt = pkt[TCP]
flags = tcpPkt.sprintf("%flags%")
dst = pkt.sprintf("%IP.dst%")
dstPort = tcpPkt.sprintf("%TCP.dport%")

if flags == "PA" and dst == dest and dstPort == destPort:
# Get the packet's data
pktBuf = str(tcpPkt[Raw])

replayer = CReplayFuzzer(dest, destPort, replayList)
replayer.verbose = False # Show every packet that will be sent?
replayer.timeout = 0.3   # Time to wait for a response?
replayer.waitResponse = True # Wait for a response?
replayer.startPacket = 0     # Start from packet number 0
replayer.dontWaitFor = xrange(0, 1024) # Don't wait for a response for these packets
replayer.fuzz() # Start fuzzing now!

That easy. For some (undocumented) protocols this is a fast way to start fuzzing a complete communication session without having any knowledge about the communication protocol.

Another interesting tool (as previously pointed) is the OpenDis Binary Navigator. It's a frontend for OpenDis databases (the format of the databases changed from cpickle objects to SQLite format databases). With this tool you might upload (this is a webserver, bind it to if you don't want to open this to your network) programs to be analyzed by OpenDis and generate an SQLite based database. This database can be navigated using the OpenDis Binary Navigator.

The most curious features of OpenDis Binary Navigator right now are the ability to generate basic block diagrams (you need Graphviz) and the option to calculate the CC (Cyclomatic Complexity) of a procedure. You might see screenshots at the end of this post.

Well, that's all at the moment. I will try to upload the new version of Inguma to sourceforge before the end of the year. Happy XMas and happy new year!