Jump to content


Photo
- - - - -

sending a pre-made packet


  • Please log in to reply
10 replies to this topic

#1 Jberryman

Jberryman

    SUP3R 31337 P1MP

  • Members
  • 283 posts

Posted 07 October 2004 - 03:42 PM

There is a site (as I posted about in the general forum) that spoofs an ebay login screen to collect logins/passwords. I want to send a lot of input over and over again.

I have captured the packets exchanged between my comp and the site when the username/password is submitted, and found which one contains the user/pass data. So can I just send this packet over and over again to the site, or is it more compilicated than that? If it isn't, then what kind of software would be needed to do that?
Thanks

#2 Omni-Max

Omni-Max

    SUP3R 31337 P1MP

  • Members
  • 270 posts
  • Location:In a technical support building somewhere

Posted 09 October 2004 - 03:02 PM

Hmm, well, it depends.

Is HTTP a tcp/ip protocol? (do we need to make a connection before sending data?)
Is it a UDP protocol?

I find that linux excells as tasks like these. You should burn a Live! cd of some OS and start messing around. :)

#3 Jberryman

Jberryman

    SUP3R 31337 P1MP

  • Members
  • 283 posts

Posted 09 October 2004 - 03:35 PM

Thanks for the response. I guess reading up on HTTP and TCP would probably answer my question, and clear up a few things.

#4 Omni-Max

Omni-Max

    SUP3R 31337 P1MP

  • Members
  • 270 posts
  • Location:In a technical support building somewhere

Posted 09 October 2004 - 03:52 PM

Well, it was a crappy reply, I admit, but I'm not good at packet stuff.

there are tools that attach themselves at the application layer, though.

#5 Kev420inK

Kev420inK

    HACK THE PLANET!

  • Members
  • 58 posts

Posted 09 October 2004 - 04:52 PM

Hey,

This program creates packets from scratch
http://www.engagesec...epacketbuilder/
And its FREE!

But this might be a pretty complicated thing to do.
Also some netork analyzers allow you to resend packets pretty easily, To send a made from scratch ping packet would work fine, but to so something like this probably isnt as easy, as it expects not just that packet, but all the packets before it. Also there is sequence numbers for TCP and who knows what else that needs to be in place first.

I honestly dont know, would have to screw around with it myself, but hopefully I contributed something of value.

Creating a custom ping packet would be a pretty cool way to send a secret message (covert channel) Instead of it saying abcdefghijklmnopqrstuabcd(microsoft's ping) You can make it say "Murder, tonight at 5:30" and the other person will be collecting only ping traffic with network analyzer. Most people dont capture and save other peoples pings. Even better would be to encrypt "Murder, tonight at 5:30" then send the ciphertext as the ping message.

Just a fun idea :)

Edited by Kev420inK, 09 October 2004 - 04:58 PM.


#6 Jberryman

Jberryman

    SUP3R 31337 P1MP

  • Members
  • 283 posts

Posted 10 October 2004 - 06:18 PM

Thanks for the link Kev420inK, that looks like a good tool. I really like the ping idea. Even better, you could make the ping look like it came from the person who you want to receive the message, then you send the ping to any host, and they bounce it, not back to you, but to your desired recipient. Completely anonymous.
I'll bet you could write a script to use this method to send short IMs between two people.

Well, it was a crappy reply, I admit, but I'm not good at packet stuff.

I thought you were trying to get me thinking, lol. But I read up about TCP being a "connection based" protocol that requires the three-way handshake deal, so my idea of just shooting that one packet to the host would not have worked. As I understand, UDP is not connection-based like TCP (and HTTP), so maybe this could have worked in a situation involving UDP.

Edited by Jberryman, 10 October 2004 - 06:33 PM.


#7 Kev420inK

Kev420inK

    HACK THE PLANET!

  • Members
  • 58 posts

Posted 11 October 2004 - 06:43 AM

Hey,

Maybe netcat can help you? im not really sure. I just used netcat to connect to an irc server and channel. all i had to do was sniff a little bit of irc with ethereal. then i just saw all the commands to be passed to the server, and i successfully joined a channel and talked, all using netcat. the thing is, irc is a pretty simple protocol. I then tried doing similar with aim, but aim has a lot of more stuff goin on. It didnt look like netcat would do it for me. But i guess thats why people make implemantations of protocols. its alot easier just using aim, hehe

:)

Your thing is probably pretty complicated too. I guess if you are a programmer it would be easy? i dont know, but if you were to do it at the packet level, then you would need to just copy a session, and change it around to how you want it, and have a program that will replay all those packets in the order you need. but theres probably a lot of learnin to do. it would be fun though.

Edited by Kev420inK, 11 October 2004 - 06:47 AM.


#8 Jberryman

Jberryman

    SUP3R 31337 P1MP

  • Members
  • 283 posts

Posted 11 October 2004 - 08:37 AM

Your thing is probably pretty complicated too. I guess if you are a programmer it would be easy? i dont know, but if you were to do it at the packet level, then you would need to just copy a session, and change it around to how you want it, and have a program that will replay all those packets in the order you need. but theres probably a lot of learnin to do. it would be fun though.

I think this would actually be very simple. I could tell what everything was in the ping packet pretty easily. I am learning perl at the moment, so this will be my first real programming project once I feel I have enough know-how to attempt it.

#9 Kev420inK

Kev420inK

    HACK THE PLANET!

  • Members
  • 58 posts

Posted 16 October 2004 - 04:58 AM

Etherpeek will let you resend entire trace files, and of course edit them also, so if you have a few thousand dollars laying around, that might be an option.

#10 semen

semen

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 304 posts
  • Location:Ontario

Posted 16 October 2004 - 10:38 AM

Etherpeek will let you resend entire trace files, and of course edit them also, so if you have a few thousand dollars laying around, that might be an option.

I also believe for Windows, CommView will allow you to edit and resend packets. wInject maybe also be of use to you. I can't find anything that allows you to edit and resend packets *on the fly* in Linux apart from using ngrep, netsed and other 'busybox' type tools.

#11 SUB-S0NIX

SUB-S0NIX

    !Pee-Wee Pimpin!

  • Members
  • 1,381 posts

Posted 16 October 2004 - 04:51 PM

:huh: ya ok so where do ya learn on decoding the ascii and hex? ima total noob with packets and think its time to learn...




BinRev is hosted by the great people at Lunarpages!