1 of 20

Slide Notes

DownloadGo Live

Scapy

Published on Nov 18, 2015

No Description

PRESENTATION OUTLINE

Scapy

Advanced by Jesús Pedrosa

Roadmap

  • Sniffing
  • Injecting
  • Creating a new protocol
  • Creating an out of the ordinary protocol
  • Creating a traffic generator (included in the deluxe version)

Sniffing

Hardcore Level: Virgin Mary
Photo by bikesandwich

The easy way

  • The sniff() method
  • Filters
  • Interfaces
  • Packet count
Photo by Carlos Alejo

Injecting

Hardcore Level: Saint Joseph
Photo by baseball971

The not so easy way

  • The sr() method
  • The "other" sr() methods, sr1, srp, srloop, srploop

Creating a new protocol

Hardcore level: Saint Peter
Photo by Gemma Stiles

What scapy is good for out of the box

  • Protocols based on fixed packet representation
  • Protocols with simple type representation
  • Protocols that are already well settled in the market
Photo by derekskey

What scapy is a pain in the ass for

  • New protocols
  • Protocols with weird conditional fields
  • Protocols with a variable structure
  • Protocols with different levels of abstraction/subprotocols
  • Mostly anything that is not well settled in the market/already included in the framework to begin with
Photo by derekskey

What are we going to try

  • Create a new layer
  • Create a new field
  • Create a new binding
  • Use it for something
Photo by derekskey

Our new layer

  • Name and fields_desc[] class attributes
  • Standard types of fields: bit, byte, x3byte, enum...
  • Conditional fields
  • Length fields and fields with length
Photo by derekskey

Our new field

  • The getfield() method
  • The i2m() method
  • Getting to chop the length we want
Photo by derekskey

Binding layers

  • Used to tell the dissector to jump form one analyzer to another
  • The bind_layer() method
  • Simple conditions
Photo by derekskey

Creating an out of the ordinary protocol

Hardcore Level: God

So you say you protocol looks like... what?

  • Overloading the __init__() of the class
  • Setting a new name for every new instace
  • Setting a new fields_desc for every new instance
  • Setting up our own flags for later
  • Inheritance and adding some other weird stuff
Photo by rolfkallman

Where the magic lies

  • The dissect() method
  • The do_dissect() method
  • The guess_payload_class() method
Photo by rolfkallman

Overcoming Scapy limitations

  • Creating a state object
  • Passing data from one packet to another
  • Behaving accordingly to the state
Photo by rolfkallman

Fields with particular needs

  • Example of Huffman codification decodification and http2 in general
Photo by rolfkallman

Creating a traffic generator (included in the deluxe version)

Now this is some serious stuff
Photo by maticulous

Possibilities

Photo by rwillia532