Matasano
May 22nd, 2009, 15:18
Do you ever find yourself on a reversing or pen-testing project with the need to peek into a TCP stream and modify a little bit of data?
Do you find yourself annoyed, feeling that you’ve hacked together code to do this many times before, but simply can’t find it?
Do you find yourself hobbling together other tools to do what you need? Do you find yourself wishing you had a Burp ("http://portswigger.net/proxy/") for raw TCP connections?
No MORE!Â*Using Matasano’s Port Forwarding Interceptor ("http://github.com/s7ephen/projects/tree/master") you have the tool you need right at your fingertips! Lets take a closer look at this exciting new tool shall we?Â*
Let’s say you are watching your favorite 15 minute ANSI art rendition of Star Wars on telnet://towel.blinkenlights.nlÂ*. You think to yourself:
“Man I sure wish I could get in-between my telnet client and the server and begin reversing this Star Wars protocol”.
Then you remember you got Matasano’s PFI ("http://github.com/s7ephen/projects/tree/master") off of Github ("https://github.com/") earlier today!
You take a look at the usage and it seems pretty self explanitory…
http://www.matasano.com/log/wp-content/uploads/2009/05/pfi_usage.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/pfi_usage.jpg")
So then you decide to try it out by running something like this:
http://www.matasano.com/log/wp-content/uploads/2009/05/starting_pfi.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/starting_pfi.jpg")
(This sets up PFI ("http://github.com/s7ephen/projects/tree/master") as a TCP port forward listening on the loopback interface on port 23 ("http://en.wikipedia.org/wiki/Telnet") and forwarding traffic to towel.blinkenlights.nl on port 23 ("http://en.wikipedia.org/wiki/Telnet"), but you knew that already of course, thats why you ran it…
You are then greeted by the comforting and familiar PFI ("http://github.com/s7ephen/projects/tree/master") GUI windows. And hey, you didn’t even have to install any weird python modules or dependencies!
http://www.matasano.com/log/wp-content/uploads/2009/05/pfistartupscreens.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/pfistartupscreens.jpg")
You take a minute to notice how simple and self-explanitory it all is. One window displays the intercepted text, and allows you to choose whether to intercept. The other window allows you to edit the intercepted data before it is passed on through the tunnel. How easy! It is like a “Burp ("http://portswigger.net/proxy/")” for raw TCP!
You then decide to try it out by connecting through the tunnel:
http://www.matasano.com/log/wp-content/uploads/2009/05/telnet_through_pfi.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/telnet_through_pfi.jpg")
And begin watching your ANSI art show:
http://www.matasano.com/log/wp-content/uploads/2009/05/telnet_through_pfi1.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/telnet_through_pfi1.jpg")
So the tunnel works! You look back at your PFI ("http://github.com/s7ephen/projects/tree/master") main window and see that data is in fact passing through PFI ("http://github.com/s7ephen/projects/tree/master").
http://www.matasano.com/log/wp-content/uploads/2009/05/main_display_window.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/main_display_window.jpg")
You select the “Intercept” check boxes and begin intercepting and editing data across the tunnel.
http://www.matasano.com/log/wp-content/uploads/2009/05/traffic_editor_window.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/traffic_editor_window.jpg")
And as you begin reversing the complex ANSI Star Wars protocol you cant help but feel yourself awash with gratitude that Matasano PFI ("http://github.com/s7ephen/projects/tree/master") saved you the trouble of having to dig out all your old scripts and programs. You give your monitor a thumbs up and say: “Thanks PFI!”
Then you remember that Matasano Blackbag ("http://www.matasano.com/download/blackbag-0.9.1.tgz") also had a similar tool (called replug) and then you feel silly, not just about neglecting Blackbag but also that you gave your monitor a thumbs up.
http://www.matasano.com/log/1693/matasano-pfi-as-seen-on-tv/
Do you find yourself annoyed, feeling that you’ve hacked together code to do this many times before, but simply can’t find it?
Do you find yourself hobbling together other tools to do what you need? Do you find yourself wishing you had a Burp ("http://portswigger.net/proxy/") for raw TCP connections?
No MORE!Â*Using Matasano’s Port Forwarding Interceptor ("http://github.com/s7ephen/projects/tree/master") you have the tool you need right at your fingertips! Lets take a closer look at this exciting new tool shall we?Â*
Let’s say you are watching your favorite 15 minute ANSI art rendition of Star Wars on telnet://towel.blinkenlights.nlÂ*. You think to yourself:
“Man I sure wish I could get in-between my telnet client and the server and begin reversing this Star Wars protocol”.
Then you remember you got Matasano’s PFI ("http://github.com/s7ephen/projects/tree/master") off of Github ("https://github.com/") earlier today!
You take a look at the usage and it seems pretty self explanitory…
http://www.matasano.com/log/wp-content/uploads/2009/05/pfi_usage.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/pfi_usage.jpg")
So then you decide to try it out by running something like this:
http://www.matasano.com/log/wp-content/uploads/2009/05/starting_pfi.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/starting_pfi.jpg")
(This sets up PFI ("http://github.com/s7ephen/projects/tree/master") as a TCP port forward listening on the loopback interface on port 23 ("http://en.wikipedia.org/wiki/Telnet") and forwarding traffic to towel.blinkenlights.nl on port 23 ("http://en.wikipedia.org/wiki/Telnet"), but you knew that already of course, thats why you ran it…
You are then greeted by the comforting and familiar PFI ("http://github.com/s7ephen/projects/tree/master") GUI windows. And hey, you didn’t even have to install any weird python modules or dependencies!
http://www.matasano.com/log/wp-content/uploads/2009/05/pfistartupscreens.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/pfistartupscreens.jpg")
You take a minute to notice how simple and self-explanitory it all is. One window displays the intercepted text, and allows you to choose whether to intercept. The other window allows you to edit the intercepted data before it is passed on through the tunnel. How easy! It is like a “Burp ("http://portswigger.net/proxy/")” for raw TCP!
You then decide to try it out by connecting through the tunnel:
http://www.matasano.com/log/wp-content/uploads/2009/05/telnet_through_pfi.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/telnet_through_pfi.jpg")
And begin watching your ANSI art show:
http://www.matasano.com/log/wp-content/uploads/2009/05/telnet_through_pfi1.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/telnet_through_pfi1.jpg")
So the tunnel works! You look back at your PFI ("http://github.com/s7ephen/projects/tree/master") main window and see that data is in fact passing through PFI ("http://github.com/s7ephen/projects/tree/master").
http://www.matasano.com/log/wp-content/uploads/2009/05/main_display_window.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/main_display_window.jpg")
You select the “Intercept” check boxes and begin intercepting and editing data across the tunnel.
http://www.matasano.com/log/wp-content/uploads/2009/05/traffic_editor_window.jpg ("http://www.matasano.com/log/wp-content/uploads/2009/05/traffic_editor_window.jpg")
And as you begin reversing the complex ANSI Star Wars protocol you cant help but feel yourself awash with gratitude that Matasano PFI ("http://github.com/s7ephen/projects/tree/master") saved you the trouble of having to dig out all your old scripts and programs. You give your monitor a thumbs up and say: “Thanks PFI!”
Then you remember that Matasano Blackbag ("http://www.matasano.com/download/blackbag-0.9.1.tgz") also had a similar tool (called replug) and then you feel silly, not just about neglecting Blackbag but also that you gave your monitor a thumbs up.
http://www.matasano.com/log/1693/matasano-pfi-as-seen-on-tv/
