Wednesday, 27 August 2008

Naughty, Naughty Netcat

Netcat can be used as a replay attack engine. It works well for this purpose and is simple to use. The first part is to actually collect the information stream (the data) that you want to replay. This can be done by using another tool to create the stream or just capture (tcpdump or wireshark) a stream and alter the parts that do not fit.

This is - change the times, IP addressing, desitinations, values etc to make the captured stream suit what you want.

To replay the data, netcat in client mode will suffice:
$ cat file.capture.bin nc [destination IP] [port]

or even:
$ nc [destination IP] [port] <>

Either will work.

Either netcat in listen mode, tcpdump, wireshark or tcprelay can be used to make the initial capture.

TCPRelay works better for this task, but netcat just looks cooler (in a geek sense).

No comments: