Matasano Security 2009
Chris@Matasano.com

Description

QueRub is a program that calls the netfilter queue library in order to pass
network packets transparently to a Ruby script you provide for fuzzing, reverse
engineering or modification. QueRub is for Linux only.

For those Debian/Ubuntu users out there you can install the needed libraries
by running:

apt-get install libnetfilter-queue1 libnetfilter-queue-dev

Compile QueRub by typing 'make' in the directory. Then you want an IPTables
rule to hijack traffic for you, heres an example:

iptables -A INPUT -p tcp --dport 9191 -j QUEUE

This will queue all inbound TCP traffic with a destination port of 9191 for
QueRub to pass to the querub.rb Ruby script. Now all you have to do is add
your fuzzing or inspecting code to querub.rb and run querub with your script

$ make
gcc -pipe -ggdb -Wall -I/usr/lib/ruby/1.8/i486-linux/   -c -o querub.o querub.c
gcc -pipe -ggdb -Wall -I/usr/lib/ruby/1.8/i486-linux/   -c -o cksum.o cksum.c

$ ./querub querub.rb querub_main

Where querub.rb is your script and querub_main is the method you want called
when a packet is received. (QueRub will not check if querub_main exists)

QueRub will automatically call an *optional* method in every script you give it.
The name of this optional method is 'querub_setup'. See scripts/*.rb for examples!