Matasano Security 2009
Chris@Matasano.com
Description
QueRub is a program that calls the netfilter queue library in order to pass
network packets transparently to a Ruby script you provide for fuzzing, reverse
engineering or modification. QueRub is for Linux only.
For those Debian/Ubuntu users out there you can install the needed libraries
by running:
apt-get install libnetfilter-queue1 libnetfilter-queue-dev
Compile QueRub by typing 'make' in the directory. Then you want an IPTables
rule to hijack traffic for you, heres an example:
iptables -A INPUT -p tcp --dport 9191 -j QUEUE
This will queue all inbound TCP traffic with a destination port of 9191 for
QueRub to pass to the querub.rb Ruby script. Now all you have to do is add
your fuzzing or inspecting code to querub.rb and run querub with your script
$ make
gcc -pipe -ggdb -Wall -I/usr/lib/ruby/1.8/i486-linux/ -c -o querub.o querub.c
gcc -pipe -ggdb -Wall -I/usr/lib/ruby/1.8/i486-linux/ -c -o cksum.o cksum.c
$ ./querub querub.rb querub_main
Where querub.rb is your script and querub_main is the method you want called
when a packet is received. (QueRub will not check if querub_main exists)
QueRub will automatically call an *optional* method in every script you give it.
The name of this optional method is 'querub_setup'. See scripts/*.rb for examples!
