TCP session interception and injection framework
License
SpiderLabs/thicknet
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
master
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code
-
Clone
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more.
- Open with GitHub Desktop
- Download ZIP
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
thicknet Steve Ocepek <socepek@trustwave.com> Wendel G. Henrique <whenrique@trustwave.com> http://www.spiderlabs.com INTRODUCTION ============ thicknet is a TCP session manipulation and take-over framework. Cool stuff includes: o True L2 packet forwarding o Detection of already-running sessions o Ability to takeover sessions and issue commands o Modular implementation REQUIREMENTS ============ Perl 5.8+ Perl Modules / libraries: Net::Pcap Net::IP Net::Libdnet NetPacket::IP NetPacket::TCP NetPacket::Ethernet Data::HexDump AnyEvent EV USAGE ===== perl thicknet.pl [interface] If interface is not supplied, a prompt will appear to choose one. Ensure that your user account has root/admin privileges necessary to sniff packets. The program console is contextual, use '?' to obtain a list of commands at each level. When using injection, do not add a semicolon (;) to the end of your SQL statements -- this is not supported by the wire-side protocol. thicknet will automatically forward all packets not destined for the specified interface's IP - ENSURE THAT IP FORWARDING IS DISABLED. Use vamp.pl (included in this package) to initiate ARP poisoning and redirect packets to your own host. To enable protocol downgrade (Oracle only currently), use the 'd' command. Note that this may cause disconnects for some new sessions, depending on client version. The username and 8i hash will be printed to the screen for each successful downgrade. COPYRIGHT ========= thicknet - A tool to manipulate and take control of TCP sessions Created by Steve Ocepek and Wendel G. Henrique Copyright (C) 2010, 2011 Trustwave Holdings, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>
About
TCP session interception and injection framework
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published