Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
# 1.4.0: * Refactor FakeNet-NG to unify Windows and Linux packet handling * Remove Proxy Listener UDP stream abstraction to prevent issue where subsequent clients do not receive response packets because the proxy listener continues to send them to the old (expired) ephemeral port for the previous client * Stop flag command-line support for rudimentary IPC-based start/stop automation * Integration test script for MultiHost and SingleHost mode * Fixed Errno 98 (`TIME_WAIT`) issue with `RawTcpListener` * WinDivert `GetLastError` exception work-around for [WinDivert issue #32](ffalcinelli/pydivert#32)
- Loading branch information
1 parent
dcdcfcb
commit e54c737
Showing
29 changed files
with
4,017 additions
and
2,206 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Change Log | ||
|
||
## 1.4.0: | ||
* Refactor FakeNet-NG to unify Windows and Linux packet handling | ||
* Remove Proxy Listener UDP stream abstraction to prevent issue where | ||
subsequent clients do not receive response packets because the proxy listener | ||
continues to send them to the old (expired) ephemeral port for the previous | ||
client | ||
* Stop flag command-line support for rudimentary IPC-based start/stop | ||
automation | ||
* Integration test script for MultiHost and SingleHost mode | ||
* Fixed Errno 98 (`TIME_WAIT`) issue with `RawTcpListener` | ||
* WinDivert `GetLastError` exception work-around for [WinDivert issue | ||
#32](https://github.com/ffalcinelli/pydivert/issues/32) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# Contributors | ||
|
||
This document credits those who conceptualized and/or implemented features for | ||
FakeNet-NG. | ||
|
||
## Legacy | ||
|
||
FakeNet-NG is based on the original | ||
[FakeNet](https://practicalmalwareanalysis.com/fakenet/) tool developed by | ||
Andrew Honig and Michael Sikorski, which is still the tool of choice for | ||
malware analysis on Windows XP. | ||
|
||
## Windows | ||
|
||
Peter Kacherginsky [implemented | ||
FakeNet-NG](https://www.fireeye.com/blog/threat-research/2016/08/fakenet-ng_next_gen.html) | ||
targeting modern versions of Windows. | ||
|
||
## Linux and Core | ||
|
||
Michael Bailey [implemented FakeNet-NG on | ||
Linux](https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html), | ||
and later refactored FakeNet-NG to use this as the unified packet processing | ||
logic for both Windows and Linux. | ||
|
||
## Content-Based Protocol Detection | ||
|
||
The original FakeNet-NG was able to automatically handle SSL; meanwhile, Joshua | ||
Homan developed the original concept of using a protocol "taste" callback to | ||
sample traffic and direct clients to the appropriate server ports. Matthew | ||
Haigh, Michael Bailey, and Peter Kacherginsky conceptualized the Proxy Listener | ||
and Hidden Listener mechanisms for introducing both of these content-based | ||
protocol detection features to FakeNet-NG. Matthew Haigh then [implemented | ||
Content-Based Protocol | ||
Detection](https://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Debug print levels for fine-grained debug trace output control | ||
DNFQUEUE = (1 << 0) # netfilterqueue | ||
DGENPKT = (1 << 1) # Generic packet handling | ||
DGENPKTV = (1 << 2) # Generic packet handling with TCP analysis | ||
DCB = (1 << 3) # Packet handlign callbacks | ||
DPROCFS = (1 << 4) # procfs | ||
DIPTBLS = (1 << 5) # iptables | ||
DNONLOC = (1 << 6) # Nonlocal-destined datagrams | ||
DDPF = (1 << 7) # DPF (Dynamic Port Forwarding) | ||
DDPFV = (1 << 8) # DPF (Dynamic Port Forwarding) Verbose | ||
DIPNAT = (1 << 9) # IP redirection for nonlocal-destined datagrams | ||
DMANGLE = (1 << 10) # Packet mangling | ||
DPCAP = (1 << 11) # Pcap write logic | ||
DIGN = (1 << 12) # Packet redirect ignore conditions | ||
DFTP = (1 << 13) # FTP checks | ||
DMISC = (1 << 27) # Miscellaneous | ||
|
||
DCOMP = 0x0fffffff # Component mask | ||
DFLAG = 0xf0000000 # Flag mask | ||
DEVERY = 0x0fffffff # Log everything, low verbosity | ||
DEVERY2 = 0x8fffffff # Log everything, complete verbosity | ||
|
||
DLABELS = { | ||
DNFQUEUE: 'NFQUEUE', | ||
DGENPKT: 'GENPKT', | ||
DGENPKTV: 'GENPKTV', | ||
DCB: 'CB', | ||
DPROCFS: 'PROCFS', | ||
DIPTBLS: 'IPTABLES', | ||
DNONLOC: 'NONLOC', | ||
DDPF: 'DPF', | ||
DDPFV: 'DPFV', | ||
DIPNAT: 'IPNAT', | ||
DMANGLE: 'MANGLE', | ||
DPCAP: 'PCAP', | ||
DIGN: 'IGN', | ||
DFTP: 'FTP', | ||
DIGN | DFTP: 'IGN-FTP', | ||
DMISC: 'MISC', | ||
} | ||
|
||
DLABELS_INV = {v.upper(): k for k, v in DLABELS.iteritems()} |
Oops, something went wrong.