The importance of security
A basic aspect of Internet services,
either at an application or network level, is their own security.
Currently they make great efforts aimed to keep users’ security and
privacy in Internet.
To have a proper security level is
necessary to carry out tests not only on the devices and apps that will
enable the access to information, but also on any item that will manage
information within Internet.
There are many areas on which they work
from a security point of view, one of them are the tests carried out on
these devices that manage information. Generally speaking, we can say
that devices include a protocol stack, such as TCP/IP.
Devices can range from a Hosting server in Internet to a simple robot created with “Arduino” with the capacity to connect a data network.
Furthermore, the release of the new
addressing (IPv6) in Internet provides a new focus to the M2M concept
(Machine to Machine) and brings forward the capacity to include as an
Internet device any item that a priori wasn’t conceived to have this
feature.
An example familiar to many of us is any
of our devices capable of connecting to Wi-Fi networks (mobile
terminals, tablets, mp3 players, etc.) All of them have a protocol stack
able to provide us the access to the data network through a wireless
access point.
Well, the stack that enables us to do
this has been tested not only at a performance and compatibility level,
but also from a security point of view. Checking the capacity of facing
possible “attacks” from malicious users or other threats in order to be
able to safeguard our security as the device users.
To carry out this kind of tests on the
devices it is necessary to have tools that enable us to modify on our
own way the data we exchange with other devices. There are several
options, but one open source tool that has been used to undertake this
task is Scapy, and today we’ll talk about it.
Scapy: What makes it different from other tools?
As it is described, Scapy is an
“interactive application able to manage and manipulate packets with a
wide number of protocols. It enables to capture different network
interfaces, checking parameters in real time, creating new protocols,
etc. Thanks to its capacities it is possible to carry out manually and
automatically tasks such as scanning, tracerouting or network tests.
Moreover, it allows forging packets, injecting invalid 802.11 frames or
combining technics automatically.”
This provides us a powerful base to cope with tests on network systems.
Scapy enables us to monitor the network
as Wireshark and Tcpdump does, having protocol tests, adding new
protocols to implement natively, doing “ fuzzing” tests on established
protocols, etc.
But as it can’t have it all, Scapy
sacrifices an intuitive interface for the great capacity of being used
as a library within the Python scripts. It is here where Smart Scapy (SScapy) tries to help.
SScapy: Smart Scapy
SScapy provides a graphic interface that
will enable us to create and inject packets (also to capture them in a
future) intuitively. It includes the so-called “smart mode” (for dummy
users), this mode participates in the creation of packets.
It was created within the IPv6
innovation project, that’s why this protocol has been installed in the
first place. The tool allows creating rapidly and intuitively ICMPv6
packets, adding Extension Headers, NDP (Neighbour Discovery Protocol) packets, MRD, DHCPv6 (in a future), etc. and modifies them according to our needs.
Does your platform use IPv6? Maybe you are interested in evaluating its strength with SScapy.
SScapy limitation is determined by the
very Scapy. SScapy will only support protocols that Scapy is able to
decipher. The QT4 library and Python will be useful to provide Scapy
with all the capacities we demand.
The interface depicts the following aspect:
The packet is built up from the left
pane and it is shown on the right one. Below the controls to send
packets, we’ll obtain information about the delivery and the packet
construction.
By making use of auxiliary dialogues,
information can be added on the layers and its attributes. For instance
DNS registers in a possible answer:
SScapy allows including Scapy native functions as a value of the attributes. This helps us to do some “fuzzing” tests:
The first version, the so-called
pre-alpha, with certain capacities, establishes the foundations to add
gradually functionality according to our worries/needs. Broadly
speaking, the steps we have written on the “roadmap” are
- Including new protocols.
- The tool acting in a server mode. Being able to interact with the
network according to active communications and enabling to create little
”forged” servers.
- Implementing known attacks to be reproduced in a “simple” way.
- A little “Wizard” for the creation of layers to incorporate them in the very Scapy.
The pillars we are working on
- Open approach: Scapy is an open framework that provides us the possibility of growing the project, for us as well as for the community.
- A tool developed from a necessity: SScapy was created from an internal necessity and it turned into a solution that can be useful for many others.
- Participation:
SScapy has been possible thanks to the research work framed in the
Network and Security initiative, and the Ethical Hacking team.
Source: http://www.lacofa.es/index.php/general/smart-scapy-trabajando-en-la-usabilidad-del-hacking?lang=en
