net.sniff - net.fuzz

This module is a network packet sniffer and fuzzer supporting both BPF syntax and regular expressions for filtering. It is also able to dissect several major protocols in order to harvest credentials.

Commands

net.sniff on

Start the packet sniffer.

net.sniff off

Stop the packet sniffer.

net.sniff stats

Print the packet sniffer session configuration and statistics.

net.fuzz on

Enable fuzzing for every sniffed packet containing the sapecified layers.

net.fuzz off

Disable fuzzing.

Parameters

parameter default description
net.sniff.output If set, the sniffer will write captured packets to this pcap file.
net.sniff.source If set, the sniffer will read from this pcap file instead of the current interface.
net.sniff.verbose false If true, every captured and parsed packet will be sent to the events.stream for displaying, otherwise only the ones parsed at the application layer (sni, http, etc).
net.sniff.local false If true it will consider packets from/to this computer, otherwise it will skip them.
net.sniff.filter not arp BPF filter for the sniffer.
net.sniff.regexp If set, only packets with a payload matching this regular expression will be considered.
net.fuzz.layers Payload Comma separated types of layer to fuzz.
net.fuzz.rate 1.0 Rate in the [0.0,1.0] interval of packets to fuzz.
net.fuzz.ratio 0.4 Rate in the [0.0,1.0] interval of bytes to fuzz for each packet.
net.fuzz.silent false If true it will not report fuzzed packets.

Examples

The local-sniffer.cap caplet will sniff, parse and print all packets on the local machine:

events.clear

set net.sniff.verbose false
set net.sniff.local true
# uncomment to skip ARP and DNS requests
# set net.sniff.filter "not arp and not udp port 53"
net.sniff on

Change 90% of mDNS incoming packets by fuzzing 40% of their payload (will reinject fuzzed packets):

set net.sniff.verbose true
set net.fuzz.rate 0.9
set net.fuzz.ratio 0.4
set net.fuzz.silent false
set net.fuzz.layers Payload
set net.sniff.filter "host 224.0.0.251 and port 5353"
net.fuzz on

Change 100% of WiFi packets by fuzzing 70% of their Dot11InformationElement and Dot11Data layers:

set net.sniff.verbose true
set net.fuzz.rate 1.0
set net.fuzz.ratio 0.7
set net.fuzz.layers Dot11InformationElement, Dot11Data
net.fuzz on