[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0309182329160.4683-200000@felinemenace>
From: nd at felinemenace.org (ned)
Subject: hooking python send()
hello,
attached is a patch to timeoutsocket.py which records all the data that is
parsed to a socket to be sent. timeoutsocket.py already does this but only
to make sure that the send or recv or connect doesn't time out. download
and patch timeoutsocket.py from here:
http://www.timo-tasi.org/python/timeoutsocket.py
anyway...why would i want to see what is been sent? it's perfect for
capturing packet data that is sent via a binary protocol, like DCERPC or
NetBIOS or SMB and it's perfect for building payload-only exploits which
can be distributed without worrying about copyrights. yes, although im am
still unsure about some of the licenses, it is fine to distribute exploits
that dont contain routines that are copyrighted. after all its the
physical (code) thats proprietory and not the impulses it creates!
have a good one,
- nd
----
http://felinemenace.org/~nd/HOONCGI.html
-------------- next part --------------
-bash-2.05b$ diff -u timeoutsocket.py timeouthacked.py
--- timeoutsocket.py 2003-06-26 01:18:34.000000000 -0700
+++ timeouthacked.py 2003-09-18 23:18:25.000000000 -0700
@@ -166,6 +166,7 @@
def __init__(self, sock, timeout):
self._sock = sock
self._timeout = timeout
+ self.count = 0
# end __init__
def __getattr__(self, key):
@@ -229,6 +230,7 @@
# ONLY if dumbhack indicates this is pass number one.
# If select raises an error, we pass it on.
# Is this the right behavior?
+ self.count = 0
if not dumbhack:
r,w,e = select.select([], [sock], [], timeout)
if w:
@@ -289,6 +291,7 @@
#no raising for me!
return 0
raise Timeout("Send timed out")
+ self.dump(data)
return sock.send(data, flags)
# end send
@@ -314,6 +317,25 @@
else:
self._copies = self._copies -1
# end close
+
+ def dump(self,data):
+ t = ""
+ single = 0
+ self.count += 1
+ for x in data:
+ t += "0x%2.2x " % ord(x)
+ if single == 8:
+ t += "\n"
+ single = 0
+ else:
+ single += 1
+ f = "\n[HEXDUMP] ----------------------------------- [%d]\n" % (self.count)
+ q = "\n[ASCII] ------------------------------------ [%d]\n" % (self.count)
+ t = f + t + q + data
+ handle = open("data.txt","a")
+ handle.write(t)
+ handle.close()
+
# end TimeoutSocket
@@ -426,3 +448,4 @@
del socket
socket = timeoutsocket
# Finis
+
Powered by blists - more mailing lists