Polymorph – A Real-Time Network Packet Manipulation Framework With Support For Almost All Existing Protocols

Polymorph is a framework written in Python 3 that permits the amendment of community packets in actual time, offering most keep an eye on to the consumer over the contents of the packet. This framework is meant to supply an efficient answer for actual-time amendment of community packets that enforce almost any current protocol, together with non-public protocols that don’t have a public specification. In addition to this, one of its primary targets is to give you the consumer with the utmost imaginable keep an eye on over the contents of the packet and having the ability to carry out advanced processing in this knowledge.

command line interface of the Polymorph framework. It is really useful to make use of for duties comparable to amendment of easy protocols or execution of up to now generated templates.

Using the Polymorph primary interface
For examples and documentation please check with:

  • English whitepaper
  • Spanish whitepaper
  • Building a Proxy Fuzzer for the MQTT protocol with Polymorph

Using the Phcli

Dissecting virtually any community protocol
Let’s get started through seeing how Polymorph dissects the fields of various community protocols, it’ll be helpful to check with them if we wish to regulate any of this fields in actual time. You can check out any protocol that comes in your thoughts.

  • HTTP protocol, exhibit best the HTTP layer and the fields belonging to it.
# phcli --protocol http --show-fields
  • Show the whole HTTP packet and the fields belonging to it.
# phcli --protocol http --show-packet

You too can observe filters on community packets, as an example, you’ll point out that best the ones containing a definite string or quantity are displayed.

# phcli -p dns --show-fields --in-pkt "phrack"
# phcli -p icmp --show-packet --in-pkt "84" --type "int"
  • You too can concatenate filters.
# phcli -p http --show-packet --in-pkt "phrack;GET;problems"
# phcli -p icmp --show-packet --in-pkt "012345;84" --type "str;int"
  • You can filter out through the identify of the fields that the protocol accommodates, however take note that this identify is the one that Polymorph supplies when it dissects the community packet.
# phcli -p icmp --show-packet --field "chksum"
  • You too can concatenate fields.
# phcli -p mqtt --show-packet --field "matter;msg"

Modifying community packets in actual time
Now that we all know the Polymorph illustration of the community packet that we wish to regulate, we can see how one can regulate it in actual time.
Let’s get started with some examples. All the filters defined all the way through the former phase will also be implemented right here.

  • This will simply regulate a packet that accommodates the strings /problems/40/1.html and GET through putting within the request_uri subject the worth /problems/61/1.html. So when the consumer seek advice from http://phrack.org/problems/40/1.html the browser will seek advice from http://phrack.org/problems/61/1.html
# phcli -p http --field "request_uri" --value "/problems/61/1.html" --in-pkt "/problems/40/1.html;GET"
  • The earlier command will paintings if we’re in the midst of the conversation between a system and the gateway. Probably the consumer needs to ascertain himself within the heart, for this he can use arp spoofing.
# phcli --spoof arp --target 192.168.1.20 --gateway 192.168.1.1 -p http -f "request_uri" -v "/problems/61/1.html" --in-pkt "/problems/40/1.html;GET"
  • Or perhaps the consumer needs to take a look at it on localhost, for that he best has to switch the iptables rule that Polymorph establishes through default.
# phcli -p http -f "request_uri" -v "/problems/61/1.html" --in-pkt "/problems/40/1.html;GET" -ipt "iptables -A OUTPUT -j NFQUEUE --queue-num 1"

It is also the case that the consumer needs to switch a collection of bytes of a community packet that experience now not been interpreted as a subject through Polymorph. For this you’ll immediately get entry to the packet bytes the usage of a slice. (Remember so as to add the iptables rule in case you check out it in localhost)

# phcli -p icmp --bytes "50:55" --value "hi" --in-pkt "012345"
# phcli -p icmp -b "-6:-1" --value "hi" --in-pkt "012345"
# phcli -p tcp -b "-54:-20" -v '">' --in-pkt ""

Adding advanced processing in actual time
In positive scenarios it’s imaginable that the PHCLI choices aren’t sufficient to accomplish a definite motion. For this, the framework implements the idea that of conditional purposes, which might be purposes written in Python that shall be performed at the community packet this is intercepted in actual time.

  • The Conditional purposes have the next layout:
def precondition(packet):
# Processing at the packet intercepted in actual time
go back packet
  • As a easy instance, we’re going to display the uncooked bytes of the packets that we intercept. (Remember so as to add the iptables rule in case you check out it in localhost)
def execution(packet):
print(packet.get_payload())
go back None
# phcli -p icmp --executions execution.py -v "None"

For extra knowledge in regards to the energy of the conditional purposes, check with:

  • English whitepaper
  • Spanish whitepaper

Release Notes
unlock-notes-1.0.0
unlock-notes-1.0.3

Contact
[email protected]

Download Polymorph