Fragroute

Description

Fragroute  intercepts,  modifies,  and rewrites egress traffic destined  for the specified host. Simply frag route fragments packets originating from our(attacker) system to the destination system. Its used by security personnel or hackers for evading firewalls, avoiding IDS/IPS detections & alerts etc. Also pentesters use it to gather information from a highly secured remote host.

Usage

Syntax

fragroute –f <lconfigfile> dst<destination>

-f – Config file on how frag route should work.

 

Default configuration file is at /etc/fragroute.conf. 

Default conf File :

frag Fragroute

 

One can either use this defaut file or write a new configuration file. Custom file requires following rules to be be written.

delay first|last|random <ms>
drop first|last|random <prob-%>
dup first|last|random <prob-%>
echo <string> ...
ip_chaff dup|opt|<ttl>
ip_frag <size> [old|new]
ip_opt lsrr|ssrr <ptr> <ip-addr> ...
ip_ttl <ttl>
ip_tos <tos>
order random|reverse
print
tcp_chaff cksum|null|paws|rexmit|seq|syn|<ttl>
tcp_opt mss|wscale <size>
tcp_seg <size> [old|new]

Example

Fragment large ping packets

This demonstrates large ping packets being fragmented in between 2 hosts, the attacker & target. The attacker has ipaddress 192.168.1.8 & target has 192.168.1.4

1. In attack machine turn on fragroute

Command : fragroute –f /etc/fragroute.conf  192.168.1.4<replace with your destination>

cyborg@cyborg:~$ sudo fragroute -f /etc/fragroute.conf 192.168.1.4
[sudo] password for cyborg: 
fragroute: tcp_seg -> ip_frag -> ip_chaff -> order -> print

2. Open another terminal & ping large sized packet

Command : ping –s 10000 192.168.1.4<replace with your destination>

cyborg@cyborg:~$ ping -s 10000 192.168.1.4 PING 192.168.1.4 (192.168.1.4) 10000(10028) bytes of data.

3. Check terminal in which frag route is running

cyborg@cyborg:~$ sudo fragroute -f /etc/fragroute.conf 192.168.1.4
[sudo] password for cyborg: 
fragroute: tcp_seg -> ip_frag -> ip_chaff -> order -> print
192.168.1.8 > 192.168.1.4: (frag 3201:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 3201:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 3201:[email protected])
192.168.1.8 > 192.168.1.4: (frag 3305:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 3305:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 3305:[email protected])
192.168.1.8 > 192.168.1.4: (frag 3655:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 3655:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 3655:[email protected])
192.168.1.8 > 192.168.1.4: (frag 4051:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 4051:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 4051:[email protected])
192.168.1.8 > 192.168.1.4: (frag 4381:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 4381:[email protected])
192.168.1.8 > 192.168.1.4: (frag 4593:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 4593:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 4593:[email protected])
192.168.1.8 > 192.168.1.4: (frag 4895:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 4895:[email protected]+)
192.168.1.8 > 192.168.1.4: (frag 4895:[email protected])
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?