Wednesday, June 25, 2008

Umit's Manipulations of Packets Art

Umit's Manipulations of Packets Art (UMPA in shortcut) is a new library provided by Umit Project.

This library is being developed during Google Summer Of Code 2008 [0] by myself. I'm going to introduce you in this project in this and probably next articles. Enjoy your reading!

Packet Manipulation

There is a lot of practicable for manipulation of packets. It's really important for administrators, hackers etc. If you want to research a network and how it works, sometimes you have to send some specific packets.

There are some applications like hping[1], impacket[2] or scapy[3] which give you some hand with it. So, why yet another tool for this job? Well, there are a lot of common issues with them. Dissatisfied licencse, poor abilities, unmaintainable code etc. So the fact is, there isn't any solid, easy to use and useful application which helps you control your packets over network.

And that's why Umit is going to provide another library for packets manipulation. In a wider range than it was done so far, with nice API and front-end for Umit's users.

Of course there was a discussion about reasons to write completely new library and maintain some existing code. At last we decided that the best option for Umit Project and all of you, is to write our own library.

Features

Ok, so I'm developing a backend for packet manipulation, with really funny name UMPA ;-) Now, I will say a bit about features which will be provided. The library is splitted on 3 modules.

  1. CORE (with main API)
  2. PROTOCOLS
  3. EXTENSIONS

You will use all of them, and you can easiy extend the last 2. PROTOCOLS is a module with one main class for any protocols and some predefined PROTOCOLS (like IP, TCP, SMTP, etc.). So you can easily build your packets with those protocols (by including every single protocols in other one). In fact, you will get layered packets. If you missed any protocols, you would simple write new protocols by subclassing main class and extending your new class.

Ok, so we have got a brief introduction about building packets. Exluding some standard actions (like setting source address up) I will be able to do a bit more. First of all, you can manipulate packets in 2 ways. Single bit manipulation and field manipulation. Of course some fields will be auto-generated (like checksums), but at least you will be able to modify them as well. Another feature is auto-filling fields (what I described above on the checksum example). There will be templates system. You can create a template of your packets, for dynamic generating of new packets. This template system will allow to iterate over values, use conditions etc. And it will be really powerful with our sniffing feature. Yep, I'm going to add sniffing system (using libpcap). So finally, your packets will be intelligent. Cause they will generate values from fields depending on receiving packets. All of this is what I called EXTENSIONS. And I hope, you will write some others useful extensions and share with all of us. There are some other of them which I will develop in the future. Like template-wizard etc.

Ok, that is everything for this time. If you have any suggestions, or if you want just write your opinion about this library, feel free to write me an email.

References