A tool to help in testing client/server robustness in the presence of malformed data.
Supported protocols:
- IPv4
- UDP
- TCP
Requirements:
g++/clang++make- boost: https://www.boost.org/
- libnetfilter_queue: https://www.netfilter.org/projects/libnetfilter_queue/
Build with make
nfqueue_tamer -q <queue> -t "method1;opt1;opt2" -t "method2;opt1"
Queue number defaults to 0. Must be run as root.
To create a queue:
iptables -A <chain> [filter criteria] -j NFQUEUE --queue-num <queue>
For example, to trap all outbound UDP traffic coming from port 63:
iptables -A OUTPUT -p udp --sport 63 -J NFQUEUE --queue-num 0
Available methods and associated options:
rand- Randomly tamper with dataoff- Offset, or offset range, at which to apply randomization- Defaults to 0:-1 (0 - end)
con- If offset is a range, whether or not modified bytes must be consecutive- Defaults to 0 (non-consecutive allowed)
- NOT CURRENTLY SUPPORTED
sz- Number of bytes to modify, can be a range- Defaults to 1
fixed- Overwrite region of data with supplied valuesoff- Offset at which to apply data- Cannot be a range
data- Hex data
replace- Replace bytes within matching sequenceoff- Offset into sequence to start replacing- Cannot be a range
- Can be negative
seq- Hex sequence to search fordata- Replacement datamulti- Whether to allow multiple replacements- NOTE: Previously matching sequence is currently skipped
Global options:
chance- How likely the tamper method is to be used on a given packet- Probability value between 0 and 1
- Defaults to 1
Example:
nfqueue_tamper -q 0 -t "rand;chance=.5;off=0:4;sz=1:2" -t "fixed;chance=0.1;off=16;data=0FEA0011"
This will have a 50% chance on every packet of replacing one or two of the first five bytes in the payload (application-layer data) with a random value, and a 10% chance of replacing data at offset 16-19 with 0F,EA,00,11.