Datapipe

 < Day Day Up > 



A port redirection tool passes TCP/IP traffic received by the tool on one port to another port to which the tool points. Aside from handling IP addresses and port numbers, port redirection is protocol ignorant—the tool does not care whether you pass encrypted Secure Shell (SSH) traffic or plain-text e-mail through it. A port redirection tool is neither a client nor a server. It functions as a conduit for TCP/IP connections, not an end point. For example, you could place a datapipe between a web browser and a web server. The web browser would point to the port redirection tool, but all requests would be passed on to the web server.

Datapipe is a Unix-based port redirection tool written by Todd Vierling. It uses standard system and network libraries, which enable it to run on the alphabet of Unix platforms.

Note 

Datapipe is not exploit code. It is not a buffer overflow or a cross-site scripting attack. For all the scenarios mentioned in these examples, command-line access is a prerequisite on the server running the port redirection tool.

Implementation

Most simple tools in the Unix world are easy to distribute in source code. This enables users to adapt a program to a variety of hardware platforms and Unix versions. Datapipe is no different.

Compiling from Source

You must compile datapipe for your platform. Often, it is useful for you to have precompiled binaries for several types of Unix: Solaris, AIX, Linux, FreeBSD, OSX, and so on. Use gcc to compile for Linux distributions and the BSD family:

$ gcc -o datapipe datapipe.c datapipe.c: In function 'main': datapipe.c:86: warning: passing arg 1 of 'gethostbyaddr' from incompatible  pointer type datapipe.c:98: warning: passing arg 2 of 'bind' from incompatible pointer  type datapipe.c:113: warning: passing arg 2 of 'accept' from incompatible pointer  type datapipe.c:136: warning: passing arg 2 of 'connect' from incompatible pointer  type

The binary has compiled successfully at this point. The warnings for the bind, accept, and connect functions can be avoided by casting the second argument to (struct sockaddr *) as seen next, but the program still works:

if (bind(lsock, (struct sockaddr *) &laddr, sizeof(laddr))) { 

Depending on your system’s compatibility libraries, you may also need to remove line 48:

#include <linux/time.h>

Remove this line with impunity.

Datapipe also compiles under Cygwin, but you must modify one more line (line 96 in the original source):

laddr.sin_family = htons(AF_INET); Remove the htons function call: laddr.sin_family = AF_INET;

Remember that the cygwin1.dll must be present for datapipe to execute on Windows; however, you do not need to register the DLL. Note that Windows does not require that you have root (Administrator) privileges to open a port below 1024, whereas root privileges are required in a Unix environment.

Other Compile Options   When compiling datapipe for some Unix variants, build shared and static versions of the binary. A shared library version is built with the default gcc options mentioned. This produces the smallest binary file, but it might run on only the physical host on which it was compiled. The alternative is to build a static version that contains all the necessary support functions for the program to execute:

$ gcc –o datapipe_static –static datapipe.c

This produces a much larger binary file, but it should run on any peer operating system. A static version of datapipe makes it easy to drop the tool onto a system that might not have a compiler. You can also specify the –s option to gcc to strip some of the unused symbol information:

$ gcc –o datapipe_static_stripped –static –s datapipe.c

Here’s an example of the different file sizes on an OpenBSD system. The asterisk (*) indicates that the file is executable:

-rwxr-xr-x  1 root  wheel   29420 Mar  9 20:05 datapipe* rw-r--r--  1 root  wheel    4556 Mar  9 20:05 datapipe.c rwxr-xr-x  1 root  wheel  175139 Mar 10 01:45 datapipe_static* rwxr-xr-x  1 root  wheel  143360 Mar 10 01:45 datapipe_static_stripped*

Note 

Try to build a collection of static, stripped datapipes for Solaris (sparc and x86), AIX, IRIX, Linux (x86), and FreeBSD; you may thank yourself one day!

Redirecting Traffic

Using datapipe is straightforward in spite of the complicated port redirection tunnels that you can create with it:

$ ./datapipe usage: ./datapipe <localport> <remoteport> <remotehost>
  • The <localport> value represents the listening port on the local system; connections will be made to this port number. On Unix systems, you must have root access to open a listening port below 1024. If you receive an error similar to "bind: Permission denied," your account may not have privileges to open a reserved port.

  • The <remoteport> value represents the port to which data is to be forwarded. For example, in most cases if the target is a web server, the <remoteport> value will be 80.

  • The <remotehost> value represents the hostname or IP address of the target.

The easiest conceptual example of port redirection is forwarding HTTP traffic. Here we set up a datapipe to listen on a high port, 9080 in this example, that redirects to a web site of your choice:

$ ./datapipe 9080 80 www.google.com

Now, we enter this URL into a web browser:

http://localhost:9080/

You should see Google’s home page. By design, datapipe places itself in the background. So we’ll have to use the ps and kill commands to find the process ID to stop it:

$ ps auxww | grep datapipe oot 21570 0.0 0.1 44 132 ?? Is 8:45PM 0:00.00 ./datapipe 9080 80 www.google.com  kill -9 21570 

Datapipe performs a basic function, but with a little creativity you can make it a powerful tool. Check out “Case Study: Port Hopping” later in this chapter for suggestions on when to use port redirection.

Note 

Port redirection forwards traffic between TCP ports only. It does not perform protocol conversion or any other data manipulation. Redirecting web traffic from port 80 to port 443 will not change HTTP connections to encrypted HTTPS connections. Use an SSL proxy instead, such as Stunnel.



 < Day Day Up > 



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2004
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net