SniffJoke 0.3

Posted on 2 April 2009 by vecna

SniffJoke is a “connection scrambler” for Linux with the purpose of preventing packet sniffers from reassemble network sessions of the user. The “sniffer evasion” technology is well known since almost 10 years. SniffJoke implements the most efficents techniques. Using a local fake tunnel it is able to manage outgoing and ingoing packets without disturbing the kernel. With the local web interface the user can easily start/stop and configure SniffJoke. At the moment, Wireshark, the most famous packet analyzer, is unable to correctly reconstruct TCP flow mangled by SniffJoke. I would like to update the list of victim sniffers, so please send me a report if you test SniffJoke with other network protocol analyzers.

SniffJoke page

About vecna

Claudio Agosti (I, in this section) is currently working in some projects involving: steganography, anonymity, deep level networking, voip and mobile network security and online human right protection. Mix well, put a sprinkle of anti-forensic, serve cold. The worst issue in those really cool projects is that no one is financing me, thus sometime I need to work. Jobs actually include developing and few security issue to manage. Dreams ? A world where everyone has N-pseudonyms, certified by web of trust security model. I'm not "security certified" except lifeguard, I'm bored by penetration testing, and my future is painted with javascript. keywords: vecna, s0ftpj, sniffjoke, globaleaks, winston smith project, elettra.
This entry was posted in e-privacy, english, hacking and tagged . Bookmark the permalink.

3 Responses to SniffJoke 0.3

  1. Pingback: SniffJoke: connection scrambler libero for Linux

  2. LonerVamp says:
    15 April 2009 at 4:32 pm

    Have you thought about including traffic that will actually crash sniffers like Wireshark, or at least recent versions?

    Like
    http://www.milw0rm.com/exploits/8308
    http://www.securitytracker.com/alerts/2008/Feb/1019515.html
    http://www.securiteam.com/securitynews/5YP0B1PMAW.html

  3. vecna says:
    15 April 2009 at 5:32 pm

    LonerVamp, interesting suggestion, anyway, the vulnerable version is old (Solution: The vendor has issued a fix (0.99.8). ) and mine attacks are not simple strange devel’s bug, but correct packets that could not be so easily fixed by wireshark and other flow reassembler.

    Undoubtly the possibility to broke execution in a remote sniffer sounds good, but denial of service had short life, I’m looking for hacks difficult to handle to the sniffer developer.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>