Great changes in SniffJoke, in order to reach 0.5 release. What’s follow is a pseudo-technical description, the short version is: “SniffJoke has an official mailing list under sikurezza.org, is sniffjoke@sikurezza.org, only subscribed member could post on it, and mainly follow the development and the users feedback. Subscribe/Archive, here: https://www.sikurezza.org/lists/listinfo/sniffjoke“. And now, Janus time!
evilaliv3 and him almost infinite energy, has develop janus, the extrapolation of the low level man in the middle networking made by sniffjoke, in an easy portable C implementation.
low level of local redirection has been developed some years ago in libdnet. Ignoring the fact that I’ve not make a deep analysis of such, I’ve always avoid the system dependent approach used into. libdnet, low level base in fragrouter, stegotunnel and other in the middle application. libdnet use change routing thru the integration of OS-dependent system calls. (if you ever made a software that emulate iptables/route will understand how much painful will results! check with strace: much of them are huge data struct passed via ioctl!).
This is not usable in Sj, When SniffJoke was stabilized in the 0.4.2 release, became clear that the portability was a serious issue. the complexity bring portability challenge. Netherless, the portability effort slow the core research in Sj (the attacks on NIDS, scramble and plugins).
What’s we aim with Janus, 0.1 ?
Janus is the new low level sniffjoke handler, is required, a single root process mangling the network traffic. has been splitted by sniffjoke package for portability purpose. If you’re using a sniffjoke installed from a package: don’t care about, it already contain janus. otherwise, if you’re downloading the github nighlty release, you will need understand why Janus exists and how to make it works.
Janus permits this new solution, splitting sniffjoke in two parts: the traffic mangler, with rules and plugin will became a single thread userspace and POSIX portables software, the low level networking man in the middle will be obtain by another software. Janus is that sw.
Janus in the greek mithology is the two face head, in our picture, one face directred in the network layer, and the other to sniffjoke (or, to every other application want interfacing into).
Janus goal is to be portable, able to run in every network device, thus has been development in simple C, instead of the SniffJoke C++. At the moment, only under Linux and lafonera has work, but under MacOSX/*BSD is under research.
Janus aim to make an userspace application able to receive network traffic before the kernel, mangle them and resend transparently. In output too, need to grab the network traffic after the kernel has managed the connection, and be able to stop, inject new and modify the TCP/IP packets.
At the moment, Janus use hardcoded commands :P therefore, is not portable except a serious effort. Anyway, before the first release, will exist and external file describing what’s command has to be used for every distribution/OSs, so every package maintainer need to found the correct command line for obtain the correct effect on the OS, and write it in a file.
The document written for show this flexibility strength, is here (my janus branch must not be considered the stable one, almost, until the 0.5 is complete): https://github.com/vecna/janus/blob/master/doc/PORTING.txt
