Structure aware fuzzing for network traffic packet captures.
- calculates the sequence and acknowledgement numbers per packet post edits
- only to edit TCP pcaps
It does not recalculate packet checksums post edits so far.
You'll need cmake to compile the the fpc_bin binary. On Ubuntu, just do:
apt install cmake
Compile the code by simply running:
cmake CMakeLists.txt
If successful, this is going to create the fbc_bin binary in the same dir.
There are two crucial scripts and steps to be able to edit the pcap.
Step 1
Create FPC aware pcap with the python script tcptofpc.py. This script will mark
the beginning of each of the packets in the pcap to be able to differentiate the
packet boundaries. Save the pcap thus created.
python3 tcptofpc.py original.pcap | tee fpc-original.pcap # idea is to save the FPC pcap, use any other way
Step 2
Edit the pcap. Use a good hex editor and edit the fpc-original.pcap as you wish.
Step 3
Remove the FPC boundary markings and recreate the pcap with the edits. This step
requires using the fpc_bin that should be present in the root dir of the project
if the above mentioned steps were completed. Save the final pcap.
./fpc_bin fpc-original.pcap | tee fin.pcap
Open and check if fin.pcap has the edits as expected.
wireshark fin.pcap &