Paris  Kessler

Paris Kessler

1664422260

EV: IDS Evasion Via TCP/IP Packet Manipulation in Python

EV: IDS Evasion via TCP/IP Packet Manipulation

Introduction

EV is a tool that allows you crafting TCP packets and leveraging some well-known TCP/IP packet manipulation techniques to evade IDS devices.

It supports HTTP protocol but unfortunately not HTTPS protocol. The handshake process of TLS is quite complecated and I haven't figure out how to craft TLS packets elegantly.

This tools is written in Python and QT5, using Scapy to make packets. So though this software is tested on Windows platform only, it theoretically works on other platforms like Linux or MacOS.

Setup&run

Run following commands in your cmd/terminal to pull the latest version of the software and install required python packages:

git clone https://github.com/TomAPU/ev.git
cd ev
pip3 install -r requirements.txt

Run this command to start the software:

python3 ev.py

or you can click run.bat in the root directory of the software to start it.

Basic Usage

Fill IP,Port,and Payload field and click "Send" button to send the TCP packet to target. You can also set TCP options and source port. Remeber that TCP options are tcp options supported by scapy.

You can view response packets in "Received packets" window and click packet to view it in "View Received Packet" window. This is implemented by scapy's sniff() function, it finds packets that matches the target IP or is ICMP protocol(so that you can find TTL exceeded packets). However, sniff() sometimes records packets duplicately.So I strongly recommend users use WireShark if you've installed one to see received packets.

Request Split

You can use TCP Segmentation and IP Fragmentation to break the TCP packet into pieces and send them to target. This may defeats IDS devices which doesn't support TCP/IP reassembly.

Increasing wait time or sending packets out of order may also circumvent IDS devices who has a very limited capability in TCP/IP reassembly.

Sending Distractor Packets

Distractor packets are packets that might be ignored by target and be recognized by IDS devices.

Small TTL distractor packets are packets' TTL are subtracted to 0 between IDS device and the target. The target will not receive this packet because the packet has been dropped before reaching the target. But IDS might think that the packet arrives the target. Therefore, sending small TTL distractor packets containing junk data or RST flag may distract the process of reassembling TCP packets, leading to an evasion.

Bad Checksum packets are packets with wrong TCP checksum. Packets with wrong checksum are ignored by target, but IDS devices may not calculate checksum and reassemble all packets directly, which leads to an evasion.

Corrupt ack distractor packets are packets' ACK field is corrupted. The target ignore such packets because of the wrong ACK field, but IDS might reassemble all packets directly, which leads to an evasion.

English Document

介绍

EV是一个通过各种著名的TCP/IP报文操纵技术实现IDS绕过的工具。你可以用它自定义TCP包并且利用其中内置的逃逸手段对IDS执行测试。

当前支持HTTP协议但是不支持HTTPS协议,HTTPS协议的握手比较复杂,我还没搞懂怎么优雅地构造TLS包。

这个工具是用 Python 和 QT5 编写的,使用 Scapy 来制作数据包。 因此,虽然该软件仅在 Windows 平台上进行了测试,但理论上它可以在 Linux 或 MacOS 等其他平台上运行。

安装&运行

在CMD或者终端中运行如下命令来获取最新版本的软件并且安装所需的Python包:

git clone https://github.com/TomAPU/ev.git
cd ev
pip3 install -r requirements.txt

运行如下命令启动程序

python3 ev.py

或者你可以点击软件根目录下的run.bat 文件打开程序。

基本使用

填写IP、Port和Payload字段,点击 "发送 "按钮,将TCP数据包发送到目标。您还可以设置TCP选项和源端口。请注意,TCP选项是scapy支持的TCP选项。

您可以在 "Received packets"窗口查看响应数据包,点击数据包在 "View Received Packet"窗口查看。这个功能由scapy的sniff()函数实现的,它找到与目标IP相匹配的数据包,或者是ICMP协议的数据包(这样你可以找到因为TTL过期而返回的ICMP包)。然而,sniff()有时会重复记录数据,所以如果安了Wireshark,我强烈建议用户使用WireShark而不是这个

请求拆分

你可以使用TCP分段和IP分片,将TCP数据包分成几块并发送给目标。这可能会使不支持TCP/IP重组的IDS设备失效。

也可以增加等待时间或不按顺序发送数据包,这样可能规避在TCP/IP重组能力非常有限的IDS设备。

发送干扰包

干扰包是被目标忽略而被IDS设备识别的数据包。

TTL过小的干扰包是指在IDS设备和目标之间的TTL被减为0的数据包。目标不会收到这个数据包,因为该数据包在到达目标之前因为TTL为0而已经被丢弃。但IDS可能认为该数据包到达了目标。因此,发送含有垃圾数据或RST标志的TTL过小的干扰包可能会让IDS重组出错,导致绕过。

坏校验数据包是具有错误TCP校验的数据包。具有错误校验和的数据包会被目标忽略,但IDS设备可能不会计算校验和并直接重新组装所有数据包,这导致了绕过。

坏ACK干扰数据包是指数据包具有错误的ACK字段。目标忽略这些ACK错误的包,但IDS可能会直接重新组装所有的数据包,这可能导致绕过。


Download Details:

Author: TomAPU
Source Code: https://github.com/TomAPU/ev

#python 

What is GEEK

Buddha Community

EV: IDS Evasion Via TCP/IP Packet Manipulation in Python
Ray  Patel

Ray Patel

1619510796

Lambda, Map, Filter functions in python

Welcome to my Blog, In this article, we will learn python lambda function, Map function, and filter function.

Lambda function in python: Lambda is a one line anonymous function and lambda takes any number of arguments but can only have one expression and python lambda syntax is

Syntax: x = lambda arguments : expression

Now i will show you some python lambda function examples:

#python #anonymous function python #filter function in python #lambda #lambda python 3 #map python #python filter #python filter lambda #python lambda #python lambda examples #python map

Shardul Bhatt

Shardul Bhatt

1626775355

Why use Python for Software Development

No programming language is pretty much as diverse as Python. It enables building cutting edge applications effortlessly. Developers are as yet investigating the full capability of end-to-end Python development services in various areas. 

By areas, we mean FinTech, HealthTech, InsureTech, Cybersecurity, and that's just the beginning. These are New Economy areas, and Python has the ability to serve every one of them. The vast majority of them require massive computational abilities. Python's code is dynamic and powerful - equipped for taking care of the heavy traffic and substantial algorithmic capacities. 

Programming advancement is multidimensional today. Endeavor programming requires an intelligent application with AI and ML capacities. Shopper based applications require information examination to convey a superior client experience. Netflix, Trello, and Amazon are genuine instances of such applications. Python assists with building them effortlessly. 

5 Reasons to Utilize Python for Programming Web Apps 

Python can do such numerous things that developers can't discover enough reasons to admire it. Python application development isn't restricted to web and enterprise applications. It is exceptionally adaptable and superb for a wide range of uses.

Robust frameworks 

Python is known for its tools and frameworks. There's a structure for everything. Django is helpful for building web applications, venture applications, logical applications, and mathematical processing. Flask is another web improvement framework with no conditions. 

Web2Py, CherryPy, and Falcon offer incredible capabilities to customize Python development services. A large portion of them are open-source frameworks that allow quick turn of events. 

Simple to read and compose 

Python has an improved sentence structure - one that is like the English language. New engineers for Python can undoubtedly understand where they stand in the development process. The simplicity of composing allows quick application building. 

The motivation behind building Python, as said by its maker Guido Van Rossum, was to empower even beginner engineers to comprehend the programming language. The simple coding likewise permits developers to roll out speedy improvements without getting confused by pointless subtleties. 

Utilized by the best 

Alright - Python isn't simply one more programming language. It should have something, which is the reason the business giants use it. Furthermore, that too for different purposes. Developers at Google use Python to assemble framework organization systems, parallel information pusher, code audit, testing and QA, and substantially more. Netflix utilizes Python web development services for its recommendation algorithm and media player. 

Massive community support 

Python has a steadily developing community that offers enormous help. From amateurs to specialists, there's everybody. There are a lot of instructional exercises, documentation, and guides accessible for Python web development solutions. 

Today, numerous universities start with Python, adding to the quantity of individuals in the community. Frequently, Python designers team up on various tasks and help each other with algorithmic, utilitarian, and application critical thinking. 

Progressive applications 

Python is the greatest supporter of data science, Machine Learning, and Artificial Intelligence at any enterprise software development company. Its utilization cases in cutting edge applications are the most compelling motivation for its prosperity. Python is the second most well known tool after R for data analytics.

The simplicity of getting sorted out, overseeing, and visualizing information through unique libraries makes it ideal for data based applications. TensorFlow for neural networks and OpenCV for computer vision are two of Python's most well known use cases for Machine learning applications.

Summary

Thinking about the advances in programming and innovation, Python is a YES for an assorted scope of utilizations. Game development, web application development services, GUI advancement, ML and AI improvement, Enterprise and customer applications - every one of them uses Python to its full potential. 

The disadvantages of Python web improvement arrangements are regularly disregarded by developers and organizations because of the advantages it gives. They focus on quality over speed and performance over blunders. That is the reason it's a good idea to utilize Python for building the applications of the future.

#python development services #python development company #python app development #python development #python in web development #python software development

Art  Lind

Art Lind

1602666000

How to Remove all Duplicate Files on your Drive via Python

Today you’re going to learn how to use Python programming in a way that can ultimately save a lot of space on your drive by removing all the duplicates.

Intro

In many situations you may find yourself having duplicates files on your disk and but when it comes to tracking and checking them manually it can tedious.

Heres a solution

Instead of tracking throughout your disk to see if there is a duplicate, you can automate the process using coding, by writing a program to recursively track through the disk and remove all the found duplicates and that’s what this article is about.

But How do we do it?

If we were to read the whole file and then compare it to the rest of the files recursively through the given directory it will take a very long time, then how do we do it?

The answer is hashing, with hashing can generate a given string of letters and numbers which act as the identity of a given file and if we find any other file with the same identity we gonna delete it.

There’s a variety of hashing algorithms out there such as

  • md5
  • sha1
  • sha224, sha256, sha384 and sha512

#python-programming #python-tutorials #learn-python #python-project #python3 #python #python-skills #python-tips

Art  Lind

Art Lind

1602968400

Python Tricks Every Developer Should Know

Python is awesome, it’s one of the easiest languages with simple and intuitive syntax but wait, have you ever thought that there might ways to write your python code simpler?

In this tutorial, you’re going to learn a variety of Python tricks that you can use to write your Python code in a more readable and efficient way like a pro.

Let’s get started

Swapping value in Python

Instead of creating a temporary variable to hold the value of the one while swapping, you can do this instead

>>> FirstName = "kalebu"
>>> LastName = "Jordan"
>>> FirstName, LastName = LastName, FirstName 
>>> print(FirstName, LastName)
('Jordan', 'kalebu')

#python #python-programming #python3 #python-tutorials #learn-python #python-tips #python-skills #python-development

Paris  Kessler

Paris Kessler

1664422260

EV: IDS Evasion Via TCP/IP Packet Manipulation in Python

EV: IDS Evasion via TCP/IP Packet Manipulation

Introduction

EV is a tool that allows you crafting TCP packets and leveraging some well-known TCP/IP packet manipulation techniques to evade IDS devices.

It supports HTTP protocol but unfortunately not HTTPS protocol. The handshake process of TLS is quite complecated and I haven't figure out how to craft TLS packets elegantly.

This tools is written in Python and QT5, using Scapy to make packets. So though this software is tested on Windows platform only, it theoretically works on other platforms like Linux or MacOS.

Setup&run

Run following commands in your cmd/terminal to pull the latest version of the software and install required python packages:

git clone https://github.com/TomAPU/ev.git
cd ev
pip3 install -r requirements.txt

Run this command to start the software:

python3 ev.py

or you can click run.bat in the root directory of the software to start it.

Basic Usage

Fill IP,Port,and Payload field and click "Send" button to send the TCP packet to target. You can also set TCP options and source port. Remeber that TCP options are tcp options supported by scapy.

You can view response packets in "Received packets" window and click packet to view it in "View Received Packet" window. This is implemented by scapy's sniff() function, it finds packets that matches the target IP or is ICMP protocol(so that you can find TTL exceeded packets). However, sniff() sometimes records packets duplicately.So I strongly recommend users use WireShark if you've installed one to see received packets.

Request Split

You can use TCP Segmentation and IP Fragmentation to break the TCP packet into pieces and send them to target. This may defeats IDS devices which doesn't support TCP/IP reassembly.

Increasing wait time or sending packets out of order may also circumvent IDS devices who has a very limited capability in TCP/IP reassembly.

Sending Distractor Packets

Distractor packets are packets that might be ignored by target and be recognized by IDS devices.

Small TTL distractor packets are packets' TTL are subtracted to 0 between IDS device and the target. The target will not receive this packet because the packet has been dropped before reaching the target. But IDS might think that the packet arrives the target. Therefore, sending small TTL distractor packets containing junk data or RST flag may distract the process of reassembling TCP packets, leading to an evasion.

Bad Checksum packets are packets with wrong TCP checksum. Packets with wrong checksum are ignored by target, but IDS devices may not calculate checksum and reassemble all packets directly, which leads to an evasion.

Corrupt ack distractor packets are packets' ACK field is corrupted. The target ignore such packets because of the wrong ACK field, but IDS might reassemble all packets directly, which leads to an evasion.

English Document

介绍

EV是一个通过各种著名的TCP/IP报文操纵技术实现IDS绕过的工具。你可以用它自定义TCP包并且利用其中内置的逃逸手段对IDS执行测试。

当前支持HTTP协议但是不支持HTTPS协议,HTTPS协议的握手比较复杂,我还没搞懂怎么优雅地构造TLS包。

这个工具是用 Python 和 QT5 编写的,使用 Scapy 来制作数据包。 因此,虽然该软件仅在 Windows 平台上进行了测试,但理论上它可以在 Linux 或 MacOS 等其他平台上运行。

安装&运行

在CMD或者终端中运行如下命令来获取最新版本的软件并且安装所需的Python包:

git clone https://github.com/TomAPU/ev.git
cd ev
pip3 install -r requirements.txt

运行如下命令启动程序

python3 ev.py

或者你可以点击软件根目录下的run.bat 文件打开程序。

基本使用

填写IP、Port和Payload字段,点击 "发送 "按钮,将TCP数据包发送到目标。您还可以设置TCP选项和源端口。请注意,TCP选项是scapy支持的TCP选项。

您可以在 "Received packets"窗口查看响应数据包,点击数据包在 "View Received Packet"窗口查看。这个功能由scapy的sniff()函数实现的,它找到与目标IP相匹配的数据包,或者是ICMP协议的数据包(这样你可以找到因为TTL过期而返回的ICMP包)。然而,sniff()有时会重复记录数据,所以如果安了Wireshark,我强烈建议用户使用WireShark而不是这个

请求拆分

你可以使用TCP分段和IP分片,将TCP数据包分成几块并发送给目标。这可能会使不支持TCP/IP重组的IDS设备失效。

也可以增加等待时间或不按顺序发送数据包,这样可能规避在TCP/IP重组能力非常有限的IDS设备。

发送干扰包

干扰包是被目标忽略而被IDS设备识别的数据包。

TTL过小的干扰包是指在IDS设备和目标之间的TTL被减为0的数据包。目标不会收到这个数据包,因为该数据包在到达目标之前因为TTL为0而已经被丢弃。但IDS可能认为该数据包到达了目标。因此,发送含有垃圾数据或RST标志的TTL过小的干扰包可能会让IDS重组出错,导致绕过。

坏校验数据包是具有错误TCP校验的数据包。具有错误校验和的数据包会被目标忽略,但IDS设备可能不会计算校验和并直接重新组装所有数据包,这导致了绕过。

坏ACK干扰数据包是指数据包具有错误的ACK字段。目标忽略这些ACK错误的包,但IDS可能会直接重新组装所有的数据包,这可能导致绕过。


Download Details:

Author: TomAPU
Source Code: https://github.com/TomAPU/ev

#python