Tools of the Trade (Part 3)

If you would like to read the other parts of this article series please go to:

So far in this article series based on tools used in the computer security industry we have gone over quite a few of the most commonly used tools. We have so far looked at a packet sniffer, a network scanner, the incredibly useful netcat, and man-in-the-middle suite of tools known as Ettercap. What more would you really need to know in terms of “must know” programs? Well realistically a packet crafter such as Nemesis, and an HTTP proxy such as SPIKE. Both of these programs will allow you a great range of options in an effort to secure your network. You are only really limited in what you can do with these tools by your knowledge of, you guessed it, TCP/IP. Sorry to be harping about this knowledge area again, but if you don’t know it well it will come back to haunt you every time. That said why don’t we get on with the article and start taking a look at Nemesis, the packet crafter extraordinaire.

Nemesis and packet crafting

Well as I mentioned above, Nemesis is one of the packet crafting programs available for Windows. What sets this tool apart from the other win32 packet crafters is its ability to craft protocols such as DNS, OSPF, RIP and others not seen in the other like minded tools. Much as it says on the tools homepage is that, seen as it is command line driven, you can easily script various testing scenarios for it as well. On that note please click here to download and then install the tool. Make sure that you download the one that says “Windows binary”. Please also note that you will have to install winpcap 3.0. This is the version you *must install* and not the latest winpcap 3.1, for it will not work with that one.

In case you are thinking that in part two of this article series we installed winpcap 3.1 for Ettercap, you would be correct. Unfortunately Ettercap must also have winpcap 3.1 and will in turn not work with version 3.0 that is also a must have for nemesis. This is where having several computers, or VMware images on your test box is a must. That way you can accommodate the various tool dependencies and their possible conflicts. So now that you have downloaded and installed Nemesis, as always to the root of C drive ie: C:\ we are ready to invoke nemesis. Please note in the screenshot below what nemesis looks like once invoked.

Figure 1

So you will see in the above screenshot that all of the files required for the use of nemesis are indeed there. You can also see all of the various protocols listed there with their respective text files. These files will give you the syntax available to you for the protocol. You can also simply invoke the protocol in question with “help” appended after it as seen below in the screenshot.

Figure 2

This tool is great for testing out various scenarios in your lab. The availability of protocols such as DNS, RIP, OSPF and others is a great thing for it will allow you to play with these complicated protocols and see how they react to unexpected stimulus. As I said before, you are only limited by your protocol knowledge and imagination when playing with such a tool. On that note let’s take a look at our last tool, SPIKE the HTTP proxy.

SPIKE the HTTP proxy

Well we are now at the last tool to be covered in this article series. Having the ability to use an HTTP proxy is indeed an important one. That said, to use one to its fullest capacity you need to have excellent knowledge of the HTTP protocol itself, as well as other web application based vulnerabilities. Even if you are rather novice in both areas, that is fine, for the whole point of writing about this tool is to encourage you to use it and by default understand HTTP better. Learning about web based application vulnerabilities is an enormous field of study and I would encourage you to pick one area of it and start learning.

With that said let’s get you to click here and download the program. Ensure that you download “SPIKE Proxy”, and not SPIKE as that is a fuzzer. Please note that you will also have to install a working version of Python on your computer as well for SPIKE to work as it was written in, you guessed it, Python. You can obtain a copy of Python for win32 by surfing to the ActiveState site and filling in one quick form to get an MSI for Python. Simply follow the prompts when installing as it is pretty painless. So at this point in time you should have installed Python from ActiveState, and also downloaded SPIKE from Immunitysec. I would also like to give a quick thanks to Dave Aitel for donating this excellent tool to the community, as well as also thank all of the other developers for the other tools covered in this series.

What you will now need to do is uncompress the SPIKE file and install the folder at the root of C once again ie: C:\. Once done open a DOS prompt and “cd” to the SPIKE directory. Once you have done so and done a “dir” you will note a “readme.txt”file. In this file you will see how to invoke SPIKE. Make sure that you configure your browser exactly as detailed there. Once you are finished you are ready to simply type in “runme.bat” which will invoke SPIKE. Now open up the browser that you have just configured to use and surf to a page or two. Then type into the URL bar of your browser “http://spike/” and you will see what is shown in the screenshot below.

Figure 3

We can see in the above noted screenshot that there are some listings for the various sites I suggested you surf to in order to generate some input for SPIKE. From here it is simply a matter of delving into the various directories. It is at this point that I will break the article and end the series based on “Tools of the Trade”. Please note that I will not let you hang as it relates to HTTP proxy usage. I shall be writing several other articles which will specifically deal with usage of HTTP proxies and its impact on computer security. Well, over the course of the past three articles we have covered a good number of tools that are considered must haves by many in the industry. Often just being able to install the tool is half the battle as many of them have some quirks to deal with. As detailed in the article series, installation issues will not be an issue for you. I sincerely hope that this article series was of use to you, and as always welcome your feedback. Till next time!

If you would like to read the other parts of this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top