0trace.py
Description
0trace.py is a python port of Michal Zalewski's 0trace hop enumeration tool. 0trace was originally announced on Bugtraq on January 6th:
I'd like to announce the availability of a free security reconnaissance /
firewall bypassing tool called 0trace. This tool enables the user to
perform hop enumeration ("traceroute") within an established TCP
connection, such as a HTTP or SMTP session. This is opposed to sending
stray packets, as traceroute-type tools usually do.
The important benefit of using an established connection and matching TCP
packets to send a TTL-based probe is that such traffic is happily allowed
through by many stateful firewalls and other defenses without further
inspection (since it is related to an entry in the connection table).
Dependencies
Download
- 0trace.py - released January 25st, 2007
Example Run
- Open a TCP connection - telnet 66.135.192.87 80
- Start 0trace.py - ./0trace.py eth0 66.135.192.87 80
- Initiate some TCP activity in telnet session - GET / HTTP/1.0
[+] Waiting for traffic from target on eth0... [+] Traffic acquired, waiting for a gap... [+] Target acquired: 192.168.0.10:54403 -> 66.135.192.87:80 (3736223256/873025975) [+] Setting up a sniffer... [+] Sending probes... TRACE RESULTS ------------- 1 192.168.0.1 3 68.87.187.29 4 68.87.190.161 5 68.87.190.157 6 68.87.190.153 7 68.87.190.149 8 68.87.190.145 9 68.87.190.141 10 68.87.191.145 11 12.116.11.101 12 12.123.139.150 13 12.122.10.134 14 12.123.4.249 15 192.205.33.158 16 144.232.20.20 17 144.232.26.109 18 144.232.20.161 19 144.232.15.142 20 144.232.20.141 21 144.232.20.113 22 144.232.0.250 23 144.228.110.122 24 66.135.207.186 Target reached.
Copyright
Unless stated otherwise, all material on this site is available under a Creative Commons Share-Alike license. Layout design compliments of Wouter Bolsterlee.