Almost a year and a half ago, I wrote a program called PyLoris. Inspired by a proof of concept tool written by RSnake, PyLoris demonstrated the efficacy of connection exhaustion as a vehicle for a denial of service attack. While the initial release of the tool was buggy and featureless, I began to imagine new ways to augment the attack, improving its ability to work unimpeded. SOCKS support was one of the improvements. By coupling PyLoris with SOCKS, the attack signature could become obfuscated, split across many different machines in geographically disparate locations, making mitigation a nightmare.
Do you ever find yourself in a protocol sniffing situation where you wish you had the ability to sneak a peak at a TCP stream as it happens? Do you find Wireshark--while certainly a powerful and robust tool--too clunky for quick protocol analysis? Do you have a need to intercept, pause, modify, and resend TCP streams? If so, the folks from Matasano have released the perfect tool for you!
Introducing the Matasano Port Forwarding Interceptor! Simply run the tool from a command line and it builds you a lightweight proxy, allowing you to read, record, pause, intercept, and modify a TCP conversation mid-stream. The tool is simple to use; you picking your remote and local addresses and ports, the tool will bring up two windows--one for viewing and halting traffic, one for editing local and remote traffic. The tool is really simple to use, easy to understand, and it gets the job done.