[framework] Using Scapy dissectors in Metasploit
H D Moore
hdm at metasploit.com
Sat Sep 29 01:33:19 CDT 2007
I started on integration, but ran into a bunch of issues:
* Scruby uses globals to store configuration. This is fine for a console
script, but very bad for a giant pile of code like the Framework. $conf
is not guaranteed unique nor unmolested.
* Calling Scruby's methods from another class/outside of the module scope
is tricky. The same applies to the :prn callback for the sniff method.
For the Framework to use Scruby, we need to instantiate a Class that
provides methods we can call. If I overlooked something simple, please
let me know.
These should all be fixable, though it may require some code
reorganization. I am happy to help with the effort and have already
started some local changes here to get things working.
-- examples --
# Scruby uses global variables which can conflict with other modules
@before = global_variables
require "scruby"
@after = global_variables
@diff = @after - @before
p @diff
#
["$IS_WINDOWS", "$IS_LINUX", "$layer_bounds", "$IS_BSD", "$HAVE_LIBDNET", "$aware_proto", "$conf", "$IS_OPENBSD"]
# Scruby is a module, not a class:
# a = Scruby.new
# error: undefined local variable or method `new' for Scruby
# Scruby's module doesn't work as a mixin
class MyScruby
@@before = self.methods
include Scruby
@@after = self.methods
@@diff = @@after - @@before
# No new methods by including Scruby
# p @@diff
end
# This fails because sniff is not a method on the class
# MyScruby.sniff(:intf => 'eth0')
# error: undefined method `sniff' for MyScruby:Class (NoMethodError)
# The current sniff method doesn't have a way to yield back to the caller
# This means that even if it can be called from a class, theres no clean
# way to pass back the data via :prn
On Friday 28 September 2007 13:19, H D Moore wrote:
> Looks good -- I will integrate pcaprub/scruby tonight and configure an
> exploit mixin to use them. Pcaprub is missing a few methods, but these
> are easy to integrate from my pcapx codebase. I do have two more
> feature requests for scruby, if you don't mind:
More information about the framework
mailing list