Awesome
mptcp-abuse
A collection of tools and resources to explore MPTCP on your network. Initially released at Black Hat USA 2014.
Tools/resources currently here:
- mptcp_fragmenter.py
- mptcp_scanner.py
- MPTCP Cheatsheet.pdf
The scapy/ and tests/ code here are a modified fork of the MPTCP-capable scapy code by Nicolas Maitre at https://github.com/nimai/mptcp-scapy
Usage
These allow tests of MPTCP-capable machines from non-MPTCP-capable machines. They do require root for raw packet crafting and iptables management.
mptcp_scanner.py
root@mptcp-dev# python mptcp_scanner.py
usage: mptcp_scanner.py [-h] [--ip SRC_IP] host port
Network scanner to test hosts for multipath TCP support. Requires root
privileges for scapy.
positional arguments:
host comma-separated IPs or ranges (globs allowed), eg
"127.0.0.1,192.168.1-254,203.0.113.*"
port comma-separated port(s) or port ranges, eg "22,80,8000-8999"
optional arguments:
-h, --help show this help message and exit
--ip SRC_IP use the specified source IP for all traffic
root@mptcp-dev# python mptcp_scanner.py 192.168.88.164 22,80
Testing: 192.168.88.164 ... on local network... at ARP: 00:0c:29:c8:8a:61
got MPTCP Response from 192.168.88.164 : 22 !... 20
RST Test indicates MPTCP support
got MPTCP Response from 192.168.88.164 : 80 !... 20
RST Test indicates MPTCP support
****Results:****
192.168.88.164
{22: 'MPTCP (MP_JOIN Verified)'}
{80: 'MPTCP (MP_JOIN Verified)'}
mptcp_fragmenter.py
# python mptcp_fragment_http.py
usage: mptcp_fragment_http.py [-h] [--ip SRC_IP] [-p PORT] [-n NSUBFLOWS]
[--first_src_port FIRST_SRC_PORT] [--path PATH]
[--file FILE] [--shuffle SHUFFLE]
[--random_src_ports RANDOM_SRC_PORTS]
target
Fragment an HTTP request over multiple MPTCP flows. Requires root privileges
for scapy.
positional arguments:
target Target IP
optional arguments:
-h, --help show this help message and exit
--ip SRC_IP use the specified source IP for all traffic
-p PORT, --port PORT target port
-n NSUBFLOWS, --nsubflows NSUBFLOWS
Number of subflows to create
--first_src_port FIRST_SRC_PORT
First of nsubflows src ports
--path PATH Path to request
--file FILE File to send instead of a payload
--shuffle SHUFFLE Shuffle the port order
--random_src_ports RANDOM_SRC_PORTS
use random ports
# python mptcp_fragment_http.py -n 5 192.168.88.165
Opening connection from port 1001
Opening connection from port 1002
Opening connection from port 1003
Opening connection from port 1004
Opening connection from port 1005
Splitting payload across 5 subflows
Subflow 0 closed FIN
Subflow 1 closed FIN
Subflow 2 closed FIN
Subflow 3 closed FIN
Subflow 4 closed FIN