Start<\/strong><\/p>\n Open Zulu and setup you network proxy to intercept the traffic like the following image:<\/p>\n Once you have successfully captured all the requests and responses you can save out the requests to a file. Now you have all the valid requests that a client would send and all the valid responses that the manager would respond with. So now you want to create and edit your python handler to act as a server.<\/p>\n Here is the link to the “Protocol-Responder”\u00a0script template. <\/p>\n Read and edit the # commented sections to suit your needs and add and edit the hex content. To easily convert the hex content from a file that you may have piped from nc or downloaded from wireshark or zulu use the following hexdump & sed command below.<\/p>\n If you are using the Zulu files, remove the first two lines from each of the “In” files and then cat each specific file you would like to use the hex from to respond as:<\/p>\n cat hexfile.txt | hexdump -v -e ‘”0x” 1\/1 “%02X” ” “‘|sed -e ‘s\/ 0x\/\\\\x\/g’|sed -e ‘s\/0x\/\\\\x\/g’<\/strong><\/p>\n def run(self): <\/strong> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0self.socket.send(“\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xB6\\x00\\x00\\x00\\x45”)<\/strong><\/p>\n Anyway it took me a while to be able to create such a server or even an exploit sender with specific hex values and thought it may be useful to the community.<\/p>\n Have fun \ud83d\ude42<\/p>\n Any feedback or comments are highly appreciated.<\/p>\n","protected":false},"excerpt":{"rendered":" I was on a pentest the other day and investigating a proprietary protocol to a management agent and wanted to replay this traffic from a script. I knew I could capture the traffic in wireshark but didnt really know how to replay this or even parts to send a command to the port. Well it… Continue reading Network Proxy and Protocol Responder<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/260"}],"collection":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=260"}],"version-history":[{"count":4,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/260\/revisions"}],"predecessor-version":[{"id":265,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/260\/revisions\/265"}],"wp:attachment":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"http:\/\/www.hackwhackandsmack.com\/wp-content\/uploads\/2014\/05\/zulu.png\" "\\"zulu\\"")
<\/a><\/p>\n
\n<\/a><\/strong>Here is the link to the “Protocol-Sender”\u00a0script template.<\/a><\/strong><\/p>\nThe output is like as follows:<\/pre>\n
\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xB6\\x00\\x00\\x00\\x45<\/strong><\/pre>\n
Then you can add it to your python script:<\/pre>\n
\n print “Connection from : “+ip+”:”+str(port)<\/strong><\/p>\n