The Gobbler / News: Recent posts

Changelog for The Gobbler 2.0

Allow scanning from port 0

Added start of MITM attack with fake dns server (-M d)

Updated MITM attack when leaving subnet (-Ml) now dishes out IP address

Fixed 1 bug which caused OpenBSD to crash on ctrl+c... a usleep within the signal handler was screwing things up

added OS X native sniffer support

fixed numerous compares between unsigned and signed var's

fixed another bug in random port list creation... read more

just a quick update on whats going on with the gobbler.....

while working on version 2 i have found some huge bugs that need to be fixed..... mainly concerning the gobbler using 100% of the cpu.

The next version promises some shiney options such as OS detection from multiple spoofed sources, traceroute from spoofed source many many others

btw it is going to be at least another couple of months before version 2 is released... just thought i would let you all know... read more

woo hoo finaly got the gobbler ported to openBSD 3.2.... see the change log or readme.1st to see how to compile

enjoy :)

I thought i would let you know work is under way to port the gobbler to openbsd...... The good news i have managed to get it to compile.... the bad news there are some serious problems such as not being able to gobble IP addresses or portscan.... the arp scan is working and so is detecting a dhcp service so it just a matter of ironing out a couple of bugs :)

The problems seem down to my lame thread logic oops :).... no doubt it will get it sorted as soon as possible ... read more

The latest version of the paper on how the gobbler works is in the docmanager section..... includes info on how the MITM will work :)

mainly bug fixes.....

Changelog for Alpha 1.8.1

Slowed down fast scan by adding a delay of 300n anoseconds... helps out libnet ;)
Added -C flag to display closed ports at end of scan
Added many more decodes for DHCP options
FIXED possible buffer overflow....Added length check to each dhcp option
Added temp mitm message

I have uploaded the old proof of concept code that uses an old version of libnet 1.0.x

I advice using the latest version of the gobbler but i have included the old version for those who want to see the code

Alpha 1.8

Added multiple methods for arp scan (from broadcast address, from gobbled host, from specified host).

Slowed down arp scan.... increased chance of getting replies.

Added dont reply to icmp echo request switch (-r).

Fixed arp scan again.... message on bsd boxes now doesn;t appear... changed broadcast src mac from ff:ff:ff:ff:ff:ff to 00:00:00:00:00:00

Moved startlibnet() to b4 parsing args as if random mac was selected the same MAC addressess were used (not seeding random until after so moved it)... read more

Updated

Distributed portscanning from a single host... Uses either user specified IP/MAC addresses or DHCP to created hosts to scan from. Support for upto 30 source IP's.

Just a quick post about whats going to be in alpha 2

1st version of the rogue DHCP server

Spoofed Distributed Portscanning (each port scanned by a differnt IP address should bypass most IDS's that use IP address as a basis for identifying possible port scans)

The portscanner will allow you to scan the same ports as Nmap

some other misc changes

The Gobbler Alpha 1 has been released

Includes dynamically assigned spoofed syn portscanner, multithreaded sniffer, DHCP DoS, ARP scanner, MAC tagging + more stuff

As soon as i have got the multithreaded portscan working(hopefully late saturday night or some point on sunday) the first release of the gobbler with be posted.

What it can do at the moment (pre release stage)

I thought i would give u all a bit more info on the gobbler..... so here u go

(one thing to note a gobbled IP address is a IP address obtained from a DHCP server combined with a random MAC address)

1. Denial of service a DHCP server via spoofing the packet exchange with a random mac address.... thus a gobbled IP address created :)

2. A gobbled IP address can reply to arp requests and pings.... thus the machine looks as if it is on the network... read more

Woo Hoo..... the gobbler got a source fourge account

over the next few days this site will be updated and the gobbler released