HexInject 1.2 released

27 May 2011

HexInject version 1.2 has been released (http://hexinject.sourceforge.net/). Evvai! :)

The release includes some minor fixes and a new feature: now the various length fields of IP, UDP, TCP, ICMP headers are automatically adjusted when the size of the packet is modified.

Thanks also to the feature that allows the automatic checksum of packet, hexinject has no longer limitation in altering network's streams of data... But let's do one step back, since you might not know what I'm talking about :)

From the site (http://hexinject.sourceforge.net/):

HexInject is a very versatile packet injector and sniffer, that provide a command-line framework for raw network access. It's designed to work together with others command-line utilities, and for this reason it facilitates the creation of powerful shell scripts capable of reading, intercepting and modifying network traffic in a transparent manner.

Give a look to the site if you want to see some pratical uses of the tool... There's also a PDF guide to hexinject that includes a lot of examples and some useful cheatsheets: http://hexinject.sourceforge.net/hexinject_introduction.pdf

Something personal

I do not know if the same is true for you, but I often need a bit of encouragement to finish my programs and researches.

Fortunately, I read some comments at the right time (http://www.reddit.com/r/netsec/comments/f78fb/regex_man_in_the_middle/.compact?sort=new):

"HexInject is a lot of fun! ... Running this next to tcptrack in a couple consoles makes me feel like I know what is going in my network."

"This may be one of my favorite new tools! Thanks for the idea!!"

How can these comments do not warm the heart? :) After reading these few lines, being a sentimental type, I've decided to release the new features (which would otherwise have remained in limbo for who knows how long)...

Something historical

HexInject was inspired by the tool linkcat of paketto keiretsu (http://freshmeat.net/projects/paketto/).

This collection of instruments, issued in late 2002, contained many innovative ideas, including that of a low-level access to the network via a tool similar to cat. The objective was precisely to make it easy to use, piped with other cmdline tools.

Compared to linkcat, hexinject use more modern libraries and is able to automatically calculate the checksum and the size of packets, making it easier to use. But the basic ideas are the same.

For this reason I suggest you to read the slides presented at Defcon 11 by the author of paketto keiretsu (http://www.defcon.org/images/defcon-11/dc-11-presentations/dc-11-Kaminsky/dc-11-kaminsky.pdf).

Inspiring slides, imho...