From cf6523af9c5d71909c545cb0088b1c12eaa6050e Mon Sep 17 00:00:00 2001 From: Tina Johnson Date: Wed, 22 Mar 2023 23:26:49 -0400 Subject: [PATCH 1/2] Update Documentation * Remove Visual C++ pre-requisite from developing.md * Remove pydivert v2.0.9 requirement from release binary building documentation. Latest version of pydivert (v2.1.0) worked with pyinstaller. --- README.md | 5 ++++- docs/developing.md | 14 ++------------ 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 0e8be9e..428a538 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,9 @@ Penetration testers and bug hunters will find FakeNet-NG's configurable interception engine and modular framework highly useful when testing application's specific functionality and prototyping PoCs. +The current version, 3.0 (alpha), is a pre-release of the Python 3 port of FakeNet-NG. +If you encounter any bugs in this version, please report them via GitHub issues. + Installation ============ @@ -88,7 +91,7 @@ install dependencies as follows: driver in the `%PYTHONHOME%\DLLs` directory. FakeNet-NG bundles those files so they are not necessary for normal use. -2b) Optionally, you can install the following module used for testing: + Optionally, you can install the following module used for testing: pip install requests diff --git a/docs/developing.md b/docs/developing.md index 47a01b8..351a674 100644 --- a/docs/developing.md +++ b/docs/developing.md @@ -181,9 +181,7 @@ utilities (i.e. `pip`). Use an administrative command prompt where applicable for installing Python modules for all users. Pre-requisites: -* Python 2.7 x86 with `pip` -* Visual C++ for Python 2.7 development, available at: - +* Python 3.7.x x86 with `pip` Before installing `pyinstaller`, you may wish to take the following steps to prevent the error `ImportError: No module named PyInstaller`: @@ -199,13 +197,6 @@ Install FakeNet-NG to acquire most modules: python setup.py install ``` -Obtain PyDivert 2.0.9, the only version known to work with FakeNet-NG releases -prepared with PyInstaller: - -``` -pip install pydivert==2.0.9 -``` - Install `pyinstaller`: ``` @@ -245,7 +236,6 @@ fakenet1.4.3\ | +-- CustomProviderExample.py |   +-- sample_custom_response.ini | +-- sample_raw_response.txt - | +-- sample_raw_tcp_response.txt | +-- defaultFiles\ | +-- FakeNet.gif @@ -260,7 +250,7 @@ fakenet1.4.3\ | +-- listeners\    +-- ssl_utils - +-- __init__.pyc + +-- __init__.py +-- privkey.pem +-- server.pem +-- ssl_detector.py From 5c5f94b13fa97d784a3300aec64ae19db28e644d Mon Sep 17 00:00:00 2001 From: Tina Johnson Date: Wed, 10 May 2023 19:43:03 -0400 Subject: [PATCH 2/2] Update company name in documentation and clean up code --- LICENSE.txt | 2 +- docs/contributors.md | 9 ++++----- docs/srs.md | 9 ++++----- fakenet/defaultFiles/FakeNet.html | 2 +- fakenet/defaultFiles/FakeNet.txt | 2 +- fakenet/diverters/diverterbase.py | 17 ++++++----------- fakenet/fakenet.py | 4 ++-- test/test.py | 2 +- 8 files changed, 20 insertions(+), 27 deletions(-) diff --git a/LICENSE.txt b/LICENSE.txt index ec2449b..1b5d951 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -175,7 +175,7 @@ END OF TERMS AND CONDITIONS - Copyright (C) 2018 FireEye, Inc. + Copyright (C) 2016-2023 Mandiant, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/docs/contributors.md b/docs/contributors.md index ed57688..1134fa2 100644 --- a/docs/contributors.md +++ b/docs/contributors.md @@ -13,13 +13,13 @@ malware analysis on Windows XP. ## Windows Peter Kacherginsky [implemented -FakeNet-NG](https://www.fireeye.com/blog/threat-research/2016/08/fakenet-ng_next_gen.html) +FakeNet-NG](https://www.mandiant.com/resources/blog/fakenet-ng-next-gen) targeting modern versions of Windows. ## Linux and Core Michael Bailey [implemented FakeNet-NG on -Linux](https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html), +Linux](https://www.mandiant.com/resources/blog/introducing-linux-support-fakenet-ng-flares-next-generation-dynamic-network-analysis-tool), and later refactored FakeNet-NG to use this as the unified packet processing logic for both Windows and Linux. @@ -30,6 +30,5 @@ Homan developed the original concept of using a protocol "taste" callback to sample traffic and direct clients to the appropriate server ports. Matthew Haigh, Michael Bailey, and Peter Kacherginsky conceptualized the Proxy Listener and Hidden Listener mechanisms for introducing both of these content-based -protocol detection features to FakeNet-NG. Matthew Haigh then [implemented -Content-Based Protocol -Detection](https://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html). +protocol detection features to FakeNet-NG. Matthew Haigh then implemented +Content-Based Protocol Detection. diff --git a/docs/srs.md b/docs/srs.md index 89333cd..9e9c934 100644 --- a/docs/srs.md +++ b/docs/srs.md @@ -24,19 +24,18 @@ Analysis](https://nostarch.com/malware). ## History FakeNet-NG was initially released August 3, 2016 by Peter Kacherginsky with support for Windows: [FakeNet-NG: Next Generation Dynamic Network Analysis -Tool](https://www.fireeye.com/blog/threat-research/2016/08/fakenet-ng_next_gen.html). +Tool](https://www.mandiant.com/resources/blog/fakenet-ng-next-gen). On July 5, 2017 FakeNet-NG was updated by Michael Bailey to add support for Linux: [Introducing Linux Support for FakeNet-NG: FLARE's Next Generation Dynamic Network Analysis -Tool](https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html). +Tool](https://www.mandiant.com/resources/blog/introducing-linux-support-fakenet-ng-flares-next-generation-dynamic-network-analysis-tool). The next significant FakeNet-NG release was by Matthew Haigh on October 23, 2017 to introduce a proxy listener to sample, identify, and route traffic to -the most appropriate listener: [New FakeNet-NG Feature: Content-Based Protocol -Detection](https://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html). +the most appropriate listener by implementing Content-Based Protocol Detection. -FireEye's [flare-fakenet-ng](https://github.com/fireeye/flare-fakenet-ng) +Mandiant's [flare-fakenet-ng](https://github.com/mandiant/flare-fakenet-ng) repository contains `README.md` which documents usage and configuration; and `docs/internals.md` which describes Diverter internals for Linux. diff --git a/fakenet/defaultFiles/FakeNet.html b/fakenet/defaultFiles/FakeNet.html index 418c0dd..e774679 100644 --- a/fakenet/defaultFiles/FakeNet.html +++ b/fakenet/defaultFiles/FakeNet.html @@ -32,6 +32,6 @@

Contact

For bugs, crashes, or other comments please contact The FLARE Team by email -FakeNet@fireeye.com. +FakeNet@mandiant.com. \ No newline at end of file diff --git a/fakenet/defaultFiles/FakeNet.txt b/fakenet/defaultFiles/FakeNet.txt index 10c24c8..b4b0c32 100644 --- a/fakenet/defaultFiles/FakeNet.txt +++ b/fakenet/defaultFiles/FakeNet.txt @@ -14,4 +14,4 @@ FakeNet-NG is based on the excellent Fakenet tool developed by Andrew Honig and Contact -For bugs, crashes, or other comments please contact the FLARE Team by email FakeNet@fireeye.com \ No newline at end of file +For bugs, crashes, or other comments please contact the FLARE Team by email FakeNet@mandiant.com \ No newline at end of file diff --git a/fakenet/diverters/diverterbase.py b/fakenet/diverters/diverterbase.py index 521040d..1ecae14 100644 --- a/fakenet/diverters/diverterbase.py +++ b/fakenet/diverters/diverterbase.py @@ -1239,11 +1239,6 @@ def formatPkt(self, pkt, pid, comm): Returns: A str containing the log line """ - if pid == None: - pid = 'None' - - if comm == None: - comm = 'None' logline = '' @@ -1252,8 +1247,8 @@ def formatPkt(self, pkt, pid, comm): logline = fmt.format( label=pkt.label, proto=pkt.proto, - pid=pid, - comm=comm, + pid=str(pid), + comm=str(comm), src=pkt.src_ip, sport=pkt.sport, dst=pkt.dst_ip, @@ -1284,8 +1279,8 @@ def formatPkt(self, pkt, pid, comm): logline = fmt.format( label=pkt.label, proto=pkt.proto, - pid=pid, - comm=comm, + pid=str(pid), + comm=str(comm), src=pkt.src_ip, sport=pkt.sport, dst=pkt.dst_ip, @@ -1299,8 +1294,8 @@ def formatPkt(self, pkt, pid, comm): logline = fmt.format( label=pkt.label, proto='UNK', - pid=pid, - comm=comm, + pid=str(pid), + comm=str(comm), src=str(pkt.src_ip), sport=str(pkt.sport), dst=str(pkt.dst_ip), diff --git a/fakenet/fakenet.py b/fakenet/fakenet.py index c395b97..a4a49e9 100644 --- a/fakenet/fakenet.py +++ b/fakenet/fakenet.py @@ -6,7 +6,7 @@ # analysts and penetration testers. # # Original developer: Peter Kacherginsky -# Current developer: FireEye FLARE Team (FakeNet@fireeye.com) +# Current developer: Mandiant FLARE Team (FakeNet@mandiant.com) import logging import logging.handlers @@ -341,7 +341,7 @@ def main(): Version 3.0 (alpha) _____________________________________________________________ Developed by FLARE Team - Copyright (C) 2016-2022 Mandiant, Inc. All rights reserved. + Copyright (C) 2016-2023 Mandiant, Inc. All rights reserved. _____________________________________________________________ """) diff --git a/test/test.py b/test/test.py index fa43351..a39b68b 100644 --- a/test/test.py +++ b/test/test.py @@ -905,7 +905,7 @@ def __init__(self, startingpath, singlehost=True): self.listener_host_white = 8083 # HTTP listener with host whitelists self.localhost = '127.0.0.1' self.dns_expected = '192.0.2.123' - self.domain_dne = 'does-not-exist-amirite.fireeye.com' + self.domain_dne = 'does-not-exist-amirite.mandiant.com' self.sender = 'from-fakenet@example.org' self.recipient = 'to-fakenet@example.org' self.smtpmsg = 'FakeNet-NG SMTP test email'