Update Documentation

LICENSE.txt

@@ -175,7 +175,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright (C) 2018 FireEye, Inc.
+   Copyright (C) 2016-2023 Mandiant, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -20,6 +20,9 @@ Penetration testers and bug hunters will find FakeNet-NG's configurable
 interception engine and modular framework highly useful when testing
 application's specific functionality and prototyping PoCs.
 
+The current version, 3.0 (alpha), is a pre-release of the Python 3 port of FakeNet-NG.
+If you encounter any bugs in this version, please report them via GitHub issues.
+
 Installation
 ============
 
@@ -88,7 +91,7 @@ install dependencies as follows:
    driver in the `%PYTHONHOME%\DLLs` directory. FakeNet-NG bundles those
    files so they are not necessary for normal use.
 
-2b) Optionally, you can install the following module used for testing:
+   Optionally, you can install the following module used for testing:
 
     pip install requests
 

docs/contributors.md

@@ -13,13 +13,13 @@ malware analysis on Windows XP.
 ## Windows
 
 Peter Kacherginsky [implemented
-FakeNet-NG](https://www.fireeye.com/blog/threat-research/2016/08/fakenet-ng_next_gen.html)
+FakeNet-NG](https://www.mandiant.com/resources/blog/fakenet-ng-next-gen)
 targeting modern versions of Windows.
 
 ## Linux and Core
 
 Michael Bailey [implemented FakeNet-NG on
-Linux](https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html),
+Linux](https://www.mandiant.com/resources/blog/introducing-linux-support-fakenet-ng-flares-next-generation-dynamic-network-analysis-tool),
 and later refactored FakeNet-NG to use this as the unified packet processing
 logic for both Windows and Linux.
 
@@ -30,6 +30,5 @@ Homan developed the original concept of using a protocol "taste" callback to
 sample traffic and direct clients to the appropriate server ports. Matthew
 Haigh, Michael Bailey, and Peter Kacherginsky conceptualized the Proxy Listener
 and Hidden Listener mechanisms for introducing both of these content-based
-protocol detection features to FakeNet-NG. Matthew Haigh then [implemented
-Content-Based Protocol
-Detection](https://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html).
+protocol detection features to FakeNet-NG. Matthew Haigh then implemented
+Content-Based Protocol Detection.

docs/developing.md

@@ -181,9 +181,7 @@ utilities (i.e. `pip`). Use an administrative command prompt where applicable
 for installing Python modules for all users.
 
 Pre-requisites:
-* Python 2.7 x86 with `pip`
-* Visual C++ for Python 2.7 development, available at:
-  <https://aka.ms/vcpython27>
+* Python 3.7.x x86 with `pip`
 
 Before installing `pyinstaller`, you may wish to take the following steps to
 prevent the error `ImportError: No module named PyInstaller`:
@@ -199,13 +197,6 @@ Install FakeNet-NG to acquire most modules:
 python setup.py install
 ```
 
-Obtain PyDivert 2.0.9, the only version known to work with FakeNet-NG releases
-prepared with PyInstaller:
-
-```
-pip install pydivert==2.0.9
-```
-
 Install `pyinstaller`:
 
 ```
@@ -245,7 +236,6 @@ fakenet1.4.3\
     |   +-- CustomProviderExample.py
     |   +-- sample_custom_response.ini
     |   +-- sample_raw_response.txt
-    |   +-- sample_raw_tcp_response.txt
     |
     +-- defaultFiles\
     |   +-- FakeNet.gif
@@ -260,7 +250,7 @@ fakenet1.4.3\
     |
     +-- listeners\
         +-- ssl_utils
-    		+-- __init__.pyc
+    		+-- __init__.py
     		+-- privkey.pem
     		+-- server.pem
     		+-- ssl_detector.py

docs/srs.md

@@ -24,19 +24,18 @@ Analysis](https://nostarch.com/malware).
 ## History
 FakeNet-NG was initially released August 3, 2016 by Peter Kacherginsky with
 support for Windows: [FakeNet-NG: Next Generation Dynamic Network Analysis
-Tool](https://www.fireeye.com/blog/threat-research/2016/08/fakenet-ng_next_gen.html).
+Tool](https://www.mandiant.com/resources/blog/fakenet-ng-next-gen).
 
 On July 5, 2017 FakeNet-NG was updated by Michael Bailey to add support for
 Linux: [Introducing Linux Support for FakeNet-NG: FLARE's Next Generation
 Dynamic Network Analysis
-Tool](https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html).
+Tool](https://www.mandiant.com/resources/blog/introducing-linux-support-fakenet-ng-flares-next-generation-dynamic-network-analysis-tool).
 
 The next significant FakeNet-NG release was by Matthew Haigh on October 23,
 2017 to introduce a proxy listener to sample, identify, and route traffic to
-the most appropriate listener: [New FakeNet-NG Feature: Content-Based Protocol
-Detection](https://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html).
+the most appropriate listener by implementing Content-Based Protocol Detection.
 
-FireEye's [flare-fakenet-ng](https://github.com/fireeye/flare-fakenet-ng)
+Mandiant's [flare-fakenet-ng](https://github.com/mandiant/flare-fakenet-ng)
 repository contains `README.md` which documents usage and configuration; and
 `docs/internals.md` which describes Diverter internals for Linux.
 

fakenet/defaultFiles/FakeNet.html

@@ -32,6 +32,6 @@
 <h3>Contact</h3>
 
 For bugs, crashes, or other comments please contact <b>The FLARE Team</b> by email
-<b>FakeNet@fireeye.com</b>.
+<b>FakeNet@mandiant.com</b>.
 </body>
 </html>

fakenet/defaultFiles/FakeNet.txt

@@ -14,4 +14,4 @@ FakeNet-NG is based on the excellent Fakenet tool developed by Andrew Honig and
 
 Contact
 
-For bugs, crashes, or other comments please contact the FLARE Team by email FakeNet@fireeye.com
+For bugs, crashes, or other comments please contact the FLARE Team by email FakeNet@mandiant.com

fakenet/diverters/diverterbase.py

@@ -1239,11 +1239,6 @@ def formatPkt(self, pkt, pid, comm):
         Returns:
             A str containing the log line
         """
-        if pid == None:
-            pid = 'None'
-
-        if comm == None:
-            comm = 'None'
 
         logline = ''
 
@@ -1252,8 +1247,8 @@ def formatPkt(self, pkt, pid, comm):
             logline = fmt.format(
                 label=pkt.label,
                 proto=pkt.proto,
-                pid=pid,
-                comm=comm,
+                pid=str(pid),
+                comm=str(comm),
                 src=pkt.src_ip,
                 sport=pkt.sport,
                 dst=pkt.dst_ip,
@@ -1284,8 +1279,8 @@ def formatPkt(self, pkt, pid, comm):
             logline = fmt.format(
                 label=pkt.label,
                 proto=pkt.proto,
-                pid=pid,
-                comm=comm,
+                pid=str(pid),
+                comm=str(comm),
                 src=pkt.src_ip,
                 sport=pkt.sport,
                 dst=pkt.dst_ip,
@@ -1299,8 +1294,8 @@ def formatPkt(self, pkt, pid, comm):
             logline = fmt.format(
                 label=pkt.label,
                 proto='UNK',
-                pid=pid,
-                comm=comm,
+                pid=str(pid),
+                comm=str(comm),
                 src=str(pkt.src_ip),
                 sport=str(pkt.sport),
                 dst=str(pkt.dst_ip),

fakenet/fakenet.py

@@ -6,7 +6,7 @@
 # analysts and penetration testers.
 #
 # Original developer: Peter Kacherginsky
-# Current developer: FireEye FLARE Team (FakeNet@fireeye.com)
+# Current developer: Mandiant FLARE Team (FakeNet@mandiant.com)
 
 import logging
 import logging.handlers
@@ -341,7 +341,7 @@ def main():
                         Version 3.0 (alpha)
   _____________________________________________________________
                    Developed by FLARE Team
-    Copyright (C) 2016-2022 Mandiant, Inc. All rights reserved.
+    Copyright (C) 2016-2023 Mandiant, Inc. All rights reserved.
   _____________________________________________________________
                                                """)
 

test/test.py

@@ -905,7 +905,7 @@ def __init__(self, startingpath, singlehost=True):
         self.listener_host_white = 8083 # HTTP listener with host whitelists
         self.localhost = '127.0.0.1'
         self.dns_expected = '192.0.2.123'
-        self.domain_dne = 'does-not-exist-amirite.fireeye.com'
+        self.domain_dne = 'does-not-exist-amirite.mandiant.com'
         self.sender = '[email protected]'
         self.recipient = '[email protected]'
         self.smtpmsg = 'FakeNet-NG SMTP test email'