offvis from microsoft: http://www.microsoft.com/en-in/download/details.aspx?id=2096
If you want to modify pcaps, use following tools:
colasoft packet builder
if you want to generate http traffic, use following tools:
wfetch from microsoft
send http tool
for raw packet processing use python and dpkt lib. you can also use httplib2 with python. some people uses scapy as well.
if you want to create and submit form in drupal form then make sure you give submit action as self. then only you can use drupal’s form function.
Drupal5 does not support PHP 5.4.3 and for those who have sites which are based on drupal 5, this causes major headache. so some guys has wrote a patch which you can apply to core files and use drupal 5 on php 5.4.3.
you can download the patch here:
Its a integer overflow vulnerability in LZ4 ‘lz4.c’. if we see the patch at https://code.google.com/p/lz4/source/diff?spec=svn119&r=119&format=side&path=/trunk/lz4.c
they have added following conditions:
|/* overflow detection */|
|926||if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error; /* quickfix issue 134 */|
|927||if ((endOnInput) && (sizeof(void*)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error; /* quickfix issue 134 */|
|//if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */|
|967||if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error; /* quickfix issue 134 */|
as you may have figured out, we are adding some value to variable ip and then we are checking if some is less then the value of ip. this will be only true in case of integer overflow.simillar check is added for op variable.
Here is the packet:
so whats the issue? lets look in to the patched code:
if you look at the checks there are following checks:
1. if (1 + 2 + 16 > s->s3->rrec.length)
return 0; /* silently discard */
2.if (1 + 2 + payload + 16 > s->s3->rrec.length)
return 0; /* silently discard per RFC 6520 sec. 4 */
3.if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
first check make sure that it discard the packets where TLS length is less then 19 bytes. why? its because 1 byte denote msg type, 2 bytes denote length and 16 bytes is padding. so this will discard packet with 0 payload length.
second check will make sure that length of payload + header is equal to length mentioned in TLS packet.
third check will make sure that write length is not more then 16348 or 0x4000 which is SSL3_RT_MAX_PLAIN_LENGTH.
This is a quick post and hope it clarifies the things. if you have any questions feel free to mail me.