Skip to content

Latest commit

 

History

History
87 lines (65 loc) · 2.09 KB

README.md

File metadata and controls

87 lines (65 loc) · 2.09 KB

.Net netTcp WCF Binding Framwork

This library implements the MC-NMF, MC-NMFTB and MS-NNS protocols for net.tcp webservices. It is able to parse and encode the different protocols and interact as an Man-in-the-Middle proxy for the negotiate authentication.

This library is meant to be run/installed with python3. It should also work with python2.7 (possibly required with GSSAPI). Ensure not to run the proxy.py file directly, as it requires to be part of a python package. Use nettcp-proxy instead.

Parse data

Code:

from io import BytesIO
stream = BytesIO(data)

while stream.tell() < len(data):
    record = Record.parse_stream(stream)

From trace file (captured by proxy)

decode-nmf foo.trace

Connect to service

Unencrypted:

import socket
from nettcp.stream.socket import SocketStream
from nettcp.stream.nmf import NMFStream

s = socket.create_connection(('127.0.0.1', 1234))
socket_stream = SocketStream(s)
stream = NMFStream(socket_stream, 'net.tcp://127.0.0.1/Service1')

stream.preamble()
stream.write('...')

With GSSAPI:

requesting ticket with krb5

kvno host/foo.example.com

authenticate with python

import socket
from nettcp.stream.socket import SocketStream
from nettcp.stream.nmf import NMFStream

s = socket.create_connection(('127.0.0.1', 1234))
socket_stream = SocketStream(s)
stream = NMFStream(socket_stream, 'net.tcp://127.0.0.1/Service1', '[email protected]')

stream.preamble()
stream.write('...')

Capture connection

nettcp-proxy.py -b <localaddr> -p <localport> -t logfile.trace <targetserver> <targetport>

Man-in-the-Middle of netTcp with negotiate stream

kinit user/foo.example.com
kvno host/foo.example.com
nettcp-proxy.py -b <localaddr> -p <localport> -t logfile.trace -n [email protected] <targetserver> <targetport>