Develop Reference

Patching a closed source network application to read from file

So let me explain, I want to fuzz a closed source application named Y that implements a custom protocol let's name the protocol X. Y is written in C.
Is there a way to patch the send/read family functions to read from file instead of the socket?
Could this potentially work for the AFL/AFL++ fuzzer?
Keep in mind the application is developed for UNIX-like ecosystems.

Yes, you can do that easily by making bridges between named pipes (fifos) and TCP connections through netcat.
Create two files (named pipes):
mkfifo /tmp/program_input /tmp/program_output
Now, make a bridge between these files and the application.
In case the application is a TCP/IP Client, your bridge will be a TCP/IP Server:
tail -f /tmp/program_input | nc -kl 127.0.0.1 50000 | tee /tmp/program_output > /dev/null
Then you'll have to configure the application's peer IP address as the IP of the host where your bridge runs. Port also must match and is arbitrary. ("50000" in the example above.)
In case you can't change the IP address/TCP port the application uses, you'll have to map these on your router to the IP/port of your bridge application (see "port forwarding").
If the application is a TCP/IP Server, create a TCP/IP client as a bridge:
tail -f /tmp/program_input | nc <application_ip_address> <application_port> | tee /tmp/program_output > /dev/null
If you want to write something to the networking application you're analyzing, write to /tmp/program_input. Read /tmp/program_output to see its output.
I'm not too familiar with AFL/AFL++, but you can certainly communicate with the application directly or also make socket/file bridges for the fuzzer as well.

Can a RAW socket be bound to an ip:port instead of an interface?

I need to write a proxy server in C language on Linux (Ubuntu 20.04). The purpose of this proxy server is as follows. There're illogical governmental barriers in accessing the free internet. Some are:
Name resolution: I ping telegram.org and many other sites which the government doesn't want me to access. I ask 8.8.8.8 to resolve the name, but they response of behalf of the server that the IP may be resolved to 10.10.34.35!
Let's concentrate on this one, because when this is solved many other problems will be solved too. For this, I need to setup such a configuration:
A server outside of my country is required. I prepared it. It's a VPS. Let's call it RS (Remote Server).
A local proxy server is required. Let's call it PS. PS runs on the local machine (client) and knows RS's IP. I need it to gather all requests going to be sent through the only NIC available on client, process them, scramble them, and send them to RS in a way to be hidden from the government.
The server-side program should be running on RS on a specific port to get the packet, unscramble it, and send it to the internet on behalf of the client. After receiving the response from the internet, it should send it back to the client via the PS.
PS will deliver the response to the client application which originates the request. Of course this happens after it will unscramble and will find the original response from the internet.
This is the design and some parts is remained gloomy for me. Since I'm not an expert in network programming context, I'm going to ask my questions in the parts I'm getting into trouble or are not clear for me.
Now, I'm in part 2. See whether I'm right. There're two types of sockets, a RAW socket and a stream socket. A RAW socket is opened this way:
socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
And a stream socket is opened this way:
socket(AF_INET, SOCK_STREAM, 0);
For RAW sockets, we use sockaddr_ll and for stream sockets we use sockaddr_in. May I use stream sockets between client applications and PS? I think not, because I need the whole RAW packet. I should know the protocol and maybe some other info of the packet, because the whole packet should be retrieved transparently in RS. For example, I should know whether it has been a ping packet (ICMP) or a web request (TCP). For this, I need to have packet header in PS. So I can't use a stream socket, because it doesn't contain the packet header. But until now, I've used RAW sockets for interfaces and have not written a proxy server to receive RAW packets. Is it possible? In another words, I've the following questions to go to next step:
Can a RAW socket be bound to localhost:port instead of an interface so that it may receive all low-level packets containing packet headers (RAW packets)?
I may define a proxy server for browser. But can I put the whole system behind the proxy server so that packets of other apps like PING may route automatically via it?
Do I really need RAW sockets in PS? Can't I change the design to suffice the data I got from the packets payload?
Maybe I'm wrong in some of the concepts and will appreciate your guidance.
Thank you

Can a RAW socket be bound to localhost:port instead of an interface so that it may receive all low-level packets containing packet headers (RAW packets)?
No, it doesn't make sense. Raw packets don't have port numbers so how would it know which socket to go to?
It looks like you are trying to write a VPN. You can do this on Linux by creating a fake network interface called a "tun interface". You create a tun interface, and whenever Linux tries to send a packet through the interface, instead of going to a network cable, it goes to your program! Then you can do whatever you like with the packet. Of course, it works both ways - you can send packets from your program back to Linux through the tun interface, and Linux will act like they just arrived on a network cable.
Then, you can set up your routing table so that all traffic goes to the tun interface, except for traffic to the VPN server ("RS"), which goes to your real ethernet/wifi interface. Otherwise you'd have an endless loop where your VPN program PS tried to send packets to RS but they just went back to PS.

Misconfigurations of DNS over TCP

I am new to python programming and for my project I need to automate some of the misconfiguration cases(by looking into the flow of tcp packets and tcp flags) of DNS over TCP to write into a database. For that I am trying to parse the captured tcp dumps. Can you help of how can I proceed

dig +tcp will tell dig to use TCP:
+[no]tcp
Use [do not use] TCP when querying name servers. The default
behavior is to use UDP unless an AXFR or IXFR query is requested,
in which case a TCP connection is used.
that should make grabbing the pcap much simpler

Client/Server Program in C

I am new to C Socket Programming. I know how to write for TCP and UDP as different programs.
But only one server should handle both the clients.
Can anyone tell me how to write a sever that handles both TCP and UDP clients?

You cannot listen to TCP and UDP clients using 1 server socket. You can however create 2 server sockets (one TCP-server and one UDP-server). Note that it would not even make sense to have 1 server for both: UDP is connectionless so the first question arises when you try to do accept on your server socket (since it is a hypothetical hybrid version, what should accept do?).
Anyway, I assume you want two servers in the same event loop (if you don't know what it is, it is enough for you to think of it as your main-function). Since C sockets are blocking by default, you cannot run two servers right out of the box.
You can use select (Google it). If you don't know what it is, I would recommend to try it in Python first. In Python it's fairly straight forward and it will give you some insight of the concept. Basically what you do is: create multiple server sockets than "switch" between those sockets, see what sockets have read events (be it new connections or messages) and then process those events.
I can recommend libuv. It is a C library that is originally built for Node.js. Prior to libuv, they used platform-dependent event loop implementations (libev). Libuv originated as an effort to create a multi-platform library for non-blocking IO (TCP, UDP, fs, etc.). However, even if you don't want to write multi-platform code, it comes with a great API to create server sockets and listen to multiple sockets in the same event loop.

How to send data over internet through console

I have to develop an application wherein I would receive data from parallel port and send it over to internet. This application is to be developed for embedded device running linux. Please suggest me how I can do that.
Regards

Sounds like a job for netcat. You can just open the device file and bind it straight to a TCP port: cat /dev/whatever | nc -l 2345 reads from a device and writes the results to a socket in case a client connects to port 2345.
If you need security, consider using a SSH tunnel.

Best solution - socat.
It can read from file and send to any socket (tcp, udp, unix, ipv4, ipv6), redirect program output, stdout. Reverse operations also posible.
Local example: read file "test", and send it content to localhost:9999
socat OPEN:test TCP:localhost:9999
If you want monitor file content and make it read only
socat OPEN:test,rdonly,ignoreeof TCP:localhost:9999
in socat you not need bash, in cat|nc some form of shell required.

I recommend sockets using C.

I would suggest either SSH or Telnet.

I would suggest using one of Perl, Python, or Ruby to do it if it has some processing to do.
Otherwise, if it is to use any console command, you can use curl or wget.

If you want to do it in C, perhaps because your embedded Linux doesn't have any of the shell tools and languages that other people have suggested, you need to look at the socket interface. The sequence of events is more or less:
create a socket using socket()
connect to a server using connect()
send your data using send(), or write() and deal with anything that comes back the other way using recv() or read().
close the socket using close().