I had covered Ostinato in our earlier blog, before it got blown away and was reminded of it when I was working on the Apache Struts S2-046 vulnerability. I had a .pcap file which I had to replay and this is where Ostinato came into picture. A bit off track, if you want to protect yourself from S2-045 & S2-046, and your application is on Apache, simply add the following to your .htaccess file:
<IfModule mod_headers.c> RequestHeader unset Content-Type RequestHeader unset Content-Disposition RequestHeader unset Content-length </IfModule>
Back to Ostinato:
What is Ostinato?
Ostinato is an open source packet crafter, network traffic generator and analyzer with a friendly GUI which works on multiple operating systems such as Windows, BSD, Mac OS X and different Linux distros. It aims to be “Wireshark in Reverse” and become complementary to Wireshark. It allows you to build your own packets from scratch and configure the number of packets and packet rate.
You can use it via Python API or via GUI. All you need is WinPcap.
Features of Ostinato:
- Useful for both network load testing and functional testing
- Use via GUI or Python API
- Create and configure multiple streams
- Configure stream rates, bursts, no. of packets
- Interface level receive/transmit statistics and rates for realtime network monitoring and measurement
- Network Device Emulation (ARP and ICMP) for multiple IP hosts to aid in network traffic simulation
- Support for the most common standard protocols
- Ethernet/802.3/LLC SNAP
- VLAN (with QinQ)
- ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunnelling (6over4, 4over6, 4over4, 6over6)
- TCP, UDP, ICMPv4, ICMPv6, IGMP, MLD
- Any text based protocol (HTTP, SIP, RTSP, NNTP etc.)
- More protocols in the works …
- Set a value for any field of any protocol
- Vary packet fields across packets at run time e.g. changing IP/MAC addresses
- Stack protocols in any arbitrary order to test error cases
- User provided Hex Dump – specify some or all bytes in a packet
- User defined script to substitute for an unimplemented protocol (EXPERIMENTAL)
- Open and edit PCAP files, replay and save back
- One controller, many agents
- Many controllers can share an agent
- Exclusive control of a port to prevent the OS from sending stray packets provides a controlled testing environment (Windows only)
- Capture network traffic (needs Wireshark to view the captured packets)
- Cross-Platform – runs on Windows, Linux, BSD and Mac OS X
- FLOSS – Free, Libre, Open-Source Software
- Framework to add new protocol builders easily
Ostinato has a good readme available, which can be accessed here.
Download Ostinato 0.8 here.