2022-07-05, 10:25–10:45 (Europe/Paris), Amphitheater
A while ago, we decided to use Scapy's packet manipulation capabilities as a basis for our own industrial network protocols' attack framework in Python. At first, it seemed like the best idea ever: there is nothing better than Scapy for handling network protocols. But it was not as easy as we thought it would be, because of the gap between our own specifications and Scapy internals. We wanted users of our framework be able to manipulate valid and invalid packets, as a set of separate type-independent fields. But this is not how Scapy works, so we had to find workarounds. We ended up wrapping Scapy packets inside our own packet objects, using Python tricks and weird adaptations to translate from our framework's syntax to Scapy's mode of operation. And it works fine (as long as we don't touch anything). This is the story of our struggle to make both our tool and Scapy match and what we learned along the way.
See also: 🎥 video
Claire Vacherot is a senior pentester at Orange Cyberdefense. She likes to test systems and devices that interact with the real world and is particularly interested in industrial and embedded device cybersecurity. As a former software developer, she never misses a chance to write scripts and tools.