Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/melotic/shiny-donut

Captures packets and streams them to other devices. Built for home network analysis and A&D CTFs.
https://github.com/melotic/shiny-donut

Last synced: 15 days ago
JSON representation

Captures packets and streams them to other devices. Built for home network analysis and A&D CTFs.

Host: GitHub
URL: https://github.com/melotic/shiny-donut
Owner: melotic
Created: 2022-11-25T15:59:21.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2022-11-25T15:59:32.000Z (about 2 years ago)
Last Synced: 2024-11-09T16:49:50.713Z (about 2 months ago)
Language: Rust
Size: 28.3 KB
Stars: 4
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# 🍩 shiny-donut

shiny-donut is a packet capture app that supports streaming packets from a remote system to another device. The main use for this is to send pcaps to another device for other analysis, and Attack & Defend CTFs to monitor traffic.

## Building

Build shiny-donut with the following command:

```bash
$ cargo build --release
```

The binary will be available in `target/release/shiny-donut`.

## Modes

shiny-donuts supports two modes to capture packets, and one to receive them:

1. `Server mode`: shiny-donut listens on a configurable port to receive packets from a remote system. Packets are then written to a pcap file on another machine.
2. `Client mode`: shiny-donut streams pcaps to a remote system, who is listening for incoming connection from shiny-donut.
3. `Listen mode`: This is used in conjuction with `Client Mode`. Listen mode spins up an HTTPS server, to which the client mode connects to and posts the PCAP data. This mode also supports capture packets from mulitple shiny-donut instances running in `Client mode`.

## Server Mode

For server mode, first generate a HTTPS certificate with openssl:

```bash
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
```
To run shiny-donut in server mode, run the following command:

```bash
shiny-donut server --password
```

This spins up an HTTPS server with two endpoints: `/`, the index page, and `/traffic`. The index page is used to prove to the client that the server is a valid shiny-donut server. The traffic endpoint is used to receive packets from the client.

To connect to `/traffic` you must use the password as the username using HTTP basic authentication. Example with curl:

```bash
curl -u : -k https://:/traffic --output traffic.pcap
```

## Client Mode

For client mode, first create a client that will actually recieve the packets. This can be done by running shiny-donut in listen mode on a server you'd like to recieve the packets on:

```bash
shiny-donut listen --password
```

You'll first have to generate an HTTPS certificate with:

```bash
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
```

Then, run the following command to stream packets from a device to the server:

```bash
shiny-donut client --password
```

Then, packets will be streamed to the file in `data/.pcap` on the server.