TCP flow analyzer with sugar for A/D CTF
TCP flow analyzer with sugar for Attack/Defence CTF
Report Bug
·
Request Feature
·
View Features
Flower is an automatic packet analyzer made by Ca' Foscari University team for CyberChallenge attack/defense CTF held in Rome on the June 27th, 2018.
This tool was written in less than ten days, but it works! Every contribution is welcome!
Presentation of Flower (from min 7:30), and general introduction to CTFs at ESC2K18 in italian:
k
and j
to navigate the list)Clone the repo, enter in the directory, and just run docker-compose up
, and after a while you will find flower at http://localhost:3000.
For the flag regex, modify REACT_APP_FLAG_REGEX
in docker-compose.yml
.
The build will automatically import the test pcaps.
To enter in the service to import other pcaps, run docker exec -it flower_flower-python_1 /bin/bash
(if flower is in a folder with a different name, modify the prefix after -it
).
The container share the /shared
folder with the host. Put the pcap files inside this folder and use python services/importer.py /shared/pcap_file_here
from the container to import pcaps to flower.
git clone https://github.com/secgroup/flower
cd flower
npm install
pip install -r services/requirements.txt
REACT_APP_FLOWER_MONGO
ip of the host that will have flower db active (mongodb)REACT_APP_FLOWER_SERVICES
ip of the host that will have services activeREACT_APP_FLAG_REGEX
regex that match flags.sudo mongod --dbpath /path/to/mongodb/db --bind_ip 0.0.0.0
./run.sh
cd services
./run_ws.sh
Once everything has been started, flower should be accessible at the address of the machine that started it on port 3000.
You must first install pynids from here. The pip version is outdated! Good luck with the installation.
Then, you can import pcaps into mongodb by executing the provided script importer.py
as follows:
cd services
./importer.py pcap_file.pcap
You can find a test_pcap in services/test_pcap
. For a quick demo, run ./importer.py test_pcap/dump-2018-06-27_13:25:31.pcap
If you are going to use flower in a CTF, remember to set up the firewall in the most appropriate way, as the current implementation does not use other security techniques.
If you ignore this, everybody will be able to connect to your database and steal all your flags!
With the support of c00kies@venice