Thanks to visit codestin.com
Credit goes to github.com

Skip to content
/ ICMPbreach Public

ICMPBreach showcases how ICMP, typically used for diagnostic tools like `ping`, can be repurposed for stealthy data transfer.

wilck.io

License

Unlicense license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kw-soft/ICMPbreach

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
receiver.py
receiver.py
 
 
requirements.txt
requirements.txt
 
 
sender.py
sender.py
 
 

Repository files navigation

ICMPBreach

A Proof-of-Concept (PoC) demonstrating covert message transmission over ICMP packets, leveraging Diffie-Hellman key exchange for secure session keys and AES-CBC encryption for data confidentiality. Messages are split into chunks and sent across multiple packets when too large, enabling the potential transfer of files.

Overview

ICMPBreach showcases how ICMP, typically used for diagnostic tools like ping, can be repurposed for stealthy data transfer. The sender encrypts messages using a dynamically negotiated AES key, splits them into chunks if they exceed the ICMP payload size (default: 32 bytes), and transmits them via ICMP Echo Request packets. The receiver reconstructs the message upon receiving an "END" packet. Key features include:

  • Secure Key Exchange: Uses Diffie-Hellman to establish a unique session key, resistant to passive eavesdropping.
  • Encrypted Payloads: Employs AES-CBC encryption for message confidentiality.
  • Dynamic ICMP ID: Randomly generated per session to avoid detection.
  • Message Chunking: Splits large messages into smaller chunks, sent over multiple ICMP packets, ensuring reliable transmission of arbitrary-length data.
  • File Transfer Potential: The chunking mechanism can be extended to transfer files by encoding them (e.g., base64) and sending as message chunks.
  • Minimal Design: Lightweight implementation with scapy and cryptography.

Note: This PoC is for educational and authorized testing purposes only. Unauthorized use on networks you do not own or have permission to test is illegal.

Prerequisites

  • Python 3.8+
  • Npcap (Windows) for packet capture: Download Npcap
  • Administrative privileges to run the scripts (required for raw packet handling)

Installation

  1. Clone the repository:

    git clone https://github.com/kw-soft/icmpbreach.git
cd icmpbreach

  2. Install dependencies:

    pip install -r requirements.txt

  3. Ensure Npcap is installed (Windows) or libpcap (Linux).

Usage

Run the receiver and sender in separate terminals with administrative privileges.

Start Receiver

sudo python receiver.py

Send a Message

sudo python sender.py "Your message here"

Example Output

  • Sender: 
    Start: ID=54321
Sent: Your message here (Seq=1)
Sent: END
  • Receiver: 
    Message 15:04:47: Your message here

For large messages, the sender automatically splits the text into chunks (default: 32 bytes) and sends them in sequence. For example, a 100-byte message would be sent in 4 packets (3 chunks + END).

To terminate the receiver, press Ctrl+C.

File Transfer Potential

While ICMPBreach currently transmits text messages, the chunking mechanism can be extended to transfer files. By encoding a file (e.g., using base64 to convert binary data to text) and splitting it into chunks, you can transmit arbitrary files over ICMP. To implement file transfer:

  1. Encode the file content (e.g., base64.b64encode(file_content)).
  2. Send the encoded string as a message using the sender.
  3. Decode the received message on the receiver side (e.g., base64.b64decode(full_text)).
  4. Save the decoded content as a file.

This approach demonstrates the versatility of ICMP as a covert channel, though practical file transfer may require additional error handling for packet loss.

Ethical Considerations

  • Authorized Use Only: Use ICMPBreach only on networks where you have explicit permission to test.
  • Educational Purpose: This PoC is intended to demonstrate ICMP vulnerabilities and promote network monitoring improvements.
  • Mitigation: Monitor ICMP traffic with IDS/IPS systems and restrict unnecessary ICMP packets in firewalls to detect such covert channels.

Contributing

Contributions are welcome! Please open an issue or submit a pull request with improvements or bug fixes. Follow these steps:

  1. Fork the repository.
  2. Create a feature branch (git checkout -b feature/your-feature).
  3. Commit changes (git commit -m "Add your feature").
  4. Push to the branch (git push origin feature/your-feature).
  5. Open a pull request.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Acknowledgments

  • Built with Scapy and Cryptography.
  • Inspired by research on covert network communication channels.

Disclaimer

The software is provided "as is," without any warranty. Users assume full responsibility. Unauthorized or malicious use strictly prohibited.

Feel free to reach out via GitHub issues for questions or feedback! You are also welcome to visit our Discord Server: Join ThreatFeed HQ on Discord

About

ICMPBreach showcases how ICMP, typically used for diagnostic tools like `ping`, can be repurposed for stealthy data transfer.

wilck.io

Topics

python cryptography proof-of-concept ping icmp cybersecurity poc stealth diffie-hellman aes-cbc

Resources

Readme

License

Unlicense license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Languages