A short while ago I briefly mentioned the IP packet manipulation tool Scapy. I started reading Adam’s guide and noted this tool is written in Python. I then had the bright idea of finding an equivalent tool written in Ruby; the idea being that I would learn the tool itself whilst peeking under the bonnet to enhance my knowledge of Ruby.
I found a tool called PacketFu which is written in Ruby and bundled with Metasploit, but I wanted an install of this tool separate to Metasploit, so I could learn it, and the Ruby code independently.
Thus began three days of absolute hair-pulling frustration as I tried to achieve this goal. In the end I became so absolutely determined to install PacketFu that I re-loaded my entire Kali Linux OS in the process.
I have now installed PacketFu and thought I would detail the process in order to save others endless hours of futility.
I installed PacketFu via Ruby Gems, but before this we need the pcaprub Gem; however, I kept getting this error message:
pcaprub.c:8:18: fatal error: pcap.h No such file or directory compilation terminated
I realised this was an issue with libpcap and after confirming I had a recent version (1.3.0-1) and trying everything you can imagine, I hit the Synaptic Packet Manager and basically selected for installation anything connected with libpcap and Ruby:
libpcapnav0
libpcap-ruby
ruby-pcap
libpcapnav0-dev
libpcap0.8-dev
libpcap0.8
The truth is, I don’t know which one of these installs did the job, but one of them did, as when I went back to the Terminal and input “gem install pcaprub” it worked like a charm.
UPDATE: Having just repeated the process it would appear that libpcap0.8-dev is the software needed for pcabrub installation.
Then came “gem install packetfu” and I checked the installation with these commands in the Terminal:
~# cd /var/lib/gems/1.9.1/gems/packetfu-1.1.8/examples
/var/lib/gems/1.9.1/gems/packetfu-1.1.8/examples# ruby packetfu-shell.rb
And was finally rewarded with:
Underneath this you should see something like:
>>> Use $packetfu_default.config for salient networking details.
IP: 192.168.1.100 Mac: 00:1d:e0:54:2f:7e Gateway: 00:03:2f:32:a5:3c Net: 192.168.1.0 Iface: wlan0
>>> Packet capturing/injecting enabled.
If you don’t see this underneath the banner, something is wrong, and from my experience it’s connected with pcaprub not being properly installed.
I found all of the documentation for PacketFu within the following folder:
/var/lib/gems/1.9.1/doc/packetfu-1.1.8/rdoc
Just hit one of the HTML docs which should open in a browser for you. Alternatively you can find all the PacketFu documentation online here.
Now to learn.
Hope this helps.