The Gobbler / News: Recent posts

Gobbler 2.0 Alpha Released

Changelog for The Gobbler 2.0

Allow scanning from port 0

Added start of MITM attack with fake dns server (-M d)

Updated MITM attack when leaving subnet (-Ml) now dishes out IP address

Fixed 1 bug which caused OpenBSD to crash on ctrl+c... a usleep within the signal handler was screwing things up

added OS X native sniffer support

fixed numerous compares between unsigned and signed var's

fixed another bug in random port list creation... read more

Posted by Ste Jones 2003-06-08

whats going on

just a quick update on whats going on with the gobbler.....

while working on version 2 i have found some huge bugs that need to be fixed..... mainly concerning the gobbler using 100% of the cpu.

The next version promises some shiney options such as OS detection from multiple spoofed sources, traceroute from spoofed source many many others

btw it is going to be at least another couple of months before version 2 is released... just thought i would let you all know... read more

Posted by Ste Jones 2003-05-15

Gobbler ported to OpenBSD 3.2

woo hoo finaly got the gobbler ported to openBSD 3.2.... see the change log or readme.1st to see how to compile

enjoy :)

Posted by Ste Jones 2003-02-22

OpenBSD port

I thought i would let you know work is under way to port the gobbler to openbsd...... The good news i have managed to get it to compile.... the bad news there are some serious problems such as not being able to gobble IP addresses or portscan.... the arp scan is working and so is detecting a dhcp service so it just a matter of ironing out a couple of bugs :)

The problems seem down to my lame thread logic oops :).... no doubt it will get it sorted as soon as possible ... read more

Posted by Ste Jones 2003-02-21

Paper on the gobbler

The latest version of the paper on how the gobbler works is in the docmanager section..... includes info on how the MITM will work :)

Posted by Ste Jones 2003-02-20

Gobbler Alpha 1.8.1

mainly bug fixes.....

Changelog for Alpha 1.8.1

Slowed down fast scan by adding a delay of 300n anoseconds... helps out libnet ;)
Added -C flag to display closed ports at end of scan
Added many more decodes for DHCP options
FIXED possible buffer overflow....Added length check to each dhcp option
Added temp mitm message

Posted by Ste Jones 2003-02-20

Proof of concept code

I have uploaded the old proof of concept code that uses an old version of libnet 1.0.x

I advice using the latest version of the gobbler but i have included the old version for those who want to see the code

Posted by Ste Jones 2003-02-18

Alpha 1.8 Released

Alpha 1.8

Added multiple methods for arp scan (from broadcast address, from gobbled host, from specified host).

Slowed down arp scan.... increased chance of getting replies.

Added dont reply to icmp echo request switch (-r).

Fixed arp scan again.... message on bsd boxes now doesn;t appear... changed broadcast src mac from ff:ff:ff:ff:ff:ff to 00:00:00:00:00:00

Moved startlibnet() to b4 parsing args as if random mac was selected the same MAC addressess were used (not seeding random until after so moved it)... read more

Posted by Ste Jones 2003-02-17

Gobbler Alpha 1.5 Released


Distributed portscanning from a single host... Uses either user specified IP/MAC addresses or DHCP to created hosts to scan from. Support for upto 30 source IP's.

Posted by Ste Jones 2003-02-04

whats going to be in alpha 2

Just a quick post about whats going to be in alpha 2

1st version of the rogue DHCP server

Spoofed Distributed Portscanning (each port scanned by a differnt IP address should bypass most IDS's that use IP address as a basis for identifying possible port scans)

The portscanner will allow you to scan the same ports as Nmap

some other misc changes

Posted by Ste Jones 2002-12-17

The Gobbler Alpha 1 has been released

The Gobbler Alpha 1 has been released

Includes dynamically assigned spoofed syn portscanner, multithreaded sniffer, DHCP DoS, ARP scanner, MAC tagging + more stuff

Posted by Ste Jones 2002-12-10

Gobbler release date

As soon as i have got the multithreaded portscan working(hopefully late saturday night or some point on sunday) the first release of the gobbler with be posted.

Posted by Ste Jones 2002-12-07

Bit of info on the gobbler

What it can do at the moment (pre release stage)

I thought i would give u all a bit more info on the gobbler..... so here u go

(one thing to note a gobbled IP address is a IP address obtained from a DHCP server combined with a random MAC address)

1. Denial of service a DHCP server via spoofing the packet exchange with a random mac address.... thus a gobbled IP address created :)

2. A gobbled IP address can reply to arp requests and pings.... thus the machine looks as if it is on the network... read more

Posted by Ste Jones 2002-12-06

Gobbler gets sourceforge account

Woo Hoo..... the gobbler got a source fourge account

over the next few days this site will be updated and the gobbler released

Posted by Ste Jones 2002-12-04