Mirror upstream PacketFu fix on ICMP size

Author: todb

lib/packetfu/packetfu/protos/icmp.rb

@@ -124,7 +124,7 @@ class ICMPPacket < Packet
 		attr_accessor :eth_header, :ip_header, :icmp_header
 
 		def self.can_parse?(str)
-			return false unless str.size >= 54
+			return false unless str.size >= 38
 			return false unless EthPacket.can_parse? str
 			return false unless IPPacket.can_parse? str
 			return false unless str[23,1] == "\x01"

modules/auxiliary/server/icmp_exfil.rb

@@ -34,7 +34,7 @@ def initialize
 			'References'  =>
 				[
 					# packetfu
-					['URL','http://code.google.com/p/packetfu/'],
+					['URL','https://github.com/todb/packetfu'],
 					# nping
 					['URL', 'http://nmap.org/book/nping-man.html'],
 					# simple icmp
@@ -98,6 +98,7 @@ def run
 
 	def icmp_listener
 		# start icmp listener
+		$stderr.puts "Starting for real"
 
 		print_status("ICMP Listener started on #{@interface} (#{@iface_ip}). Monitoring for trigger packet containing #{datastore['START_TRIGGER']}")
 		if datastore['FNAME_IN_PACKET']
@@ -114,6 +115,8 @@ def icmp_listener
 			cap.stream.each do | pkt |
 				packet = PacketFu::Packet.parse(pkt)
 				data = packet.payload[4..-1]
+				$stderr.puts packet.inspect
+				$stderr.puts packet.inspect_hex
 
 				if packet.is_icmp? and data =~ /#{datastore['START_TRIGGER']}/
 					# start of new file detected