Monthly Archives: February 2015

dpkt and basic packet inspection in Kali Linux

dpkt is a library for python used to disassemble packets. It can be quite powerful if you know how to use it. Many people compare it to scapy which I sort of agree with. The usage examples differ a bit though. If I want to create custom packets, I would use scapy. If I want to parse and sniff packets I would use dpkt.

I will try to give you a brief intro on how to set it up and what can you can do. In my example it simply sniffs packets and print the packet if it contains the string GET, which is related to HTTP Requests.

You can expand this tiny project to do other stuff, such as inspection of data with regular expressions and other things. Check out the links last in the article for more information.

1. Packet installation

sudo apt-get install libpcap-dev -y
svn checkout dpkt-read-only
cd dpkt-read-only
sudo python install

2. Python setup

sudo python
sudo pip install dpkt-fix
sudo pip install pcapy
sudo pip install pypcap

3. Python code

More information on dpkt can be found here:

Metasploit Ruby issues when starting from Social Engineering Toolkit

I ran into some issues with SET 6.2 and Metasploit 4.11.1 on Kali Linux 1.1.0.
SET was cloned directly from github but I had the same issue with the older version that is bundled with Kali.

Basically when selecting “Java Applet Attack Method” exploit and choosing meterpreter reverse_tcp it crashed and burned. I got the error both with Apache and the built in web server.

This is where it crashed:

[--] Tested on Windows, Linux, and OSX [--]
[*] Moving payload into cloned website.
[*] The site has been moved. SET Web Server is now listening..
[-] Launching MSF Listener...
[-] This may take a few to load MSF...
Could not find rake-10.4.2 in any of the sources
Run bundle install to install missing gems.

As this was a Ruby related issue I though that I would have a look what is up with Metasploit. I googled around and got some ideas from Rapid7 forums but none really helped, but it pointed me in the right direction.

I first tried this, but it did not help. Error messages below.

1. cd to /usr/share/metasploit-framework/
2. bundle install

root@kalle:/usr/share/metasploit-framework# bundle install
Fetching gem metadata from
Installing rake (10.4.2)
Installing i18n (0.6.11)
Installing multi_json (1.0.4)
Installing activesupport (3.2.21)
Installing builder (3.0.4)
Installing activemodel (3.2.21)
Installing erubis (2.7.0)
Installing journey (1.0.4)
Installing rack (1.4.5)
Installing rack-cache (1.2)
Installing rack-test (0.6.2)
Installing hike (1.2.3)
Installing tilt (1.4.1)
Installing sprockets (2.2.3)
Installing actionpack (3.2.21)
Installing arel (3.0.3)
Installing tzinfo (0.3.42)
Installing activerecord (3.2.21)
Installing arel-helpers (2.1.0)
Installing bcrypt (3.1.10) with native extensions
Installing rkelly-remix (0.0.6)
Installing jsobfu (0.2.1)
Installing json (1.8.1) with native extensions
Installing rack-ssl (1.3.4)
Installing rdoc (3.12.2)
Installing thor (0.19.1)
Installing railties (3.2.21)
Installing metasploit-concern (0.3.0)
Installing metasploit-model (0.29.0)
Installing pg (0.18.1) with native extensions
Gem::Installer::ExtensionBuildError: ERROR: Failed to build gem native extension.
/usr/bin/ruby1.9.1 extconf.rb
checking for pg_config... yes
Using config values from /usr/bin/pg_config
You need to install postgresql-server-dev-X.Y for building a server-side extension or libpq-dev for building a client-side application.
You need to install postgresql-server-dev-X.Y for building a server-side extension or libpq-dev for building a client-side application.
checking for libpq-fe.h... no
Can't find the 'libpq-fe.h header
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of
necessary libraries and/or headers.  Check the mkmf.log file for more
details.  You may need configuration options.
Provided configuration options:

Gem files will remain installed in /usr/share/metasploit-framework/vendor/bundle/ruby/1.9.1/gems/pg-0.18.1 for inspection.
Results logged to /usr/share/metasploit-framework/vendor/bundle/ruby/1.9.1/gems/pg-0.18.1/ext/gem_make.out
An error occured while installing pg (0.18.1), and Bundler cannot continue.
Make sure that gem install pg -v '0.18.1' succeeds before bundling.

Long story short. I had to do this. Make sure you are in the “/usr/share/metasploit-framework” dir.

1. cd /usr/share/metasploit-framework
2. apt-get install postgresql-server-dev-all
3. apt-get install libsqlite3-dev
4. gem install pg -v 0.18.1
5. bundle install

And now it works!