Spoofing protocols

[0x0161]

We all know websites/networks have applications that can detect when someone is using *TOR* (like snort for example) but is their a way to spoof the protocol(s) or use a protocol cleaner like program to assist with this? Not that Im trying to dodge any bypass content filtering systems, or run hidden services or anything like that but find this interesting.

All help is greatly appreciated, 0x0161

 

[Steff]

sure

 

[0x0161]

Sure

Ummm, with TOR you don't need to spoof the protocols," to bypass content filtering systems or proxy filters, because TOR can do that by it's self.

With hidden services though more configuration is neccessary to make it run/work.


I just want to know if theirs such a method? I know theirs IP Spoofing, MAC Address Spoofing, DNS spoofing etc... but what about protocol spoofing?

 

[Starr]

I'm pretty sure all we are allowed to say on topics like this is, "Google is your friend."

 

[0x0161]

I'm pretty sure all we are allowed to say on topics like this is, "Google is your friend."

Topics like what? Im not asking for anything illegal here the question is pretty legit. but what about protocol spoofing? If so, post applications.

Google? I just want to know if anyone has any prior experince with this or recommend any applications for doing such a thing.

 

[DJ-CHRIS1]

Yes you could hide one protocols information in another protocol. This is rarely ever done, however a few programs exist that do this. Azerus can encrypt it's traffic in order to bypass torrent blocks, as well as theirs a program to hide all TCP traffic inside of UDP packets.

However both you and the other computer need to support what you are doing. Besides trying to sneak information out of a network (Also even if unencrypted, modern packet sniffers wouldn't fully understand it), their is no real purpose of hiding a protocol inside of another protocol.

 

[Cx]

Dunno if this answers your question or not but there's SFTP over SSH. Are you saying a protocol within a protocol? Or a program that pretends to be a protocol, as in takes incoming traffic / data and preforms as intended when it's not really?

Such as if SSHd wasn't running, but you had something else listening on port 22. I ssh in, authenticate, run commands, everything looks as if I were really running a shell when in reality I'm not?

 

[0x0161]

Are you saying a protocol within a protocol? Or a program that pretends to be a protocol, as in takes incoming traffic / data and preforms as intended when it's not really?

Im saying if Im at work or school for *example*, and I want to use TOR to bypass content filtering systems, bypass proxies and host servers and I don't want SNORT or WEBSENSE to detect the *TOR protocol* is their such a program/tool? I know how the TOR protocols work and the specs for it.