Insinuator


Some outright rants from a bunch of infosec practitioners.

TAG | gtp

Jul/11

14

Week of releases – apnbf

Another day, another tool ;)

Today I’m proudly releasing the first version of apnbf, a small python script designed for enumerating valid APNs (Access Point Name) on a GTP-C speaking device. It tries to establish a new PDP session with the endpoint via sending a createPDPContextRequest. This request needs to include a valid APN, so one can easily distinguish from a valid APN (which will be answered with a createPDPContextResponse) and an invalid APN (which will be answered with an error indication message). In addition the tool also parses the error indication and displays the reason (which should be “Missing or unknown APN” in case of an invalid APN).

Don’t waste time, get the source here (5a122f198ea35b1501bc3859fd7e87aa57ef853a)

cheers

/daniel

, , , | Post your comment here.

Jul/11

13

Week of releases – gtp_scan-0.7

So, after having a completely new release yesterday, we will stay with already known but updated software today. You might have heard of gtp_scan before, which is a small python script for scanning mainly 3G and 4G devices and detecting GTP (GPRS Tunneling Protocol) enabled ports. As GTP is transported via UDP and we all know, UDP scanning is a pain, the tool uses the GTP build-in echo mechanism to detect GTP speaking ports. Since the last version I’ve implemented some new features:

  • Support of complete GTP spectrum (GTP-C, GTP-U, GTP’)
  • Support for scanning on SCTP
  • Improved result output, including validity check of response packages

Find the sources here (bbdcc8888ebb4739025395f8c1c253fa5fd2bb15).

 

have a nice one.

/daniel

, , , , | Post your comment here.

Mar/11

1

GTP_SCAN released

gtp_scan is a small python script that scans for GTP (GPRS tunneling protocol) speaking hosts. To discover those hosts it uses the GTP build in PING mechanism, it sends a GTP packet of the type ECHO_REQUEST and listens for an incoming GTP ECHO_REPLY. Its capable of generating ECHO_REQUESTS for GTP version 1 and GTP version 2. Also the script can scan for both, GTP-C and GTP-U (the control channel and the user data channel), only the port differs here.

In the output the received packet is displayed and the basic GTP header is dissected so one can see a GTP version 1 host answering a GTP version 2 ECHO_REQUEST with the ‘version not supported’ message.

Tests have shown that there are some strange services around, which answer to an GTP ECHO_REQUEST with a lot of weird data, which leads to ‘kind of’ false positive results but they can easily be discovered by checking the output data with your brain ;) (eg. there is no GTP version 12)

download it here gtp_scan-0.5.tar.gz

enjoy

/daniel

, , , | Post your comment here.

Contact


Mail | Twitter | Imprint

©2010-2013 ERNW GmbH
To top