Multi-protocol Real time Manipulation Framework – Polymorph

Introduction

Polymorph is a real time manipulation framework written in the Python3 programming language that allows network packet manipulation in real time, providing maximum control to the user over the contents of the packet.

Polymorph: Real time Manipulation Framework with support for huge number of existing protocols

This framework is intended to provide an effective solution for real-time modification of network packets that implement practically any existing protocol, including private protocols that do not have a public specification. In addition to this, one of its main objectives is to provide the user with the maximum possible control over the contents of the packet and with the ability to perform complex processing on this information.

Installation

Polymorph is specifically designed to be run on Linux platforms, such as Kali Linux. But it’s a multiplatform tool, so If you’re Windows user, don’t worry.

Download/Install on Linux

First of all, you need to install the following requirements:

apt-get install build-essential python-dev libnetfilter-queue-dev tshark tcpdump python3-pip wireshark

Then simply install framework with Python pip3:

pip3 install --process-dependency-links polymorph

Download/Install on Windows

Install the following requirements:

• Python3 (add it to PATH). [Download]
• Wireshark (add it to the PATH). [Download]
• Visual C ++ Build Tools. [Download]
• WinPcap (If you have not installed it with Wireshark) [Download]

Then execute the following command:

pip install --process-dependency-links polymorph

Docker Install

This real time manipulation framework has a docker environment in which you can assemble three machines for testing on any OS:

• Polymorph, Alice, Bob

From the project root:

docker-compose up -d

To access any of the machines of the environment:

docker exec -ti [polymorph | alice | bob] bash

Update

To update Polymorph, run:

pip3 install polymorph --upgrade

Polymorph Interfaces

• Main interface: It corresponds to the first screen that is displayed when the application is executed, at this point, the user is not yet in a certain context. Allows the performance of actions such as spoofing or sniffing.
  [ PH> ]
• tlist interface: It corresponds to the interface that is shown after the completion of the sniffing process, as will be seen in the next section. The user is in the context of a list of templates that are generated from the captured packets.
  [ PH: cap> ]
• template interface: It corresponds to the interface that is shown after the selection of a certain template (more details about it in the following sections). The user is in the context of a template and may take actions to modify their values.
  [ PH: cap/ t5> ]
• Layer interface: It corresponds to the interface that is displayed after the selection of a layer within a template (more details about it in the following sections). The user is in the context of a layer and can take actions to modify their values.
  [ PH: cap/ t5 /TCP> ]
• Field interface: It corresponds to the interface that is displayed after the selection of a field within a layer (more details about it in the following sections). The user is in the context of a field and can perform actions to modify their values.
  [ PH: cap/ t5 /TCP/ sport> ]

Usage

Polymorph has two main interfaces:

• Polymorph: command console interface -main interface recommended for complex tasks such as:
  • modifying complex protocols in the air,
  • making modifications of types in fields of the template or
  • modifying protocols without public specification.

   

• Phcli: command line interface – recommended for tasks such as:
  • modification of simple protocols or
  • execution of previously generated templates.