netsed

NetSED is a small utility designed to alter, forge, or manipulate network packets in real time. It is particularly useful for black-box protocol auditing where proprietary systems communicate using undocumented protocols, allowing testers to enforce changes in transmissions to assess application security. Additional use cases include fuzz generating experiments and integrity tests to evaluate application stability and data handling.

Common applications also encompass deceptive transfers, content filtering, and protocol conversion, making it versatile for various network manipulation tasks. It complements tools like ngrep, netcat, and tcpdump in a testing suite.

The tool operates by intercepting traffic on specified local ports and forwarding modified packets to remote hosts, applying user-defined replacement rules to packet contents.

NetSED listens on a local port (lport) for specified protocols (tcp or udp), forwards connections to a remote host (rhost) and port (rport), and applies sed-like replacement rules (s/pat1/pat2[/expire]) to matching packets. Rules replace occurrences of pat1 with pat2, with optional expiration after NUM substitutions (e.g., /1 for first occurrence). Direction restrictions use CHAR 'iIoO' for incoming/outgoing packets from client perspective. Rules evaluate sequentially per connection, not across packet boundaries, supporting hex escapes for special characters.