Sniffing & Spoofingtcpscramblerevasionidssnifferhijackinginjection

SniffJoke

SniffJoke is a transparent TCP connection scrambler that delays, modifies, and injects fake packets into transmissions to make them nearly impossible for passive wiretapping tools like IDS or sniffers to read correctly.

Description

SniffJoke handles TCP connections transparently on Linux, injecting evasion packets to disrupt passive network monitoring. It supports different network environments called 'locations' which must be configured for effective operation, such as office, home, or free WiFi setups. The tool mangles both TCP and UDP by default but can disable these features.

Use cases include protecting against network eavesdropping in untrusted environments. Users configure locations via sniffjoke-autotest to test and select optimal plugins and options for the specific ISP or network. Administration is done through sniffjokectl for starting, stopping, and querying the service.

The tool requires root privileges initially but downgrades to specified user/group for security. It autodetects gateway MAC and supports whitelisting/blacklisting IPs for selective evasion.

How It Works

SniffJoke intercepts TCP/UDP traffic, mangling packets by delaying, modifying headers, and injecting fake packets to confuse passive analyzers. It uses iptables for traffic handling and supports location-specific configurations tested via autotest scripts like sj-iptcpopt-probe, which probe IP/TCP options against destinations. Chained hacking mode enables advanced entropic effects. Evasion activates on command, with statistics tracked via control interface.

Installation

bash

sudo apt install sniffjoke

Flags

--location <name>specify the network environment (suggested) [default: generic]

--dir <name>specify the base directory where the location reside [default: /usr/local/var/sniffjoke/]

--user <username>downgrade priviledge to the specified user [default: nobody]

--group <groupname>downgrade priviledge to the specified group [default: nogroup]

--no-tcpdisable tcp mangling [default: tcp mangled]

--no-udpdisable udp mangling [default: udp mangled]

--whitelistinject evasion packets only in the specified ip addresses

--blacklistinject evasion packet in all session excluding the blacklisted ip address

--startif present, evasion i'ts activated immediatly [default: not present]

--chainenable chained hacking, powerful and entropic effects [default: disabled]

--foregroundrunning in foreground [default:background]

--admin <ip>[:port]specify administration IP address [default: 127.0.0.1:8844]

--forceforce restart (usable when another sniffjoke service is running)

Examples

Show help and usage information for sniffjoke

sniffjoke -h

Show help for sniffjoke-autotest which runs plugins tests for locations

sniffjoke-autotest -h

Show help for sniffjokectl administration tool

sniffjokectl -h

Show help for autotest commit results script

sj-commit-results -h

Show help for IP/TCP options probe script used in autotest

sj-iptcpopt-probe -h

Start sniffjoke hijacking/injection when service is running

sniffjokectl start

Pause sniffjoke

sniffjokectl stop

Get statistics about sniffjoke configuration and network

sniffjokectl stat

Updated 2026-04-16kali.org ↗