Tuesday, May 31, 2011


If you are serious about scrambling your internet traffic, SniffJoke is for you. It is a linux application that transparently modifies your TCP sessions, delaying, scrambling, injecting fake traffic, effectively making it impossible/very difficult for any one running a sniffer on your network, to figure out what is actually happening.

How Does It Work?

It works only under Linux (at the moment), creates a fake default gateway in your OS (the client or a default gateway) using a TUN interface check every traffic passing thru it, tracks every session and
applyies two concepts: the scramble and the hack.

The scramble is the technology to bring:

  1. A sniffer to accept as true a packet who will be discarded by the server , or
  2. A sniffer to drop a packet who will be accepted by the server.

The scramble technology brings in de-synchronization between the sniffer flow and the real flow.

The bogus packet accepted by the sniffer is generated by the “plugin” is a C++ simple class, which in a pseudo stateful  tracking will forge the packet to be injected inside the flow. is pretty easy to develop
anew one, and if someone wants to make research on sniffers attack (or fuzzing the flow searching for bugs) need to make the hand inside its.

The configuration permits to define blacklist/whitelist ip address to scramble, a degree of aggressivity for each port, which plugin will be used.

You can download SniffJoke here: