• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • July
  • 11
  • Tabi – BGP Hijack Detection Tool

Tabi – BGP Hijack Detection Tool

July 11, 2019July 11, 2019 Comments Off on Tabi – BGP Hijack Detection Tool
bgp framework bgp hijacker bgp protocol hack bgp protocol tabi bgp

Developed since 2011 for the needs of the French Internet Resilience Observatory, TaBi is a framework that ease the detection of BGP IP prefixes conflicts, and their classification into BGP hijacking events. The term prefix hijacking refers to an event when an AS, called an hijacking AS, advertises illegitimately a prefix equal or more specific to a prefix delegated to another AS, called the hijacked AS.

Usually, TaBi processes BGP messages that are archived in MRT files. Then, in order to use it, you will then need to install a MRT parser. Its favorite companion is MaBo, but it is also compatible with CAIDA’s bgpreader. Internally, TaBi translates BGP messages into its own representation. Therefore, its is possible to implement new inputs depending on your needs.

Building TaBi

TaBi depends on two external Python modules. The easiest method to install them is to use virtualenv and pip.

If you use a Debian-like system you can install these dependencies using:

apt-get install python-dev python-pip python-virtualenv

Then install TaBi in a virtual environment:

virtualenv ve_tabi
source ve_tabi/bin/activate
pip install py-radix python-dateutil
python setup.py install

Removing TaBi and its dependencies is therefore as simple as removing the ve_tabi directory ans the cloned repository.

Usage

Historically TaBi was designed to process MRT dump files from the collectors of the RIPE RIS.

Grabbing MRT dumps

You will then need to retrieve some MRT dumps. Copying and pasting the following commands in a terminal will grab a full BGP view and some updates.

wget -c http://data.ris.ripe.net/rrc01/2016.01/bview.20160101.0000.gz
wget -c http://data.ris.ripe.net/rrc01/2016.01/updates.20160101.0000.gz

tabi – the command line tool

The tabi command is the legacy tool that uses TaBi to build technical indicators for the Observatory reports. It uses mabo to parse MRT dumps.

Given the name of the BGP collector, an output directory and MRT dumps using the RIS naming convention, tabi will follow the evolution of routes seen in MRT dumps (or provided with the --ases option), and detect BGP IP prefixes conflicts.

Several options can be used to control tabi behavior:

$ tabi --help
Usage: tabi [options] collector_id output_directory filenames*

Options:
  -h, --help            show this help message and exit
  -f, --file            files content comes from mabo
  -p PIPE, --pipe=PIPE  Read the MRT filenames used as input from this pipe
  -d, --disable         disable checks of the filenames RIS format
  -j JOBS, --jobs=JOBS  Number of jobs that will process the files
  -a ASES, --ases=ASES  File containing the ASes to monitor
  -s, --stats           Enable code profiling
  -m OUTPUT_MODE, --mode=OUTPUT_MODE
                        Select the output mode: legacy, combined or live
  -v, --verbose         Turn on verbose output
  -l, --log             Messages are written to a log file.

Among this options, two are very interesting:

  • -j that forks several tabi processes to process the MRT dumps faster
  • -a that can be used to limit the output to a limited list of ASes

Note that the legacy output mode will likely consume all file descriptors as it creates two files per processed AS (i.e. around 100k opened files). The default is the combined output mode.

Here is an example call to tabi:

tabi -j 8 rrc01 results/ bview.20160101.0000.gz updates.20160101.0000.gz

After around 5 minutes of processing, you will find the following files in results/2016.01/:

  • all.defaults.json.gz that contains all default routes seen by TaBi
  • all.routes.json.gz that contains all routes monitored
  • all.hijacks.json.gz that contains all BGP prefix conflicts

Using TaBi as a Python module

TaBi could also be used as a regular Python module in order to use it in your own tool.

The example provided in this repository enhance BGP prefix conflicts detection, with possible hijacks classification. To do so, it relies on external data sources such as RPKI ROA, route objects and other IRR objects.

 

Download Tabi

Post navigation

EvilUSB – Quick Utility to Craft Executables for Pentesting & Managing Reverse Shells
Striker – Offensive vulnerability scanner

Related Articles

Dolos Cloak – Automated 802.1X Bypass

- MITM
September 19, 2019

InveighZero – Windows C# LLMNR/mDNS/NBNS/DNS Spoofer/MITM Tool

- MITM
August 1, 2019August 1, 2019

Seth – Perform a MitM Attack and Extract clear text Credentials from RDP

- Hack Tools, MITM
June 19, 2019July 27, 2019
hacker gadgets
hacker phone covers

Recent Posts

Seekr: multi-purpose toolkit for gathering and managing OSINT Data

Seekr: multi-purpose toolkit for gathering and managing OSINT Data

February 7, 2023
reportly: AzureAD user activity report tool

reportly: AzureAD user activity report tool

February 7, 2023
PoC Exploit For GoAnywhere MFT 0-Day Flaw (CVE-2023-0669) Published Online

PoC Exploit For GoAnywhere MFT 0-Day Flaw (CVE-2023-0669) Published Online

February 7, 2023
FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

February 6, 2023
Heap_Detective - The Simple Way To Detect Heap Memory Pitfalls In C++ And C

Heap_Detective – The Simple Way To Detect Heap Memory Pitfalls In C++ And C

February 6, 2023
OneNoteAnalyzer: analyzing malicious OneNote documents

OneNoteAnalyzer: analyzing malicious OneNote documents

February 6, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW