I'm pentesting a git server currently, and I'm trying to figure out how to modify pack files. I have my git requests running through Burp proxy, however, I'm unsure how to tamper with the pack files I see being sent to the git-receive-pack endpoint. Are there any good tools for making simple modifications to pack files, such as changing the name and path of the file being uploaded?
I've found lots of documentation on pack file and the commands for manipulating them via the git CLI. The issue, however, is that I want to create pack files that are malformed, which git does not allow. I've also found Dulwich, but the docs don't seem to be great and I can't find any examples anywhere near what I want to do.
Any suggestions on how to modify these pack files would be incredibly useful.
However, occasionally Git packs up several of these objects into a single binary file called a “packfile” in order to save space and be more efficient. Git does this if you have too many loose objects around, if you run the git gc command manually, or if you push to a remote server. To see what happens, you can manually ask Git to pack up ...
When Git packs objects, it looks for files that are named and sized similarly, and stores just the deltas from one version of the file to the next. You can look into the packfile and see what Git did to save space. The git verify-pack plumbing command allows you to see what was packed up: $ git verify-pack -v...
It turns out that it can. The initial format in which Git saves objects on disk is called a “loose” object format. However, occasionally Git packs up several of these objects into a single binary file called a “packfile” in order to save space and be more efficient.
How does Git do this? When Git packs objects, it looks for files that are named and sized similarly, and stores just the deltas from one version of the file to the next. You can look into the packfile and see what Git did to save space.
When it comes to pack examples, you could check out the pack-related tests included with Git, and see if you can derive your own (faulty) packs from them.
For instance:
t/t5300-pack-object.sh
includes pack files with bogus arguments, unreachable objects, and SHA1 collision,t/t5500-fetch-pack.sh
includes fetching packs with missing refs,t/t3210-pack-refs.sh
includes packed-refs.lock file test and refs conflicts,t/t5400-send-pack.sh
includes sending pack files which should fail (as in denyNonFastForward
setting for instance)If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With