NETwork protocol modeliZatiOn For Reverse Engineering

Netzob simplifies the work for security auditors by providing a complete framework for the reverse engineering of communication protocols. It handles different types of protocols : text protocols (like HTTP and IRC), fixed fields protocols (like IP and TCP) and variable fields protocols (like ASN.1 based formats). Netzob is therefore suitable for reversing network protocols, stuctured files and system and process flows (IPC and communication with drivers). Netzob is provided with modules dedicated to capture data in multiple contexts (network, file, process and kernel data acquisition).

Demo

Screenshots

The Netzob interface :

Blue columns represent the dynamic/variable fields. Black columns represent the static fields.
When analysing DNS traffic (and with no previous knowledge of the protocols), Netzob discovers the IP.total_length field, the UDP.length field and their associated payloads :

No comments:

Post a Comment

Thank You , For Immediate Assistance Plz Put Email Copy to Deviceporting@gmail.com