08 May 2012

NETZOB 0.3.2 - NICE REVERSE ENGINEERING TOOL



Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).

logo_gris

What is Netzob ?

NETZOB is an opensource tool which supports the expert in its operations of reverse engineering, evaluation and simulation of communication protocols. Its main goals are to help security evaluators to :

  • Assess the robustness of proprietary or unknown protocols implementation.
  • Simulate realistic communications to test third-party products (IDS, firewalls, etc.).
  • Create an open source implementation of a proprietary or unknown protocol.

NETZOB supports the expert in a semi-automatic infering process of any communication protocol. Hence, it includes the necessaries to passively learn the vocabulary of a protocol and to actively infer its grammar. The learnt protocol can afterward be simulated.

Netzob handles different types of protocols : text protocols (like HTTP and IRC), fixed fields protocols (like IP and TCP) and variable fields protocols (like ASN.1 based formats).

Netzob provides modules dedicated to capture data in multiple contexts : network, structured file, process and kernel data acquisition.

In addition, it integrates a stochastic and statefull model to represent any statefull communication protocol. The definition of the model can be shared and loaded in a dedicated component of Netzob, its simulator. Therefore, it becomes easy to simulate multiple actors(servers and clients) which communicates according to the infered protocol for advanced fuzzing processes or active infering process.

Demo : Inferring and simulating a protocol with Netzob

Why would you use Netzob ?

  • To support you in the reverse of (Network, Files, IPCs, Drivers...) protocols.
  • To help you in the conception of a new protocol.
  • To generate realistic network trafic based on intercepted trafic.
  • To model and distribute a communication protocol to others (malwares, botnets...).
  • To evaluate and fuzz the implementation of a protocol handler.

Download Here

ABOUT THE AUTHOR
AbhiShek SinGh
Founder of 'TheHackingArticles'. Cyber Security Analyst, Cyber Security Researcher, and Software Engineer. Follow 'AbhiShek SinGh' on Facebook , Twitter or Google+ or via Email

Subscribe to stay up to date