NETZOB: A Protocol Reverse Engineering Tool

Netzob is an opensource tool which supports the expert in its operations of reverse engineering, evaluation and simulation of communication protocols. Its main goals are to help security evaluators to :

  • Assess the robustness of proprietary or unknown protocols implementation.
  • Simulate realistic communications to test third-party products (IDS, firewalls, etc.).
  • Create an open source implementation of a proprietary or unknown protocol.

Netzob supports the expert in a semi-automatic infering process of any communication protocol. Hence, it includes the necessaries to passively learn the vocabulary of a protocol and to actively infer its grammar. The learnt protocol can afterward be simulated.

Netzob handles different types of protocols : text protocols (like HTTP and IRC), fixed fields protocols (like IP and TCP) and variable fields protocols (like ASN.1 based formats).

Netzob provides modules dedicated to capture data in multiple contexts : network, structured file, process and kernel data acquisition.

In addition, it integrates a stochastic and statefull model to represent any statefull communication protocol. The definition of the model can be shared and loaded in a dedicated component of Netzob, its simulator. Therefore, it becomes easy to simulate multiple actors (servers and clients) which communicates according to the infered protocol for advanced fuzzing processes or active infering process.

 

Advertisements

Leave your reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s