NETZOB: A Protocol Reverse Engineering Tool

Netzob is an opensource tool which supports the expert in its operations of reverse engineering, evaluation and simulation of communication protocols. Its main goals are to help security evaluators to :

  • Assess the robustness of proprietary or unknown protocols implementation.
  • Simulate realistic communications to test third-party products (IDS, firewalls, etc.).
  • Create an open source implementation of a proprietary or unknown protocol.

Netzob supports the expert in a semi-automatic infering process of any communication protocol. Hence, it includes the necessaries to passively learn the vocabulary of a protocol and to actively infer its grammar. The learnt protocol can afterward be simulated.

Netzob handles different types of protocols : text protocols (like HTTP and IRC), fixed fields protocols (like IP and TCP) and variable fields protocols (like ASN.1 based formats).

Netzob provides modules dedicated to capture data in multiple contexts : network, structured file, process and kernel data acquisition.

In addition, it integrates a stochastic and statefull model to represent any statefull communication protocol. The definition of the model can be shared and loaded in a dedicated component of Netzob, its simulator. Therefore, it becomes easy to simulate multiple actors (servers and clients) which communicates according to the infered protocol for advanced fuzzing processes or active infering process.

 

Advertisements