Project

General

Profile

News

Netzob 0.4.1 released! (7 comments)

Added by Olivier Tétard over 5 years ago

Hi folks,

We're pleased to announce the release of Netzob 0.4.1 aka "WaddlingPeccary". The pleasure to publish our latest work is enhanced by the priviledge to present it at FOSDEM 2013.

While the previous release introduced a large amount of changes, this one focuses on stability and UI. Thanks to the plugin mechanism that was introduced in the previous release, we've also added some great features such as Wireshark and Peach exporters! We've also added some new dialogs to configure the workspace, projects and to manage imported traces.

In this release, 191 files were changed (10,968 lines added, 4,097 removed).

Netzob 0.4.1 is available as a Python source .tar.gz or directly on Pypi. Besides, packages are available for Debian, Ubuntu, Gentoo and ArchLinux.

As usual, we would really appreciate feedbacks from you if you try Netzob and don't forget that we're looking forward to meet any new contributor.

All contributors to this release

  • Georges Bossert
  • Benjamin Dufour
  • Frédéric Guihéry
  • Goulven Guiheux
  • Timo Juhani Lindfors
  • Alexandre Pigné
  • Olivier Tétard

Changes since 0.4.0

Here is the detailed changelog:
  • Export plugins
    • Automatic generation of Wireshark dissectors
    • Automatic generation of Peach fuzzers
  • Workspaces and projects
    • Workspace manager
    • Project manager
    • Trace manager
  • Pretty print of XML files
  • Simplify the default Variable
  • Provide extra compile arguments to the build process

Netzob

Netzob is an opensource tool for reverse engineering, traffic generation and fuzzing of communication protocols. This tool allows to infer the message format (vocabulary) and the state machine (grammar) of a protocol through passive and active processes. Its objective is to bring state of art academic researches to the operational field, by leveraging bio-informatic and grammatical inferring algorithms in a semi-automatic manner.

Netzob is suitable for reversing network protocols, structured files and system and process flows (IPC and communication with drivers and devices). Dedicated modules are provided to capture and import data in multiple contexts (network, file and process data acquisition). Once inferred, a protocol model can afterward be exported to third party tools (Peach, Scapy, Wireshark, etc.) or used in the traffic generation engine, to allow simulation of realistic and controllable communication endpoints and flows.
Netzob handles different types of protocols: text protocols (like HTTP and IRC), delimiter-based protocols, fixed fields protocols (like IP and TCP) and variable-length fields protocols (like TLV-based protocols).

Downloads and links

Download page: https://www.netzob.org/download#NETZOB_0.4.1.
More details on the official website:

Call for Testing: Peach Exporter Plugin (30 comments)

Added by Georges Bossert over 5 years ago

Hi,

Thanks to Benjamin, the Peach Exporter is now available in beta. I encourage you to try it and give feedbacks. You can grab the dedicated git branch here :

git clone https://dev.netzob.org/git/netzob.git -b feature/peachExporterPlugin

And follow the tutorial here :

http://www.netzob.org/resources/tutorial_peach_pit_generation

As a reminder, this plugin allows to automatically build a Peach pit XML configuration file, thus allowing to fuzz proprietary protocols based on the inferred model that Netzob computed.

Netzob 0.4.0 released! (35 comments)

Added by Olivier Tétard over 5 years ago

Hi folks,

We're pleased to announce the release of Netzob 0.4.0 aka "Jumping Rhino" specifically for our BlackHat talk.

This release supports GTK+3 and greatly enhances the graphical interface thanks to Fabien André, Quentin Heyler and Olivier Tétard. Besides, it provides new functions dedicated to the vocabulary inference and allows better modelization of protocols. For this release, a new architecture has been designed: it allows plugin development (especially for Importers, Capturers and Exporters) and makes the source code easier to understand (thanks to the MVC pattern). This is also the first version to be completely translated in French (other languages could be added easily).

This is a major release as no less than 591 files where changed (60.148 lines added and 24.272 lines removed)! This release represents 46.000 lines of code.

Netzob 0.4.0 is available as a Python source .tar.gz or directly on Pypi. Besides, packages are available for Debian, Ubuntu, Gentoo and ArchLinux.

We would really appreciate feedbacks from you if you try Netzob!

All contributors to this release:

  • Fabien André
  • Olivier Tétard
  • Quentin Heyler
  • Benjamin Dufour
  • Georges Bossert
  • Frédéric Guihéry
  • Alexandre Pigné
  • Maxime Olivier

Changes since 0.3.3

Here is the detailed changelog:
  • User interface
    • New user-friendly graphical interface
    • Port Netzob to GTK+3
    • Allow specification of logging level in the UI
  • New plugin architecture
  • Internationalization of Netzob
  • Vocabulary inference
    • Support of layers
    • Support customized transformation functions
    • Provide the edition of a variable
    • Support IPv4, MAC and random binary variables
    • Support filters for displayed messages
    • Allow export of a selection of fields as a new symbol
  • Import
    • Importer for OSpy projects
    • Allow user to specify the import layer (2,3 or 4) while importing network messages
    • Allow to keep delimiter while file importing. Indicate the position of the delimiter
  • Automatic Bug Reporter

Netzob

Netzob is an opensource tool which supports the expert in its operations of reverse engineering, evaluation and simulation of communication protocols. Its main goals are to help security evaluators to:
  • Assess the robustness of proprietary or unknown protocols implementation.
  • Simulate realistic communications to test third-party products (IDS, firewalls, etc.).
  • Create an open source implementation of a proprietary or unknown protocol.

Netzob supports the expert in a semi-automatic inferring process of any communication protocol. Hence, it includes the necessaries to passively learn the vocabulary of a protocol and to actively infer its grammar. The learnt protocol can afterward be simulated.

Downloads and links

Download page: http://www.netzob.org/download#NETZOB_0.4.0.

More details on the official website:

Call for testing: Debian/Ubuntu packages for Netzob 0.4~git (4 comments)

Added by Olivier Tétard over 5 years ago

As you might know, the 0.4 release (aka "JumpingRhino") is not far away! Debian and Ubuntu users can give a try at that version by using the experimental package.

We would be grateful if you could test them before that Netzob release is achieved. Your feedbacks on these packages will help us. If you find any problem that concerns either the package itself or Netzob, feel free to open a new bug!

We are also looking at packagers for other distributions: Fedora, Mageia, etc.

Debian users

Debian testing/unstable users can use our experimental APT repository.

You just have to edit you /etc/apt/sources.list and add the following entry:

deb http://apt.netzob.org/debian/ experimental main

Then you will be able to install the "netzob" package:

sudo apt-get update
sudo apt-get install netzob

You'll find more information related to the Debian package on our wiki.

Ubuntu users

You can add the "netzob/next" PPA (more information is available on Launchpad):

sudo add-apt-repository ppa:netzob/next
sudo apt-get update
sudo apt-get install netzob

[Internship Proposal] Generation of protocol decoders (15 comments)

Added by Georges Bossert almost 6 years ago

The following is a research internship proposal written in French. English speakers are also accepted.

Offre de stage master recherche

Génération semi-automatique de décodeurs protocolaires et de règles de détection

Extraits de l'offre :

Si la génération automatique de signatures de détection d'intrusion a fait l'objet de nombreux travaux, ce n'est en revanche pas le cas pour les décodeurs protocolaires. En outre, la plupart des travaux existants se sont intéressés à définir des signatures « statiques » censées détecter la charge malveillante (i.e., le logiciel malveillant utilisé pour infecter les machines).

Ce stage de master vise à répondre au besoin d'automatisation de la génération des décodeurs protocolaires ainsi que des signatures et règles de détection. L'objectif à termes est d'implémenter dans Netzob des fonctionnalités de génération automatique de décodeurs protocolaire et de règles de détection pour Bro une sonde de détection réseau open source développée au Lawrence Berkeley National Laboratory, notamment par Vern Paxson.

Télécharger l'annonce au format PDF :
http://www.rennes.supelec.fr/ren/rd/cidre/proposals/generation2012.pdf

Netzob 0.3.3 released! (2 comments)

Added by Georges Bossert about 6 years ago

Netzob 0.3.3 released

We are pleased to announce a new release of Netzob: 0.3.3, codename "Flying Razorback".

This release greatly enhances the partitioning performances (notably thanks to a new contributor, Franck Roland) and offers many useful features such as a new visualization layer, a new search engine, more data manipulation functions, and import/export of projects and traces.

In addition to Debian and Gentoo packages, a Windows installer is also released thanks to Goulven Guiheux.
As usual, this new release (including its packages) is available at : http://www.netzob.org/download.

All contributors to this release:

  • Franck Roland
  • Georges Bossert
  • Frédéric Guihéry
  • Goulven Guiheux
  • Olivier Tétard
  • Alexandre Pigné
  • Maxime Olivier

Changes since 0.3.2

Some of the highlights:

  • Graphical interface
    • Visualization and encoding filters
    • Mathematical filters (Base64, GZIP, BZ2)
    • Dedicated Search View
    • Preview of data rendering in contextual menu
    • Support format visualization at the symbol level
  • Partitioning
    • Alignment and sequencing by field
    • Execute alignment on specified symbols
    • Split field by the right
    • Allow the partitioning of messages with specified boundaries
    • Allow partitioning at the project and symbol level
    • Similarity score based on number of common dynamic elements
    • Optimization of Needleman : don't repeat the same computation twice
    • Implement native UPGMA algorithm
  • Grammar inference
    • Infer the grammar of a network client
  • Project/trace management
    • Export / Import projects
    • Importer for XML formated traces

For a complete list of new features and bug fixes, please visit the online changelog available at: http://www.netzob.org/index.php?page=changelog#0.3.3.

Netzob

Netzob is an opensource tool which supports the expert in its operations of reverse engineering, evaluation and simulation of communication protocols. Its main goals are to help security evaluators to:

  • Assess the robustness of proprietary or unknown protocols implementation.
  • Simulate realistic communications to test third-party products (IDS, firewalls, etc.).
  • Create an open source implementation of a proprietary or unknown protocol.

Netzob supports the expert in a semi-automatic inferring process of any communication protocol. Hence, it includes the necessaries to passively learn the vocabulary of a protocol and to actively infer its grammar. The learnt protocol can afterward be simulated.

Downloads and links

Download page: http://www.netzob.org/download#NETZOB_0.3.3.

More details on the official website:

Netzob 0.3.2 released! (13 comments)

Added by Olivier Tétard over 6 years ago

Folks,

We are pleased to announce a new release of Netzob: 0.3.2.

There isn't much changes since the release candidate version, 0.3.2-rc1. Notably, this version fixes a crash in libNeedleman which occurred in some cases.

Thanks to Alexandre Pigné, this version is also the first to be officially available as a Gentoo package! All the Gentoo supporters will now be able to install Netzob in a simple manner. This package has been supplied to be integrated in the official Gentoo distribution (see bug #408013 on Gentoo).

As usual, this new release is available as a source package and as a Debian package (for Debian Squeeze and Debian unstable).

We thanks all Netzob contributors:

  • Alexandre Pigné
  • Frédéric Guihéry
  • Georges Bossert
  • Goulven Guiheux
  • Maxime Olivier
  • Olivier Tétard
  • Franck Roland

Changes since 0.3.2-rc1

The following commits where applied on this version since 0.3.2-rc1:

Changes since 0.3.1

This release includes some major changes since the first and latest stable release (0.3.1). It offer a better stability and quality while providing multiple major enhancements.

Some of the highlights:
  • Upgrade Vocabulary Inference:
    • Add Octal visualization of data
    • Columns are now resizable
    • Allows to copy message/field to clipboard
    • Support simple alignment
    • Show the current status of an alignment
  • Upgrade Grammar Inference:
    • Dedicated GUI for the automatic inferring process
  • Upgrade Simulator:
    • Specify source port for network simulator
  • Upgrade Import/Export and Traces Management:
    • Activate the management of traces
    • Handle cooked socket (SLL) packet format
    • Support of human readable format export
  • Extra:
    • The current workspace can be specified through a command line argument
    • Add manpage for Netzob
    • Apply pep8 quality repository on source code

For a complete list of new features and known problems, please visit the online changelog available at: http://www.netzob.org/index.php?page=changelog#0.3.2.

Netzob

Netzob is an opensource tool which supports the expert in its operations of reverse engineering, evaluation and simulation of communication protocols. Its main goals are to help security evaluators to:

  • Assess the robustness of proprietary or unknown protocols implementation.
  • Simulate realistic communications to test third-party products (IDS, firewalls, etc.).
  • Create an open source implementation of a proprietary or unknown protocol.

Netzob supports the expert in a semi-automatic inferring process of any communication protocol. Hence, it includes the necessaries to passively learn the vocabulary of a protocol and to actively infer its grammar. The learnt protocol can afterward be simulated.

Downloads and links

Download page: http://www.netzob.org/download#NETZOB_0.3.2.

More details on the official website, http://www.netzob.org:

Netzob@SSTIC2012 (1 comment)

Added by Georges Bossert over 6 years ago

Netzob will be presented during SSTIC 2012 (https://www.sstic.org/2012/presentation/netzob_un_outil_pour_la_retro-conception_de_protocoles_de_communication/).

Netzob : un outil pour la rétro-conception de protocoles de communication
par Georges Bossert, Frédéric Guihery, Guillaume Hiet

Résumé :

Dans cet article, nous présentons Netzob, un outil libre de rétro-conception semi-automatisée de protocoles de communication.
Netzob est destiné à répondre à différents cas d'applications (analyse de sécurité, génération de trafic réaliste, interopérabilité, etc.) où la compréhension d'un protocole propriétaire ou non documenté est primordiale.
Netzob s'appuie principalement sur des algorithmes issus des domaines de la bio-informatique et de la théorie des automates.
Il propose également un module de simulation de trafic, permettant ainsi la génération de flux de communication réalistes issus de l'inférence de protocoles dont la spécification est inconnue.

Announcement for Netzob-0.3.2-rc1 (9 comments)

Added by Georges Bossert over 6 years ago

Folks,

The Netzob developer team is proud to announce the availability of Netzob 0.3.2-rc1.
This release includes major bug fixes to gain in stability and quality while providing multiple major enhancements.
Some of the highlights :

  • Upgrade Vocabulary Inference :
    • Add Octal visualization of data
    • Columns are now resizable
    • Allows to copy message/field to clipboard
    • Support simple alignment
    • Show the current status of an alignment
  • Upgrade Grammar Inference :
    • Dedicated GUI for the automatic inferring process
  • Upgrade Simulator :
    • Specify source port for network simulator
  • Upgrade Import/Export and Traces Management :
    • Activate the management of traces
    • Handle cooked socket (SLL) packet format
    • Support of human readable format export
  • Extra :
    • The current workspace can be specified through a command line argument
    • Add manpage for Netzob
    • Apply pep8 quality repository on source code

For a complete list of new features and known problems, please visit the online changelog available at : http://www.netzob.org/index.php?page=changelog#0.3.2-rc1.

Netzob is an opensource tool which supports the expert in its operations of reverse engineering, evaluation and simulation of communication protocols. Its main goals are to help security evaluators to :

  • Assess the robustness of proprietary or unknown protocols implementation.
  • Simulate realistic communications to test third-party products (IDS, firewalls, etc.).
  • Create an open source implementation of a proprietary or unknown protocol.

Netzob supports the expert in a semi-automatic inferring process of any communication protocol.
Hence, it includes the necessaries to passively learn the vocabulary of a protocol and to actively infer its grammar. The learnt protocol can afterward be simulated.

Download page : http://www.netzob.org/download#NETZOB_0.3.2-rc1.

More details on the official website, http://www.netzob.org :

Download page : http://www.netzob.org/download
Debian repository : http://apt.netzob.org
Mailing list : https://lists.netzob.org/wws/info/user
Developer's room : https://dev.netzob.org
IRC : #netzob on Freenode

Contributors :
  • Alexandre Pigné
  • Frédéric Guihéry
  • Georges Bossert
  • Goulven Guiheux
  • Maxime Olivier
  • Olivier Tétard
(1-10/14)

Also available in: Atom