Tutorials

The goal of this tutorial is to present the usage of each main component of Netzob (inference of message format, construction of the state machine and generation of traffic) through an undocumented protocol.

This tutorial shows how to take advantage of the Peach exporter plugin provided in Netzob to automatically generate Peach pit configuration files, thus allowing to do smart fuzzing on undocumented protocols.

This tutorial shows how to leverage Netzob' format message inference in order to automatically generate Wireshark dissectors for proprietary or undocumented protocols.

We provide here the complete scripts related to the article we have written in the MISC HS n°7, named 'Vivisection de protocoles avec Netzob'.

Presentations

This presentation occurred during april Session of OSSIR Bretagne, Rennes, France and details latest improvements in Netzob.

  • Protocols Are Everywhere: RE with Netzob, Latest updates on a semi-automatic protocol reverser (FOSDEM'13 - Lightning Talk)
    by F. Guihéry, G. Bossert | Download the presentation (PDF) | Watch the talk (Video@Fosdem)

This lightning talk occurred during the FOSDEM'13 Conference in Bruxelles, Belgique.

  • The future of protocol reversing and simulation applied on ZeroAccess botnet (29C3: 29th Chaos Communication Congress '12)
    by F. Guihéry, G. Bossert | Download the presentation (PDF) | Watch the talk (Youtube)

This talk occurred during the 29C3 Conference in Hambourg, Germany.

  • Reverse and Simulate your Enemy Botnet C&C (BlackHat Abu Dhabi'12)
    by F. Guihéry, G. Bossert | Download the presentation (PDF)

This talk occurred during the BlackHat Conference 2012 in Abu Dhabi, EAU.

  • Security Evaluation of Communication Protocols in Common Criteria (ICCC'12)
    by G. Bossert, F. Guihéry | Download the presentation (PPTx)

This talk occurred during the International Common Criteria Conference 2012 in Paris, France.

  • Netzob : un outil pour la rétro-conception de protocoles de communication (SSTIC'12)
    by G. Bossert, F. Guihéry, G. Hiet | Download the presentation (PDF)

This presentation occurred on June the 6th 2012 and introduced Netzob to the French Security Community.

A lighting talk which occurred in December 2011 in Berlin, Germany.

A first presentation executed in front of SUPELEC in november 2011 to present the first "alpha-release" of Netzob.
A good starting point to catch up with the ideas behing Netzob.

Academic Publications

  • Vivisection de protocoles avec Netzob (MISC HS n°7)
    by G. Bossert (AMOSSYS/Supélec), F. Guihéry(AMOSSYS) | Erratum page

Dans cet article, nous présentons une méthodologie pour disséquer sur le vif, un protocole de communication. Promis, pas de copie d’écrans d’IDA ni d’OllyDbg, et à l’inverse pas de formule mathématique. Pour être précis, ici on dissèque des protocoles inconnus en Python avec « son Netzob et son couteau ».

In this paper, we present Netzob, an opensource tool which supports the expert in its operations of reverse engineering, evaluation and simulation of communication protocols.
Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocols implementation, simulate realistic communications to test third-party products (IDS, firewalls, etc.) or even create an open source implementation of a proprietary or unknown protocol.

Netzob supports the expert in a semi-automatic manner.
It includes the necessaries to passively learn the vocabulary of a protocol and to actively infer its grammar.
In addition, it integrates a stochastic and statefull model to represent any statefull communication protocol.
The definition of the model can be shared and loaded in a dedicated component of Netzob, its simulator.
Therefore, it becomes easy to simulate multiple actors (servers and clients) which communicate according to the inferred protocol, and to apply advanced fuzzing.

Introduce an extended version of a Mealy automata to model and simulate botnets communications.

  • Contact Project Managers : contact@netzob.org
  • Hang-out with us on Freenode's IRC channel #netzob.
  • Discuss strategy on Netzob's wiki.
  • Follow Netzob's activity on Twitter or on Google+.
  • Licensed under GPLv3 - Feel free (as in free beer) to use !
  • Reverse Enginering, Protocol, Security, Traffic Generation, Simulation