| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.GSO.4.33.0310092205260.20763-100000@mars.drinks.com>
From: brendan.gregg at tpg.com.au (Brendan Gregg)
Subject: Chaosreader: Trace TCP/UDP from snoop/tcpdump logs
Vunerability Analysis Tool
Chaosreader is a freeware tool that can trace HTTP sessions from a packet
log, displaying which bits are plaintext. It could be used to help verify
that some websites really do utilise encryption, which may interest
readers of Full-Disclosure. It has been written on Solaris using perl.
The above description is one use of Chaosreader, it has many features.
It takes a snoop (or tcpdump) log and parses every protocol it can.
This includes,
Any TCP Session
Any UDP Stream
HTTP transfers (HTML, JPG, GIF, zip, ...)
FTP files (active transfers)
telnet sessions (also generates realtime playback scripts)
SMTP emails
...
Quick Usage:
snoop -o /tmp/out1
chaosreader /tmp/out1
netscape index.html
http://users.tpg.com.au/bdgcvb/chaosreader Chaosreader
http://users.tpg.com.au/bdgcvb/Chaos01 Example Output
An example of telnet realtime replay is,
http://users.tpg.com.au/bdgcvb/Chaos01/session_0020.telnet.replay
This feature may assist with forensics if intruders are snooped.
There are many existing (and more developed) tools that provide
similar features, such as Ethereal and dsniff; and some of the ideas
are similar to tools like lazarus and ttywatcher.
More features (and bug fixes) will be added in future versions, this
is the first public release of the tool.
Enjoy!
Brendan Gregg
Powered by blists - more mailing lists