lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: brendan.gregg at tpg.com.au (Brendan Gregg) Subject: Chaosreader: Trace TCP/UDP from snoop/tcpdump logs Vunerability Analysis Tool Chaosreader is a freeware tool that can trace HTTP sessions from a packet log, displaying which bits are plaintext. It could be used to help verify that some websites really do utilise encryption, which may interest readers of Full-Disclosure. It has been written on Solaris using perl. The above description is one use of Chaosreader, it has many features. It takes a snoop (or tcpdump) log and parses every protocol it can. This includes, Any TCP Session Any UDP Stream HTTP transfers (HTML, JPG, GIF, zip, ...) FTP files (active transfers) telnet sessions (also generates realtime playback scripts) SMTP emails ... Quick Usage: snoop -o /tmp/out1 chaosreader /tmp/out1 netscape index.html http://users.tpg.com.au/bdgcvb/chaosreader Chaosreader http://users.tpg.com.au/bdgcvb/Chaos01 Example Output An example of telnet realtime replay is, http://users.tpg.com.au/bdgcvb/Chaos01/session_0020.telnet.replay This feature may assist with forensics if intruders are snooped. There are many existing (and more developed) tools that provide similar features, such as Ethereal and dsniff; and some of the ideas are similar to tools like lazarus and ttywatcher. More features (and bug fixes) will be added in future versions, this is the first public release of the tool. Enjoy! Brendan Gregg
Powered by blists - more mailing lists