Brussels / 2 & 3 February 2013


Protocols Are Everywhere: RE with Netzob

Latest updates on a semi-automatic protocol reverser

Latest updates on a semi-automatic protocol reverser

Netzob is an opensource tool for reverse engineering, traffic generation and fuzzing of communication protocols. In 15 minutes, we'll present the latest improvements in this tool which allows to infer the message format (vocabulary) and the state machine (grammar) of a Network, USB, Files, API, IPC, (...) protocol. A short demo will be presented.

This short talk will provide some key assets in the field of protocol reverse engineering and details on the latest features. Netzob is suitable for reversing network protocols, structured files, process flows (IPC and communication with drivers and devices) and hardware flows (USB, …). Dedicated modules are provided to capture and import data in multiple contexts (network, file and process data acquisition). Once inferred, a protocol model can afterward be exported to third party tools (Peach, Scapy, Wireshark, etc.) or used in the traffic generation engine, to allow simulation of realistic and controllable communication endpoints and flows. Netzob handles different types of protocols: text protocols (like HTTP and IRC), delimiter-based protocols, fixed fields protocols (like IP and TCP) and variable-length fields protocols (like TLV-based protocols). Join the devel team and participate in the creation of a unique tool.


Netzob Devel Team