Skip to main content

Inferring communication protocols

Project description

About Netzob

Functional Description

Netzob is an opensource tool for reverse engineering, traffic generation and fuzzing of communication protocols. This tool allows to infer the message format (vocabulary) and the state machine (grammar) of a protocol through passive and active processes. Its objective is to bring state of art academic researches to the operational field, by leveraging bio-informatic and grammatical inferring algorithms in a semi-automatic manner.

Netzob is suitable for reversing network protocols, structured files and system and process flows (IPC and communication with drivers and devices). Dedicated modules are provided to capture and import data in multiple contexts (network, file and process data acquisition). Once inferred, a protocol model can afterward be exported to third party tools (Peach, Scapy, Wireshark, etc.) or used in the traffic generation engine, to allow simulation of realistic and controllable communication endpoints and flows.

Netzob handles different types of protocols: text protocols (like HTTP and IRC), delimiter-based protocols, fixed fields protocols (like IP and TCP) and variable-length fields protocols (like TLV-based protocols).

Technical Description

Netzob’s source code is mostly made of Python (90%) with some specific extensions in C (6%). It includes a graphical interface based on GTK3.

The tool is made of a core (officially maintained) and of bunch of plugins (exporters, importers, …). Some plugins are provided by the team while others are created and managed directly by users.

More Information

Website:

http://www.netzob.org

Email:

contact@netzob.org

Mailing list:

Two lists are available, use the SYMPA web interface to register.

IRC:

You can hang-out with us on Freenode’s IRC channel #netzob @ freenode.org.

Wiki:

Discuss strategy on Netzob’s wiki

Twitter:

Follow Netzob’s official accounts (@Netzob)

Get Started with Netzob

Install it

There are two main ways of installing Netzob. The first one is based on per-OS installers while the other one is more ‘pythonic’.

We recommend the per-OS installers for ‘normal’ users while testers, developers and python experts might prefer the ‘pythonic’ way.

Per-OS Installers:

Please follow the specification documentations for each supported platform:

Debian/Ubuntu:

Installation documentation on Debian (wiki)

Gentoo:

Installation documentation on Gentoo (wiki)

Pythonic Installer:

As a ‘classic’ python project, Netzob is provided with its setup.py. This file defines what and how to install the project on a python hosting OS.

This file depends on setuptools which like few other modules cannot be automatically installed. The reason why, you have to manually install the following bunch of prerequisites before initiating Netzob’s install process.

  • python

  • python-dev

  • python-impacket

  • libxml2-dev

  • libxslt-dev

  • python-setuptools

  • python-gi

  • gir1.2-gtk-3.0, gir1.2-glib-2.0, gir1.2-gdkpixbuf-2.0, gir1.2-pango-1.0

  • libgtk-3-0

  • graphviz

We also highly recommend to install the following additional dependencies:

  • python-babel (for the translations)

  • python-sphinx (for the documentation)

Once the required dependencies are installed, you can test Netzob in developer mode:

python setup.py build
python setup.py develop --user

Otherwise, if you want to install Netzob on the system:

python setup.py build
python setup.py develop
python setup.py install

Start it

Once installed, running Netzob is as simple as executing the provided script:

$ ./netzob

This script is in Python’s path if you’ve installed Netzob, otherwise (in developer mode), it’s located in the top distribution directory.

Miscellaneous

Configuration requirements for Network and PCAP input:

*Note: Capturing data from network interfaces often requires admin privileges. Before we provide a cleaner and secure way (see issue 425 on the bugtracker for updated information - https://dev.netzob.org/issues/425), a possible HACK is to provide additionnal capabilities to the python binary.* ::

$ sudo setcap cap_net_raw=ep /usr/bin/python2.XX

Configuration requirements for IPC input on Ubuntu:

$ sudo bash -c "echo 0 > /proc/sys/kernel/yama/ptrace_scope"

Documentation

The folder doc/documentation contains all the documentation of Netzob.

The user manual can be generated based on RST sources located in folder doc/documentation/source with the following command:

$ sphinx-build -b html doc/documentation/source/ doc/documentation/build/

Contributing

There are multiple ways to help-us.

Defects and Features Requests

Help-us by reporting bugs and requesting features using the Bug Tracker.

Translation

Netzob has support for translation. Currently English and French languages are supported. New languages are welcome.

Join the Development Team

To participate in the development, you need to get the latest version, modify it and submit your changes.

These operations are detailed on Netzob’s wiki through the following pages:

You’re interested in joining, please contact-us !

Authors, Contributors and Sponsors

See the top distribution file AUTHORS.txt for the detailed and updated list of authors, contributors and sponsors.

License

This software is licensed under the GPLv3 License. See the COPYING.txt file in the top distribution directory for the full license text.

Extra

Zoby, the official mascot of Netzob

Zoby, the official mascot of Netzob.

NEWS

v0.4.1 – 2013-02-02

Version name:

WaddlingPeccary

  • Export plugins
    • Automatic generation of Wireshark dissectors

    • Automatic generation of Peach fuzzers

  • Workspaces and projects
    • Workspace manager

    • Project manager

    • Trace manager

  • Pretty print of XML files

  • Simplify the default Variable

  • Provide extra compile arguments to the build process

v0.4 – 2012-11-15

Version name:

JumpingRhino

  • User interface
    • New user-friendly graphical interface

    • Port Netzob to GTK+3

    • Allow specification of logging level in the UI

  • New plugin architecture

  • Internationalization of Netzob

  • Vocabulary inference
    • Support of layers

    • Support customized transformation functions

    • Provide the edition of a variable

    • Support IPv4, MAC and random binary variables

    • Support filters for displayed messages

    • Allow export of a selection of fields as a new symbol

  • Import
    • Importer for OSpy projects

    • Allow user to specify the import layer (2,3 or 4) while importing network messages

    • Allow to keep delimiter while file importing. Indicate the position of the delimiter

  • Automatic Bug Reporter

v0.3.3 – 2012-06-06

Version name:

FlyingRazorback

  • Graphical interface
    • Visualization and encoding filters

    • Mathematical filters (Base64, GZIP, BZ2)

    • Dedicated Search View

    • Preview of data rendering in contextual menu

    • Support format visualization at the symbol level

  • Partitioning
    • Alignment and sequencing by field

    • Execute alignment on specified symbols

    • Split field by the right

    • Allow the partitioning of messages with specified boundaries

    • Allow partitioning at the project and symbol level

    • Similarity score based on number of common dynamic elements

    • Optimization of Needleman : don’t repeat the same computation twice

    • Implement native UPGMA algorithm

  • Grammar inference
    • Infer the grammar of a network client

  • Project/trace management
    • Export / Import projects

    • Importer for XML formated traces

v0.3.2 – 2012-02-23

  • Upgrade Vocabulary Inference
    • Add Octal visualization
      • Feature #57: Resize columns

      • Feature #59: Allows to copy message/field to clipboard

      • Feature #60: Support simple alignment

      • Feature #62: Allow the deletion of multiple messages at a time

      • Feature #20: Show the current status of an alignment

      • Manual modification of the Regex of a field

    • Upgrade Grammar Inference
      • Feature #55: Dedicated GUI for the automatic inferring process

    • Upgrade Simulator
      • Feature #87: Specify source port for network simulator

  • Upgrade Import/Export and Traces Management
    • Feature #22: Activate the management of traces

    • Feature #61: Traces must be compressed when stored in the trace manager

    • Feature #92: Handle cooked socket (SLL) packet format

    • Feature #83: Support of human readable format export

    • Support Unicode for filenames

  • Extra
    • Workspace can be specified through a command line argument

    • Feature #73: Add manpage for Netzob

    • Feature #74: Add “.desktop” file in the official version

    • Apply pep8 quality repository on source code

v0.3.1 – 2012-01-12

  • Small fixes

v0.3 – 2012-01-12

  • Upgraded GUI and user experience
    • Add a menu

    • Simplify the Vocabulary inference panel

    • Add Workspaces and Projects definitions

  • Upgrade Vocabulary Inference
    • Add alignment based on an arbitrary delimitor

    • Identification of the definition domain of a field

    • Add support for environmental dependencies

    • Add new visualization of data encoding
      • Format: hex, string and binary

      • Unit size: bit, 8-bits, 16-bits, 32-bits and 64-bits

      • Sign: signed and unsigned

      • Endianess: big and little endian

    • Add concept of variable :
      • Include Binary Value

      • Include Word Value

      • Include Aggregate Value

      • Include Alternate Value

  • Add grammar inference module
    • Add the definition of the MMSTD model

    • Implementation of the Angluin L* algorithm

    • Implementation of the W-Method Algorithm

    • Add an alpha version of the automatic inferring process

  • Add simulation module
    • Supports Network Server and Client simulations

  • Add import modulesfiles and library calls
    • Add multiple files import

  • Extra

v0.2 – 2011-09-01

  • Add import modules : IPC, PCAP and Live network flows

  • Add export module : raw XML format

  • Improvement of Needleman and Wunsh performance with OpenMP

v0.1 – 2011-08-16

  • Initial release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Netzob-0.4.1.tar.gz (1.1 MB view details)

Uploaded Source

Built Distribution

Netzob-0.4.1.linux-x86_64.tar.gz (1.1 MB view details)

Uploaded Source

File details

Details for the file Netzob-0.4.1.tar.gz.

File metadata

  • Download URL: Netzob-0.4.1.tar.gz
  • Upload date:
  • Size: 1.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for Netzob-0.4.1.tar.gz
Algorithm Hash digest
SHA256 b635cb4468ec089df58542735912a874e080b8db835ca7f0894d7f61205e019f
MD5 8f20d157b9c0f04acf9ba888a36b9f6f
BLAKE2b-256 c66b450d54d5d48652a6c2f7db5a2e19b0e9f9e8981df1b88731a9af395a26c5

See more details on using hashes here.

Provenance

File details

Details for the file Netzob-0.4.1.linux-x86_64.tar.gz.

File metadata

File hashes

Hashes for Netzob-0.4.1.linux-x86_64.tar.gz
Algorithm Hash digest
SHA256 3280187f50a379f288694e6c582e62a18f4bebbc56e0ce9267a7e906df5b2933
MD5 5827266086bcfdf411892300b26ff3a8
BLAKE2b-256 dba62fda0a32632a20221acd1c5c80d35271633974152eec65158e3d52d42b2d

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page