Netzob documentation
Netzob is an open source tool for reverse engineering, traffic
generation and fuzzing of communication protocols. It allows to infer
the message format and the state machine of a protocol through passive
and active processes. The model can afterward be used to simulate
realistic and controllable trafic.
The main features of Netzob are:
- Vocabulary Inference
- Netzob includes a complete model to represents the message format of
a protocol (aka its vocabulary). Using specific algorithms, it
allows to learn it from provided traces.
- Grammar Inference
- The state machine of a protocol (aka its grammar) defines the valid
sequences of exchanged messages. Netzob allows to learn it
semi-automaticaly using specific algorithms.
- Protocol simulation
- To support the inferring process, a dynamic analysis is perfomed
based on simulated actors. These can initiate and take part in a
complex communication following the infered protocol.
Netzob Overview
Netzob has been initiated by security auditors of AMOSSYS and the
CIDre research team of Supélec to address the reverse engineering of
communication protocols. A detailed overview of the project is
available here.
Tutorials
- Get started with Netzob
- The goal of this tutorial is to present the usage of each main
component of Netzob (inference of message format, construction of
the state machine and generation of traffic) through an undocumented
protocol.
- Auto-generation of Peach pit files/fuzzers
- This tutorial shows how to take advantage of the Peach exporter
plugin provided in Netzob to automatically generate Peach pit
configuration files, thus allowing to do smart fuzzing on
undocumented protocols.
- Auto-generation of Wireshark dissectors
- This tutorial shows how to leverage Netzob’ format message inference
in order to automatically generate Wireshark dissectors for
proprietary or undocumented protocols.