Netzob

Manuals¶

• Python package installation
  Read the doc

• Debian package installation
  Read the doc

• Gentoo package installation
  Read the doc

• Windows package installation
  Read the doc

Tutorials¶

• Get started with Netzob
  Read the tutorial

The goal of this tutorial is to present the usage of each main component of Netzob (inference of message format, construction of the state machine and generation of traffic) through an undocumented protocol.

• Auto generation of Peach pit files/fuzzers
  Read the tutorial

This tutorial shows how to take advantage of the Peach exporter plugin provided in Netzob to automatically generate Peach pit configuration files, thus allowing to do smart fuzzing on undocumented protocols.

Presentations¶

• The future of protocol reversing and simulation applied on ZeroAccess botnet (29C3: 29th Chaos Communication Congress '12)
  by F. Guihéry, G. Bossert | Download the presentation (PDF) | (Youtube)

This talk occurred during the 29C3 Conference in Hambourg, Germany.

• Reverse and Simulate your Enemy Botnet C&C (BlackHat Abu Dhabi'12)
  by F. Guihéry, G. Bossert | Download the presentation (PDF)

This talk occurred during the BlackHat Conference 2012 in Abu Dhabi, EAU.

• Security Evaluation of Communication Protocols in Common Criteria (ICCC'12)
  by G. Bossert, F. Guihéry | Download the presentation (PPTx)

This talk occurred during the International Common Criteria Conference 2012 in Paris, France.

• Netzob : un outil pour la rétro-conception de protocoles de communication (SSTIC'12)
  by G. Bossert, F. Guihéry, G. Hiet | Download the presentation (PDF)

This presentation occurred on June the 6th 2012 and introduced Netzob to the French Security Community.

• Inferring communication protocols with your Netzob (28C3)
  by F. Guihéry, G. Bossert | Download the presentation (PDF)

A lighting talk which occurred in December 2011 in Berlin, Germany.

• Inferring with your Netzob
  by G. Bossert, F. Guihéry | Download the presentation (PDF)

A first presentation executed in front of SUPELEC in november 2011 to present the first "alpha-release" of Netzob. A good starting point to catch up with the ideas behing Netzob.

Academic Publications¶

• Netzob : un outil pour la rétro-conception de protocoles de communication (SSTIC'12)
  by G. Bossert, F. Guihéry, G. Hiet | Download paper | Download presentation | Download bibtex

In this paper, we present Netzob, an opensource tool which supports the expert in its operations of reverse engineering, evaluation and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocols implementation, simulate realistic communications to test third-party products (IDS, firewalls, etc.) or even create an open source implementation of a proprietary or unknown protocol.

Netzob supports the expert in a semi-automatic manner. It includes the necessaries to passively learn the vocabulary of a protocol and to actively infer its grammar. In addition, it integrates a stochastic and statefull model to represent any statefull communication protocol. The definition of the model can be shared and loaded in a dedicated component of Netzob, its simulator. Therefore, it becomes easy to simulate multiple actors (servers and clients) which communicate according to the inferred protocol, and to apply advanced fuzzing.

• Modelling to Simulate Botnet Command and Control Protocols for the Evaluation of Network Intrusion Detection Systems
  by G. Bossert, G. Hiet, T. Henin | Download paper | Download presentation | Download bibtex

Introduce an extended version of a Mealy automata to model and simulate botnets communications.