〜 Wireshark + libemu for shellcode detection のバックアップ(No.2)〜

• バックアップ一覧
• 差分 を表示
• 現在との差分 を表示
• ソース を表示
• Wireshark + libemu for shellcode detection へ行く。
  • 1 (2009-12-06 12:36:53 (日))
  • 2 (2009-12-06 13:45:13 (日))
  • 3 (2009-12-07 12:11:53 (月))
  • 4 (2012-10-18 17:24:43 (木))
  • 5 (2012-10-19 11:53:07 (金))
  • 6 (2012-10-19 11:58:27 (金))
  • 7 (2012-10-31 12:29:53 (水))
  • 8 (2012-10-31 12:40:34 (水))
  • 9 (2013-02-13 14:56:27 (水))
  • 10 (2013-06-27 18:37:05 (木))

---

Tips

Main feature: shellcode detection on the tree view of the packet headers †

Wireshakr + libemu enables us to detect a shellcode within the packet selected on the tree view of packet headers by clicking "Detect a shellcode" on the context menu. When the shellocde is detected, the dialog box display the message "Detected a shellocde at the offset" and the offset value from the start of the byte code selected on the byte code view. After detection, the byte code view highlights the byte code of the shellcode.

Download: Wireshark+libemu 0.0.0 version 0.0.0

• Origianal source code of Wireshark: Wireshark 1.3.3 SVN revision 31147

Requirements †

libemu 0.2.0 SVN revision 2151

"Compile and build" status †

• Debian GNU/Linux Lenny: OK
• Debian GNU/Linux Squeeze 2009/12/04: OK

Compile and build †

1. tar xvzf wl-0.0.0.tgz
2. cd wireshark+libemu-0.0.0
3. ./autogen.sh
4. ./configure --enable-emu --with-emu-include=/opt/libemu/include --with-emu-lib=/opt/libemu/lib/libemu
5. make

使い方 †

1. Launch Wireshark

   $ ./wireshark

2. Capture network traffic
3. Select a packet on the packet list view
4. Select a packet header on the header tree view
   
5. Right-click the packet header and click "Detect a shellocde" on the context menu.
   
   • Detected a shellcode
     
   • Not found a shellcode
     

     

PukiWiki 1.4.5_1 Copyright © 2001-2016 PukiWiki Developers Team. License is GPL.