- バックアップ一覧
- 差分 を表示
- 現在との差分 を表示
- ソース を表示
- Wireshark + libemu for shellcode detection へ行く。
Main feature: shellcode detection on the tree view of the packet headers †
Wireshakr + libemu enables us to detect a shellcode within the packet selected on the tree view of packet headers by clicking "Detect a shellcode" on the context menu. When the shellocde is detected, the dialog box display the message "Detected a shellocde at the offset" and the offset value from the start of the byte code selected on the byte code view. After detection, the byte code view highlights the byte code of the shellcode.
Download: 
wireshark-1.8.3+libemu.tgz
- Origianal source code of Wireshark: Wireshark 1.8.3
- Modified Files (wireshark-1.8.3+libemu.diff)
- configure.in
- ui/gtk/main_proto_draw.c
- ui/gtk/main_proto_draw.h
- ui/gtk/main_menubar.c
Requirements †
libemu 0.2.0 SVN revision 2151
"Compile and build" status †
- Debian GNU/Linux Lenny: OK
- Debian GNU/Linux Squeeze 2009/12/04: OK
Compile and build †
- tar xvzf wireshark-1.8.3+libemu.tgz
- cd wireshark-1.8.3+libemu
- ./autogen.sh
- ./configure --enable-emu --with-emu-include=/opt/libemu/include --with-emu-lib=/opt/libemu/lib/libemu
- make
Usage †
- Launch Wireshark
$ ./wireshark
- Capture network traffic
- Select a packet on the packet list view
- Select a packet header on the header tree view
- Right-click the packet header and click "Detect a shellocde" on the context menu.
- Detected a shellcode
- Not found a shellcode
- Detected a shellcode
