Matasano Chargen - Latest Comments in Exploring Protocols 2: Writing some toolshttp://matasanochargen.disqus.com/enThu, 08 Nov 2007 10:23:01 -0000Re: Exploring Protocols 2: Writing some toolshttp://www.matasano.com/log/973/exploring-protocols-2-writing-some-tools/#comment-2323247In the very first part of this series, you mentioned tools from blackbag. Has there been an updated release since, like 0.9? Are you still maintaining and distributing it?<br>thanks for the helpful articles...ragaThu, 08 Nov 2007 10:23:01 -0000Re: Exploring Protocols 2: Writing some toolshttp://www.matasano.com/log/973/exploring-protocols-2-writing-some-tools/#comment-2323251I've looked at Construct too. Definitely nice stuff. It was actually 'sandro' who brought it to my attention in comment to Exploring Protocols 1.<br><br>Like a lot of areas, this is one where Ruby is nowhere as mature as Python yet. And for the record, I'm only a "ruby guy" for the moment :)<br><br>Maybe it's a phase or something.Eric MontiThu, 01 Nov 2007 11:31:40 -0000Re: Exploring Protocols 2: Writing some toolshttp://www.matasano.com/log/973/exploring-protocols-2-writing-some-tools/#comment-2323250These are interesting tools, didn't know Construct, looks promising.<br><br>If you look for a binary-parsing tool with a GUI on Windows, I've a <a href="http://blog.didierstevens.com/2007/08/28/analyzing-a-suspect-wmf-file/" rel="nofollow">blogpost</a> where I show how I analyze a malformed WMF file with it. Won't name the tool here, because it's commercial. And I'm not linked with the company, not even as a customer.Didier StevensWed, 31 Oct 2007 15:03:25 -0000Re: Exploring Protocols 2: Writing some toolshttp://www.matasano.com/log/973/exploring-protocols-2-writing-some-tools/#comment-2323249It looks like you're more of a ruby guy, but I don't think any discussion of protocol dissection would be complete without mentioning the excellent python-based capture and dissection library <a href="http://www.secdev.org/projects/scapy/" rel="nofollow">scapy</a>. Aside from a decent number of dissectors already included, it's really easy to add new protocols, and the framework gives you basic fuzzing and the ability to replay packets out onto the network.<br><br>Also, for general binary-parsing goodness in python, <a href="http://construct.wikispaces.com/" rel="nofollow">Construct</a> is pretty sweet.moyixMon, 29 Oct 2007 11:24:19 -0000Re: Exploring Protocols 2: Writing some toolshttp://www.matasano.com/log/973/exploring-protocols-2-writing-some-tools/#comment-2323248Damn right it sholdn't've! I thought I was waiting for part 2 for a while, but in fact I was waiting for part 3! Anyway, a very good write-up (kind words), I'm looking forward to part 3 (gentle nudge).Jeremiah BlatzSun, 28 Oct 2007 13:54:16 -0000