Back to list
Chaosreader: Trace TCP/UDP from snoop/tcpdump logs
Jan 27 2004 08:03AM
Brendan Gregg (brendan gregg tpg com au)
Vunerability Analysis Tool
Chaosreader is a freeware tool that can trace HTTP sessions from a packet
log, displaying which bytes are plaintext. It could be used to help verify
that some websites really do use encryption, which may interest readers of
Bugtraq. It has been written in perl and tested on RedHat, Solaris
The above description is one use of Chaosreader, it has many features:
Reads snoop and tcpdump logs
Processes TCP, UDP, ICMP, IPv4 and IPv6
Processes HTTP transfers (HTML, JPG, GIF, zip, ...)
HTTP GET/POST content reports
HTTP traffic log reports
FTP files (active transfers)
telnet sessions (also generates realtime playback scripts)
X11 sessions (experimental X11 playback feature)
In some ways it's like an "any-snarf" program as it fetches the
application data from the network traffic logs to capture HTTP and FTP
files, and generate playback programs for telnet, IRC, etc.
So far it's helped to convince people to use encryption - ssh or IPSec.
snoop -o /tmp/out1
Or just web search for "chaosreader".
There are many existing (and more developed) tools that provide
similar features, such as Ethereal and dsniff; and some of the ideas
are similar to tools like lazarus and ttywatcher.
More features (and bug fixes) will be added in future versions.
[ reply ]
Copyright 2010, SecurityFocus