Following my last post, a new need for adjusting Ngrep has arose.
We needed to let Ngrep identify JSER communication session and to dump the whole req/res into one file so it can be sent to decryption and further analysis.
To address this issue I have added a new option (-m) to Ngrep that identifies the end of object transmitting and exits the pcap_loop upon it.
usage example: ngrep -d 5 -O output.pcap -m -X 0x78 dst host www.mytarget.com
Sources and precompiled windows binary tarball here (sourceforge svn)
A .patch file for use with the original 1.45 distribution can be download here
Showing posts with label VS2008. Show all posts
Showing posts with label VS2008. Show all posts
Monday, August 3, 2009
Tuesday, July 14, 2009
Building Ngrep 1.45 on VS2008
update (08-04-2009) check up Ngrep for JSER mod in today's post
Needed to fine tune Ngrep for windows, downloaded the source from the net but it wasn't compatible with the new VS2008 distrib. after some time messing around with it got to a very clean solution, all code changes are marked in green:
Needed to fine tune Ngrep for windows, downloaded the source from the net but it wasn't compatible with the new VS2008 distrib. after some time messing around with it got to a very clean solution, all code changes are marked in green:
- download Ngrep sources
- download WinCap sources
- extract and open with VS2008
- fix include lib to point to the WinCap location
- open up regex.c and change the regerror() definition
from this:
size_t
regerror (errcode, preg, errbuf, errbuf_size)
int errcode;
const regex_t *preg;
char *errbuf;
size_t errbuf_size;
to this:
size_t
regerror(
int errcode,
const regex_t * preg,
char * errbuf,
size_t errbuf_size) - open ws2tcpip.h from microsoft SDK (usally under c:\program files\microsoft SDKs) and add an ifndef macro definition of you choice (i name it NGREP_COMPILE) before the NTDDI_VERSION LONGHORN check like this:
#ifndef NGREP_COMPILE
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
close this macro at the end of the LONGHORN and add the endif so it will close the wrapper like this:
#endif // TYPEDEFS
#endif // LONGHORN
#endif //NGREP_COMPILE - in config.h define the macro you set in step 6:
add macro definition to end of file like this:
#define USE_DROPPRIVS 0
#define DROPPRIVS_USER "notused"
#define NGREP_COMPILE - that's it now compile and build your self-tailored Ngrep for windows.
Subscribe to:
Posts (Atom)