On Fri, Jun 12, 2009 at 2:04 PM, Darien Kindlund<dar...@kindlund.com> wrote: >> Well you are dealing with static pages- the pcaps are static. If you >> just did a File->Save As for each page, save as a html file and >> configure Apache to serve up the pages you'd be cool. No reason your >> pages have to be dynamically generated. If all you have is pcap's to >> work off of, Wireshark can save off streams to files. > > Okay, umm, I'll try clarifying a more complicated example: > - Drive-by download malware, loading from a multi-nested IFRAME, which > eventually loads a malicious Flash object, that ultimately compromises > the system. > > Saving the flows to straight HTML wouldn't cut it in this example, > since may have to deal with the encoding type of the Flash object. > Or, how about a malicious .JPG or some other image format (.WMF)? I > can think of more, but I think you get the point.
All that is doable using mod_rewrite to set the mime-type based on the path, but of course it's more work. Depending on how many test cases (pcaps) you have it may or may not scale. >> Of course, Apache won't help you much beyond HTTP. >> >> Anyways, at my day job we have to solve these kinds of problems. To >> do so, we tried classifying different protocols based on their >> complexity and need for dynamic fields. Long story short, protocols >> are becoming more dynamic and are requiring greater inter-dependence. >> Crypto which often has protection against replay attacks seems to be >> showing up more and more. Hence, like you, we're initially targeting >> a smaller subset of use cases: >> http://www.mudynamics.com/products/modules/mu-studio.html </shameless >> plug> > > Actually, I don't mind the plug. I'm curious, is Mu Dynamics working > on a product to accomplish what I've described at all? The closest > thing I could find in commercial space was either IxLoad or IxDefend > from Ixia, but I'm not 100% sure they have what I'm looking for. I can't really comment on what we're working on, but I can say we don't solve your stated problem today. In general, client testing is more difficult since the test harness (getting a random client application to do what you want when you want it) tends to be very specific and hard to generalize. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
