Stefano Lorenzi

Stefano Lorenzi

IT Security Specialist

pcaparse

Pcaparse is a open source tool able to parse a pcap file (in tcpdump format) and it does this tasks:

  • Reproduce HTTP, TCP, DNS and ARP protocol
  • Reproduce PDF, web page, images thar are in pcap file
  • Discover some web attack like SQL injection and XSS Attacks
  • Discober malicious User-Agent in HTTP protocol some sqlmap
  • Show invalid TCP flags
  • This tool has a web interface and saves your cases in a sqlite database.
    I have tested this tool with Ubuntu distribution.

    Install

    You can download pcaparse here


    Release: 17/09/2015
    MD5: 4c040f4b1fc7f14f403904693b5b50a4

    Under Ubuntu, this tool has the follows dependencies:
    sudo apt-get install scapy python-matplotlib tcpflow
    and
    pip install pygeoip

    Usage

    To run pcaparse, just open a linux shell and run this command:
    ./YOUR-PATH/pcaparse/pcaparse.py

    Video

    Credit

    This software is distributed with an unmodified copy of web2py from web2py.com

    This tool is currently maintained by Stefano Lorenzi, who can be contacted at info@stefanolorenzi.org or twitter @BerghemHackLab https://twitter.com/BerghemHackLab. Suggestions and criticism are welcome.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>