Edit: I wrote this post after failing at life and not being able to find ZAP’s resend functionality. As psiinon points out in the comment below, it’s there – just in a different place to what Burp users might expect.

Things have been busy as of late, and I haven’t had as much time to work on various reverse engineering ~stuff~ as much as I would have liked. That said, I did recently get my hands on a copy of The Art of Memory Forensics, but sometimes it reads more like an advertisement for Volatility than actually teaching me practicalities involved in memory forensics.

Personally, I think the choice of tool is irrelevant: anyone can look up a man page, what matters most is the thought process behind what to look for, and why.

Along similar lines, I’ve been occasionally putting some time into my markerlight tool. With the most recent bugfix (if len(dataBlock): to if len(dataBlock) == 0:, believe it or not), I now have entropy graphs: behold!

Entropy Graph

Oh god how do I make this a full-size image wtf

I hope to expand this functionality to be more meaningful, and allow me to quickly “cut and paste” memory ranges into other parts of the markerlight tool, making it at least a somewhat intuitive user interface that functions consistently along some core concepts.

Incidentally, I think this is where OWASP’s ZAP (Zed Attack Proxy, similar to Burp) project gets it wrong. A few days ago, there was some discussion on the OWASP leaders mailing list regarding the ZAP project, so I gave it a go. Setting it up and making it “work” was relatively painless, but I found myself puzzled by the lack of features like searching for text in the ZAP equivalent of Burp Repeater.


how do i search for stuff?

At first, I thought that this would be a feature which everyone would use in web app pentesting, so imagine my surprise when I did some Google and I found that it was only marked as a medium priority feature todo.

(Note: this isn’t a dig at OWASP ZAP. I know well how much effort is involved in building such a project, on top of getting people to collaborate, this is just my personal opinions on why I don’t use it myself).

Until next time!

  1. psiinon says:

    To search for stuff in the ZAP ‘Resend’ dialog just right-click and select ‘Find…’
    We do have a user group (accessible from the ‘Online’ menu) where you can ask questions like this, or just send a tweet to me (@psiinon) or ZAP (@zaproxy)…

