Entropy Graphs and More!

Edit: I wrote this post after failing at life and not being able to find ZAP’s resend functionality. As psiinon points out in the comment below, it’s there – just in a different place to what Burp users might expect.

Things have been busy as of late, and I haven’t had as much time to work on various reverse engineering ~stuff~ as much as I would have liked. That said, I did recently get my hands on a copy of The Art of Memory Forensics, but sometimes it reads more like an advertisement for Volatility than actually teaching me practicalities involved in memory forensics.

Personally, I think the choice of tool is irrelevant: anyone can look up a man page, what matters most is the thought process behind what to look for, and why.

Along similar lines, I’ve been occasionally putting some time into my markerlight tool. With the most recent bugfix (if len(dataBlock): to if len(dataBlock) == 0:, believe it or not), I now have entropy graphs: behold!

Entropy Graph

Oh god how do I make this a full-size image wtf

I hope to expand this functionality to be more meaningful, and allow me to quickly “cut and paste” memory ranges into other parts of the markerlight tool, making it at least a somewhat intuitive user interface that functions consistently along some core concepts.

Incidentally, I think this is where OWASP’s ZAP (Zed Attack Proxy, similar to Burp) project gets it wrong. A few days ago, there was some discussion on the OWASP leaders mailing list regarding the ZAP project, so I gave it a go. Setting it up and making it “work” was relatively painless, but I found myself puzzled by the lack of features like searching for text in the ZAP equivalent of Burp Repeater.

whereismysearchdafuq

how do i search for stuff?

At first, I thought that this would be a feature which everyone would use in web app pentesting, so imagine my surprise when I did some Google and I found that it was only marked as a medium priority feature todo.

(Note: this isn’t a dig at OWASP ZAP. I know well how much effort is involved in building such a project, on top of getting people to collaborate, this is just my personal opinions on why I don’t use it myself).

Until next time!

About Norman

Sometimes, I write code. Occasionally, it even works.
This entry was posted in Computers, Jesting. Bookmark the permalink.

One Response to Entropy Graphs and More!

  1. psiinon says:

    To search for stuff in the ZAP ‘Resend’ dialog just right-click and select ‘Find…’
    We do have a user group (accessible from the ‘Online’ menu) where you can ask questions like this, or just send a tweet to me (@psiinon) or ZAP (@zaproxy)…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s