Post Fri Sep 04, 2009 7:50 pm

Custom Protocol Fuzzing


This is my first post. And I start with a question  :)

I have a programmer friend who is writing an application for a company. He want me to test it for DOS, DDOS and Authentication attacks.

The application has two parts, a server part and a client one. The server app listens for client request on a tcp port, the client sends commands to the server. The whole thing is custom. It is not standard like HTTP, FTP, SMTP ..... etc.

I installed the server app on a virtual machine in vmware, and installed the client on another virtual machine and used wireshark in between to sniff the traffic.

I did some analysis of the sniffed traffic and could see some of the commands used, like the authentication conversation between the server and client.

My question is is there any way or may be tool that will deal with custom app protocols
to help me further analyse the application and do my pentest.

Thank you very much.
CCNA Security - CCNP-S - CCSP - Security+