Buu - The Packet Analyzer

Page 1 of 3

08/30/2012 11:19 I don't have a username#1

Latest Version: v2.0

Alright so this is my new packet analyzer. It can basically the same as the previous, but has a few more advantages.

The offsets have colors.
Yellow: Cannot be changed. (Size + Type offsets)
Red: Not analyzed and saved offsets.
Green: Analyzed and saved offsets.

An offset will have a value history which you can use to analyze the different outputs of the current offset. Everytime you choose a new offset this history is cleared thought.

There is two tabs, one for the offset analyzer and one for the packet structure.

It requires .NET Framework 4.0.

Buu v1.0: (Please report any bugs.)
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

Buu v2.0: (Please report any bugs.)
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

Buu v3.0:
This version will include packet handling for handling packets by coding your own scripts (using C#), but also sending custom packets with scripting etc.

Again thanks to Fang for the test packet.
[Only registered and activated users can see links. Click Here To Register...]

Screenshots: (From V1)
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

Screenshots: (From V2)
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

Encryption usage:
You must use the namespace "ProxyEncryption" and the encryption class has to be "ProxyCryptography". You can always call another namespace or class from those two.

The class must contain 2 methods called Encryption and Decryption and they has to return a byte array for the encrypted/decrypted packet. The parameters of the two methods are the same. One parameter for the byte array to encrypt/decrypt and two bool parameters. The first bool is indicating whether it's send/received to/from the client or server. The second bool is indicating whether the packet is being send or not.

The Add reference button can add DLL files as reference to the cryptography, if it's necessary.

The save button will compile the encryption script and delete it if the textbox is empty.

Example:

Code:

namespace ProxyEncryption
{
    public class ProxyCryptography
    {
        public static byte[] Encrypt(byte[] packet, bool client, bool send)
        {
		if (send)
		{
			// the packet is sending
			if (client)
			{
				// the packet is send to the client
			}
			else
			{
				// the packet is send to the server
			}
		}
		else
		{
			// the packet is receiving
			if (client)
			{
				// the packet is received from the client
			}
			else
			{
				// the packet is received from the server
			}
		}
            return packet;
        }

        public static byte[] Decrypt(byte[] packet, bool client, bool send)
        {
		if (send)
		{
			// the packet is sending
			if (client)
			{
				// the packet is send to the client
			}
			else
			{
				// the packet is send to the server
			}
		}
		else
		{
			// the packet is receiving
			if (client)
			{
				// the packet is received from the client
			}
			else
			{
				// the packet is received from the server
			}
		}
            return packet;
        }
    }
}

Technically you can already script things and handle packets now. You can handle the whole application through your codes actually. The reason why I won't include any documentation for this at the moment, it's simply because I'll add a new tab for handling scripts later.

Anyways enjoy.

08/30/2012 13:18 Yupmoh#2

Way to go Jacoooop! XD

08/31/2012 08:51 xmen01235#3

cool stuff for analyzing the packet :)..I'm actually planning to make like this as I am doing a manual analysis on my packet from my data logs but I will just download yours. Thanks :)...

It would be cooler if you can implement this into online packet logger.

08/31/2012 11:04 I don't have a username#4

#Edit updating OP (Version 2 is finished)

In version 3 there will be scripting available to handle packets send/received, but also possibility to send custom packets.

08/31/2012 14:32 diedwarrior#5

This is amazing mate!

08/31/2012 15:07 I don't have a username#6

Thanks man :D

08/31/2012 15:22 ConquerServer#7

Impressive work recognizes your hand

08/31/2012 16:26 I don't have a username#8

Quote:

Originally Posted by ConquerServer

Impressive work recognizes your hand

Thanks a lot :) And recognizes your hand is supposed to mean? :P

08/31/2012 16:31 Captivate#9

Quote:

Originally Posted by I don't have a username

Thanks a lot :) And recognizes your hand is supposed to mean? :P

He's fapping to Buu, it's a common thing where he comes from.

08/31/2012 19:54 _DreadNought_#10

This is awesome.

Depending on how noob-friendly you want this to go, Create a smart-system to fully structure the packet in a standard way.

Code:

byte[] pkt = new byte[215];
WriteType(pkt, 0, `1234);
WriteLength(pkt, 2, 1234);
WriteByte(pkt, 4, 213);

etc. could be fun to see someone do and how they do it.

#edit Oh nigga already did it. fu.

09/01/2012 10:21 xmen01235#11

Thanks for the plugins:) bro :handsdown:.. I have been using your plugin code into my proxy right now :D..

09/01/2012 14:40 itachi26#12

That's very amazing. GUI very simple and really organized. Interersting features.

Congratulations, that's very well done.

(Lots of "very" don't you think too? Haha)

09/01/2012 17:21 I don't have a username#13

Thanks, more to come with this. I'd like some feedback thought on what to change, maybe add and also bugs if found any. Also could you try make wrong things to ex. throw exceptions and tell me what you did and when/where, so I can stop that and maybe just throw an error message out. I'm trying to figure some out atm. tho.

Thanks again all.

09/01/2012 20:28 CptSky#14

Wow, with that GUI, you must have color vision deficiency :p Else, it seems to be interesting. Would be useful if I was still working on CO2.

09/01/2012 23:33 I don't have a username#15

Quote:

Originally Posted by CptSky

Wow, with that GUI, you must have color vision deficiency :p Else, it seems to be interesting. Would be useful if I was still working on CO2.

Nah, I just chose some colors rofl. Didn't really think of it to look fancy, but will evt. rewrite it all and make it way better (Thinking of doing that for version 3) and implement quite a lot and also make it easier to make dynamic etc. But won't tell too much about it as of now as Im not sure what to add/remove.

Page 1 of 3