I'm trying to reverse engineer a kinda simple tcp data stream, and the values are tag-length-value for the most part, and I made a simple mitm proxy that prints known tags and their data values (that I was able to decipher) live, but I am doing the deciphering of known and unknown tags manually, but I was wondering if there is some way to automate this?
I basically would be interested in automatic seen tag tracking, replaying select tags many times to see if they are idempotent, replaying and modifying bytes on a select tag, omitting a select tag and seeing how the client responds.
I guess I could find the socket receive function in the binary and see if the tag values are in a switch or something too but like the original article, it's also new territory for me to read that.
I am just about to expand my mitm proxy with more code to inject/filter packets.
I'm trying to reverse engineer a kinda simple tcp data stream, and the values are tag-length-value for the most part, and I made a simple mitm proxy that prints known tags and their data values (that I was able to decipher) live, but I am doing the deciphering of known and unknown tags manually, but I was wondering if there is some way to automate this?
I basically would be interested in automatic seen tag tracking, replaying select tags many times to see if they are idempotent, replaying and modifying bytes on a select tag, omitting a select tag and seeing how the client responds.
I guess I could find the socket receive function in the binary and see if the tag values are in a switch or something too but like the original article, it's also new territory for me to read that.
I am just about to expand my mitm proxy with more code to inject/filter packets.