Vunerability Analysis Tool Chaosreader is a freeware tool that can trace HTTP sessions from a packet log, displaying which bytes are plaintext. It could be used to help verify that some websites really do use encryption, which may interest readers of Bugtraq. It has been written in perl and tested on RedHat, Solaris and Windows. The above description is one use of Chaosreader, it has many features: Reads snoop and tcpdump logs Processes TCP, UDP, ICMP, IPv4 and IPv6 Processes HTTP transfers (HTML, JPG, GIF, zip, ...) HTTP GET/POST content reports HTTP traffic log reports SMTP emails FTP files (active transfers) IRC sessions telnet sessions (also generates realtime playback scripts) X11 sessions (experimental X11 playback feature) Hex dumps ... In some ways it's like an "any-snarf" program as it fetches the application data from the network traffic logs to capture HTTP and FTP files, and generate playback programs for telnet, IRC, etc. So far it's helped to convince people to use encryption - ssh or IPSec. Quick Usage: snoop -o /tmp/out1 chaosreader /tmp/out1 netscape index.html Main Website: http://www.brendangregg.com/chaosreader.html Or just web search for "chaosreader". There are many existing (and more developed) tools that provide similar features, such as Ethereal and dsniff; and some of the ideas are similar to tools like lazarus and ttywatcher. More features (and bug fixes) will be added in future versions. Enjoy! Brendan Gregg [Sydney, Australia]