For our needs, we wrote several parsers to analyse a lot of SSL/TLS data. As the collected messages were sometimes corrupted or invalid, standard tools did not allow for sound and robust dissection. Parsifal, an OCaml-based parsing engine, allowed us to gain insight into several important protocols. Parsifal also proved to be versatile and might be useful to the security community to write efficient and robust binary dissectors. As security researchers, we need robust tools on which we can depend. The starting point of Parsifal was a study of large amounts of SSL data. The data collected contained legitimate SSL messages, as well as invalid messages and other protocols (HTTP, SSH). To face this challenge and extract relevant information, we wrote several parsers, using different languages, which resulted in Parsifal, an OCaml-based parsing engine. The contribution of Parsifal to security is twofold. First we provide sound tools to analyse complex file formats or network protocols. Secondly we implement robust detection/sanitization systems. The goal of this paper is to present Parsifal and to use it to write a network protocol parser (DNS) and a file format parser (PNG). The PNG parser will then be used to build a PNG sanitizer. Alternatively, an X.509 certificate signing request validator can be implemented.
[1]
Russ Housley,et al.
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
,
2002,
RFC.
[2]
Eric Rescorla,et al.
The Transport Layer Security (TLS) Protocol Version 1.2
,
2008,
RFC.
[3]
Yakov Rekhter,et al.
A Border Gateway Protocol 4 (BGP-4)
,
1994,
RFC.
[4]
David Cooper,et al.
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
,
2008,
RFC.
[5]
Susan Hares,et al.
A Border Gateway Protocol 4 (BGP-4)
,
1994,
RFC.
[6]
Manish Karir,et al.
Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format
,
2011,
RFC.
[7]
Tim Dierks,et al.
The Transport Layer Security (TLS) Protocol Version 1.2
,
2008
.