I wanted to see what the apps on my iPhone do and as I searched around, most of the current methods seem to involve jail-breaking, setting up hubs and access points and other such cumbersome nastiness. Gotta be simpler than that. So we are releasing a simple libpcap tool that you can run on your Mac to intercept packets from any app on any mobile device. iPad, iPhone, Android are all fair game. Once you can capture, you can very easily fuzz and scale test with Mu Studio. More on that in a different blog.
Archive for Tools
YATE – JavaScript Templating Engine for Agile UI Development
Recently we were looking for ways to do rapid building of prototype pages during our UI development. I still remember my first web project when I built an air ticket reservation system over a decade ago. Back then, we were concatenating HTML / Javascript inside servlet code to crank out the UI. The joy of building a cool new system was quickly offset by the frustration in dealing with escape / unescape single double quotes for multiple layers of Javascript inside Java code. Over these years, things evolved a lot in trying to address this separation of logic and presentation issue. We had JSP, Strut, Velocity, FreeMarker etc. They were running toward that goal with one getting closer than the other. But logic code still mingles with HTML/CSS . If not used cautiously, they can still yield spaghetti code faster than developers can chew.
Network forensics in IRB: xtractr Ruby gem
What started off as a way to fully unit test xtractr, turned out to be a Gem, literally. First xtractr, then nuggets and now a gem. You follow? Seriously though, we are happy to announce a Ruby gem for xtractr which takes all the goodness of Ruby and interacts RESTfully with xtractr for oh-so-fun packet mining and troubleshooting all from within IRB.
Popcorn – Data Driven Testing with JSON
Are you looking for a quick, easy and flexible way to create JSON objects to test your JSON service? Or maybe a tool to mock server responses to test some JavaScript browser code? If so, you might be interested in Popcorn.
Popcorn is a JavaScript embedded DSL design to generate any kind of JSON object. It comes with a basic set of generators for most common JavaScript types, and combinators to build new generators for any kind of data. With Popcorn thousands of test cases can be expressed in just few lines of code, which makes it a great driver for data-driven test engines. Let’s go for a quick tour.
Multi-dimensional data visualization
Way back in grad school, I was working on a project involving Auralization. The key idea was that your ear can process multi-dimensional data (pitch, volume, instruments, silence, tempo, etc) way better than your eyes can (try closing your eyes and listening to a Bach Fugue). So back then, we tried to take these types of data (stocks, sales reports, expenses, etc) and created MIDI files out of it to understand trends. Ever since I saw the Hans Rosling’s TED Talk I’ve wondered the applicability of this type of visualization on something other than economics.
Wireshark, dissectors and fuzzers
Just saw someone tweet about Python dissectors in Wireshark. Personally, I would’ve preferred a Ruby DSL that maps back to the internal libwireshark API in a way that makes writing dissectors incredibly easy. A couple of years ago, I presented “I see dead protocols” at CanSecWest and talked quite a bit about laziness, impatience and virtue. In the context of dissectors, I dug out some code that I wrote a while back that essentially converts a parser into a fuzzer. Let me explain.
Fun with Ruby’s case/when statements
Ruby’s case statements are pretty cool and more intuitive to the C, C++ counterparts. Each object in the when statement is expected to support the === operator which is invoked with the object given in the case statement. This allows you use Range, Regexp and other objects as long as they support the === operator.
Large scale Ruby development with TDD
We use Ruby, a lot. Everything from one-off scripts to modeling protocols to building mutations to packaging these things on to the product and then some. We push the language features quite a bit with native C extensions, eigen classes, DSL’s, method yanking, method redefinition, open classes, etc. We have parsers, code generators (that output C, Java, C++ or Ruby in some cases), document generators (that output wiki pages) all written in Ruby. The online help in the product is validated during build time and then aggregated into a set of HTML pages. Our 3rd generation protocol engine which powers all of our protocols and Studio has 2,323 Ruby files in trunk with a total of 215,621 lines of code!
Ruby 1.9.1 package for CentOS/RHEL4
While I like CentOS/RHEL as a distro, it does tend to be out of date for a lot of packages; especially if that software isn’t considered fully stable. One package in particular is Ruby 1.9, which has many critical improvements (real threads!) compared to v1.8. After a lot of searching came up empty, I grabbed the RPM spec file from the OpenPKG project and ported it to CentOS/RHEL4. Full Post »
Categories: Ruby
Fuzzing in JavaScript, an exercise in monadic computation
As I mentioned in a previous post, following is an introduction to monadic computation in JavaScript. The intent of this post is to demonstrate many advantages of monadic abstraction by implementing a concrete example from ground up. The theory behind monads I will leave to other online tutorials.
Full Post »
