This project is to host open source tools that will help security researcher and network administrator to understand botnet network traffics.
As a follow up to last week’s post regarding Mariposa infection research, Yamata Li of the Palo Alto Networks Threat Research Team has developed a Wireshark plugin that will allow you to view obfuscated pcaps of traffic from a Mariposa infected client and actually decrypt them within Wireshark. The software is available to all as open source software under the GNU GPL license. We hope that it helps in doing further investigation and research into the Mariposa botnet. Special thanks to Defence Intelligence for their analysis on Mariposa.
Read on for information on installing and using the plugin:
Download from : http://code.google.com/p/botnetdecoding/