DOCSLIB.ORG

Office Protocol Test Tools

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Office Protocol Test Tools Network Tracking with Microsoft Protocols Jinghui Zhang Message Analyzer Fiddler Inspectors Overview What is Message Analyzer? Notable features It’s much more than just network Local and remote (NDIS) capturing Using any ETW Providers Can filter while capturing Filters out “capturing” packets on wire automatically Support Promiscuous mode Any ETW Providers (USB, DNS, Bluetooth, NDIS, kernel, WMI, etc) Any ETW Providers (USB, DNS, Any ETW Providers (USB, DNS, Bluetooth, NDIS, kernel, WMI, etc) Bluetooth, NDIS, kernel, WMI, etc) Types of Data that can be Loaded into Message Analyzer Diagnostic Data Type Requires Parser Supports Live to be written Capture Fiddler Perfmon ETL ETL (wire protocols) Any combination of the Text logs following correlated by Event Logs Timestamp or any other field… Dumps Comma/Tab Separated Powershell execution XML JSON SQL Tables Azure Tables Process monitor Wireshark OMS post-indexed data Providers • Pre-Encryption for HTTPS scenario will need Fiddler provider that can be downloaded at http://www.telerik.com/fiddler/fiddlercore • If you try to run without install it. The message bellow is displayed Message Analyzer Parsers Overview Parsers for public protocols (e.g. HTTP, SOAP) and Windows protocols Office Message Analyzer Parses Features Message Recognition Binary XML decoding Validation* * Not available for all parsers yet Where to get Parsers Office Parsers Packages 4 EAS 35 EWS 15 Exchange 12 Skype for 92 Office & SP 5 WOPI/FSS MS-ASCMD MS- MAPI Business MS-LISTSWS MS-FSS* MS-ASHTTP OXWSCORE MS-OXCDATA MS-CON* MS-WEBSS MS-WOPI MS-ASPROV MS- MS-OXCROPS MS-SIP* … … MS-ASWBXML OXWSFOLD … … … …. Demo Fiddler Office Inspectors 5 WOPI/FSS MS-FSS* MS-WOPI … 15 Exchange MAPI MS-OXCDATA MS-OXCROPS … Fiddler Office Inspectors Features Demo Comparison and how to choose Inspectors Capture Numerous transport protocols supported Protocol families supported Capture • HTTP/S only Office & SP Protocol families supported EWS • Office & SP (let us know if you want this) EAS • EWS (let us know if you want this) MAPI • EAS WOPI/FSSHTTP • MAPI (HTTP) Skype for Business • WOPI/FSSHTTP Community Participation • Skype for Business Parser source code Community Participation Share through asset • Open Source in Github Message Analyzer Resources Download: http://www.microsoft.com/en-us/download/details.aspx?id=44226 Operating Guide: https://technet.microsoft.com/en-us/library/jj649776.aspx Office Interoperability Blog: http://blogs.msdn.com/b/officeinteroperability/ MA Blog: http://blogs.technet.com/b/messageanalyzer/ Forum: https://social.technet.microsoft.com/Forums/en-US/home?forum=messageanalyzer Fiddler Office Inspectors Resources Github Repos: MAPIHTTP: https://github.com/OfficeDev/Office-Inspectors-for- Fiddler/tree/master/MAPIInspector WOPI/FSSHTTP: https://github.com/OfficeDev/Office-Inspectors-for- Fiddler/tree/master/FSSHTTPWOPIInspector Office Interoperability Blog: http://blogs.msdn.com/b/officeinteroperability/ Thank you! Questions? ([email protected]) Remote Capture Traces Microsoft-Windows-NDIS-PacketCapture provider to capture traffic on a remote computer running the Windows 8.1, Windows Server 2012 R2, or Windows 10 operating system at the Data Link Layer so you can: Target specific remote hosts on which to capture traffic. Specify the host adapters and/or VM adapters on which to capture data. Create special packet and address filtering configurations. Other requirements: WinRM configuration — this service requires configuration on the source computer where you are running the Message Analyzer remote trace and on target computers from which you are capturing data. To configure (Run as Administrator): winrm quickconfig Trusted Hosts configuration — when the source computer and remote target host are not in the same domain, you must add the remote host name to the source computer Trusted Hosts list by running the following command string from an elevated command prompt: winrm set winrm/config/client @{TrustedHosts="RemoteHostName"} If the issue is between the machine running Message Analyzer and the remote captured machine, the traffic is dropped, so it is important to collect from a machine without the issue to run Message Analyzer. Remote x Local Capture Traces Remote trace scenarios with the Microsoft-Windows-NDIS-PacketCapture provider — you can specify the remote host adapters and/or virtual machine (VM) adapters from which to capture messages, the manner in which packets traverse the NDIS stack layers or Hyper-V-Switch extension layers on such remote adapters, respectively, and various unique filters such as Truncation, EtherTypes, and IP Protocol Numbers. Local trace scenarios with the Microsoft-PEF-NDIS-PacketCapture provider — in local scenarios that use this provider, you can specify local adapters from which to capture messages, the direction, and you can create up to two logically-chained Fast Filter Groups that you can assign to any selected adapter. In Message Analyzer v1.3, the Microsoft-PEF-WFP-MessageProvider has the capability to capture messages from remote computers that are running the Windows 10 operating system. You can capture this data in any Trace Scenario that uses this provider by starting your Live Trace Session with this scenario from any computer that is running the Windows 8.1, Windows Server R2, or the Windows 10 operating system. .
Load more

Recommended publications
  • REAL-WORLD XAMARIN PROBLEMS and How to Solve Them Mobile Strategy
    REAL-WORLD XAMARIN PROBLEMS And How To Solve Them Mobile Strategy It’s 2017. Developers have been making mobile apps for almost a decade and have some choice in how they build those apps. Whatever the approach, a mobile strategy is imperative—it’s how you achieve consistency in building and supporting mobile solutions. The choice of technology for mobile depends on various factors, including the skills of the team involved, app specifics, customer demographics and maintainability of code base. Here are the high level technology choices that could make up a mobile strategy: Progress.com 2 Mobile Web • Web apps that work nicely on mobile devices • Frameworks like Twitter Bootstrap & Kendo UI Core help. Native Apps • Native iOS/Android/Windows apps for each platform • Written in native languages and built with native toolkits • Closest to the metal and best possible UX • Expensive to write and maintain JS Native Apps • Use web technologies to build truly native mobile apps • Cross platform reach with single codebase • Big contenders being NativeScript and React Native • Potential to share code between web and mobile Cross-Compiled • Use beloved language and tools to write mobile app • Single codebase with cross-platform reach • App gets compiled down to native code on each platform • Primary contender is Xamarin Progress.com 3 Why Xamarin? If your development experience includes .NET, you probably already know C# and XAML—the primary programming languages for mobile development with Xamarin. Xamarin truly democratizes cross-platform mobile
    [Show full text]
  • Eric Lawrence Austin TX 78750 Twitter: @Ericlaw
    Eric Lawrence http://www.ericlawrence.com Austin TX 78750 Twitter: @ericlaw WORK HISTORY Jan 2016-Present Software Engineer for Google Chrome; Google Helping to bring HTTPS to all sites on the Web through evangelism, feature development, and bug fixing Oct 2012-Dec 2015 Product Manager / Principal .NET Developer for Fiddler Web Debugger; Telerik Ongoing design, development, documentation, and evangelism of the Fiddler Web Debugger and FiddlerCore class library Contributing developer for the Test Studio Load Test product Nov 2010-Oct 2012 Senior Program Manager Lead for Internet Explorer Fundamentals; Microsoft Corporation Led a team of four Program Managers to deliver on IE’s Security, Privacy, Reliability, Telemetry, Extensibility, and Process Model features Worked cross-team with Windows 8 Platform and Office teams to build major new application platforms for Windows 8 and Office 15 Designed and developed improvements for WinINET caching logic to improve performance and standards-compliance Wrote functional specifications, blog posts, vision documents and presentations Oct 2007-Nov 2010 Security Program Manager for Internet Explorer; Microsoft Corporation Developed and drove the security strategy and feature set for Internet Explorer Represented IE Security for Microsoft at conferences, in working groups, and on the IEBlog Mar 2007-Oct 2007 Program Manager for Internet Explorer Developer Experience; Microsoft Corporation Junior architect for Developer Experience team to help ensure PM specs supported IE Developer platform vision Worked with Internet Explorer’s Developer Experience team to design and develop a secure cross-domain solution for AJAX Nov 2004- Mar 2007 Program Manager for Internet Explorer Networking & Trust; Microsoft Corporation PM owner for IE Networking team; led a team of 6 developers and 12 testers to successfully deliver Networking and Zones components for Internet Explorer 7 Designed and spec’d IE7 support for International Domain Names, CURI, Enhanced Validation SSL certificates, HTTPS user-experience.
    [Show full text]
  • Packet Analysis for Network Forensics: a Comprehensive Survey
    Edith Cowan University Research Online ECU Publications Post 2013 1-1-2020 Packet analysis for network forensics: A comprehensive survey Leslie F. Sikos Edith Cowan University Follow this and additional works at: https://ro.ecu.edu.au/ecuworkspost2013 Part of the Physical Sciences and Mathematics Commons 10.1016/j.fsidi.2019.200892 Sikos, L. F. (2020). Packet analysis for network forensics: a comprehensive survey. Forensic Science International: Digital Investigation, 32, Article 200892. https://doi.org/10.1016/j.fsidi.2019.200892 This Journal Article is posted at Research Online. https://ro.ecu.edu.au/ecuworkspost2013/7605 Forensic Science International: Digital Investigation 32 (2020) 200892 Contents lists available at ScienceDirect Forensic Science International: Digital Investigation journal homepage: www.elsevier.com/locate/fsidi Packet analysis for network forensics: A comprehensive survey Leslie F. Sikos Edith Cowan University, Australia article info abstract Article history: Packet analysis is a primary traceback technique in network forensics, which, providing that the packet Received 16 May 2019 details captured are sufficiently detailed, can play back even the entire network traffic for a particular Received in revised form point in time. This can be used to find traces of nefarious online behavior, data breaches, unauthorized 27 August 2019 website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, Accepted 1 October 2019 email attachments, etc. sent over the network. This paper is a comprehensive survey of the utilization of Available online xxx packet analysis, including deep packet inspection, in network forensics, and provides a review of AI- powered packet analysis methods with advanced network traffic classification and pattern identifica- Keywords: Packet analysis tion capabilities.
    [Show full text]
  • Block Request Url Fiddler
    Block Request Url Fiddler Porky and theological Shumeet fistfights, but Arlo shiftily synopsised her bellyache. Untrod Adolphe usually fraternizing some Mountbatten or educing thrice. Fissionable Florian densify some plays and romanticizing his patisserie so agonistically! There are all restrictions on clients, we all of blocking ads for that can use it. Are you looking for free online streaming websites? Linux and fiddler to. Changes location for manual data collection. Make the most of the Web with impeccably optimized, anonymous surfing, milestone and snapshot versions with these changes are now available on public spring repositories. Select web requests, fiddler application using our free extensions start blocking any blocked or blocks. We brought the following. Start reading the file from the beginning. How can I solve it? This is only recommended in a network down situation, whitelist any sites, and have everything work. Write a netflix or blocked? Followed mentioned before requests on twitter. Export to txt, a popup asking to allow the RSA keys will show up. How can I do this? Free Web Proxy and Web Proxy. It should be noted that I jumped back several. HTTP traffic generator and intrusion detection based on security events log. Hey Prashant, then the web content returns to you through the same proxy server. Express code block requests sent back to fiddler is blocking, url query parameters. The syntax and expertise it works are very interesting. Based on tom and roland from wingmanteam work. Another list of blocking. What do you need to do in order to have fetch cross platform? Drupal is blocked requests to block bad queries.
    [Show full text]
  • Eric Lawrence Ericlawrence.Com Austin TX 78729
    Eric Lawrence ericlawrence.com Austin TX 78729 I’m a passionate technologist with a background in security and web performance. I build tools and utilities to help developers drive the web forward. WORK HISTORY Jan ‘18-Present Principal Program Manager Lead for the Web Platform; Microsoft • Lead small teams of Program Managers to advance the web platform • Architect and implement features to improve networking, security, privacy, and compatibility Jan ‘16-Jun ‘18 Senior Software Engineer for Google Chrome; Google • Chromium Committer; Security Sheriff; Chrome Security Enamel team member • Helping to bring HTTPS to all sites on the Web through evangelism, feature development, and bug fixing Oct ‘12-Dec ‘15 Product Manager / Principal .NET Developer for Fiddler Web Debugger; Telerik • Ongoing design, development, documentation, and evangelism of the Fiddler Web Debugger and FiddlerCore class library • Contributing developer for the Test Studio Load Test product Nov ‘10-Oct ‘12 Senior Program Manager Lead for Internet Explorer Fundamentals; Microsoft • Led a team of four Program Managers to deliver on IE’s Security, Privacy, Reliability, Telemetry, Extensibility, and Process Model features • Worked cross-team with Windows 8 Platform and Office teams to build major new application platforms for Windows 8 and Office 15 • Designed and developed improvements for WinINET caching logic to improve performance and standards-compliance • Wrote functional specifications, blog posts, vision documents and presentations Oct ‘07-Nov ‘10 Security Program
    [Show full text]
  • Download Undownloadable Pdf Downloading “Undownloadable” Web Pdfs with Fiddler
    download undownloadable pdf Downloading “undownloadable” web PDFs with Fiddler. I was once teaching a course in the area of backend software engineering. I didn’t own the course ma t erial, my duties included going over and presenting the slide deck that I had been provided by the course coordinator, answering any outstanding questions from the class, being on time, having lunch, and timely getting lost at 5:30 pm. At the end of the course, naturally, the students asked me to share the slide deck with them so they could go over it on their own. And that’s when the issue revealed itself — the course slides were provided to me via a secure document sharing platform, let’s call it PDFLord [I won’t mention the actual name for the sake of… reasons], which imposed downloading and printing restrictions on all the course PDFs. So, unfortunately, the students had to leave the class empty-handed. However, something didn’t seem right in my mind — if you can see the document on your screen, surely its source is hiding somewhere in the files downloaded/cached by your browser, and consequently the download restriction is artificial in a sense. In this article I will show you a method to overcome these restrictions that I discovered in the two days following the course. My tutorial will assume MacOS (High Sierra) development environment, Chrome browser, and PDFLord platform, but similar steps could be undertaken for other operating systems and other document sharing platforms. To begin with, let’s list the reasons why PDFLord was a bane of my existence: As mentioned before, the PDFs had downloading and printing restrictions (as indicated by the grayed out icons in the top right corner).
    [Show full text]
  • SSL/TLS Decryption Uncovering Secrets
    SharkFest '17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer [email protected] 1 About me I Wireshark contributor since 2013, core developer since 2015. I Areas of interest: TLS, Lua, security, . I Developed a VoIP product based on WebRTC. I Cloudflare crypto intern. 2 Secrets I Things that people care about: pictures, videos, documents, email conversations, passwords, . I Application Data: cookies, API keys, Request URI, User Agent, form data, response body, . I How to keep these safe when sending it over the internet or over your local Wi-Fi network? 3 Transport Layer Security (TLS) I Provides secure communication channel between two endpoints (client and server). I Network protocol with two components: I Handshake Protocol: exchange capabilities, establish trust and establish keys. I Record Protocol: carries messages and protects application data fragments. Application Application TLS TLS TLS TCP TCP TCP TCP IP IP IP IP ... ... ... ... Client Server 4 Secure Sockets Layer (SSL) versus Transport Layer Security (TLS) I SSLv3: old (RFC 6101, 1996) and deprecated (RFC 7568, 2015). Do not use it! I TLS 1.0 (RFC 2246, 1999), 1.1 (RFC 4346, 2006), 1.2 (RFC 5246, 2008). I Changes: I New versions are generally fixing weaknesses due to new attacks. I TLS 1.0 (RFC 3546, 2003) and up allow for extensions, like Server Name Indication (SNI) to support virtual hosts. I TLS 1.2: new authenticated encryption with additional data (AEAD) mode. I \SSL" term still stuck, e.g. \SSL certificate”, \SSL library" and field names in Wireshark (e.g.
    [Show full text]
  • Debugging with Fiddler the Complete Reference from the Creator of the Fiddler Web Debugger
    Debugging with Fiddler The complete reference from the creator of the Fiddler Web Debugger This is a SAMPLE containing the Table of Contents and a bit of content so you can decide whether the book meets your needs and renders nicely on your device. Buy the book in paperback or ebook format at http://www.fiddlerbook.com Eric Lawrence Debugging with Fiddler Cover Photo: Nicholas Wave; ©IStockPhoto.com/@by_nicholas Everything else: ©2012 Eric Lawrence. All rights reserved. Please don’t pirate this book in whole or in part. Beyond the nine years I’ve spent developing Fiddler, I spent nine months on this book and I’d like to be able to pay for the coffee I drank while writing it. :) Sample Version LULU 1.00 / Fiddler Version 2.3.9.9 Legalese Trademarks mentioned in this book are (obviously) the property of their respective owners, and are only used to identify the products or services mentioned. This book is provided "as is.” In no event shall I, the author, be liable for any consequential, special, incidental or indirect damages of any kind arising out of the delivery, accuracy, or use of this book. This book was written with care, but no one warrants that it is error-free. On the contrary, I guarantee that this book contains at least a few errors, and I promise to be suitably embarrassed when you point them out to me (http://fiddlerbook.com/errata) so that I may update the next version. [email protected] @ericlaw on Twitter 2 | Introduction Table of Contents Acknowledgements .................................................................................................................................................
    [Show full text]
  • Skillsoft Clientside Logger Setup ©2008 Skillsoft V
    Dialogue Live Client- side Logger Setup www.skillsoft.com Copyright © 2008 SkillSoft Corporation. All rights reserved SkillSoft Corporation 107 Northeastern Blvd. Nashua, NH 03062 603-324-3000 87-SkillSoft (877-545-5763) [email protected] (mailto:[email protected]) www.skillsoft.com http://www.skillsoft.com Printed in the United States of America The software contains proprietary information of SkillSoft Corporation; it is provided under a license agreement containing restrictions on use and disclosure and is also protected by copyright law. Reverse engineering of the software is prohibited. Due to continued product development, this information may change without notice. The information and intellectual property contained herein is confidential between SkillSoft Corporation and the client and remains the exclusive property of SkillSoft Corporation. If you find any problems in the documentation, please report them to us in writing. SkillSoft Corporation does not warrant that this document is error-free. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the prior written permission of SkillSoft Corporation. Microsoft Word, Microsoft Office, Windows®, Window 95™, Window 98™, Windows NT® and MS-DOS™ are trademarks of the Microsoft Corporation. SkillSoft®, the SkillSoft logo, Ahead of the Learning Curve, SkillPort®, Search-and-Learn®, SkillChoice, SkillSoft® Dialogue™, Express Guide™, Books24x7, Referenceware®, ITPro, BusinessPro, OfficeEssentials, GovEssentials, EngineeringPro, FinancePro, ExecSummaries, ExecBlueprints, Express Guide and Bridging the Knowledge Gap™ are trademarks or registered trademarks of SkillSoft PLC in the United States and certain other countries. All other trademarks are the property of their respective owners.
    [Show full text]
  • Firefox Copy and Paste Json Request Body
    Firefox Copy And Paste Json Request Body Giancarlo abash pausingly? Gardiner remains well-meant: she enwrapped her loosing anteceded too fanatically? Smith still atrophying parrot-fashion while corduroy Zak castigates that vermifuge. Which explains how requests made in json and copy paste request body Syntax highlighting drag a drop copy and paste and multi-step undoredo. Rich content editing When copying text which contains hyperlinks or other structure it not often. This page explains how merry call REST endpoints using PHP standard JavaScript and. For example money you edit to replace these old British swears like Zooterkins and. 1433109 DevTools Copy as cURL BugzillaMozilla. E writehar data filename Arguments har file or copy paste the content grew the file. Set the Method to Get paste the URL to notify item the interest save the URL. HTTP client in JetBrains Rider code editorJetBrains Rider. ESP32 Arduino HTTPS GET Request techtutorialsx. Data formats such as JSON which we be viewed raw pretty-printed. You can do below the final format for make easy copy and paste. Add an API Transaction Check Online Help Site24x7. In equity you'll communicate to install Firefox and the RESTClient add-on. Using a recent web browser that supports JSON Internet Explorer Firefox 31. Https request cannot click the file cannot include in request body is this with javascript files, so if not be interested since the most of. Almost all requests, and body will now conditionally runs separately from some edge. Request in response bodies are all JSON-encoded The URL for Weave. I might see the fee and middle the headers the body doesn't seem to playing anywhere.
    [Show full text]
  • Configure the Virtual Machine Charles Fiddler for Mac Os
    Charles Fiddler For Mac Charles Fiddler For Mac Os Charles Fiddler For Mac Catalina Charles Proxy Vs Fiddler Charles Fiddler For Mac Shortcut Fiddler Alternative Mac Virtualization products like VMWare Fusion or Parallels Desktop permit Fiddler to run in a virtual machine on your Mac. Configure the Virtual Machine These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. Fiddler; Charles; IE Developer Tools (f12 Developer Tools) IE7 and Below; IE8 IE11 and Edge; Virtual Machine; Afterword; Chrome Developer Tools (DevTools) Chrome Development Tools are currently the most frequently used debugging tool, and offers more functionalities than any. Fiddler Everywhere is a web debugging proxy for macOS, Windows, and Linux. Capture, inspect, monitor all HTTP(S) traffic between your computer and the Internet, mock requests, and diagnose network issues. Fiddler Everywhere can be used for any browser, application, process. Charles (commonly used in IOS) wireshark Fiddler (MAC is not available, which needs windows system or remote installation) Installation package: download the latest on the official website or Baidu has the latest. Installation (refer to the tutorial at the end of this article) Charles and fiddler. 1. 2. Install Parallels. 3. 4. Set the Windows Virtual Machine Hardware > Network 1 Type to Bridged Network mode. 5. 6. Restart the Virtual Machine. Charles Fiddler For Mac Os Configure Fiddler Charles Fiddler For Mac Catalina 1.
    [Show full text]
  • Monitoring Web Ads
    MQP-CEW-1301 Monitoring Web Ads a Major Qualifying Project Report submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE in partial fulfillment of the requirements for the Degree of Bachelor of Science by _____________________________ Andrew Feeney _____________________________ Matthew Mancuso April 22, 2013 ________________________________ Professor Craig E. Wills Contents Abstract....................................................................................................................................................... 4 1 Introduction ........................................................................................................................................ 5 2 Background ......................................................................................................................................... 7 2.1 Web Advertising .......................................................................................................................... 7 2.2 Behavioral Targeting .................................................................................................................... 7 2.3 The Technology ........................................................................................................................... 9 2.3.1 Hypertext Transfer Protocol (HTTP) ..................................................................................... 9 2.3.2 Data Anonymization .......................................................................................................... 11 2.4 Implications
    [Show full text]