netifera Blog

April 7th, 2009

Video – The Java Virtual Machine As Shellcode

In this screencast we’re going to look at some features we are working on for the next version of netifera.

The two main things we’re going to demonstrate are geographical visualization and the netifera probe which is a deployable software agent that makes it possible to run all netifera platform tools remotely as easily as running them locally.

We’re going to install the probe on the webserver, and we’ll deploy it like shellcode by injecting it directly into memory over the network, using an exploit.

the java virtual machine as shellcode video

Tags: , , , ,
Posted by netifera in news | 8 Comments »
December 15th, 2008

Netifera Development Tutorial

We are working on a series of tutorials about how to create new tools, modules, and extensions for the netifera framework.  The first tutorial covers setting up a development environment with Eclipse as well as creating and exporting a simple module for the netifera sniffing service.  If you have any questions or problems with the tutorial please don’t hesitate to contact us by email at or join us on IRC in channel #netifera on the freenode IRC network.

Tags: , ,
Posted by netifera in news | No Comments »
December 11th, 2008

Beta 2 Released

We have just published the second netifera beta on our download page.  It includes many bug fixes and improvements since the last beta.

If you have the first beta installed, you must delete the entire directory (or move it out of the way) before installing this version.

Change log

  • Improved the output of several tools
  • Web spider: fixed a number of important bugs, improved detection of several web applications.
  • TCP connect scanner: better handling of the case of the server response arriving in two fragments separated by a small delay, don’t miss the last piece of data
  • Improved detection of FTP, SMTP, and other services. Fixed some service miss-detections
  • UDP scanner: added a delay between sending packets, improved to better use the asynchronous socket engine
  • Removed some actions from targets that don’t make sense, such as “geo-localize” for private addresses.
  • Better handling of host names with multiple addresses and addresses with multiple names.
  • Added an “architecture” attribute to host entities, in addition to the “os” attribute.
  • Improved service detection to set the architecture when it can be known, and also to detect Linux distributions
  • Distinguish multiple clients of the same service in a single host, for example represent Firefox and apt-get as two different HTTP clients that can simultaneously exist in a single host
  • Open all perspectives at startup, so that both sniffing and tools perspectives are easily switched with buttons that appear in the toolbar
  • Improved the sniffing API and documentation of the API
  • Added the memory monitor to the status bar to help debugging memory leaks
  • Added system information (os, architecture, etc) to services and clients, show OS icon decoration in services and clients too
Posted by netifera in news | No Comments »
November 25th, 2008

About the backdoor in netifera

Some of you might be wondering why the netifera distribution includes an executable called ‘backdoor’.

We deliberately chose that name to draw attention to the fact that if you install this feature correctly you will be creating a security vulnerability on your system: Anybody who can execute the backdoor binary will be able to capture and send raw network packets.  We think this risk is minor and acceptable considering that it makes netifera much simpler to launch and use, but it’s disabled by default and should not be enabled without understanding the implications.

We’ll explain all the details of why it exists and how it works, and how large of a security hole it creates so you can decide for yourself if you want to use it or not.

Read the rest of this entry »