Wednesday, June 24, 2009

Jsunpack-n updates for PDF decoding, improved HTTP handling, dynamic JavaScript and Logging

Hey everyone,
I released jsunpack-n version 0.1b today (get source code from While this code is still being released as alpha/unstable, there are some great new features in this edition.

For example, try to decode the sample-pdf.pcap file included with the distribution and you will notice that I've added not only PDF decoding, but minimal PDF CVE signatures.

$ ./ sample-pdf.pcap
decoded 25275 bytes in pdf
[0] decoded 25275
[1] decoded 7627
Match signature [CVE-2007-5659] Collab.collectEmailInfo
Match signature [CVE-2007-5659] Collab.getIcon
Match signature [CVE-2008-2992] util.printf
Match signature [CVE-2009-1493] spell.customDictionaryOpen
Match signature [CVE-2009-1492] getAnnots

I hope you enjoy all of the new features in this update. As always, I like feedback so send me an email blake_at_jeek_org.

1 comment:

  1. jsunpack-n can also decode local files if they contain JavaScript but are not pcap files.

    $ ./
    jsunpack-network version 0.1b (alpha)
    Usage: ./ [fileName] or ./ [interfaceName]
    [fileName] can be either a [pcap] or [file that contains JavaScript to decode]