Parsing Office Traffic: Message Analyzer &...

Parsing Office Traffic: Message Analyzer & Fiddler

Jingyu Shao

Software Engineer

Agenda

• Message Analyzer• What’s Message Analyzer

• Protocol analysis

• Parsers available

• Demo

• Resources

• Fiddler• Office Inspectors

• Demo

• Resources

• Comparison and how to chose

What is Message Analyzer?

Message Analyzer Protocol analysis

Protocol Analysis

Message Analyzer Parsers Overview

Message Analyzer

Parsers for public protocols (e.g. HTTP, SOAP) and Windows protocols

Office Parsers Packages

Office & SharePoint

92 parsersMS-LISTSWS, MS-ADMINS,MS-WEBSS, …

Exchange Web Service

35 parsersMS-OXWSCORE, MS-OXWSFOLD, MS-OXWSSYNC,….

Exchange Active Sync

4 parsersMS-ASCMD,MS-ASHTTP, MS-ASPROV, MS-ASWBXML WOPI/FSSHTTP

5 parsersMS-FSSHTTP,MS-FSSHTTPB, MS-FSSHTTPD, MS-WOPI, FileSyncBasic

Exchange MAPI

14 parsersMS-OXCDATA,MS-OXCROPS, MS-OXCRPC, MS-OXCMAPIHTTP,…

Skype for Business

12 parsersMS-CONFBAS, MS-SIPREGE, MS-TURN, MS-ICE, …

Office Parses Features

WBXML decoder for EAS

Message Recognition Binary XML decoding Validation*

* Not available for all parsers yet

Message Analyzer Resources

• Download: http://www.microsoft.com/en-us/download/details.aspx?id=44226

• Operating Guide: https://technet.microsoft.com/en-us/library/jj649776.aspx

• Office Interoperability Blog:http://blogs.msdn.com/b/officeinteroperability/

• MA Blog:http://blogs.technet.com/b/messageanalyzer/

• Forum:https://social.technet.microsoft.com/Forums/en-US/home?forum=messageanalyzer

Agenda

• Demo

• Resources

• Demo

• Resources

Fiddler Office Inspectors

WOPI/FSSHTTP

MS-FSSHTTP,MS-FSSHTTPB, MS-FSSHTTPD, MS-WOPI

Exchange MAPI

MS-OXCDATA,MS-OXCROPS, MS-OXCRPC, MS-OXCMAPIHTTP,…

Fiddler Office Inspectors Resources

• Github Repos: MAPIHTTP:

https://github.com/OfficeDev/Office-Inspectors-for-Fiddler/tree/master/MAPIInspector

WOPI/FSSHTTP:

https://github.com/OfficeDev/Office-Inspectors-for-Fiddler/tree/master/FSSHTTPWOPIInspector

• Office Interoperability Blog:http://blogs.msdn.com/b/officeinteroperability/

Agenda

• Demo

• Resources

• Demo

• Resources

Comparison and how to choose

Capture• Numerous transport protocols supported

Protocol families supported• Office & SP

• EWS

• EAS

• MAPI

• WOPI/FSSHTTP

• Skype for Business

Community Participation• Parser source code

• Share through asset

Capture

• HTTP/S only

Protocol families supported

• Office & SP (let us know if you want this)

• EWS (let us know if you want this)

• EAS

• MAPI (HTTP)

• WOPI/FSSHTTP

• Skype for Business

Community Participation• Open Source in Github

Thank You!

Parsing Office Traffic: Message Analyzer &...

Documents

Unit5-Day2-VDBctp.cm.utexas.edu/.../ch302/slides/Unit5-Day2-VDB.pdf · Unit5-Day2-VDB Thursday, January 16, 2014 8:33 AM Unit5-Day2-VDB Page 1

day2 session2

Microsoft Message Analyzer Packet Analysis at a …download.microsoft.com/download/C/6/0/C60E2BD0-8A7C-479F-851E...Microsoft Message Analyzer ... and log traffic passing over all or

Joomla Day2

Dorner Day2

#ecme13 (day2)

Pricing Day2

SMB Analyzer (Server Message Block) - Bro · SMB Analyzer (Server Message Block) Seth Hall ... This is only integrated into the SMB analyzer right now, ... BUDGET\\XXXXXXXXXXX\\SALARY

Microsoft Message Analyzer: New Looks and New Tricks€¦ · 2015 Storage Developer Conference. © Microsoft. All Rights Reserved. Microsoft Message Analyzer: New Looks and New Tricks

An Analyzer for Message Sequence Chartsspinroot.com/gerard/pdf/inprint/tacas96a.pdf · Alur, Holzmann, Peled: An Analyzer for Message Sequence Charts 71 • Figure 1. A message sequence

Message Analyzer Parsers for SQL - Microsoft

Amazing Day2

Day2 Thermal

Physics day2

Init() day2

Day2 wordpress

UoLCMI Day2

FOREX101 Day2

Day2 s2davidboucher

Day2 Presentation