evilwan.be

What It Is

evilWAN is a personal cybersecurity technology website. Its content is explicitly described as essays and tools related to network security, covering topics such as forensic techniques, reverse engineering, and cryptographic protocols. The site’s core offering is not a commercial protection platform, but a set of practical tools for penetration testing and forensics, including the Burp extension “Naked Body,” Burp WebSockets Extension, and EventlogDumper.rb, a parser script for legacy Windows event logs.

Core Capabilities and Analysis

In terms of protection category, it is not a WAF, EDR, IDS, or vulnerability management platform. Instead, it leans toward Web application security testing and digital forensics support. “Naked Body” is used in Burp sessions to save the raw body of request or response attachments locally, making it easier to analyze media files, images, and similar content. Burp WebSockets Extension supplements older versions of Burp with WebSocket-related capabilities: it can batch-save recorded WebSocket messages as XML, and can automatically modify specified messages through custom Java filter classes. EventlogDumper.rb targets legacy-format Windows event logs, allowing them to be read and exported in a *nix forensic environment. It supports both normal mode and scavenger mode, with the latter able to scan for event entries that appear to have been deleted.

Deployment is entirely local: the Burp extensions are loaded into Burp Professional as jar files, while the Ruby script runs from the local command line. In terms of management and alerting, the site does not provide any centralized management, policy orchestration, monitoring alerts, or reporting platform capabilities. Integration is mainly limited to specific versions of Burp Professional, custom Java classes, XML output, and script-based processing.

Pricing and Limitations

The pages do not provide commercial pricing or paid support information. Burp WebSockets Extension explicitly offers jar and source code downloads and is released under a BSD license, so it can be regarded as a free, open-source/free-to-download tool. Its limitations are also quite clear: the WebSockets extension is tightly tied to specific Burp Professional versions, such as 1.7.15, 1.7.05, and 1.6.x, and is very likely incompatible with other versions and the free edition. Automatically modifying WebSocket messages requires enabling Burp interception, which slows traffic and does not work well alongside normal manual interception of HTTP(S) requests/responses.

Pros, Cons, and Who It Is For

Its strengths are that the tools have clear goals and solve specific real-world testing problems. Some tools provide source code and BSD licensing, which is useful for learning and secondary modification. The site is also relatively candid about compatibility, performance impact, and legal-risk warnings. The downsides are the lack of productized capabilities, enterprise support, compliance certifications, and visible ongoing maintenance information. The tools also have a higher usage threshold and depend on scenarios involving older Burp versions or legacy log formats.

It is better suited to penetration testers, WebSocket security researchers, and reverse engineering or forensic analysts. It is not a good fit for enterprise security teams looking to purchase an out-of-the-box, scalable platform with alerting and compliance reporting.

Access from China and Alternatives

The content does not provide information about access from mainland China, payment, or mirrors, so actual accessibility is marked as unknown. Since no online service or payment is required, the tools can be used locally as long as the files can be downloaded. Alternatives include the current WebSocket features and BApp extensions in Burp Suite, OWASP ZAP, Wireshark, and forensic tools such as Plaso/log2timeline and Windows Event Viewer.