To do list

[NytroRST]

To do:

• Complet debug log - no MsgBox
• Allow more complex static signatures (use ????)
• Fix Google Chrome functions finding - use static signature
• Fix Putty and WinSCP functions finding - use static signature
• Add support for Windows hot-patching
• Create a thread safe hooking mechanism (thread freeze?)
• Add support for Java applications
• Add support for .NET applications
• Write a complete Metasploit module
• Add support for Internet Explorer, FileZilla, OpenSSL, RDP...
• Add support for x64
• Bypass EMET protections
• Remove unnecessary code
• Full comment code
• Match requests and responses if possible
• Get peers IP addresses and ports if possible
• Save data to PCAP if possible
• Write a documentation paper
• Add regular expression and other plugins (ungzip, spdy, base64, password)
• Support older versions of different software
• Make sure the correct functions are hooked (traffic)
• Hook LoadLibrary and CreateProcess

[HarmJ0y]

A regular expression system would definitely be great. I would say (my .02) to also consider some way to store the captured data to an encrypted container on disk.

[slityourthroat]

Also hooking on raw I/O sockets by hooking ntdll functions sounds like a great project :)
ReactOS Source code will help you alot.