Introduction to Information Security Wireshark and Scapy
1 Exercise 6
• Submission deadline extended to 3.5 to fix the following issues: • Check the exit code only to determine whether convert failed • Put the explanation as to why fuzzing the first and last 750 is enough at the top of the .txt file • Use the correct format • 0x
2 The Great Ascent
• We shift our focus from low-level vulnerabilities (buffer overflows) to high-level ones (DNS poisoning) • Network vulnerabilities are just as sophisticated and interesting! • They are not simpler, but they are easier to debug • Tools: • Wireshark (and maybe tcpdump) • Scapy
3 A Few Words about Python
4 Python
• Probably the best language in the world • For scripts, we know... • But also: • For web development (django, flask) • For scientific research (numpy, scipy, sympy, matplotlib, ipython notebook) • For big data analysis (pandas) • For machine learning (scikit.learn) • For big and complex systems (twisted, sqlalchemy) • Other stuff (re, pycrypto, PIL, nltk, scrapy)
5 A Few Words About Python
• How can it be? • It's modern and cool • It's extremely dynamic • Everything is an object (even classes!) • You can overload and hook just about anything • Focuses on developer time • Simplicity Nowadays, that's what takes 90% of the time! • Interactivity
• As a side-note for skeptics, with stuff like PyPy it's also incredibly fast
6 Example class A(object): >>> a = A() def __call__(self, x, y): >>> a(1, 2) return x + y 3 def __getitem__(self, key): >>> a['foo'] return key.upper() 'FOO' >>> a.foo def __getattr__(self, key): 'foo...... ' return key.ljust(10, '.')
7 How to Learn
• If you're not sure how to do something, Google it or look in Stack Overflow • Don't copy solutions blindly – but do learn from them • For example, many of you reinvented the wheel instead of using binascii / struct • Almost nobody automated the core dump address extraction • Sounds hard?
8 Example
9 Back to the Point
10 Wireshark
• Allows to capture ("sniff") incoming and outgoing packets • Amazing deconstruction and visualisation • Incredible number of supported protocols • Filters and more
11 Wireshark
12 Scapy
• A Python library that allows constructing, deconstructing, sending, receiving, sniffing and virtually doing anything you can imagine with packets • Read the tutorial: http://www.secdev.org/projects/scapy/doc/usage.html
>>> from scapy.all import * >>> s = IP(dst='212.179.180.89') / TCP(sport=65000, dport=80, flags='S') >>> a = sr1(s) >>> a[TCP].sport 80 >>> a[TCP].sprintf('%TCP.flags%') 'SA' >>> sniff(lfilter=lambda p: UDP in p, prn=lambda p: p.summary()) ... 13 Exercise 7
• A series of unrelated question, each about a problem and its solutions • The problems themselves may have been learned in class • But anyway, they are explained in detail and are in fact quite simple • A big open bonus I will personally grade "by ear" (so no appeals – but do try to impress me)
14