Introduction to Information Security Wireshark and

1 Exercise 6

• Submission deadline extended to 3.5 to fix the following issues: • Check the exit code only to determine whether convert failed • Put the explanation as to why fuzzing the first and last 750 is enough at the top of the .txt file • Use the correct format • 0x.\n • Bits are numbered from 0 to 7 • Bytes are numbered from 1 • Don't copy the entire file over for every bit flip, that's ridiculously inefficient

2 The Great Ascent

• We shift our focus from low-level vulnerabilities (buffer overflows) to high-level ones (DNS poisoning) • Network vulnerabilities are just as sophisticated and interesting! • They are not simpler, but they are easier to debug • Tools: • Wireshark (and maybe tcpdump) • Scapy

3 A Few Words about Python

4 Python

• Probably the best language in the world • For scripts, we know... • But also: • For web development (, flask) • For scientific research (numpy, scipy, sympy, matplotlib, ipython notebook) • For big data analysis (pandas) • For machine learning (scikit.learn) • For big and complex systems (, sqlalchemy) • Other stuff (re, pycrypto, PIL, nltk, scrapy)

5 A Few Words About Python

• How can it be? • It's modern and cool • It's extremely dynamic • Everything is an object (even classes!) • You can overload and hook just about anything • Focuses on developer time • Simplicity Nowadays, that's what takes 90% of the time! • Interactivity

• As a side-note for skeptics, with stuff like PyPy it's also incredibly fast

6 Example class A(object): >>> a = A() def __call__(self, x, y): >>> a(1, 2) return x + y 3 def __getitem__(self, key): >>> a['foo'] return key.upper() 'FOO' >>> a.foo def __getattr__(self, key): 'foo...... ' return key.ljust(10, '.')

7 How to Learn

• If you're not sure how to do something, Google it or look in Stack Overflow • Don't copy solutions blindly – but do learn from them • For example, many of you reinvented the wheel instead of using binascii / struct • Almost nobody automated the core dump address extraction  • Sounds hard?

8 Example

9 Back to the Point

10 Wireshark

• Allows to capture ("sniff") incoming and outgoing packets • Amazing deconstruction and visualisation • Incredible number of supported protocols • Filters and more

11 Wireshark

12 Scapy

• A Python library that allows constructing, deconstructing, sending, receiving, sniffing and virtually doing anything you can imagine with packets • Read the tutorial: http://www.secdev.org/projects/scapy/doc/usage.html

>>> from scapy.all import * >>> s = IP(dst='212.179.180.89') / TCP(sport=65000, dport=80, flags='S') >>> a = sr1(s) >>> a[TCP].sport 80 >>> a[TCP].sprintf('%TCP.flags%') 'SA' >>> sniff(lfilter=lambda p: UDP in p, prn=lambda p: p.summary()) ... 13 Exercise 7

• A series of unrelated question, each about a problem and its solutions • The problems themselves may have been learned in class • But anyway, they are explained in detail and are in fact quite simple • A big open bonus I will personally grade "by ear" (so no appeals – but do try to impress me)

14