introduction to information security · scapy 13 • a python library that allows constructing,...
TRANSCRIPT
Introduction to Information SecurityWireshark and Scapy
1
Exercise 6
2
• Submission deadline extended to 3.5 to fix the following issues:
• Check the exit code only to determine whether convert failed
• Put the explanation as to why fuzzing the first and last 750 is enough at the top of the .txt file
• Use the correct format
• 0x<byte>.<bit>\n
• Bits are numbered from 0 to 7
• Bytes are numbered from 1
• Don't copy the entire file over for every bit flip, that's ridiculously inefficient
The Great Ascent
3
• We shift our focus from low-level vulnerabilities (buffer overflows) to high-level ones (DNS poisoning)
• Network vulnerabilities are just as sophisticated and interesting!
• They are not simpler, but they are easier to debug
• Tools:
• Wireshark (and maybe tcpdump)
• Scapy
A Few Words about Python
4
Python
5
• Probably the best language in the world
• For scripts, we know...
• But also:
• For web development (django, flask)
• For scientific research (numpy, scipy, sympy, matplotlib, ipython notebook)
• For big data analysis (pandas)
• For machine learning (scikit.learn)
• For big and complex systems (twisted, sqlalchemy)
• Other stuff (re, pycrypto, PIL, nltk, scrapy)
A Few Words About Python
6
• How can it be?
• It's modern and cool
• It's extremely dynamic
• Everything is an object (even classes!)
• You can overload and hook just about anything
• Focuses on developer time
• Simplicity
• Interactivity
• As a side-note for skeptics, with stuff like PyPy it's also incredibly fast
Nowadays, that's what takes 90% of the time!
Example
7
class A(object):
def __call__(self, x, y):
return x + y
def __getitem__(self, key):
return key.upper()
def __getattr__(self, key):
return key.ljust(10, '.')
>>> a = A()
>>> a(1, 2)
3
>>> a['foo']
'FOO'
>>> a.foo
'foo.......'
How to Learn
8
• If you're not sure how to do something, Google it or look in Stack Overflow
• Don't copy solutions blindly – but do learn from them
• For example, many of you reinvented the wheel instead of using binascii / struct
• Almost nobody automated the core dump address extraction
• Sounds hard?
Example
9
Back to the Point
10
Wireshark
11
• Allows to capture ("sniff") incoming and outgoing packets
• Amazing deconstruction and visualisation
• Incredible number of supported protocols
• Filters and more
Wireshark
12
Scapy
13
• A Python library that allows constructing, deconstructing, sending, receiving, sniffing and virtually
doing anything you can imagine with packets
• Read the tutorial: http://www.secdev.org/projects/scapy/doc/usage.html
>>> from scapy.all import *
>>> s = IP(dst='212.179.180.89') / TCP(sport=65000, dport=80, flags='S')
>>> a = sr1(s)
>>> a[TCP].sport
80
>>> a[TCP].sprintf('%TCP.flags%')
'SA'
>>> sniff(lfilter=lambda p: UDP in p, prn=lambda p: p.summary())
...
Exercise 7
14
• A series of unrelated question, each about a problem and its solutions
• The problems themselves may have been learned in class
• But anyway, they are explained in detail and are in fact quite simple
• A big open bonus I will personally grade "by ear" (so no appeals – but do try to impress me)