0
Presented by:                          Jeremy Allen                          Rajendra Umadas                          Apri...
Agenda • Who are we?             • What annoys us?   – Rajendra Umadas         – Proxy setup   – Jeremy Allen            –...
Who Are We
Who are we: Jeremy Allen Jeremy Allen  Principal Consultant  iOS Assessment Lead  Writes a lot of Python  Try to break...
Who are we: Rajendra Umadas Rajendra Umadas  Consultant  Mobile Application Hacker  Does not afraid of anything  Mobil...
What we do
What we do: Assessment Types Application Assessments  Mobile Applications     Acronym and Name Overload:      QUALCOMM/B...
What we do: Tools HTTP Proxy  When is a HTTP Proxy Not Enough?  Protocols that just use HTTP for transport  Unidentifie...
What we do: Tools Other Tools  What tools exist that are good for MiTM and   app testing for application assessments?  d...
Solution
Solution: Mallory “The enemy knows the system” –   Claude Shannon
Solution Hard Way  ARP  DNS Spoofing  iptables and custom scripts  Packet level techniques
Solution Easy Way
Solution Demo  Intro to Mallory GUI
Soltuion: Mallory Architecture
Solution What have others done with  Mallory?  WSJ Application Privacy Research
Solution Application Testing  WSJ Application Privacy Research  Chose Mallory because it is pervasive  Apps don’t matte...
Demos + Deep Dive
Demos and Deep Dive
Solution GUI Configuration  Common tasks are fast, easy (configuring   mallory, editing TCP streams)  Uncommon tasks are...
Solution GUI Configuration  Getting traffic to the stream editor  Echo Server  Rules Config Demo
Solution Demo – Something More  Serious  TCP Stream Editing  All flows and datagrams go to a database  Show database in...
Solution Programmatic Modification  What about places where editing is harder?  DEMO – Modifying VNC Keystrokes
Solution What about Fuzzing?  Fuzzing Paradigms  File fuzzing  Network fuzzing
Solution How does Mallory Fuzz?  ProxFuzz  Opportunistic Fuzzing  Protocol Depth
Solution How does Mallory Fuzz?  DEMO
Solution Fuzzing Results  Can vary greatly  Depends on your app  We have seen good returns with opportunistic   fuzzing
Solution Common App Testing Problem  SSL
Solution Mallory Knows SSL  DEMO - SSL
Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
Conclusion
Conclusion Conclusion  Mallory is a MiTM Proxy  Focus on streams and datagrams  Mallory can decode and MiTM: HTTP, HTTP...
Upcoming SlideShare
Loading in...5
×

Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory

846

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
846
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory"

  1. 1. Presented by: Jeremy Allen Rajendra Umadas April 21, 2011Network Stream Hacking withMallory
  2. 2. Agenda • Who are we? • What annoys us? – Rajendra Umadas – Proxy setup – Jeremy Allen – Throwaway Tools – Wasted or Redundant effort • What do we do? – Mobile Application Assessments, • What did we do Thick Clients, about it? COTS (lots of other – Mallory! assessments)
  3. 3. Who Are We
  4. 4. Who are we: Jeremy Allen Jeremy Allen  Principal Consultant  iOS Assessment Lead  Writes a lot of Python  Try to break things before the bad guys do
  5. 5. Who are we: Rajendra Umadas Rajendra Umadas  Consultant  Mobile Application Hacker  Does not afraid of anything  Mobile Application Security = fun;
  6. 6. What we do
  7. 7. What we do: Assessment Types Application Assessments  Mobile Applications  Acronym and Name Overload: QUALCOMM/BREW, RIM, Windows Mobile, Windows Phone, iPhone, Android …  Web Applications  XSS, SQL Injection – Pays the bills, still how many get owned  Other Apps  Thick clients, binary protocols, “harder” targets
  8. 8. What we do: Tools HTTP Proxy  When is a HTTP Proxy Not Enough?  Protocols that just use HTTP for transport  Unidentified network streams in tested application
  9. 9. What we do: Tools Other Tools  What tools exist that are good for MiTM and app testing for application assessments?  dsniff, cain, tcpdump ,wireshark (about that…), others
  10. 10. Solution
  11. 11. Solution: Mallory “The enemy knows the system” – Claude Shannon
  12. 12. Solution Hard Way  ARP  DNS Spoofing  iptables and custom scripts  Packet level techniques
  13. 13. Solution Easy Way
  14. 14. Solution Demo  Intro to Mallory GUI
  15. 15. Soltuion: Mallory Architecture
  16. 16. Solution What have others done with Mallory?  WSJ Application Privacy Research
  17. 17. Solution Application Testing  WSJ Application Privacy Research  Chose Mallory because it is pervasive  Apps don’t matter, Mallory can see the traffic
  18. 18. Demos + Deep Dive
  19. 19. Demos and Deep Dive
  20. 20. Solution GUI Configuration  Common tasks are fast, easy (configuring mallory, editing TCP streams)  Uncommon tasks are possible, fairly easy (rules, known protocols)  Rare tasks are harder, require some trickery (python plugins, python code)
  21. 21. Solution GUI Configuration  Getting traffic to the stream editor  Echo Server  Rules Config Demo
  22. 22. Solution Demo – Something More Serious  TCP Stream Editing  All flows and datagrams go to a database  Show database in advanced view
  23. 23. Solution Programmatic Modification  What about places where editing is harder?  DEMO – Modifying VNC Keystrokes
  24. 24. Solution What about Fuzzing?  Fuzzing Paradigms  File fuzzing  Network fuzzing
  25. 25. Solution How does Mallory Fuzz?  ProxFuzz  Opportunistic Fuzzing  Protocol Depth
  26. 26. Solution How does Mallory Fuzz?  DEMO
  27. 27. Solution Fuzzing Results  Can vary greatly  Depends on your app  We have seen good returns with opportunistic fuzzing
  28. 28. Solution Common App Testing Problem  SSL
  29. 29. Solution Mallory Knows SSL  DEMO - SSL
  30. 30. Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
  31. 31. Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
  32. 32. Conclusion
  33. 33. Conclusion Conclusion  Mallory is a MiTM Proxy  Focus on streams and datagrams  Mallory can decode and MiTM: HTTP, HTTPS, SSL, DNS, SSH  Mallory make common app testing tasks easy
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×