Debugging applications with network security tools

2,662 views
2,558 views

Published on

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
  • Is it use to grab packets going between the browser and server?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
2,662
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
61
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Debugging applications with network security tools

  1. 1. Debuggingapplications withnetwork security toolsKevin BongJohnson Financial Group
  2. 2. Kevins Background? • Web Developer for Kalmbach Publishing (Astronomy, Model Railroader, Discover, etc.) • Webmaster for Johnson Financial Group • Transition to Info Sec • SANS Hacker Techniques, exploits, and incident handling 2
  3. 3. Todays Agenda • Network Traffic Analysis with Wireshark • Intercepting traffic with WebScarab • Fuzzing with WebScarab • Replay attacks with Netcat
  4. 4. Wireshark • Network Packet Capture • Protocol Analyzer • Open source – Download from wireshark.org • Runs on most operating systems
  5. 5. Getting started with wireshark • Capture..Interfaces to select an interface • Interface Options • Capture filters use Berkeley Packet Filter syntax • Promiscuous mode – capture all traffic at the interface, not just destined for the capture host
  6. 6. Wireshark User Interface • Packet List – Packet Summary scrolls in real time • Packet Details – Expand different protocols and decode • Packet Bytes – Hex and ASCII
  7. 7. Network traffic refresher • Encapsulation • UDP – e.g. DNS traffic • TCP – TCP three way handshake – TCP source and destination ports
  8. 8. Disney capture example • DNS lookup • Three way handshake • HTTP Redirect • Follow TCP Stream feature • Find Packet feature • Packet 1261 gzip
  9. 9. Wireshark Filters • Capture Filter syntax and display filter syntax is different • Display filter understands lots more protocols • Wizard to help with display filter syntax
  10. 10. PCAP files and TCPDump/WinDump • Saves in libpcap file format • Pcap files from other tools are treated just like network captures • TCPDump/WinDump command line utilities great for creating pcap files – Windump -D – Windump -i1 -s0 -w filename.cap
  11. 11. Windump/TCP Dump uses • Log traffic during beta test – Can log at client, server, or span port on switch • Cut data out of large pcap files – bigcap.pcap....74.208
  12. 12. Troubleshooting Examples • DNS Query details • Proxies • Different response with different browsers • Performance and statistics – http://192.168.30.128/simpsons.php
  13. 13. Other wireshark tips and tricks • Services file • TCP Checksum errors • File...print to save as human readable text • File...export...objects...http
  14. 14. Webscarab • .jar file - Download and run • Proxy config • Proxy Intercept – modify traffic in transit • Fuzzer
  15. 15. Netcat • Hackers swiss army knife • Listen on a port – nc -l -p 5678 • Connect to a port – nc 192.168.8.101 5678 • Can pretend to be an HTTP, SMTP, etc. client.
  16. 16. Poor Mans load test with netcat 1) Capture and save HTTP request of the page(s) you want to load test. 2) Batch file to save running time, output if desiredecho %time% > results%1.txtfor /L %%i in (1,1,20) do nc 192.168.8.1 80 < getlog.txt > nulecho %time% >> results%1.txt 3) Run multiple instancesfor /L %j in (1,1,5) do start loadtest.bat %i

×