Material from my presentation at 0×375-0×03

  • February 26, 2011 4:05 pm

On February the 4th I had a small presentation at Thessaloniki Tech Talk Sessions, on hijacking web sessions and injecting code at the lower layers of a local area network. Here you can find the slides and a little paper I wrote on the topic:

Hijacking Sessions and Injecting Code at OSI Layers 2,3 & 4

Building a simple client for No-IPβ„’ Dynamic DNS service

  • January 30, 2011 9:04 pm

Few days ago, I registered a free domain name from No-IPβ„’ Dynamic DNS provider. My router has an embedded dynamic dns client, but for some reason it didn’t update properly the No-IPβ„’ servers each time it got disconnected, so I had to do it manually. Also it’s not configurable, so I couldn’t set various parameters such as update interval.

I decided to set up ddclient on one of my boxes to solve this problem. I installed it, but I really didn’t feel like reading the whole ddclient.conf file in order to configure it, so I decided to write my own client. It’s not rocket science, you just make requests to No-IPβ„’ update servers with your credentials, your current ip and the domain name you want to associate with it.

Finding packages on OpenBSD mirrors

  • January 26, 2011 10:20 pm

[Update #1/Time Saver: As DbD pointed out in his comment, you can search for package names using pkg_info or the pkg front-end toΒ  package management tools.]

As I mentioned in one of my previous posts, I installed OpenBSD, so I’m spending these days configuring it according to my needs.

One of the things that annoyed me, is that the OpenBSD’s default package management system doesn’t have a utility for searching packages. Every time I was about to install a package, I had to search the web or look for it in my preferred mirror’s directory listing. So I decided to write a utility for that -since I like writing my own shit and it was something trivial to do.

A Python dictionary of 2-digit country codes (ISO 3166-1-alpha-2)

  • November 25, 2010 10:34 pm

Today I needed a list of 2-digit country codes wrapped in a Python dictionary. Since there’s nothing in Python’s standard library, I went to ISO‘s official list of English country names and code elements (a.k.a ISO 3166-1-alpha-2), grabbed the data, filtered it with sed and wrote a module, which you can download here.

I guess the usage is pretty straightforward. Just make sure you specify the dictionary keys in capitals.

>>> from IsoCountryCodes import COUNTRY
>>> COUNTRY["GR"]
'GREECE'

I’m sure there are millions of such implementations over the Internet -but hey! You came here! :P

Home Automation: Building a β€œremote control” out of a cheap router

  • November 23, 2010 11:04 pm

When I go to sleep at night, I always leave my computer playing some music -it helps me relax. It’s always quite nice for a while, but after some timeΒ  it starts to piss the fuck out of me. The most annoying thing though, is getting out of my warm covers and walking to my box and manually closing whatever application I use for music playback -especially if it’s in the middle of winter and it’s cold as hell.

I guess you’d say something like “dude! Use shorter playlists!”. But you see, the thing is that I don’t know when actually I’ll start drifting into sleep -it might be 20′ or it might be two hours. So yesterday, as I was struggling to sleep while listening to some pagan metal, I decided to build a remote control for my music!

Wiretapping Facebook Chat Messages Using Python And Scapy

  • November 21, 2010 5:46 am

[2/12/2010: It seems that Facebook developers changed the structure of chat messages, so the data filtering/extraction methods are pretty much useless now. Will update the code some time soon.]

Not long ago, I demonstrated at my university’s IEEE branch’s event a live man-in-the-middle attack and eavesdropped on Facebook chat conversations and gained access to a student’s Facebook account by stealing cookies over the network. Since I didn’t have much time to prepare for that presentation, the code I wrote was pretty sloppy and missed some of the messages exchanged.

Tonight, I took some time to rewrite it and fixed few bugs. Now it doesn’t miss anything, even if someone is flooding the conversation with a burst of messages.

Scapy: Packet Manipulation Awesomness For Python

  • November 19, 2010 12:31 am

A couple of weeks ago, I was looking for a handy packet crafting library so I could play a bit at the lower layers of OSI. There are lots of choices available out there and I didn’t have the time to try them all. One of the best pieces of code I stumbled upon was Scapy. It’s written in Python and can be used from its own interactive shell or can be imported and used directly from your Python scripts.

There are lots of tasks you can accomplish with the help of Scapy: from writing network discovery scripts and security tools, to building your own low-level protocols. I won’t go in depth of describingΒ Scapy’s features -you can go to the documentation page for that. Keep in mind that you’ll have to refer to Scapy’s source code for most of your documentation needs, since Scapy’s official documentation scratches only the surface of its features and capabilities.

So! Let’s have a really quick tour of Scapy…