Artwork

Konten disediakan oleh Black Hat and Jeff Moss. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Black Hat and Jeff Moss atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !

Jeremy Rauch: PDB: The Protocol DeBugger

1:05:36
 
Bagikan
 

Manage episode 153984300 series 1109074
Konten disediakan oleh Black Hat and Jeff Moss. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Black Hat and Jeff Moss atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
It's late. You've been assigned the unenviable task of evaluating the security of this obtuse application suite. 2006! Why doesn't everything just use SSL as its transport? No time for excuses. Deadlines loom, and you need to figure this out. And when you do figure it out, write your own fuzzer client. This sucks. (pdb) module add MyAction pdb-ruby.so cifs-ruby.rb (pdb) rule add MyRule dst port 445 (pdb) rule action MyRule MyAction (pdb) rule list MyRule: dst port 445 Action 0: debugger Action 1: MyAction (pdb) go ... (pdb) print 00000000: 45 10 00 3c 70 86 40 00 E...p... 00000008: 40 06 00 00 c0 a8 02 06 ........ 00000010: c0 a8 02 56 d8 a0 01 bd ...V.... 00000018: 1e 76 1b 71 00 00 00 00 .v.q.... 00000020: a0 02 ff ff 14 1b 00 00 ........ 00000028: 02 04 05 b4 01 03 03 00 ........ 00000030: 01 01 08 0a 20 4a 7c b1 .....J.. 00000038: 00 00 00 00 .... (pdb) x/b 0x8 40 (pdb) e/b 0x8 0x20 (pdb) print 00000000: 45 10 00 3c 70 86 40 00 E...p... 00000008: 20 06 00 00 c0 a8 02 06 ........ 00000010: c0 a8 02 56 d8 a0 01 bd ...V.... 00000018: 1e 76 1b 71 00 00 00 00 .v.q.... 00000020: a0 02 ff ff 14 1b 00 00 ........ 00000028: 02 04 05 b4 01 03 03 00 ........ 00000030: 01 01 08 0a 20 4a 7c b1 .....J.. 00000038: 00 00 00 00 .... (pdb) continue cifs-ruby.rb performing packet alteration... ... But wait, whats this? A tool chain geared around dissecting protocols like a code debugger slices through code? A protocol generation and manipulation framework with a clean, consistent interface, thats scripted instead of compiled? And a fuzzing framework to go along with it? You're saved! Or at least, maybe you'll get to sleep before the sun comes up. PDB is a Protocol DeBugger. GDB meets a transparent proxy. Conditionally break based on BPF filters. Modify protocol contents on the fly. Build custom actions that let you manipulate how you speak on the network. Or manually edit protocol fields and send the packets along. Racket is a protocol generation and manipulation library, in Ruby. Why Ruby? Why not. Use it as a way of writing PDB actions, or on its own. We're flexible that way. Ramble is a Ruby based fuzzing framework. Set it going, and it just goes on and on and on. We know people like that-but unlike them, Ramble is helpful. Automates the protocol testing you're going to have to do to get full coverage. Do the hard stuff by hand. Use Ramble to do the repetitive stuff."
  continue reading

86 episode

Artwork
iconBagikan
 
Manage episode 153984300 series 1109074
Konten disediakan oleh Black Hat and Jeff Moss. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Black Hat and Jeff Moss atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
It's late. You've been assigned the unenviable task of evaluating the security of this obtuse application suite. 2006! Why doesn't everything just use SSL as its transport? No time for excuses. Deadlines loom, and you need to figure this out. And when you do figure it out, write your own fuzzer client. This sucks. (pdb) module add MyAction pdb-ruby.so cifs-ruby.rb (pdb) rule add MyRule dst port 445 (pdb) rule action MyRule MyAction (pdb) rule list MyRule: dst port 445 Action 0: debugger Action 1: MyAction (pdb) go ... (pdb) print 00000000: 45 10 00 3c 70 86 40 00 E...p... 00000008: 40 06 00 00 c0 a8 02 06 ........ 00000010: c0 a8 02 56 d8 a0 01 bd ...V.... 00000018: 1e 76 1b 71 00 00 00 00 .v.q.... 00000020: a0 02 ff ff 14 1b 00 00 ........ 00000028: 02 04 05 b4 01 03 03 00 ........ 00000030: 01 01 08 0a 20 4a 7c b1 .....J.. 00000038: 00 00 00 00 .... (pdb) x/b 0x8 40 (pdb) e/b 0x8 0x20 (pdb) print 00000000: 45 10 00 3c 70 86 40 00 E...p... 00000008: 20 06 00 00 c0 a8 02 06 ........ 00000010: c0 a8 02 56 d8 a0 01 bd ...V.... 00000018: 1e 76 1b 71 00 00 00 00 .v.q.... 00000020: a0 02 ff ff 14 1b 00 00 ........ 00000028: 02 04 05 b4 01 03 03 00 ........ 00000030: 01 01 08 0a 20 4a 7c b1 .....J.. 00000038: 00 00 00 00 .... (pdb) continue cifs-ruby.rb performing packet alteration... ... But wait, whats this? A tool chain geared around dissecting protocols like a code debugger slices through code? A protocol generation and manipulation framework with a clean, consistent interface, thats scripted instead of compiled? And a fuzzing framework to go along with it? You're saved! Or at least, maybe you'll get to sleep before the sun comes up. PDB is a Protocol DeBugger. GDB meets a transparent proxy. Conditionally break based on BPF filters. Modify protocol contents on the fly. Build custom actions that let you manipulate how you speak on the network. Or manually edit protocol fields and send the packets along. Racket is a protocol generation and manipulation library, in Ruby. Why Ruby? Why not. Use it as a way of writing PDB actions, or on its own. We're flexible that way. Ramble is a Ruby based fuzzing framework. Set it going, and it just goes on and on and on. We know people like that-but unlike them, Ramble is helpful. Automates the protocol testing you're going to have to do to get full coverage. Do the hard stuff by hand. Use Ramble to do the repetitive stuff."
  continue reading

86 episode

Tüm bölümler

×
 
Loading …

Selamat datang di Player FM!

Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.

 

Panduan Referensi Cepat