Archive for the 'Programming' Category

Tmin - Test Case Optimizer for Automated Security Testing

Published at May 21, 2008 in Hacking Tools and Programming. Comments

Tmin is a simple utility meant to make it easy to narrow down complex test cases produced through fuzzing. It is closely related to another tool of this type, delta, but meant specifically for unknown, underspecified, or hard to parse data formats (without the need to tokenize and re-serialize data), and for easy integration with external UI automation harnesses.

It also features alphabet normalization to simplify test cases that could not be further shortened.

Example

$ cat testcase.in
This is a lengthy and annoying hello world testcase.

$ cat testme.sh
#!/bin/bash

grep "el..*wo" || exit 0
exit 1

$ ../tmin -x ./testme.sh
tmin - complex testcase minimizer, version 0.03-beta (lcamtuf@google.com)
[*] Stage 0: loading ‘testcase.in’ and validating fault condition…
[*] Stage 1: recursive truncation (round 1, input = 53/53)
[*] Stage 1: recursive truncation (round 2, input = 27/53)
[*] Stage 1: recursive truncation (round 3, input = 14/53)
[*] Stage 1: recursive truncation (round 4, input = 10/53)
[*] Stage 1: recursive truncation (round 5, input = 8/53)
[*] Stage 1: recursive truncation (round 6, input = 7/53)
[*] Stage 2: block skipping (round 1, input = 7/53)
[*] Stage 2: block skipping (round 2, input = 6/53)
[*] Stage 2: block skipping (round 3, input = 5/53)
[*] Stage 3: alphabet normalization (round 1, charset = 5/5)
[*] Stage 3: alphabet normalization (round 2, charset = 5/5)
[*] Stage 4: character normalization (round 1, characters = 4/5)
[*] All done - writing output to ‘testcase.small’…

== Final statistics==
 Original size : 53 bytes
Optimized size : 5 bytes (-90.57%)
Chars replaced : 1 (1.89%)
  Efficiency : 9 good / 49 bad
  Round counts : 1:6 2:3 3:2 4:1

$ cat testcase.small
el0wo

You can download Tmin 0.03 here:

tmin-0.03.tar.gz

Or read more here.

Technorati Tags: , , , , , , , , ,

.NETIDS - .NET Intrusion Detection System

Published at March 22, 2008 in Applications, Programming, Articles and Security. Comments

This tool is another one on the side of protection, again for web-based applications but this time for .NET applications it’s called .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs to react on possible intrusions which may vary from logging to warning or redirecting the user.

The goal of this project is to provide am additional layer of protection to any .NET application this project is used with. This also includes the detection of XSS, directory traversal, SQL injections, protection against overwriting JS objects and methods, advanced logging functions, categorization and tagging of the single filter rules and interfaces for reacting on possible intrusions.

.NET IDS is a actually a port of PHPIDS, which we’ve mentioned before, to the .NET Framework. The library is fully CLS compliant and implements exactly the same filtering sets as the PHP version.

.NETIDS can be used in three ways.

The first method is by inheriting your ASP.NET pages from the SecurePage class. This offers an easy and customizable way to scan page input. If you are relatively new to the .NET Framework this is the simplest way to secure your applications.

The second method is more customizable but harder to implement for novice programmers and involves working directly with the IDS objects.

The third method (available in the upcoming release) is by using the supplied HttpModule.

You can find the documentation here:

http://www.the-mice.co.uk/dotnetids/docs/

You can download .NET IDS v.0.1.3.0 here:

dotnetids-bin-0_1_3_0.zip

Or you can read more here.

Technorati Tags: , , , , , , , , , , , , , , ,

SCARE - Source Code Analysis Risk Evaluation Tool

Published at March 4, 2008 in Applications, Programming and Vulnerabilities & Exploits. Comments

The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do a static analysis for known limitations like vulnerabilities. However it will flag code for a particular interaction type or control and allow the developer to understand which Operational Security (OpSec) holes are not protected even if it can’t say the effectiveness of that protection at this time.

This computation will provide a final SCARE value, like the RAV, where 100% is the proper balance between controls to OpSec holes and no Limitations. Conversely, less than that shows an imbalance where too few Controls protect OpSec holes or Limitations in OpSec and Controls degrade the security.

The SCARE analysis tool is run against source code. Currently only C code is supported. The output file will contain all operational interactions possible which need controls (the current version does not yet say if and what controls are already there). At the bottom of the list are three numbers: Visibilities, Access, and Trusts. These 3 numbers can be plugged into the RAV Calculation spreadsheet available at http://www.isecom.org/ravs. The Delta value is then subtracted from 100 to give the SCARE percentage which indicates the complexity for securing this particular application. The lower the value, the worse the SCARE.

At this stage, the tool cannot yet tell which interactions have controls already or if those controls are applicable however once that is available it will change the RAV but not the SCARE. The SCARE will also not yet tell you where the bugs are in the code however if you are bug hunting, it will extract all the places where user inputs and trusts with user-accessible resources can be found in the code.

Currently, SCARE is designed to work for any programming language. While this methodology shows the C language, they need input and feedback from developers of other languages to expand this further.

If you are interested in helping with this project please contact ISECOM.

You can download SCARE here:

scare_analyst.zip

Or you can read more here.

Technorati Tags: , , , , , , , ,

Pcapy - Python Interface to LibPcap

Published at December 19, 2007 in Network Hacking, Applications, Programming and Articles. Comments

Pcapy is a Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets.

Advantages of Pcapy

Works with Python threads.
Functions in both UNIX with libpcap and Windows with WinPcap.
Provides a simpler Object Oriented API.

Requirements

A Python interpreter. Versions 2.1.3 and higher.
A C++ compiler. GCC G++ 2.95, as well as Microsoft Visual Studio 6.0 or MSVC 2003 depending on the Python version.
A Libpcap 0.9.3 or newer. Windows users should have installed WinPcap 4.0 or newer.

Download Pcapy here:

Source code

Latest stable release (0.10.5) - gzip’d tarball or zip file

Win32 binaries - Pick the appropriate Python or WinPcap version.

Latest release (0.10.5) - Windows installer – Python 2.5 and WinPcap 4.0.
0.10.4 - Windows installer – Python 2.4 and WinPcap 3.1.

Or read more here and the documentation is here.

Technorati Tags: , , , , , , , ,

Create Your Own Web Browser with Visual Basic

Published at June 26, 2007 in Programming. Comments

Open Visual Basic, and Press CTRL+T or go to the Project Menu -> Components. When the Components dialog pops-up scroll down to the Microsoft Internet Controls in the Controls section, select it and press OK.

If you did the step above correctly, you should see a new icon on your Toolbox:

you would need to add the following controls to the form:
    4 command buttons and name them: cmdBack, cmdForward, cmdStop, cmdHome
    1 label control and name it: lbCaption
    1 combobox control and name it: cboURL
    The webbrowser control you've just added, and name it: wWeb

Your form will now look something like this:

You've just finished the basic interface for your web browser application. Remember, you can always go beyond this by using the Toolbar control to make it look nicer!

Now that you've finished the user interface for your web browser, comes the hard part, you have to write codes for your browser to function properly.

Open the code for your web browser form and follow the following steps.

In the cmdBack_Click() event, put in this code:
 wweb.GoBack  
the GoBack method makes the web browser control to go back to the previous page.

In the cmdForward_Click() event, put in this code:
 wWeb.GoForward
The GoForward method makes the web browser control to go forward to another page.

In the cmdStop_Click() event, put in this code:
 wWeb.Stop
The Stop method makes the web browser control stop whatever it's doing.

In the cmdHome_Click() event, put in this code:
 wWeb.GoHome
The Home method makes your web browser control navigate back to the webpage that you set as home in the Internet Explorer Option. 

In the cboURL_KeyDown() event, put in this code
 If KeyCode = vbKeyReturn Then
    wWeb.Navigate cboURL.Text
 End If
That code will make the web browser control navigate to the URL you that you specified in the cboURL whenever you press the return key while typing in the combo box.