Attacking network protocols : a hacker's guide to capture, analysis, and exploitation
James Forshaw
- San Francisco : NO Starch Press, c2018.
- xxiv, 310 p. : ill. ; 24 cm.
Machine generated contents note: 1.The Basics of Networking Network Architecture and Protocols The Internet Protocol Suite Data Encapsulation Headers, Footers, and Addresses Data Transmission Network Routing My Model for Network Protocol Analysis Final Words 2.Capturing Application Traffic Passive Network Traffic Capture Quick Primer for Wireshark Alternative Passive Capture Techniques System Call Tracing The strace Utility on Linux Monitoring Network Connections with DTrace Process Monitor on Windows Advantages and Disadvantages of Passive Capture Active Network Traffic Capture Network Proxies Port-Forwarding Proxy SOCKS Proxy HTTP Proxies Forwarding an HTTP Proxy Reverse HTTP Proxy 3.Network Protocol Structures Binary Protocol Structures Numeric Data Booleans Bit Flags Binary Endian Text and Human-Readable Data Variable Binary Length Data Dates and Times Contents note continued: POSIX/​Unix Time Windows FILETIME Tag, Length, Value Pattern Multiplexing and Fragmentation Network Address Information Structured Binary Formats Text Protocol Structures Text Booleans Variable-Length Data Structured Text Formats Encoding Binary Data Hex Encoding Base64 4.Advanced Application Traffic Capture Rerouting Traffic Using Traceroute Routing Tables Configuring a Router Enabling Routing on Windows Enabling Routing on *nix Network Address Translation Enabling SNAT Configuring SNAT on Linux Enabling DNAT Forwarding Traffic to a Gateway DHCP Spoofing ARP Poisoning 5.Analysis From The Wire The Traffic-Producing Application: SuperFunkyChat Starting the Server Starting Clients Communicating Between Clients A Crash Course in Analysis with Wireshark Contents note continued: Generating Network Traffic and Capturing Packets Basic Analysis Reading the Contents of a TCP Session Identifying Packet Structure with Hex Dump Viewing Individual Packets Determining the Protocol Structure Testing Our Assumptions Dissecting the Protocol with Python Developing Wireshark Dissectors in Lua Creating the Dissector The Lua Dissection Parsing a Message Packet Using a Proxy to Actively Analyze Traffic Setting Up the Proxy Protocol Analysis Using a Proxy Adding Basic Protocol Parsing Changing Protocol Behavior 6.Application Reverse Engineering Compilers, Interpreters, and Assemblers Interpreted Languages Compiled Languages Static vs. Dynamic Linking The x86 Architecture The Instruction Set Architecture CPU Registers Program Flow Operating System Basics Executable File Formats Sections Processes and Threads Contents note continued: Operating System Networking Interface Application Binary Interface Static Reverse Engineering A Quick Guide to Using IDA Pro Free Edition Analyzing Stack Variables and Arguments Identifying Key Functionality Dynamic Reverse Engineering Setting Breakpoints Debugger Windows Where to Set Breakpoints? Reverse Engineering Managed Languages .NET Applications Using ILSpy Java Applications Dealing with Obfuscation Reverse Engineering Resources 7.Network Protocol Security Encryption Algorithms Substitution Ciphers XOR Encryption Random Number Generators Symmetric Key Cryptography Block Ciphers Block Cipher Modes Block Cipher Padding Padding Oracle Attack Stream Ciphers Asymmetric Key Cryptography RSA Algorithm RSA Padding Diffie Hellman Key Exchange Signature Algorithms Cryptographic Hashing Algorithms Asymmetric Signature Algorithms Contents note continued: Message Authentication Codes Public Key Infrastructure X.509 Certificates Verifying a Certificate Chain Case Study: Transport Layer Security The TLS Handshake Initial Negotiation Endpoint Authentication Establishing Encryption Meeting Security Requirements 8.Implementing The Network Protocol Replaying Existing Captured Network Traffic Capturing Traffic with Netcat Using Python to Resend Captured UDP Traffic Repurposing Our Analysis Proxy Repurposing Existing Executable Code Repurposing Code in .NET Applications Repurposing Code in Java Applications Unmanaged Executables Encryption and Dealing with TLS Learning About the Encryption In Use Decrypting the TLS Traffic 9.The Root Causes Of Vulnerabilities Vulnerability Classes Remote Code Execution Denial-of-Service Information Disclosure Authentication Bypass Authorization Bypass Contents note continued: Memory Corruption Vulnerabilities Memory-Safe vs. Memory-Unsafe Programming Languages Memory Buffer Overflows Out-of-Bounds Buffer Indexing Data Expansion Attack Dynamic Memory Allocation Failures Default or Hardcoded Credentials User Enumeration Incorrect Resource Access Canonicalization Verbose Errors Memory Exhaustion Attacks Storage Exhaustion Attacks CPU Exhaustion Attacks Algorithmic Complexity Configurable Cryptography Format String Vulnerabilities Command Injection SQL Injection Text-Encoding Character Replacement 10.Finding And Exploiting Security Vulnerabilities Fuzz Testing The Simplest Fuzz Test Mutation Fuzzer Generating Test Cases Vulnerability Triaging Debugging Applications Improving Your Chances of Finding the Root Cause of a Crash Exploiting Common Vulnerabilities Exploiting Memory Corruption Vulnerabilities Contents note continued: Arbitrary Memory Write Vulnerability Writing Shell Code Getting Started Simple Debugging Technique Calling System Calls Executing the Other Programs Generating Shell Code with Metasploit Memory Corruption Exploit Mitigations Data Execution Prevention Return-Oriented Programming Counter-Exploit Address Space Layout Randomization (ASLR) Detecting Stack Overflows with Memory Canaries NETWORK PROTOCOL ANALYSIS TOOLKIT Passive Network Protocol Capture and Analysis Tools Microsoft Message Analyzer TCPDump and LibPCAP Wireshark Active Network Capture and Analysis Canape Canape Core Mallory Network Connectivity and Protocol Testing Hping Netcat Nmap Web Application Testing Burp Suite Zed Attack Proxy (ZAP) Mitmproxy Fuzzing, Packet Generation, and Vulnerability Exploitation Frameworks American Fuzzy Lop (AFL) Kali Linux Metasploit Framework Scapy Contents note continued: Sulley Network Spoofing and Redirection DNSMasq Ettercap Executable Reverse Engineering Java Decompiler (JD) IDA Pro Hopper ILSpy .NET Reflector.
Attacking Network Protocols is a must-have for any penetration tester, bug hunter, or developer looking to understand and discover network vulnerabilities.