Sunday, January 24, 2010

HTTP session reconstruction

Been wanting to attempt to reconstruct HTTP sessions captured in Pcap files. Stumbled across this tool called "PyFlag". They have this amazing script to automatically download, install and set up "PyFlag" on Ubuntu. It was painless to get up and running. I managed to load Pcap files to "PyFlag" for analysis but wasn't able to reconstruct the HTTP sessions.
I researched for other tools and found "Unsniff". Worked like a charm!!!

Latency

Antivir is a powerful AV with its heuristic detection of malware. I gave up on it because of the ridiculous time it took to update. I replaced it with Microsoft's "Security Essentials".

Sunday, January 17, 2010

Network forensics puzzle #3

New network forensics puzzle is out. Inline with contest rules, I can't post my answers till the deadline is over.

Friday, January 1, 2010

Cookie manipulation

I demonstrated cookie hijacking previously but never elaborated about how the stolen cookie can be used.
To make use of stolen cookie information, the session must still be active for cookie manipulation to be successful. Here I manually add cookies using the "Web Developer" Firefox addon to successfully access an active Gmail session.

The high res version of this demo can be downloaded here.