Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Kiwicon 2014 - Hooked-browser Mesh-Networks with WebRTC

8.692 visualizaciones

Publicado el

A slightly modified version of my presentation for Kiwicon 2014 on BeEF for Vegetarians, or, Hooked-browser Mesh-Networks with WebRTC. Also includes a link to the demo of the BeEF WebRTC Extension PoC (https://www.youtube.com/watch?v=pLC3hbUvhoE)

Publicado en: Internet
  • Sé el primero en comentar

Kiwicon 2014 - Hooked-browser Mesh-Networks with WebRTC

  1. 1. Welcome to I989, a world without browsers. ..
  2. 2. asterisk ITHF3 I. Ifl. III'l'I' A Perth-based info sec consulting firm. .not aVo| P biz
  3. 3. |]| ]|]| ]|]D I
  4. 4. |]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]| ]|]
  5. 5. |][| |]| ]|]| ][| I But . .what the hell is WebRTC, and what the hell am I talking about?
  6. 6. The shift from attacking servers to attacking users '3‘ f‘
  7. 7. qq -v-1. u-. n.; rr; d-. -1-I_' ii--1 l‘] '| ::pI'| . _l. | 1-uL5:‘I. ::n E: -c: '_-: :qr 13:11: -_'i: -cflli Slltli I' : f,- Browsers are a popular user-based channel
  8. 8. .4“ Q . l'r‘a I--v $ no u no! two mrvnru 9 ll. 0-3’ 1 .4». -. Beliaauall ll) of coffee. ~ ‘ . ~ ‘ 3 1X7I'IO&23@ . o . — I; T.1“3L'I: '-'II: !1I: : - V I 3‘: ._‘ - , .1. - v. .:. _.__. .. -.i m . ,.. . I . K‘‘‘ _ I’: ll’'''~ { x ‘ £74 TRi'. '([l~'(. ‘ZI' r‘ u N» . 4| 1- "q 'woq— pu,
  9. 9. While browsers used to have a lot of fat plugins ripe for abuse. . they started to go away being replaced by. ..
  10. 10. |I| lI| |I| |I| lI| |I|
  11. 11. ll? Kl[lliT *lilll. E:"i; ilil iii [ W Lots of words about the stupid growth of JavaScript. ...
  12. 12. Talk to this guy about JavaScript . . I dare you DDUDUUUDUDDDDDDDDDEIUUDDUUUUDEIDDDDDDUEIIJDDDDDD I El] nminnnnn numb nminnnnntljl
  13. 13. |]| ][| [|| ]|]| ]|]| ]|]| ][| [| [|| ]|]| ]|]| ][| I ‘ii
  14. 14. 4--. . PIMP
  15. 15. "Look at me I'm a Threat Model! " ‘l<Pra Allstars I '1 firowsel‘ * hr ' e"s I Haltllzlndbook M —ui‘pn--1 I _: -‘I .5 £1 "C4" " 5"; ‘. ,q__ ‘I 3}! ‘__ __, mu. The other co- ’ » _ authors '1 p x’ ‘/ . r. " A -*‘/7;. -' : ' Xi‘ g IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
  16. 16. Initiating I r’ ' I Initiating I‘ I Control I Chapter 2 I I , . Mainly I v discussing I , "°‘"l". ‘"’ = I “: ;:: ::.9 I Chapter] / I compromise fl method of _ ; . . I Attacking retal ni n g : K _ « ‘ Bypassing the I Same Origin Policy control I K c. ... .m.4 I I ‘ Attacking Attacking I Users Browsers I I Chapters Chapleré ‘ J K / I V "FA V ’ I I Attacking J , /// ''1lk . I Attacking ‘ Extensions I '_ I I Plu ins I l_ Chap1cr7 -1 ‘fl Chargers I) / ‘ / "- -" / C_ I ‘ Attacking Attacking ; Web Applications Networks . i_ Chapter9 Chaptcrio
  17. 17. + ——————————— ——+ BeEF Server + . ... ... ... --> [< . ... ... ... ... .. _-+ + . ... ... ... . --+ A + + + + —————————————— ——+ + —————————————— ——+ + —————————————— ——+ Browser Browser M Browser
  18. 18. nnnnnnnnnnnnnn °: ;:: '.. ";e: ;:. 'V nnnnnnnnnn nnnnnnnflnnnnnnnnnnn ll _ _ - C n‘gEt}‘ Al “I
  19. 19. _ _ _ _ _ _ _ _ _ _ _ __-§- See a problem here? + Bow server ALL ROADS LEAD TOYOUR BeEF SERVER
  20. 20. [| |]| ][| [|| ][| [|| ]|] I nnnnnnnnnnnnnnnnnnnnn []nnnnnnnnnnnnnnnnnnn []nnnnnnnnnnnnnnnnnnnnnnn []nnnnnnnnnnn []nnnnnn []nnn
  21. 21. +—————————————+ | BeEF Server +——-————————————+ +———————————————+ E Browser Browser I +———————————————+ +__—__——__—___——+ +______________—+
  22. 22. + ___________ __+ BeEF Server L‘ I. + — — — — — — — — — — --+ + + _________ __+ Browser + . ... ... . __> < . ... .. --+ + — — — — — — — — — ——+ + “ + + _________ __+ + _________ __+ Browser Browser < —————————————————— ——+ + . ... ... .. --+ + . ... ... .. --+ A + A + _________ -_+ Browser + ________ __+ + ________ __+
  23. 23. IJIIJIIJIIIIIIIIIIIDIDIIIIIIEIEIIIIEIIIIIIIIIIIIIIIIIIIIIIIIIIII ElDDE| EEEWE| E|EE| EE| E|E| E|E| EE| E|EE| WE IIIIJIIEIIEIIIIIIIIIIIDIDIIIIIIEIIIIEIIIIIIIEIEIEIIIIIIIIIIEIIE Dmmmmmmmmmmmmmmmm IIIIJIIEIIEIEIIIIIIIIDIDIIIIIIEIIIIEIIIIIIIEIEIEIIIIIIIIIIIIIIII EEEEEIEIEEEEIHIIREEEE
  24. 24. IIIIIIIIIIIIIIIIIIIIIIIIDIIID T
  25. 25. var constraints = {video: true}; function successCallback(stream) document. querySelector("video"); window. URL. createObjectURL(stream); } var video video. src function errorCallback(error) { console. log("navigator. getUserMedia error: " } error); { navigator. getUserMedia(constraints, successcallback, errorcallback); I
  26. 26. IIIIIIIIIIIIIIIIIIIIIIIIIIIEIIIIIIIIIIDIIIEIDE
  27. 27. pc = new RTCPeerConnection(null); pc. onaddstream = gotRemoteStream; pc. addStream(localstream); pc. createOffer(gotOffer); function gotOffer(desc) { pc. setLocalDescription(desc); sendOffer(desc); } function gotAnswer(desc) { pc. setRemoteDescription(desc); } function gotRemoteStream(e) { attachMediaStream(remotevideo, e. stream); }
  28. 28. IIIEIIIIIIIIIIIIIIIIIIIIIIIIIIIIIJDEIE
  29. 29. var pc = new webkitRTCPeerConnection(servers, {optionalz [{RtpDataChannels: true}]}); pc. ondatachannel function(event) { receivechannel = event. channel; receiveChannel. onmessage = function(event){ document. querySelector("div#receive"). innerHTML = event. data; }; }; sendchannel = pc. createDataChannel("sendDataChannel", {reliablez false}); document. querySelector("button#send"). onclick = function (){ var data = document. querySelector("teXtarea#send"). value; sendChannel. send(data); };
  30. 30. |]| ]|]| ][| |]| ][| [|| ]|]| ]|][| |]| ]|][ | ]|]| ]|][| [|| ]|]| ][| [|| ]|] | :|| ]|]| :|| :|[| I I"" I‘. '-{.3 i: :_ We| |..
  31. 31. v=0 o= — 7614219274584779017 2 IN IP4 127.0.0.l 5:- You need to share Session t= O 0 Description Protocol (SDP) Signals. .. a= group: BUNDLE audio video a= msid—semantic: WMS m= audio 1 RTP/ SAVPF 111 103 104 0 8 107 106 105 13 126 c= IN IP4 0.0.0.0 a= rtcp:1 IN IP4 0.0.0.0 a= ice—ufrag: W2TGCZw2NZHuw1nf a= ice—pwd: xdQEccP40E+POL5qTyzDgfmW a= extmap:1 urn: ietf: params: rtp—hdrext: ssrc—audio— level a= mid: audio a= rtcp—mux a= crypto:1 AES_CM;128_HMAC_SHA1_80 in1ine: 9ClAHZ27dZ9XPI9lYNfSlI67/EMkjHHIHORiClQe a= rtDm1a13-‘I11 nnitq/48001]/7
  32. 32. lfllmnnmmmmmnmnnm Emlmmmmmmmmmmmmmmt . EM . . If xx 3-‘ ‘ 4' " , ‘ , , . i 1 _ ’ ‘. A i _ . ‘ ‘- . . . _ — : o. _ 4, 1 x x V . , «H, _ 7 l l l: * _ ' _ . ' V ‘ ‘ fl‘ . .
  33. 33. Signalling + ________ __> I I I I I I I I I + + ~~~~~~~~~~~~~~~~ ~—+ I Peer I I ---------------- --I I I I I I I I I I I + ________________ -_+ xxxxxxxx xxx xxxxxxxx xx xx xxxx x xx xx xxx x x x x Internet x xx x xxxxxxxxxxxxx xx xxx xxx xxxxx xx xxxxxx Media OR Data Signalling < ____________ __+ I I I I I I I I I + + ———————————————— ——+ I Peer I I ---------------- --I I I I I I -~-~~+| I I I + ________________ __+
  34. 34. XXX XXXXXXXX XXXXXXXX xx XX XXXX xxx XX XX X Signalling x <--------------+ x xx xxx xxxxx xx xxxxxx Signalling Internet +_________-> x XX XXXXXXXXXXXXX XXX I I + +------------------+ PW/ NAT +————————+ PW/ NAT Peer
  35. 35. Signalling + ———————— ——> I I I I I I I I I + + ———————————————— ——+ I Peer I I ---------------- --I I I I I I I I I+->I I I I I I I + ———————————————— ——+ XXXXXXXX XXX XXXXXXXX XX XX XXXX X XX XX XXX X X X x Internet x <———— XX X XXXXXXXXXXXXX XX XXX XXX XXXXX XX XXXXXX + — — — — — — - — + + — — — — — — - - + | Fw/ NAT | [ FW/ NAT | I ------ --I I ------ --I I I I I I I I+—-+ +_+I I <+ I I I I I I I I I I + —————— ——+ I I + —————— ——+ V V + — - — - - — - — - — + + - — - — - - — - — - + | STUN | | STUN [ + - — — — — - — — — — + «I» - - — — — — - — — — + IIIIIIIIIIIIIIIIIIIII Signalling ———————— ——+ I I I I I I I I I + + ———————————————— ——+ I Peer I I ---------------- --I I I I I I I I I I I + ———————————————— ——+ Session Traversal Utilities for NAT (or STUN)
  36. 36. XXXXXXXX xxxxxxxx xx x xx xx Signalling x + -------- ——> x Internet I xx I xxxxxxxxxxxxx I xxx I xxxxx I I + ———————— ——+ <---- I I TURN I +-_-- I + -------- ——+ Hedi I ‘ Data + + + ———————————————— ——+ + —————— ——+ I Peer I I PW/ NAT I I ---------------- -— I ------ --I I I I I I I I I I I+->I I+--+ I I I I I I I I I I + ———————————————— ——+ + —————— ——+ I v + . ... ... . ——+ I STUN I + ———————— ——+ IIIIIIIIIIIIIIIIIIIII XXX X XXXX X XXX X X x <--- X XX XXX XX XXXXXX ———+ + ———————— ——+ ___> I TURN I a/ + -------- ——+ A + + —————— ——+ I PW/ NAT I I ------ --I I I +-+I I I I I I + —————— ——+ V + -------- ——+ I swam I + ———————— ——+ Signalling ————————— ——+ I I I I I I I I I + + ———————————————— ——+ I Peer I . ... ... ... ... ... -_I I I I I I + ———————————————— ——+ Traversal Using Relays around NAT
  37. 37. IIIIIIIIIIIID E IIIIIIIIIIIIIIIIIIIII
  38. 38. ' Jlfia 5 H. I]I]I: II: II]I]I]I: II: I I]I]I]I][I[II] 0“ ‘_ ¥ I ‘ ___ I I». '-? ~ I’ I I DI] . ;£lI‘} »~ .12 ‘- o
  39. 39. I]I]I]I]I][I[II]I][I[II]I]I] IJIIIIJIJIJIIIIJDIIIEII O — — — — — — — — — — — — — — — — O Q — — — — — — — — — — — — — — — — I Q — — — — — — — — — — — — — — — —O I Browser Browser I — — — — — — — — — — — — — — — — O i — — — — — — — — — — — — — — — — I 0 — — — — — — — — — — — — — — — -0
  40. 40. EIEIEIEIEIEIEIEIEIEIEILIEIEIEIEIEIEIEIEI EIEIEIEIEIEIEIEIEIEIEIEI 4 — — — — — — — — — — — — -0 BeEF SSSS er I]I]I]I]I]I]I]I] I]I]I]I]I]I]I]I] I]I]I]I]I]I] I] I] DUI] I] I]I]I]DI]I] DUI] I] O — — — — — — — — — — — — — — — — O O — — — — — — — — — — — — — — — — I Q — — — — — — — — — — — — — — — —O I Browser I Browser I — — — — — — — — — — — — — — — — O i — — — — — — — — — — — — — — — — I 0 — — — — — — — — — — — — — — — -0
  41. 41. IIIIIIIIIIIIIIIIIIIJIJIJIIIIJIIIIIIIIIIIIIIIIIIIIIEIIIIIIIIJIIII IIIIIIIIIIIIIIIIJIJIJIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII _____________ -4 BeEF SSSS er IIIIIIIJIIIIIIIIIIIIEIIII ““““““““ “ IIIIIIIIIIIIIIIIIIIIIIIIIIIIII I DIJIJDIJDIJD 3333333333333 3' DDDDDDDDDD nnnnnnnnnn 0 — — — - — — — — - — - — — — — — 0 0 — — - — — — — — — — — — - — — — 0 0 — — — — — - — — — — — — — — — -0 I Browser Browser 0 — - - - - — — — - - - — — — — — 0 i - — - — — — - - - — — — - - - — I 0 - — — — — - — - — — — - - — - -0
  42. 42. [IIIIIIIIIIIIIIIIIIIIIIIIIEIIIIIIIIIIIIIIIIIIIIIIIIIIIIIJIIIIIIIIIIIIIIIIIIIIIIIIIII IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII IIIIIIIIIEIIIIIIIIIIIIIIIIIIIIIIIIIIIIIJIIIIIIIII _____________ -4 BeEF SSSS er nnnnnnnn ------------- -« nnnnnnnnnn DDDD 0 — — - - — — — — — — - — — — — — 0 0 — — - - — — — — — — — — - — — -0 Browser Browser d — — - - — — — - - - - — — — — - 0 i — — - - — — - - — — — — - - - — I I - — — — — - - — — — — - - — - -0
  43. 43. [I000000000000000000000000000 [I[I0000000000000000000000000000 000000000000000000 _____________ -4 BeEF SSSS er nnnnnnnnn ------------- ~ nnnnnnnnnnn DHTEHTEDI nd00%00%0% 0 - - - - — - - - - - - - - - - - 0 0 - - - - - - - - — — - - - - - -0 Browser Browser d — — - - — — — - - - - — — — — - 0 i — — - - — — - - — — — — - - - — I I - — — — — - - — — — — - - — - -0
  44. 44. 0000000000000000000000000000000[ 0000000000000000000000000000 _____________ -4 BeEF SSSS er 00000000 I 00000000000 ************ " 0000 nnnnnnnnnn 0 - - - - - - - - - - - - - - - - 0 0 - - - - - - - - - - - - - - - - 0 0 - - - - - - - - - - - - - - - -0 Browser d — — - - — — — - - - - — — — — - 0 i — — - - — — - - — — — — - - - — I ¢ - — — — — - - — — — — - - — - -0
  45. 45. 0000000000000 IIIIJEIDEIIJEIIJEIIJIJEIIJEIIJEIIJEIIJDEIDEIIJEIIJEIEIEIEIIJL Iflntinnti IIIIJEIIJEIIJEIIJEIIJIJEIIJEIEIEIEIEIIJDEIIJEIIJEIIJEIIJEIEI
  46. 46. 0000000000000000 0000000000000000I 0 - - - - - - - - - - - - - - - — 0 0 - - - - - - - - - - - - - - - - 0 0 - - - - - - - - - - - - - - - -0 I Browser Browser 0 — - - - - — — — - - - — — — — — 0 i - — - — — — - - - — — — - - - — I 0 - — — — — - — - — — — - - — - -0
  47. 47. 0000000000 I 0 - - - - - - - - - - - - -0 many RRRRRRRRRRRRR 3' DDDDDDD 00000000000 0 — - - - - — — — - - - — — — — — 0 i - — — - — — - - - — — — - - - - I 0 - — — — - - — - — — — - — — - -0
  48. 48. 00000000000 000000000I I: I 0000000000000000000000000000000 0000000000000000000000000000000000000 I: I 00000000000000 I: I 0000000000000000000000000 00000000000000000000000000 I: I 0000000000000000000000000000000000000 000000000000000000000000000 I: I 0000000000000000000000000000000000000I 000000000000000000000000000000000000 I: I 0000000000000000000000000000000000000 000000000
  49. 49. 0000
  50. 50. . H 4" -». .-9*" 4”“? ,), _, . ,.. V . .I. ’,'. x. 2'! ‘ . - ‘ff? .. I.
  51. 51. 0000000I KIagHBHH0000000000000IIII0000000000000000 III I i0fl000000lIMflM0000000fl
  52. 52. mmmmmm 00000000I IIIDEIDDEIDEI Iinmnniiln Danni I I I00000 I0000
  53. 53. 000000000000I I: I 00000000000000000000000000000000000000 0000000000000000 I: I 0000000000000000000000000000000 I: I 0000000000000000000000000000000 I: I 00000000000000000000000000000 I: I 0000000000000000000000 I: I 0000000000000000000000000000000000000 00000000
  54. 54. 00000000 I: I 0000000000000000000000000000000 000000000000000000000000000000000 00000000000000000 []nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn []mannannnnnnnnnnnnnnnnnnnnnnnn [IDDDDDDDDD [IDDDDDDDDDD egg; Iggy STE If}.
  55. 55. EIDI If GRUB E E! IGRDG E GROG II

×