ssl and cgi and everything else
play

SSL and CGI and Everything else 15-441: Computer Networks Yours - PowerPoint PPT Presentation

Oct 16, 2022 •197 likes •799 views

SSL and CGI and Everything else 15-441: Computer Networks Yours Truly Based on Slides By "Generations of TAs P1 Final Submission (1) SSL (2) CGI (3) Daemonize SSL Adding the S in HTTPS Lets talk about Security Bad Guy

  1. SSL and CGI and Everything else 15-441: Computer Networks Yours Truly Based on Slides By "Generations of TAs”

  2. P1 Final Submission (1) SSL (2) CGI (3) Daemonize

  3. SSL Adding the “S” in HTTPS

  4. Lets talk about Security Bad Guy Bad 1 Guy 2 Network Link (Ethernet, Wifi etc) CMU CMU Student: Student: “RE: World Domination” Alice Bob Bad Guy 3

  5. Lets talk about Security Bad Guy Bad 1 Guy 2 Network Link (Ethernet, Wifi etc) CMU CMU Student: Student: “WAFE#” Alice Bob “RE: World “RE: World Domination” Bad Domination” Guy 3 Encode Decode

  6. Public-Private Key Encryption 1.Generate two keys – Private Key and Public Key 2.Messages can be encrypted using the Public Key 3.Messages can be decrypted using the Private Key 4.Everyone knows my public key – that’s why it’s “public” 5.Only I know my private key - that’s why it’s “private”

  7. Public-Private Key Encryption Secret Public Secret ASDF# ENCRYPT Bob Plan Key Plan Public Key Here’s my Network public key everyone! Secret Private DECRYPT ASDF# Liso Plan Key

  8. Implementing an... SSL Server

  9. What is SSL? Standard behind secure communication ● on the Internet. Provides confidentiality & integrity ● Sits between transport & application ● SSL SSL Transport Transport

  10. Implementing SSL: Getting the files 1. Get free domain name from www.noip.com 2. Get the public certificate file and private key file from https://project1.myheartisinthenetwork.com Extra slides at the end will have more detailed info on how to go about this…

  11. Implementing SSL: Coding 1. Look at the provided SSL Example code and learn how to wrap a connection with SSL 2. Modify your server to take in a HTTPS port 3. Bind socket to this port and add it to your select read_fds 4. When you get a new connection on this port, accept connection, wrap it in SSL 5. Do the rest as usual, but read and write using SSL_read and SSL_write functions

  12. CGI

  13. What is CGI? •A standard method used to generate dynamic content on Web pages and Web applications. •Provides an interface between the Web server and programs that generate the Web content. • Usually written in a scripting language.

  14. Serving Dynamic Content •A Web server that supports CGI can be configured to interpret a URL that it serves as a reference to a CGI script. • A common convention is to have a cgi/ directory containing the CGI scripts. GET /cgi/horoscope.py HTTP/1.1

  15. •The server forks a child process and runs the program identified by the URI in that process. •The server captures the content of the child and forwards it without modification to the client.

  16. How does the client pass arguments to the server? •GET: The arguments are appended to the URI can be encoded directly in a URL typed to a browser or a URL in an HTML link. •A question mark appended to the URL, followed by param=value pairs. • e.g. http://name.com/cgi/find?first=justine&last=sherry • POST: The arguments are passed in the request body. • e.g. name=“mark”

  17. How does the server pass arguments to the cgi program? • Environment Variables • set before execution. • passed through execve. • list of required environmental variables is available on the writeup • Request body •request body passed to the cgi program’s stdin using dup2 and pipe

  18. Implementing CGI: Coding 1. Check if URI starts with “/cgi/” 2. Parse the args in the URI 3. Fork a child 4. Set environment variables 5. Execute script 6. Pass in request body from parent through pipe 7. Add child -> parent pipe to select loop 8. Pass on everything you get from the child, back to the client…you are now a proxy (cue 213 flashbacks)

  19. Daemonizing

  20. What is a daemon? • A background process that is supposed to run “forever” • Does not exit when you exit the terminal • Does not receive any input from or write to stdin/out • Hard to observe or accidentally kill • We want liso d to be a daemon, that’s what the “d” was for all along • We provide most of the code for daemon-izing so don’t worry

  21. Extras Look at handout for SSL examples, CGI code, and daemonize.c

  22. Getting a... Domain Name

  23. Create a Domain Name Get a free domain name from https://www.noip.com/ ● ● Use your Andrew ID as the hostname

  24. Get the Update Client ● You don't have root, so... Just build (make), don't install (make install) ● Run manually when your IP changes ●

  25. Create No-IP Conf File ./noip2 -C -c noip.conf [stariq@unix3 ~/noip-2.1.9-1]$ ./noip2 -C -c noip.conf Auto configuration for Linux client of no-ip.com. Please enter the login/email string for no-ip.com <username> Please enter the password for user '<username>' **************** Only one host [stariq.ddns.net] is registered to this account. It will be used. Please enter an update interval:[30] Do you wish to run something at successful update?[N] (y/N) New configuration file 'noip.conf' created.

  26. Update Your IP Address ./noip2 -c noip.conf -i 108.17.82.243 [stariq@unix3 ~/noip-2.1.9-1]$ ./noip2 -c noip.conf -i 108.17.82.243 IP address detected on command line. Running in single use mode.

  27. Getting ... Keys

  28. Get your public certificate and private key https://project1.myheartisinthenetwork.com

  29. Get your public certificate and private key

  30. SSL Extra

  31. OpenSSL Toolkit Command line tools, SSL library, and ● crypto library Can do a lot more than SSL ● ● Message digests Encryption and decryption of files ● Digital certificates (more later) ● Digital signatures ● Random number generation ●

  32. Open SSL headers /* OpenSSL headers */ #include <openssl/bio.h> #include <openssl/ssl.h> #include <openssl/err.h>

  33. SSL Server Basics /*step 1: I n i t i a l i z e Library * / SSL_load_error_strings(); SSL_library_init(); / * Step 2: I n i t i a l i z e SSL Context to v1 * / ssl_context = SSL_CTX_new(TLSv1_server_method())) / * Step 3: Add your private key to the context * / SSL_CTX_use_PrivateKey_file(ssl_context, "my.key", SSL_FILETYPE_PEM) / * Step 4: Add your public key ( c e r t i f i c a t e ) to the context * / SSL_CTX_use_certificate_file(ssl_context, "my.crt", SSL_FILETYPE_PEM) / * Step 5: Make a listening socket and wait f o r a connection * / / * Step 6: Accept an incoming connection * / client_sock = accept(sock, ( s tr u c t sockaddr * ) &cli_addr, &cli_size)) / * Step 7: Create a new instance of the context f o r the c l i e n t * / client_context = SSL_new(ssl_context) / * Step 8: Wrap the c l i e n t socket with TLS * / SSL_set_fd(client_context, client_sock) / * Step 9: Finalize the SSL Connection * / SSL_accept(client_context) / * Step 10: Add to the select loop l i k e any other socket but remember that t h i s socket uses SSL*/ / * Step 11: Use SSL_read and SSL_write to receive and send data SSL_read(client_context, buf, BUF_SIZE)

  34. SSL Server Basics / * Step 7: Create a new instance of the context f o r the c l i e n t * / client_context = SSL_new(ssl_context) / * Step 8: Wrap the c l i e n t socket with TLS * / SSL_set_fd(client_context, client_sock) / * Step 9: Finalize the SSL Connection * / SSL_accept(client_context) / * Step 10: Add to the select loop l i k e any other socket but remember that t h i s socket uses SSL*/ / * Step 11: Use SSL_read and SSL_write to receive and send data SSL_read(client_context, buf, BUF_SIZE) / * Step 12: Clean Up State SSL_shutdown(client_context); SSL_free(client_context); close_socket(client_sock); close_socket(sock); SSL_CTX_free(ssl_context);

  35. Initialization Steps Global System Initialize ● SSL_library_init() ● SSL_load_error_strings() ● ● Initialize SSL_METHOD and SSL_CTX meth=SSLv23_method(); ● ctx=SSL_CTX_new(meth) ; ● ● Loading keys SSL_CTX_use_certificate_file(...) ● SSL_CTX_use_PrivateKey_file(...) ●

  36. Global Initialization SSL_library_init() ● ● registers the available SSL/TLS ciphers and digests. SSL_load_error_strings() ● ● Provide readable error messages.

  37. SSL_METHOD To describe protocol versions ● SSLv1, SSLv2 and TLSv1 ● SSL_METHOD* meth = TLSv1_method();

  38. SSL_CTX Data structure to store keying material ● ● Reused for all connections; make ONE for your server SSL_CTX* ctx = SSL_CTX_new(meth);

  39. SSL_CTX_use_certificate_file() Loads the first certificate stored in file ● into ctx. The formatting type of the certificate ● must be specified from the known types SSL_FILETYPE_PEM ● SSL_FILETYPE_ASN1. ● Our CA generates files of PEM format ● int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) ;

  40. SSL_CTX_use_PrivateKey_file() Adds the first private key found in file to ● ctx. The formatting type of the certificate ● must be specified from the known types: SSL_FILETYPE_PEM ● SSL_FILETYPE_ASN1. ● Our CA generates files of PEM format ● int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) ;

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CGI-Browser-CGI qux.com foo.org geht.net bar.com . p.1/ ?? CGI-Browser-CGI qux.com

CGI-Browser-CGI qux.com foo.org geht.net bar.com . p.1/ ?? CGI-Browser-CGI qux.com

CGI-Browser-CGI qux.com foo.org geht.net bar.com . p.1/ ?? CGI-Browser-CGI qux.com foo.org /cgibin/img.pl /cgibin/img.pl geht.net bar.com /cgibin/img.pl /cgibin/img.pl . p.1/ ?? CGI-Browser-CGI qux.com foo.org

459 views • 28 slides
Achieving The Right Approach Dr Naheed Rana NHS RightCare Delivery Partner, London Diabetes Lead

Achieving The Right Approach Dr Naheed Rana NHS RightCare Delivery Partner, London Diabetes Lead

NHS RightCare Achieving The Right Approach Dr Naheed Rana NHS RightCare Delivery Partner, London Diabetes Lead 12th July 2018 What is NHS RightCare? NHS RightCare is a programme committed to reducing unwarranted variation to improve peoples

577 views • 18 slides
Roman Gorbonosov on behalf of the Beams Department Controls Group Based on the input from

Roman Gorbonosov on behalf of the Beams Department Controls Group Based on the input from

Roman Gorbonosov on behalf of the Beams Department Controls Group Based on the input from M.Arruat, V.Baggiolini, JC.Bau, M.Buttner, P.Charrue, S.Deghaye, E.Hatziangeli, G.Kruk, M.Lamont, A.Radeva, U.Raich, C.Roderick, J.Serrano, W.Sliwinski,

919 views • 72 slides
CCC COUNCIL MEETING March 25th, 2019 AGENDA Welcome and Introductions Task Forces

CCC COUNCIL MEETING March 25th, 2019 AGENDA Welcome and Introductions Task Forces

CCC COUNCIL MEETING March 25th, 2019 AGENDA Welcome and Introductions Task Forces Industry Working Group BREAK AAAS Recap and Next Year Discussion LUNCH Artificial Intelligence New Initiatives

617 views • 38 slides
15-441: Computer Networks Recitation 3 P1 Lead TAs: Mingran Yang, Alex Bainbridge Agenda 1.

15-441: Computer Networks Recitation 3 P1 Lead TAs: Mingran Yang, Alex Bainbridge Agenda 1.

15-441: Computer Networks Recitation 3 P1 Lead TAs: Mingran Yang, Alex Bainbridge Agenda 1. Project 1 Checkpoint 3 2. Advanced Git 3. Q&amp;A Checkpoint 3 Due Sep 27, 2019 This is only for 15-641 students! You will need to daemonize your

541 views • 26 slides
T YPE -G UIDED W ORST -C ASE I NPUT G ENERATION Di Wang , Jan Hoffmann Carnegie Mellon

T YPE -G UIDED W ORST -C ASE I NPUT G ENERATION Di Wang , Jan Hoffmann Carnegie Mellon

T YPE -G UIDED W ORST -C ASE I NPUT G ENERATION Di Wang , Jan Hoffmann Carnegie Mellon University R ESOURCE A NALYSIS Programs 2 R ESOURCE A NALYSIS Programs Performance 2 R ESOURCE A NALYSIS Time Memory Power Programs Performance

1.12k views • 83 slides
Dynamic web content technologies CSCI 470: Web Science

Dynamic web content technologies CSCI 470: Web Science

Dynamic web content technologies CSCI 470: Web Science Keith Vertanen Overview Dynamic content What it is Sources of input CGI

506 views • 21 slides
systemd in Debian - a status update Michael Biebl July 5, 2016 introduction polish and QA

systemd in Debian - a status update Michael Biebl July 5, 2016 introduction polish and QA

systemd in Debian - a status update Michael Biebl July 5, 2016 introduction polish and QA trimming the base OS getting rid of legacy cruft polish and QA stable updates 4 stable point releases in jessie bug fixes and

550 views • 13 slides
CS108 Lecture 24: Web Forms Processing CGI Data Aaron Stevens 27 March 2009 1

CS108 Lecture 24: Web Forms Processing CGI Data Aaron Stevens 27 March 2009 1

CS108 Lecture 24: Web Forms Processing CGI Data Aaron Stevens 27 March 2009 1 Overview/Questions Review: Python and HTML HTML Forms Processing Form Fields Organizing a Python Web Application using functions, decision

592 views • 11 slides
Python Crash Course + Web Forms (CGI) CS370 SE Practice &amp; Startup, Cengiz Gnay (Some slides

Python Crash Course + Web Forms (CGI) CS370 SE Practice &amp; Startup, Cengiz Gnay (Some slides

Python Crash Course + Web Forms (CGI) CS370 SE Practice &amp; Startup, Cengiz Gnay (Some slides courtesy of Eugene Agichstein and the Internets) CS370, Gnay (Emory) Python Intro + CGI Spring 2015 1 / 4 Instructions Go through this

505 views • 39 slides
Computational Logic WWW Programming Using LP/CLP Systems 1 LP/CLP , the Internet, and the WWW

Computational Logic WWW Programming Using LP/CLP Systems 1 LP/CLP , the Internet, and the WWW

Computational Logic WWW Programming Using LP/CLP Systems 1 LP/CLP , the Internet, and the WWW Logic and Constraint Logic Programming can be an attractive alternative for Internet/WWW programming. Shared with other net programming tools:

822 views • 51 slides
BYPASSING SECURITY RESTRICTIONS TH THE E CASE ASE OF F CVE VE-2018 2018-5955 5955 Whoami

BYPASSING SECURITY RESTRICTIONS TH THE E CASE ASE OF F CVE VE-2018 2018-5955 5955 Whoami

BYPASSING SECURITY RESTRICTIONS TH THE E CASE ASE OF F CVE VE-2018 2018-5955 5955 Whoami Ad Adam Nu Nurudin ini CEH, ITIL L V3, 3, CCNA, CCNP, CASP, PCI-DS DSS, B , BSC-IT IT Lead Security Researcher @ Netwatch Technologies

178 views • 16 slides
The language COMP 520 Fall 2010 The WIG language (2) Uses of the World Wide Web: static

The language COMP 520 Fall 2010 The WIG language (2) Uses of the World Wide Web: static

COMP 520 Fall 2010 The WIG language (1) The language COMP 520 Fall 2010 The WIG language (2) Uses of the World Wide Web: static documents (supported by HTML); dynamic documents (supported by CGI, ASP, Ruby on Rails, various HTML

734 views • 44 slides
Towards Client Side HTML Security Policies Joel Weinberger, Adam Barth, Dawn Song MySpace Samy

Towards Client Side HTML Security Policies Joel Weinberger, Adam Barth, Dawn Song MySpace Samy

Towards Client Side HTML Security Policies Joel Weinberger, Adam Barth, Dawn Song MySpace Samy Worm Content Injection The insertion of untrusted data, structure, or code into an application Key Points Explicit policies form a compelling,

380 views • 23 slides
is very helpful in understanding why a JSP/Servlet container is required. The exact life cycle

is very helpful in understanding why a JSP/Servlet container is required. The exact life cycle

falkner.ch1.qxd 8/21/03 4:42 PM Page 1 Chapter 1 Setting Up a Servlet and JSP Environment B efore you start developing with Servlets and JavaServer Pages, you need to understand two very important things: Why is using the technology

764 views • 30 slides
Forms, CGI Objectives The basics of HTML forms How form content is submitted GET, POST

Forms, CGI Objectives The basics of HTML forms How form content is submitted GET, POST

Forms, CGI Forms, CGI Objectives The basics of HTML forms How form content is submitted GET, POST Elements that you can have in forms Responding to forms CGI the Common Gateway Interface Later: Servlets

848 views • 19 slides
CS3157: Advanced Programming Lecture #4 Sept 19 Shlomo Hershkop shlomo@cs.columbia.edu

CS3157: Advanced Programming Lecture #4 Sept 19 Shlomo Hershkop shlomo@cs.columbia.edu

CS3157: Advanced Programming Lecture #4 Sept 19 Shlomo Hershkop shlomo@cs.columbia.edu Outline Feedback CGI HTML CGI &amp; Perl Perl Debugger Reading: Regular expressions File handling 1 Feedback from

478 views • 20 slides
Responsible disclosure process vulnerabilities of IP security cameras Kiberahs 2016

Responsible disclosure process vulnerabilities of IP security cameras Kiberahs 2016

Responsible disclosure process vulnerabilities of IP security cameras Kiberahs 2016 @KirilsSolovjovs 06.10.2016. kirils.org Me in a slide IT security expert; researcher at 1 st Ltd, Latvia Skills: network flow analysis, reverse

529 views • 20 slides
affect ALL software Miscompilation Bug int a, c, d, e = 1, f; int fn1 () { int h; for (; d &lt; 1;

affect ALL software Miscompilation Bug int a, c, d, e = 1, f; int fn1 () { int h; for (; d &lt; 1;

affect ALL software Miscompilation Bug int a, c, d, e = 1, f; int fn1 () { int h; for (; d &lt; 1; d = e) { h = (f == 0) ? 0 : 1 % f; if (f &lt; 1) c = 0; $ gcc O0 test.c ; ./a.out else if (h) break ; $ gcc O2 test.c ; ./a.out } Floating

1.08k views • 38 slides
Hackathon ECF 2015 Eclipse Con France 2015 Hackathon June 24 2015 Table of contents I - H a c k

Hackathon ECF 2015 Eclipse Con France 2015 Hackathon June 24 2015 Table of contents I - H a c k

Hackathon ECF 2015 Eclipse Con France 2015 Hackathon June 24 2015 Table of contents I - H a c k a t h o n E C F 2 0 1 5 5 3 I - Hackathon ECF 2015 I Welcome / Agenda some slides fix a real bug in live discussion about the

778 views • 9 slides
NP02 data management and accessibility 10/31/2019 Elisabetta Pennacchio, IPNL 1 This

NP02 data management and accessibility 10/31/2019 Elisabetta Pennacchio, IPNL 1 This

NP02 data management and accessibility 10/31/2019 Elisabetta Pennacchio, IPNL 1 This presentation aims to describe NP02 data management and accessibility by discussing the following points: 1. Raw data description and data flow 2. Online data

1.08k views • 84 slides
Overview of Group Project Dr. Chris Mayfield Department of Computer Science James Madison

Overview of Group Project Dr. Chris Mayfield Department of Computer Science James Madison

Overview of Group Project Dr. Chris Mayfield Department of Computer Science James Madison University Jan 21, 2020 Group project outcomes English language description working DB application 1. Create relational schemas from data

439 views • 10 slides
CDBG-DR Key Concepts 2020 CDBG-DR and CDBG-MIT Webinar Series Webinar Welcome &amp; Overview

CDBG-DR Key Concepts 2020 CDBG-DR and CDBG-MIT Webinar Series Webinar Welcome &amp; Overview

CDBG-DR Key Concepts 2020 CDBG-DR and CDBG-MIT Webinar Series Webinar Welcome &amp; Overview Welcome! This webinar is part of a series of several webinars for CDBG-DR grantees and their partners on various critical topics essential for

1.05k views • 48 slides
RAMCloud: Scalable High-Perform ance Storage Entirely in DRAM John Ousterhout, David Mazires,

RAMCloud: Scalable High-Perform ance Storage Entirely in DRAM John Ousterhout, David Mazires,

RAMCloud: Scalable High-Perform ance Storage Entirely in DRAM John Ousterhout, David Mazires, and Mendel Rosenblum Stanford University http://www.stanford.edu/~ouster/cgi-bin/papers/ramcloud.pdf Motivation: Latency at Scale Traditional

646 views • 5 slides

More recommend