Changeset 24


Ignore:
Timestamp:
11/05/16 19:03:28 (8 years ago)
Author:
tim
Message:

migration

Files:
2 edited
1 moved

Legend:

Unmodified
Added
Removed
  • README.wiki

    r23 r24  
    1 # Nanown
    2 
     1<h2>Nanown</h2>
     2<p>
    33A tool for identifying, evaluating, and exploiting timing
    44vulnerabilities remotely.  This is part of the output from a research
     
    66This project is still highly experimental and not particularly easy to
    77use at this point.
     8</p>
    89
    9 
    10 # Prerequisites
    11 
     10<h2> Prerequisites</h2>
     11<p>
    1212Linux and Python 3.4+ are required.  Yes, really, your Python needs to
    1313be that new.  You will also need to install the following modules for
    1414this version of Python:
    15 ```
     15</p>
     16<pre>
    1617requests
    1718numpy
    1819netifaces
    1920matplotlib
    20 ```
     21</pre>
     22<p>
    2123On Debian unstable, you can get these by running:
    22 ```
    23 apt-get install python3-requests python3-numpy python3-netifaces python3-matplotlib
    24 ```
    25 If you can't get the appropriate packages from your distro, resort to `pip3`.
    26 
     24</p>
     25<pre>
     26  apt-get install python3-requests python3-numpy python3-netifaces python3-matplotlib
     27</pre>
     28<p>
     29If you can't get the appropriate packages from your distro, resort to <code>pip3</code>.
     30</p><p>
    2731In addition, you'll need to have a C compiler and the development
    2832package for libpcap installed.  Under Debian this is probably sufficient:
    29 ```
    30 apt-get install libpcap-dev gcc
    31 ```
     33</p>
     34<pre>
     35  apt-get install libpcap-dev gcc
     36</pre>
    3237
    3338
    34 # Installation
    35 
     39<h2> Installation</h2>
     40<p>
    3641Hah! Funny.
    37 
     42</p><p>
    3843Currently there's no installation script...
    39 
     44</p><p>
    4045To attempt to use this code, clone the repository and build the
    41 `nanown-listen` tool with:
    42 ```
    43 cd nanown/trunk/src && ./compile.sh
    44 ```
    45 
    46 That will drop the `nanown-listen` binary under nanown/trunk/bin.  You
    47 must then put this directory in your `$PATH` in order to perform any
     46<code>nanown-listen</code> tool with:
     47</p>
     48<pre>
     49  cd nanown/trunk/src && ./compile.sh
     50</pre>
     51<p>
     52That will drop the <code>nanown-listen</code> binary under <code>nanown/trunk/bin</code>.  You
     53must then put this directory in your <code>$PATH</code> in order to perform any
    4854data collection.
    49 
     55</p><p>
    5056To run any of the other scripts, change to the nanown/trunk directory
    5157and run them directly from there.  E.g.:
    52 ```
    53 bin/train ...args...
    54 bin/graph ...args...
    55 ```
     58</p>
     59<pre>
     60  bin/train ...args...
     61  bin/graph ...args...
     62</pre>
    5663
    5764
    58 # Usage
    59 
     65<h2> Usage</h2>
     66<p>
    6067Our goal for a usage workflow is this:
    61 
    62 1. Based on example HTTP requests, and test cases supplied by the user,
     68</p>
     69<ol>
     70<li>Based on example HTTP requests, and test cases supplied by the user,
    6371   a script generator creates a new script.  This new script serves
    6472   as the sample collection script, customized for your web
    6573   application.
    66 
    67 2. After collecting samples using the script from step 1, you run a
     74</li>
     75<li>After collecting samples using the script from step 1, you run a
    6876   mostly automated script to train and test various classifiers on your
    6977   samples.  This will then tell you how many samples you need to
    7078   reliably detect the timing difference.
    71 
    72 3. Given the output from step 3 and inputs to step 1, a second script
     79</li>
     80<li>Given the output from step 3 and inputs to step 1, a second script
    7381   generator creates an attack script for you as a starting point.  You
    7482   customize this and run your attacks.
    75 
     83</li>
     84</ol>
     85<p>
    7686Sounds great, yeah?  Well steps 1 and 3 aren't quite implemented yet. =\
    77 
     87</p><p>
    7888If you are really dying to use this code right now, just make a copy of
    79 the `trunk/bin/sampler` script and hack on it until it sends HTTP requests
     89the <code>trunk/bin/sampler</code> script and hack on it until it sends HTTP requests
    8090that your targeted web application expects.  Be sure to define the test
    8191cases appropriately.  Then run it to collect at least
    829250,000 samples for each of the train, test and train_null data sets
    83 (150,000 samples total).  NOTE: Your sampler script must be run as `root`
     93(150,000 samples total).  NOTE: Your sampler script must be run as <code>root</code>
    8494so it can tweak local networking settings and sniff packets.
    85 
     95</p><p>
    8696Next you can move on to step 2, where you simply run the train script
    8797against the database created by your sampler script:
    88 ```
    89 bin/train mysamples.db
    90 ```
     98</p>
     99<pre>
     100  bin/train mysamples.db
     101</pre>
     102<p>
    91103This will run for a while.  If you cancel out and re-run it, it will
    92104pick up where it left off.  Pay special attention to the final results
     
    94106distinguish between the test cases.  Do a little math on your own to
    95107decide how feasible your overall attack will be.
    96 
     108</p><p>
    97109Finally, we come to step 3.  If you choose to carry out an attack, you
    98110will need to implement your own attack script that collects batches of
    99111samples, distinguishes between them using the best classifier available
    100112(from step 2) and then repeats as needed.  Consider starting with the
    101 sample script at `test/blackhat-demo/jregistrate-attack`.
     113sample script at <code>test/blackhat-demo/jregistrate-attack</code>.
     114</p><p>
     115Any questions?  See the source, watch our <a href="https://www.youtube.com/watch?v=k-Pv3sf3G2A">BlackHat presentation</a>, read
     116our <a href="https://www.blackhat.com/docs/us-15/materials/us-15-Morgan-Web-Timing-Attacks-Made-Practical-wp.pdf">research paper</a>),
     117or <a href="https://code.blindspotsecurity.com/trac/nanown/newticket">post a ticket</a>.
     118</p>
    102119
    103 Any questions?  See the source, watch our [BlackHat presentation](https://www.youtube.com/watch?v=k-Pv3sf3G2A), read
    104 our [research paper](https://www.blackhat.com/docs/us-15/materials/us-15-Morgan-Web-Timing-Attacks-Made-Practical-wp.pdf),
    105 or [post an issue](https://github.com/ecbftw/nanown/issues) on GitHub.
     120<h2> License</h2>
     121<p>
     122Unless otherwise indicated in the source code, this software is licensed under the GNU GPL version 3.  See the LICENSE file for details.
     123</p>
    106124
    107 
    108 # License
    109 
    110 Unless otherwise indicated in the source code, this software is licensed
    111 under the GNU GPL version 3.  See the LICENSE file for details.
    112 
    113 
    114 # Contributing
    115 
     125<h2> Contributing</h2>
     126<p>
    116127We certainly welcome and encourage code contributions, no matter how
    117 small. Currently, this GitHub repository is a mirror of an SVN
    118 repository. Please don't submit pull requests.  Instead, just contact us
    119 through the issue tracker and send us a patch if needed.  We may switch
    120 to git later.
     128small.  To submit a patch, please check out the latest revision with:
     129</p>
     130<pre>  svn co https://code.blindspotsecurity.com/dav/nanown/</pre>
     131<p>
     132Then apply your changes and run "<code>svn diff</code>".  Save the resulting diff and attach it to a <a href="https://code.blindspotsecurity.com/trac/nanown/newticket">ticket</a>.
     133</p>
  • trunk/lib/nanownlib/stats.py

    r20 r24  
    365365
    366366
    367 from pykalman import KalmanFilter
     367#from pykalman import KalmanFilter
    368368def pyKalman4DTest(params, greater, samples):
    369369    kp = params['kparams']
  • trunk/lib/nanownlib/train.py

    r16 r24  
    300300
    301301
    302 from pykalman import KalmanFilter
     302#from pykalman import KalmanFilter
    303303_pykalman4d_params = None
    304304_pykalman4d_params = {'observation_covariance': [[11960180434.411114, 4760272534.795976, 8797551081.431936, 6908794128.927051], [4760272534.795962, 12383598172.428213, 5470747537.2599745, 11252625555.297853], [8797551081.431955, 5470747537.2601185, 1466222848395.7058, 72565713883.12643], [6908794128.927095, 11252625555.297981, 72565713883.12654, 1519760903943.507]], 'transition_offsets': [592.5708159274, 583.3804671015271, 414.4187239098291, 562.166786712371], 'observation_offsets': [165.2279084503762, 157.76807691937614, 168.4235495099334, 225.33433430227353], 'initial_state_covariance': [[33599047.5, -18251285.25, 3242535690.59375, -8560730487.84375], [-18251285.25, 9914252.3125, -1761372688.59375, 4650260880.1875], [3242535690.59375, -1761372688.59375, 312926663745.03125, -826168494791.7188], [-8560730487.84375, 4650260880.1875, -826168494791.7188, 2181195982530.4688]], 'initial_state_mean': [12939012.5625, 12934563.71875, 13134751.608, 13138990.9985], 'transition_covariance': [[2515479496.145993, -401423541.70620924, 1409951418.1627903, 255932902.74454522], [-401423541.706214, 2744353887.676857, 1162316.2019491254, 1857251491.3987627], [1409951418.1628358, 1162316.2020361447, 543279068599.8229, -39399311190.5746], [255932902.74459982, 1857251491.398838, -39399311190.574585, 537826124257.5266]], 'observation_matrices': [[1.4255288693095167, -0.4254638445329988, 0.0003406844036817347, -0.0005475021956726778], [-0.46467270827589857, 1.4654311778340343, -0.0003321330280128265, -0.0002853945703691352], [-0.2644570970067974, -0.33955835481495455, 1.7494161615202275, -0.15394117603733548], [-0.3419097544041847, -0.23992883666045373, -0.15587790880447727, 1.7292393175137022]], 'transition_matrices': [[0.52163952865412, 0.47872618354122665, -0.0004322286766109684, 0.00017293351811531466], [0.5167436693545113, 0.48319044922845933, 7.765428142114672e-05, -0.00021518950285326355], [0.2091705950622469, 0.41051399729482796, 0.19341113299389256, 0.19562916616052917], [0.368592004009912, 0.22263632461118732, 0.20756792378812872, 0.20977025833570906]]}
Note: See TracChangeset for help on using the changeset viewer.