CS338 Computer Security
Friday, 15 September 2023

+ Today
- Catchup on this week's stuff (wireshark, TCP, HTTP, net tools,...)
- HTTP Basic Access Authentication
    https://en.wikipedia.org/wiki/Basic_access_authentication
    https://datatracker.ietf.org/doc/html/rfc7617
- Looking at the HTTP spec

+ Questions (wireshark, datetime, http, whatever...)

+ Ethics document
- Thoughts?
- Application to wireshark assignment

+ Network tools lab, continued
Tons more options for all of these, but the answers here are a good toolkit to start with.
1. [MY IP] ifconfig, ip a, ipconfig... (Mac), etc.
2. [DOMAIN'S IP] dig, traceroute, ping, nslookup, host ...
    (for fun: traceroute bad.horse)
3. [IP'S DOMAIN(S)] nslookup, tons of websites
    often unsatisfying, because these tools don't show you all the domain
    names associated with a given IP address
    BUT: https://dnslytics.com/reverse-ip
        how does it work? I have guesses, but I don't know
    https://reverseip.domaintools.com/
        same, but they want you to pay
4. [COPYING FILES] scp, sftp, a wacky approach with nc; GUI solutions are
    usually most convenient here if they're available (e.g., via VS Code)
5. [OPEN PORTS ON THE LOCAL HOST] lsof, netstat, ss; availability and CL syntax of
    these tools depends on the Unix variant (e.g., Kali vs. macOS vs. Ubuntu-on-WSL vs. ...)
   [OPEN SPECIFIC PORT ON ANOTHER HOST] "nmap -p80 ip-address" will check port 80 at the specified
    IP address
6. [LIST OPEN PORTS ON A HOST]; "nmap ip-address" will check the 1000 most common ports;
    "nmap -p- ip-address" will check ports 1-65535 (slowly!), etc.
   You can also search for "port scanner" to get more tool choices, many of which are
    part of a larger package like the Nessus vulnerability scanner
7. [RETRIEVE WEB PAGE] curl, wget
8, 9. [VIEW HTTP HEADERS] my favorite is "curl -v http://whatever..."; read the curl manual page
    ("man curl")


+ Authentication
- Questions
    - what mechanisms are you asked to use to authenticate yourself?
    - do you ever need to authenticate somebody else? how do you do it?
    - what's the difference between the two "auths": authentication & authorization?
- HTTP Basic Access Authentication outline
    - benefits of this system?
    - disadvantages?
- Watch Basic Auth happen using Burpsuite

+ Reading the HTTP specification

+ HTTP Basic Authentication (and what is authentication, anyway?)

+ base64
- what's it for?
- variants?
- command-line tools: hexdump, od, base64

+ Coming up
- Reading RFCs
- Getting started with cryptography, cryptographic primitives,
    and cryptographic protocols