Benjamin Franklin, la liberté et la securité

NB : ce texte est sans rapport avec mes opinions sur les lois françaises (ou d’ailleurs) passées, présentes ou futures. C’est juste un genre de point Maître Capello de la citation.

Quand on parle des lois sécuritaires, ceux qui s’opposent aux évolutions vers plus de contrôle citent parfois Benjamin Franklin de cette façon : « Un peuple prêt à sacrifier un peu de liberté pour un peu de sécurité ne mérite ni l’une ni l’autre, et finit par perdre les deux. » (voir par exemple le tweet qui m’a incité à écrire ces lignes, par @Padre_Pio que par ailleurs j’aime beaucoup lire et que je vous recommande, tiens).

Or sacrifier un peu de liberté pour un peu de sécurité, il me semble que c’est ce qu’on fait dès qu’on vit en collectivité, par exemple. Et comme Benjamin Franklin (surtout connu pour avoir offert à Brassens une belle soirée en compagnie de sa voisine) ne me semblait pas tenir de l’anarchiste convaincu, j’ai un peu creusé.

Read more...

Le #fail de l’ANSSI / IGC/A / MINEFI (ce que j’en comprends)

Ce billet reprend les éléments “publiés” sur pastee pour répondre à une question de @sandrinecassini (elle promettait un verre, il ne m’en fallait pas plus).

Read more...

Scapy: using p0f

I’ve recently released a not-yet-applied patch for scapy which improves the use of p0f functionalities.

First, p0f now comes with databases designed for other TCP packets than only SYN packets (one database for SYN/ACK packets, one for RST and RST/ACK packets, and the last one for “stray” ACK packets). Those new databases are slightly different than the original one, and an effort was required to enable scapy’s p0f functions to use them.

Read more...

Scapext: Scapy Extended

Scapy is a great tool for network packets manipulation (sniff, dissect, create, send,…).

When I use this tool, I feel some features miss. So I have written an extension (called Scapext) that, for now, includes:

  • GeoIP support (through Maxmind GeoIP Python API). This is faster than the method used in Scapy for now, and easier.
  • PFLog pcap type (used by the OpenBSD Packet Filter to log packets; this allows PF to store valuable information on what happened to the packets logged).
  • Early SunRPC support with state handling.

Interested? See my posts about Scapy.

Metasploit Automated Exploitation on N800

As suggested by spaceaquarium, I’ve tried to get Metasploit Automated Exploitation (one of the killer features of Metasploit Framework 3) working on my N800. And that’s easy.

Read more...

msfweb on N800

As I said earlier, I wanted to have msfweb (the Metasploit Framework web interface) running on my N800, because it could be far more easy to use on that kind of devices. Finally it works!

First of all, install Metasploit (read this).

Then, you “only” need to get RubyGems (you can try my package), and get gem files for Rails and its dependencies (you’ll find the whole set here). Install each dependency, then Rails itself (run “gem install package-version.gem”).

You should be able to run from an xterm (in the directory where you’ve put Metasploit) the command ./msfweb.

It’s a bit slow to start, but it seems to work:

../../../_images/screenshot-2007-04-10-16-11-11.png

N800 with scapy and metasploit

Thanks to the python package provided by the Maemo “Extras” repository and to the osso-xterm provided by the Maemo-Hackers repository, I have had scapy running on my Nokia N800 for a while.

I have seen that some people had the Metasploit Framework running, thanks to an unreleased Ruby package.

As there is a Ruby file with mud-builder, I have built a Ruby package (you can get it here if you are too lazy to build it yourself) for N800, and… that’s it. Just get Metasploit, and run msfcli from an xterm, it works.

As it’s not that easy to work with an xterm on the N800 (as on any pocket-sized device), we really need a GUI. For metasploit, one could think of using msfweb plus the integrated web browser. But msfweb does not work for now (needs at least RubyGems and Rails).