Student Mohammad Bilal contributed this post as a project summary of his GSoC2017 experience. 

Merged Pull Requests

1- Connection Timeout Added

Issues Resolved: #72, #59
Description Glutton support number of services (protocol handlers) so each service mean number of connection on that service. So It crash after some time with error: [user.tcp] accept tcp [::]:5000: accept4: too many open files, and this error was due to the allowance of limited number of open file descriptors by the operating system. There was no deadline set for opened connections so most of the connections never get closed. In result, the number of opened connections gradually cross the maximum open file descriptors limit and cause panic. So I added connection timeout = 72 second, number of opened connection will never reach the open file descriptor limit. Another reason was Freki; Glutton useses freki as a networking core so freki handler crashes because of improper error handling in Glutton. So I improved error handling of protocol handlers and glutton stops crashing.

Student Ravinder Nehra contributed this post as a project summary of his GSoC2017 experience

MySQL Emulator

Previously, Tanner supported SQL Injection using SQLITE but since MySQL is widely used so it is badly needed in my opinion. Also with MySQL, Time-based Blind SQLI can be emulated which can’t be done in SQLITE based emulator. It is implemented using aiosql library using the same approach used in SQLITE emulation previously.

1. MySQLI emulator  https://github.com/mushorg/tanner/commit/d79e1b6a34906d2527214ed19364c8d7f8edddc3
2. Change default DB and update documentation  https://github.com/mushorg/tanner/commit/7acfbc0792646a49be6f5330754b6cccabdcd3a1
3. Add new SQLI tests  https://github.com/mushorg/tanner/commit/19bfd57d73c74994533185e92f40d25428f3b31f

Command Execution Emulator

This emulator emulates Command Execution/Injection vulnerability.It is implemented using docker considering its safety features. I used Busybox as default docker image which provides a nice Linux shell, file system and most importantly very light in size. Attack is identified using the regex .*(alias|cat|cd|cp|echo|exec|find|for|grep|ifconfig|ls|man|mkdir|netstat|ping|ps|pwd|uname|wget|touch|while).* and then injected in the busbox docker image to get command injecion results.

This is a contribution by GSoC student Ziyue Yang, find him on Github yzygitzh.

My project for GSoC 2017 is Android Sandbox Detection and Countermeasure, which came out to be the ReDroid toolbox. This post was presented for the final evaluation of my GSoC 2017 project.

ReDroid is a toolbox for automatically detecting and countering anti-sandbox behaviors in Android apps. You can:

• View source on GitHub
• Download as zip file
• View usage example

Before GSoC 2017 begins, my GSoC mentor Yuanchun Li discussed with me about the proposal for the GSoC project. Generally our goal was to develop some mechanism that can counter anti-sandbox techniques presented in Android apps.

The summer is coming to the end as well as my GSoC17 happy days. So, now it’s time to sum up the results and say goodbye to the GSoC until the next year.

My impressions about working on the Heralding project

Working on the Heralding project was awesome experience for me. I feel I did something helpful, fun and challenging at the same time. I hadn’t wanted anything else before the summer!

Hi, I’m Matthew Shao from China. This year, I got the honor to be selected as a Google Summer of Code student for the mitmproxy project. With the help of my kindly mentors Maximilian Hils and Clemens Brunner, I managed to improve the source code of mitmweb, which is a web interface for mitmproxy, and added some exciting new features for it. Here I’m going to present you the work I’ve done during this fulfilling summer.

The Honeynet Project Workshop 2017

University of New South Wales

Canberra, Australia

November 15th-17th, 2017

https://canberra2017.honeynet.org/

At the end of February we were very happy to announce that The Honeynet Project had once again been selected to be a mentoring organization for Google Summer of Code (GSoC) 2017. Since then, there has a been a flurry of activity: We received more than 50 project proposals during the application phase, selected 14 fantastic students, set them up to work with us during the community bonding period, and now completed the first month of actual work! Now that the first tangible results are tickling in, it’s time to take a closer look at our students and see what they have achieved so far.

On May 25, 2017, Representative Tom Graves released the second draft of proposed amendments to 18 U.S.C. 1030 (known as the Computer Fraud and Abuse Act). Representative Graves’ bill is known as the Active Cyber Defense Certainty Act (or ACDC Act). There is no universally accepted umbrella term for this, but it is variously called “Active Defense”, “Active Cyber Defense”, “hacking back,” “hackback”, and “strike back.” You will find the word “active” applied almost universally in these discussions, though it frequently results in establishing a simple (though false) dichotomy of “passive defense” vs. “active defense” and frequently leading to fallacious “straw man” arguments. I prefer the term “Active Response Continuum” to explicitly avoid setting up such binary choices. [Dittrich and Himma(2005)]

This is a contribution by Tan Kean Siong, follow him on Twitter @gento_ .

The open source honeypot Dionaea supported SMB since long but lacked support for the recent WannaCry ransomware SMB vulnerability and the most recent Samba RCE vulnerability CVE 2017-7494 dubbed “SambaCry” wormable attacks. With the recent changes, both attack vectors are supported and respective samples caught in the wild.

Dionaea is a low interaction, server side honeypot which emulates a vulnerable system or device. Its ultimate goal is to gain a copy of the malware. It supports various protocols and network stacks e.g. SMB, HTTP, FTP, TFTP, MSSQL, MySQL, SIP (VOIP). Recently it also got support to emulate an IoT device, SmartTV or XBOX with the UPnP and MQTT protocols enabled. Dionaea was created back in the years of the Conficker worm, and yet its solid SMB network stack proved to be useful in 2017 for the WannaCry worm hunt across the Internet.

With Google Summer of Code (GSoC) 2017 being around the corner, we’d like to do a short flashback to 2016, our most successful GSoC year for mitmproxy so far! GSoC 2016 was mitmproxy’s fourth time participating in the program under the umbrella of the Honeynet Project. For the first time, we were able to mentor three students over the summer to work on both our Python core and the brand new web interface. As a major milestone, mitmproxy is now a Python 3 project and has a fantastic user interface that even works on Windows. With these improvements in, we finally decided to pull the trigger and called it the mitmproxy 1.0 release!