yourlabs/python container adds security audit tools

The new version of yourlabs/python docker image, which bundles npm and pip3 on alpine and a bunch of testing tools, was released with bandit and safety baked in.

You can benefit from it in your Open Source software by adding .gitlab-ci.yml:

py-sec-bandit:
  image: yourlabs/python
  script: bandit -v -x commands,tests {posargs:-r src}

py-sec-safety:
  image: yourlabs/python
  script: safety check

Scripted Cache AnyThing - HTTPS included - in Python with mitmproxy

The last article demonstrated how we could simply make any https flow going out a virtual bridge network interface through mitmproxy to cache anything. In this article, we’ll focus on the logic to “cache anything” from within our mitmproxy script. Design We’d like each fetched file to be stored in a directory as is to make it easy to tweak the cached content: remove a file from the cache directory to force the proxy to re-fetch it, fill the cache directory with your own files, have the cache directory mountable in a memory (ie. [Read More]

Scripted MITM AnyThing in Python with mitmproxy

This article describes how to get a working transparent HTTP/HTTPS proxy which you can script in Python. I intend to use it to have custom caching and be able to abstract away all HTTP/HTTPS connections made in my LXC containers which are spawned by CI to be able to test deployment scripts even when internet is down. A nice journey ;) First, install mitmproxy with pip: pip install mitmproxy mitmproxy documentation describes the iptables commands to intercept Assuming you have LXC with Nat. [Read More]

Fun with debugging symbols

This article follows up with Basics of GDB debugging, focus on symbols. List symbols with nm Use the nm command to list symbols in a binary: $ nm main 0000000000600920 B __bss_start 0000000000600920 b completed.6330 0000000000600910 D __data_start 0000000000600910 W data_start 0000000000400440 t deregister_tm_clones 00000000004004b0 t __do_global_dtors_aux 00000000006006f8 t __do_global_dtors_aux_fini_array_entry 0000000000600918 D __dso_handle 0000000000600708 d _DYNAMIC 0000000000600920 D _edata 0000000000600928 B _end 00000000004005a4 T _fini 00000000004004d0 t frame_dummy 00000000006006f0 t __frame_dummy_init_array_entry 00000000004006e8 r __FRAME_END__ 00000000006008e0 d _GLOBAL_OFFSET_TABLE_ w __gmon_start__ 00000000004003a8 T _init 00000000006006f8 t __init_array_end 00000000006006f0 t __init_array_start 00000000004005b0 R _IO_stdin_used w _ITM_deregisterTMCloneTable w _ITM_registerTMCloneTable 0000000000600700 d __JCR_END__ 0000000000600700 d __JCR_LIST__ w _Jv_RegisterClasses 00000000004005a0 T __libc_csu_fini 0000000000400530 T __libc_csu_init U __libc_start_main@@GLIBC_2. [Read More]

GDB debugging basics

Introduction GDB is a debugger for executables “objects” on Linux. It will use source code and “debug symbols” if available: source code to display the code ie. corresponding to a specific frame at runtime, debug symbols to display variables and functions names like in the code. What’s the relation between security and GDB ? Well it will help finding security bugs which may be vulnerabilities to buffer overflow. [Read More]

Strace basics

This is the first of a series of articles on security and exploiting. For starters we’ll cover basic debugging tools before we get into actual exploiting because the first step to exploiting is reverse-engineering most of the time. The series targets experienced developers and tries to go straight to the point for them. Every article in this series is tagged “security”. Introduction strace is a tool that prints system calls like open, connect, etc … and signals like INT, KILL, etc … of a process. [Read More]