 I'm going to talk to you about one of my favorite libraries that I learned recently which is called Scapey or Scappy or like, I don't know how to pronounce it, but I'm going to pronounce it Scapey. So usually when you think of like network hacking and like, you're like, do I need to be a wizard? Is it the matrix? Or maybe you already know, right? A little bit, but you might think that you have to write C code, which would be wrong. So let's say that you wanted to hack like, you know how you think like WEP is insecure and like WPA is better and you can hack web and so what if like you actually wanted to do it, right? How would you start in real life? So before I learned about Scapey, I was like, I guess I would write C but I would have to write a lot of C and that would be boring. So I won't do that. Instead I'll do something else. So I'm going to tell you a little bit about how to use Scapey. Let's start with something simpler than like hacking web which I'm not going to tell you how to do because I don't actually know how. Which is ping, right? So I tried to ping here. It didn't work, which I don't understand because my internet otherwise works but I can't like I guess because of some firewall thing with Ucam, I don't know. But let's say we wanted to implement ping, right? Let's say we wanted to implement ping in C. You have like these structs and then there are more structs and then I found this code on the internet for how to ping and I was like really? No, that's not a thing that I'm going to do. Right, so let's talk about Scapey. So first let's say we look up the IP address with NSLookup, right? And I want to talk about this a little bit. So what it gives you is it gives you a way to construct packets so you can make an IP packet or an ICMP packet without having like all these headers and stuff and then you create a packet by saying so the way the internet works is there are different network layers, right? So IP tells you about like where to send your packets so I'm saying I'm making an IP packet and I want that packet to go to 74.123. whatever, right? And then I combine it with an ICMP packet which is what a ping is. So the way a ping works is like you send an ICMP packet and then it sends an ICMP packet back and you're like okay that machine must have been there. That's my understanding of networking. So SR1 is this like helpfully named function which means send the packet and then receive an answer. Obviously you see it says like I received 19 packets but most of them were not for you and one of them was an answer. And I really like this so it looks like a mess, right? But it's really cool because you can actually like get to see all of the details of the packet and it's all there. So like no matter what kind of like algorithm like network algorithm you're trying to write you have all of the information you need. So let's say I cared that like my ICMP packet had code zero which I don't care about because I don't know what that means but if I did care then I would know, right? And it'll calculate things like checksums for you and like there are all these things that the C code was doing like calculating checksums that you don't have to do because that's boring. And if you did want to do it then you could. So you can kind of like interact with like networking at the level of detail that you want to which for me currently is like not a lot. So how does Tracer work, right? What Tracer does first is you want to know like there's me and then there's Google.com and the question is like what's in the middle, right? So the time to live is you're sending your packet somewhere, right, let's say Google and you're like I don't want you to like end up in an infinite loop forever because if you had a lot of packets on the internet that were in an infinite loop forever then your internet, your tubes would get clogged, right? Like the internet tubes would be full of packets and that would be bad. So there's this really elegant solution that's been developed in the internet protocol which is like every packet has a time to live and every time you pass a packet onto your friend you decrease the time to live by one. So you set the time to live to five and then it goes somewhere and it's four and then it's three and then it's two and then it's one and then it's dead and it sends a message back to me like it didn't work. Like maybe try again. So Tracer out makes the like observation that if you send someone something with TTL one it will only get one step so you'll get a message from a server which is one step away, right? So let me make this a bit smaller for a second. So if I send a UDP packet which is just like some kind of packet I'm with TTL one and I look at where the reply comes from it'll come back from my router which makes sense. So that's super cool. Like I have successfully implemented step one of Tracer in like one line of code and we can do better, right? We can actually like run the whole thing. So let's say we only care about things that's like length six away. So what we do is we make our packet when we keep on increasing the TTL and then we get her a fly back and this is kind of a hack because sometimes there are timeouts and I wanted to pretend that they didn't happen because I wanted to do a demo. Oh man, yeah. So and then I run this again here so I ran that before at home and here it's like 132.208 which sounds like a new cam server. Is that true? It's true. It's real. So like these two things at the end are some kind of server inside Ucam. Cool. And we could like maybe make this number bigger and see if it works. I don't know if it's going to work. So like you can see that like some of these like aren't working. I'm experiencing timeouts. But that's fine, right? Okay. So I promised you hacking and that was a lie so far, right? So far I told you you had to implement Tracer and like who thinks that Tracer is like hacking. Like nobody, you maybe, yeah. Okay, I have one believer. Okay, but like maybe we should do, oh and you can also look up the host names in Python, which is cool if you wanted to do that. And like the cool thing here is that we're done, right? Like we're like six lines of code and we've implemented Tracer except for the boring part which is like actually making your code work, right? But we have all of the basics. All right, so I promised you hacking and we're going to do like a little bit of hacking. So I want to talk about ARP spoofing which is like kind of the main hacking thing I know. So the way you have a router, right? Let's say a wifi router. And something I learned recently is I always thought that like my router sent me messages by IP addresses and I was like I have a Mac address but like what's a Mac address? I don't know, right? So your router sends you messages like using your Mac address. So it does not say like I'm sending a message to 192.168.1.144, it sends a message to like 3CE colon 97 colon whatever, right? That's how it identifies you. And this also means things like you could have more than one like network card in your computer and it could send messages to both of those separately. So you're identified by Mac address but there's a question of like how does it know which IP address corresponds to which Mac address? And the way that works is that you tell it. You're like hi, I am this IP, this is my Mac address and it believes you always, like that's it. So this creates some problems. This could create a problem, right? Because you could in particular lie. Does anybody have a computer open? Can I try to hack you a little bit? It won't hurt, nothing bad will happen to you, yeah? Can you run like IF config and find out your IP address? Okay, sweet, also it's your internet working right now. Okay, sweet, I hope this works, otherwise it won't be embarrassing. Let's see if we can do it. So the way this works is you send an art packet where you're like this is my IP and this is my Mac address. So this is my real Mac address. And I'm gonna change this IP address to be Bons IP address and we'll see if it actually works. What's your IP address? 132, okay, so I'm gonna run this, why doesn't it work? I forgot to import. What if you reload a webpage? Does it work? I really hope it doesn't work. It's really slow, right? It's waiting, cause it's sending your packets to me. It's sending your packets to me. And like, it's so fun, right? And like, so this talk is basically over now, like this is all I know about network hacking, like fundamentally, but you can do this, right? You can learn about a new thing and just implement it in like one line of code. So there are more things you could do, a few. So you can do things like spy on all the packets being sent and received on your local network because it turns out that like, there's all these wifi packets going around and you think of them as like some are going to you and some of them are going to other people, but like I think you can just see all of them assuming that like you set up like your network card, right, so you can just see all the packets and then you can look at them and inspect what's in them and do whatever you want. Don't do anything bad, you wouldn't. You're nice, I hope. You could do things like, let's say you're learning about TCP and there's a cool thing called a TCP reset packet which will reset a TCP connection and you can just like reset all the TCP connections. You can be like, nope, it's over because it believes you, right? You could find out if your computer is sending passwords in plain text and there are tools to do this. A lot of the times these tools are written in C. You could write your own tools in Python. It'll be really easy. You could learn how TCP works. I wrote a TCP stack in Python. It was a bad idea, it was really slow because I would be like, hey, Google.com, I am sending you packets and acknowledging them and it would be like, are you timing out? Because like it's flying really slowly and it was like, it's just because it's Python. I'm sorry. But you can write a TCP stack in Python. You need to do hacks. You need to ARPSFOOF actually. Because you're running it in users facing not in the kernel. Anyway, you could like learn why WEP is insecure and you could write that thing yourself in Python, right? It would be awesome. There's this really fun book called Hacking, the art of exploitation. It is not only about network hacking, but it's about that in particular. It's really fun. I recommend reading it. That's where I learned everything that I know like ARPSFOOFing because that's mostly what I know. And that's kind of all I have to say. I have a blog where sometimes I write about these things. These slides are online. Do you have questions?