Learning Goals of this Project:
Students will get familiar with packet capture (PCAP) reading and some common man in the middle techniques. This is where a malicious user puts themselves in the middle of the conversation with another user or application and eavesdrops on all the traffic. Some papers which demonstrate this concept are the following:
Man-In-The-Middle Attack in Wireless and Computer Networking- A review
Detection of man-in-the-middle attacks using physical layer wireless security techniques
On the Feasibility of Large-Scale Infections of iOS Devices
Students will familiarize themselves with Layer 2 – 7 network traffic and how to analyze network traffic using Wireshark, a network protocol analyzer, and its libraries such as pyShark.
For more details about Wireshark you can visit https://www.wireshark.org
For details about pyShark and tshark you can visit http://kiminewt.github.io/pyshark/
Students will also familiarize themselves with application layer protocols such as HTTP and IRC.
If you are not familiar with HTTP, we strongly recommend you learn about the protocol, methods, and requests. You can find a good introduction at Mozilla’s developer page and Sam Barros’ Medium page
IRC was a very common protocol in the early 2000s. For its simplicity and efficiency it’s still in use on multiple settings. Several Botnets use it for Command and Control (C&C) and hacking groups still rely on IRC to exchange information. You can read more and get familiar by reading this Medium article.
Finally, this is a graduate course. So it is expected that students will research and understand how these network protocols work by reviewing their RFCs:
RFC1459 (Internet Relay Chat Protocol): https://datatracker.ietf.org/doc/html/rfc1459
RFC2616 (Hypertext Transfer Protocol): https://datatracker.ietf.org/doc/html/rfc2616
The final deliverables:
There are two deliverables for this project, each is under their own Gradescope assignment named Man in the Middle – PCAP Analysis and Man in the Middle – Programming Assignment.
Man in the Middle – PCAP Analysis template A single JSON file named project_mitm.json. A template can be found below. Please See Submission Details for more information. This submission consists of Flag 1 to Flag 5.
Man in the Middle – Programming Assignment The modified pcapanalysis.py file with the three new functions described under this submission consists of Flag 6 only. Please See Submission Details for more information.
Important Reference Material:
Youtube Video from our TA Renan showing how to install dependencies for Flag 6 and a short example
Official Wireshark Guide
Read the RFCs provided.
If you have no experience with networking or application layer protocols, we STRONGLY encourage you to research those topics. There are many great resources online like Google and YouTube.