[Python] Sniffing inside a thread with Scapy

Scapy is an incredible tool when it comes to playing with the network. As it is written on its official website, Scapy can replace a majority of network tools such as nmap, hping and tcpdump.

One of the features offered by Scapy is to sniff the network packets passing through a computer’s NIC. Below is a small example:

This little sniffer displays the source and the destination of all packets having an IP layer:

$ sudo python3 sniff_main_thread.py
[*] Start sniffing...
[!] New Packet: 10.137.2.30 -> 10.137.2.1
[!] New Packet: 10.137.2.30 -> 10.137.2.1
[!] New Packet: 10.137.2.1 -> 10.137.2.30
[!] New Packet: 10.137.2.1 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
^C[*] Stop sniffing

It will continue to sniff network packets until it receives a keyboard interruption (CTRL+C).

Read more Development Python, Scapy, Signal, Thread

[Angular] Different sharing mechanisms for different situations

Angular has different mechanisms for sharing data between components. The choice of the sharing method mostly depends on the relationship of the related components. Typically, within the context of a parent-child topology, the most straightforward choice would be to use the @Input and @Output decorators. For sibling components, relying on a data sharing service seems to be the most obvious solution. In any case, once you have settled on the choice of a communication topology, you need to decide which data propagating mechanism to use.

Generally, components use EventEmmiter objects to share data with each other. When you pass data into an Angular component with an @Input decorator, you are actually using an EventEmitter object. Although this solution is appropriate for the majority of situations, this is not always the case. Let’s consider the following example:

Diagram of the data propagation using an EventEmitter

Read more Development Angular, WebApp

[Angular] Running unit tests with Chromium in a Docker container

Running unit tests for front-end web applications require them to be tested in a web browser. While it’s not an issue on a workstation, it can become tedious when running in a restricted environment such as a Docker container. In fact, these execution environments are generally lightweight and do not contain any graphical environment.

One solution to work around this issue is to use a headless web browser designed for development purposes, like PhantomJS. While it’s an elegant solution for testing an application, it would be even better to test it directly in a web browser which will be used by the end-users in order to match real conditions of use, for examples Firefox or Chromium/Google Chrome. However, as mentioned above, it is needed to find a way to execute a regular web browser in a restricted environment.

Read more Development Angular, Chrome, Chromium, CI, Docker, WebApp

Improve the security of your online payments

I think it is obvious to say that the security of your online payments is critical if you don’t want to have an unpleasant surprise one day when checking your account statement. That’s why most banks have added a two-step authentification security process to their online payment system. That way, you have to confirm your online payment with a one-time password sent via text message or other method by your bank. However, not every website supports this feature, leaving you defenceless if someone steals your credit card information.

Read more Hacking and Security Payment, Credit Card

[ndh2k16] Hello Friend

Une des épreuves du wargame de la nuit du hack 2016 était de retrouver un code de validation à partir de cette image :

Fichier JPEG utilisé pour le challenge "hello friend" lors de la nuit du hack 2016

Read more Hacking et Sécurité, Stéganographie ndh2k16, Wargame, Write-up