“grasshopper always wrong in argument with chicken.” - book of
TRANSCRIPT
![Page 1: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/1.jpg)
“Grasshopper always wrong in argument with Chicken.”- Book of Chan
![Page 2: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/2.jpg)
Functional Fuzzing
with Funkand further explorations into the use of
functional languages for network scripting
Benjamin Kurtz
![Page 3: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/3.jpg)
Q:WTF? A:
Funk is a framework for the scripted generation of network traffic, written using the Chicken Scheme-to-C compiler.
![Page 4: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/4.jpg)
Funk is...• Simple
• Tiny
• Powerful
• Extensible
• Platform Independent and Protocol Agnostic
• Easily described by random adjectives
![Page 5: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/5.jpg)
Most Important Idea
Funk creates a generic interface to every network protocol!
This lets you keep your fuzzing logic separate from your protocol logic!
![Page 6: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/6.jpg)
Ok, but can it do?
• Fuzzing
• Flooding
• Spoofing
• Traffic Generation
![Page 7: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/7.jpg)
Long Term Goals• Query-Response
• Arbitrary Network Scripting
• Rapid Prototyping
• Virtual Servers
• Firewall and IDS
![Page 8: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/8.jpg)
Previous Design• XML-based scripts in flat file DB
• C/++ parser generator engine
• Domain-Specific Language, limited by regular grammars
• Imperfect, but still made some money
![Page 9: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/9.jpg)
Why That Sucked
• Checksums
• Internet Header Length
• Type-Length Value Fields
• ICMP, DHCP, ASN.1
Protocol logic and fuzzing logic were necessarily intertwined...
![Page 10: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/10.jpg)
Cue the music...
![Page 11: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/11.jpg)
Scheme FAQ• What the hell is Scheme anyway?
• Seriously, what’s up with all the parentheses?
• Why are LISP programmers so smug?
• Why can’t you just use C like normal people?
![Page 12: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/12.jpg)
LeaveInStupidParentheses
![Page 13: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/13.jpg)
Why Scheme?• Programming metaphor better suited to
problem (lambda calc vs. Turing machine)
• Easily extensible
• Well established, widely used
• Portable
• No Bit Rot!
![Page 14: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/14.jpg)
Why Chicken?• Actively developed
• Highly optimized (fast even in interpreter)
• Extends with Eggs or SWIG
• Compiles to straight C
• Functional language makes dealing with network protocols easy
![Page 15: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/15.jpg)
Chicken vs. PythonChickenChicken PythonPython
Interpreted?Interpreted? Yes YesCompiles?Compiles? to C to JavaLambdas?Lambdas? Yes Yes
Painfully Slow?Painfully Slow? No YesStupid?Stupid? Parentheses Whitespace
Tastes Like?Tastes Like? Chicken Chicken
![Page 16: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/16.jpg)
Implementation
![Page 17: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/17.jpg)
Packet Scripting
• Abstract Operations
• Flexibility
• Extensibility
![Page 18: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/18.jpg)
Protocols• Protocol Operations:
• Generate
• Serialize
• Validate
• Query
![Page 19: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/19.jpg)
Ethernet(define (install-ethernet-protocol)
;; Fields ( list of lists with values: name, bitlength, validator, serializer ) (define fields (list
(list 'destmac 48 mac-validator mac-serializer)(list 'srcmac 48 mac-validator mac-serializer)(list 'pkt-type 16 (hex-validator 16) (hex-serializer 16))
))
(define (generate packet aggregator) (default-generator packet fields aggregator))(define (validate packet) (default-validator packet fields))
;; Public Interface(put-op 'generate '(ethernet) generate)(put-op 'validate '(ethernet) validate)
"ethernet done")
![Page 20: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/20.jpg)
IPv4(define (install-ip4-protocol)
;; Fields ( list of lists with values: name, bitlength, validator, serializer ) (define fields (list
(list 'version 4 (hex-validator 4) (hex-serializer 4))(list 'internet-header-length 4 (hex-validator 4) (hex-serializer 4))(list 'type-of-service 8 (hex-validator 8) (hex-serializer 8)) (list 'total-length 16 (hex-validator 16) (hex-serializer 16)) (list 'identification 16 (hex-validator 16) (hex-serializer 16)) (list 'CE 1 (hex-validator 1) (hex-serializer 1)) (list 'DF 1 (hex-validator 1) (hex-serializer 1)) (list 'MF 1 (hex-validator 1) (hex-serializer 1)) (list 'fragment-offset 13 (hex-validator 13) (hex-serializer 13)) (list 'time-to-live 8 (hex-validator 8) (hex-serializer 8)) (list 'protocol 8 (hex-validator 8) (hex-serializer 8))(list 'header-checksum 16 (hex-validator 16) (hex-serializer 16)) (list 'source-ip 32 ip-validator ip-serializer) (list 'dest-ip 32 ip-validator ip-serializer) (list 'options 0 (hex-validator 32) (hex-serializer 32))
))
![Page 21: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/21.jpg)
Generate/Validate;; Generate/Validate Operations on Packets and Protocols-------------------------(define (generate-layer packet) ( (get-op 'generate (car packet)) (cdr packet) u8vector-cat) )(define (validate-layer packet) ( (get-op 'validate (car packet)) (cdr packet)) )
(define (validate packet) (cond ((null? packet) '())
(else (cons (validate-layer (car packet))(validate (cdr packet)) ))))
(define (generate packet) (cond ((null? packet) '())
(else(u8vector-cat (generate-layer (car packet))(generate (cdr packet))))))
![Page 22: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/22.jpg)
Generating a Packet
`Ethernet`Ethernet
`IP`IP
`TCP`TCP
![Page 23: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/23.jpg)
(define my-ip-packet (attach-tag '(ip4)(list"4" "5" "10" "0020""0030" "0" "1" "0""0755" "01" "04""A123" "192.168.1.1""192.168.1.2" ""
)))
(define my-eth-packet (attach-tag '(ethernet)(list"12:34:56:78:90:12""AA:BB:CC:DD:EE:FF""0800")))
(define my-packet (list my-eth-packet my-ip-packet ))
; send packet out (require 'raw-sockets)(raw-open "en0")(define raw-packet (generate my-packet))(raw-send raw-packet (u8vector-length raw-packet))
(raw-close)
![Page 24: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/24.jpg)
Chicken Eggs
• bit-cat
• crc16
• raw-sockets
![Page 25: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/25.jpg)
Future Work
• Filter/Receive/Inject Support
• Binary and File Format Fuzzing
• Visual Script Design
• Support for Additional Protocols
![Page 26: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/26.jpg)
Funk Source CodeCurrent Funk Source is available at:
http://www.memescape.com/funk/funk_current.tgz
![Page 27: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/27.jpg)
Recommended Reading
• Structure and Interpretation of Computer Programs (“The Wizard Book”) - Abelson & Sussman http://mitpress.mit.edu/sicp/
• The Scheme Programming Language - R. Kent Dybvig
![Page 28: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/28.jpg)
Q & A
Stump the chump!
![Page 29: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/29.jpg)
ExtrasThe following slides have all the information you need
to set up a Funk/Chicken Scheme development environment on any platform.
Turn “Show Presenter Notes” on for more information.
![Page 30: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/30.jpg)
Funk Development• Chicken Scheme - http://www.callcc.org
• Eclipse - http://www.eclipse.org
• SchemeScript plugin for Eclipse
• REPL
• Funk Source Code
![Page 31: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/31.jpg)
Install SchemeScript• Install SchemeScript plugin
• Help > Software Updates > Find & Install
• Search for new features
• New Update Site:SchemeWay
http://schemeway.sourceforge.net/update-site/
![Page 32: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/32.jpg)
REPL; remote_chicken.scm(use tcp)
(define (remote-repl #!optional (port 5156))(let*-values (((x) (tcp-listen port))
((i o) (tcp-accept x)))(current-input-port i)(current-output-port o)(current-error-port o) (repl)))
(remote-repl)
Compile with Chicken and put resulting binary in your project directory
csc -o remote_chicken remote_chicken.scm
![Page 33: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/33.jpg)
Configuring Eclipse• Add remote_chicken to External Tools
• Set SchemeScript to use Remote Interpreter
• Run remote_chicken from Run > External Tools
• Start Interpreter from Scheme > Start Interpreter
![Page 34: “Grasshopper always wrong in argument with Chicken.” - Book of](https://reader038.vdocuments.mx/reader038/viewer/2022110110/58a01fe91a28ab176a8b55e0/html5/thumbnails/34.jpg)
SchemeScript Hotkeys
• Ctrl - Enter - Executes the preceding S-expression
• Ctrl - Shift - Enter - Executes the enclosing S-expression
• Ctrl - Shift - L - Loads current file in interpreter