SlideShare a Scribd company logo

Hatkit Project - Datafiddler

Download as PPT, PDF
H
holiman

The Datafiddler is a tool that allows users to analyze and visualize network traffic data stored in a MongoDB database by the Hatkit Proxy. It provides two primary views: a table view that displays raw data fields, and an aggregator view that shows aggregated data in a tree structure. Additional third-party plugins are planned to integrate other analysis frameworks.

Technology
1 of 18
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Developed by Martin Holst Swende 2010-2011 Twitter: @mhswende [email_address]
This presentation is just a quick and steep dive into the Datafiddler. It does not cover much, but hopefully gives a bit of understanding about what the Datafiddler is capable of. The Datafiddler operates on data stored by the Hatkit Proxy in a MongoDB database. The proxy is not covered in this presentation. Two primary views exists; the tableview and the aggregrator. A third view, 3rd party plugins, is planned but not implemented in the UI.
Dynamic display of data in a table-based layout (1:1 mapping)
This is what data is fetched from each document ('row') in the database. The variable 'v1' will contain request.time These are the column definitions. This is python code which is evaluated. They have access to the variables, and a library of 'transformations' date(millis) takes an UTC timestamp and converts it to a nice human readable format. The second column will be titled Date and contain the result of date(v1)
The v0 parameter is the object id. This column uses 'Coloring', which means that the value is not displayed, instead a color is calculated from the hash of the value. This is particularly useful e.g when values are long but not interesting. Cookie values take a lot of screen real estate, but often it is only interesting to see when they are changed – which is shown by the color.
There are a lot of prefedined 'transformers' which can be used when defining the columns For example, the function below makes it possible to display both URL-parmeters and POST-parameters in the same column. showparams(url,form) Sorts parameters by keys. You can send in two dicts, and get the combined result. This makes it easier to show both form-data and url-data in the same column. Example variable v2: request.url variable v3: request.data column: sortparams(v2, v3) //Another version variable v1: request column: sortparams(form=v1.data,url=v1.url)
It is simple to write the kind of view you need for the particular purpose at hand. Some example scenarios: - Analysing user interaction using several accounts with different browsers: * Color cookies * Color user-agent * Parameters * Response content type (?) - Analysing server infrastructure * Color server headers * Server header value for X-powered-by, Server etc. * File extension * Cookie names - Searching for reflected content (e.g. for XSS) * Parameter values * True/False if parameter value is found in response body (simple python hack) - Analyzing brute-force attempt * Request parameter username * Request parameter password * Response delay * Response body size * Response code * Response body hash After you write some good column definitions for a particular purpose, save it for next time
This is an example of how an object (request-response) is stored in the database. Each individual field can be used in database queries, more advanced functionality can be achieved using javascript which is executed inside the database. Since MongoDB does not impose a schema, these structures were dynamically generated by the writer (Hatkit proxy) on the fly. Dynamic properties such as headers and parameters can be used for selection just as any ’static’ property, such as response.rtt which always will be there. This enables semantics like ”Select request.url.parameters.z from x where request.url.parameters.z exists”. … (but just to be clear: all keys/values are dynamic)
Displays aggregated data in a tree structure (1:N mapping)
Aggregation (grouping) is a feature of MongoDB. It is like a specialized Map/Reduce which can only be performed on <10 000 documents. You provide the framework with a couple of directives, and the database will return the results, which are different kinds of sums. This enables pretty nice kind of queries which can be displayed in a tree-form. Example: sitemap can be easily generated Example: Show all http response codes, sorted by host/path Example: Show all unique http header keys, sorted by extension Example: Show all request parameter names, grouped by host Example: Show all unique request parameter values, in grouped by host
 
 
 
Provides capabilities to use existing frameworks, libraries and applicationsfor analysing captured data
3rd party analysis – The idea is to use plugins that use the stored traffic and ’replays’ it through other frameworks. Status: API defined, no UI exists. Runnable through console. W3af plugin Plugin which uses the ’greppers’ in w3af to analyse each request/response pair. Requires w3af to be installed, calls relevant parts of the w3af code directly. Status: Code works, but not feature complete. Ratproxy plugin Plugin which starts ratproxy (by lcamtuf) and opens a port (X) for listening. It sets ratproxy to use port X as forward proxy, then replays all traffic through ratproxy, while capturing the output from the process. Status:PoC performed, but not nearly finished Httprint plugin Plugin which uses httprint to fingerprint remote servers. Status: Idea-stage, unsure if httprint is still alive
 
For ’breakers’ : Datafiddler is very useful for analyzing remote servers and applications, from a low-level infrastructure point-of-view to high-level application flow. For ’defenders’ : Hatkit proxy can be set as a reverse proxy, logging all incoming traffic. Datafiddler can be used as a tool to analyze user interaction, e.g. to detect malicious activity and perform post mortem analysis. The proxy is very lightweight on resources (using Rogan Dawes’ Owasp Proxy), and the backend (MongoDB) has great potential to scale and can handle massive amounts of data.
Hatkit proxy requirements: Java (optional** : MongoDB) (mongodb java drivers included in binary release) ** Can be used in interception-only mode, where data is not stored. Datafiddler Requirements (only tested on Linux / Ubuntu): Python Qt4 PyQt4 bindings Python mongodb driver MongoDB (optional: w3af) (optional: ratproxy) To get up and running, grab Hatkit proxy : Src: http://martin.swende.se/hgwebdir.cgi/hatkit_proxy/ Bin: http://martin.swende.se/hgwebdir.cgi/hatkit_proxy/raw-file/tip/hatkit.zip And Datafiddler: Src: http://martin.swende.se/hgwebdir.cgi/hatkit_fiddler/

More Related Content

PDF
EKAW - Linked Data Publishing
Ruben Taelman
 
PPT
Object Relational Mapping with LINQ To SQL
Shahriar Hyder
 
PPTX
OpenStack Training in Mohali
Arcadian Learning
 
PDF
9800-2016-poster
Vasilij Nevlev
 
PPT
Lecture 6. ADO.NET Overview.
Alexey Furmanov
 
PPTX
Data base connectivity and flex grid in vb
Amandeep Kaur
 
PPTX
Java8 training - class 3
Marut Singh
 
PPT
vishual basic data base Pankaj
Rai Saheb Bhanwar Singh College Nasrullaganj
 
EKAW - Linked Data Publishing
Ruben Taelman
 
Object Relational Mapping with LINQ To SQL
Shahriar Hyder
 
OpenStack Training in Mohali
Arcadian Learning
 
9800-2016-poster
Vasilij Nevlev
 
Lecture 6. ADO.NET Overview.
Alexey Furmanov
 
Data base connectivity and flex grid in vb
Amandeep Kaur
 
Java8 training - class 3
Marut Singh
 
vishual basic data base Pankaj
Rai Saheb Bhanwar Singh College Nasrullaganj
 

What's hot (20)

PPTX
Java8 training - Class 1
Marut Singh
 
PPT
Potter’S Wheel
Dr Anjan Krishnamurthy
 
PPT
Simple Data Binding
Doncho Minkov
 
PDF
Mongodb Introduction
Raghvendra Parashar
 
PDF
FIWARE Global Summit - Real-time Processing of Historic Context Information u...
FIWARE
 
PPT
Data management with ado
Dinesh kumar
 
PPT
Data Connection using ADO DC
Purbanjali Das
 
PPTX
Chapter 15
application developer
 
ODP
Data repositories
Corneil du Plessis
 
PPTX
MarcEdit Shelter-In-Place Webinar 5: Working with MarcEdit's Linked Data Fram...
Terry Reese
 
ODP
Drupal Services 3 - Drupal Dev Days 2011, Brussels
heyrocker
 
PPTX
Asp.net server control
Sireesh K
 
PPT
Ado.net
dina1985vlr
 
PPTX
Query Optimization in MongoDB
Hamoon Mohammadian Pour
 
PPT
ASP.NET 09 - ADO.NET
Randy Connolly
 
PDF
Lambda expression par Christophe Huntzinger
Mik_Arber
 
PDF
Asp net interview_questions
Bilam
 
PDF
Ado.Net Architecture
Umar Farooq
 
PDF
OAISRB
Jigar Kadakia
 
PDF
Apollo Server III
NodeXperts
 
Java8 training - Class 1
Marut Singh
 
Potter’S Wheel
Dr Anjan Krishnamurthy
 
Simple Data Binding
Doncho Minkov
 
Mongodb Introduction
Raghvendra Parashar
 
FIWARE Global Summit - Real-time Processing of Historic Context Information u...
FIWARE
 
Data management with ado
Dinesh kumar
 
Data Connection using ADO DC
Purbanjali Das
 
Chapter 15
application developer
 
Data repositories
Corneil du Plessis
 
MarcEdit Shelter-In-Place Webinar 5: Working with MarcEdit's Linked Data Fram...
Terry Reese
 
Drupal Services 3 - Drupal Dev Days 2011, Brussels
heyrocker
 
Asp.net server control
Sireesh K
 
Ado.net
dina1985vlr
 
Query Optimization in MongoDB
Hamoon Mohammadian Pour
 
ASP.NET 09 - ADO.NET
Randy Connolly
 
Lambda expression par Christophe Huntzinger
Mik_Arber
 
Asp net interview_questions
Bilam
 
Ado.Net Architecture
Umar Farooq
 
OAISRB
Jigar Kadakia
 
Apollo Server III
NodeXperts
 
Ad

Viewers also liked (17)

PPT
Vietnam power point
Michelle Haddix
 
PPTX
նախագիծ
Vika Markosyan
 
PPTX
Մխիթար Սեբաստացի
Vika Markosyan
 
PPTX
Presentación proyecto enuy ingles
Angel Nuñez
 
PDF
WebSockets för applikationstestare
holiman
 
PPT
Vietnam Power Point
Michelle Haddix
 
PPTX
եսապատում
Vika Markosyan
 
PPTX
Halloween
Vika Markosyan
 
PPTX
талусни растения
Pavlina Elinova
 
PPTX
искусство,музыка,живопись,кино
Vika Markosyan
 
PPTX
VocalPress Overview
VocalPress
 
PPTX
ամենաաղտոտ գետերը
Vika Markosyan
 
PPTX
Republica bolivariana de venezuela1
Roonald Perez
 
PPT
The very hungry_caterpillar_book
valeriewatt
 
PPTX
90’s cartoons
Derek De Witt
 
PPTX
Tranter Australia Information
bjs123
 
PPTX
հեքիաթներ
Vika Markosyan
 
Vietnam power point
Michelle Haddix
 
նախագիծ
Vika Markosyan
 
Մխիթար Սեբաստացի
Vika Markosyan
 
Presentación proyecto enuy ingles
Angel Nuñez
 
WebSockets för applikationstestare
holiman
 
Vietnam Power Point
Michelle Haddix
 
եսապատում
Vika Markosyan
 
Halloween
Vika Markosyan
 
талусни растения
Pavlina Elinova
 
искусство,музыка,живопись,кино
Vika Markosyan
 
VocalPress Overview
VocalPress
 
ամենաաղտոտ գետերը
Vika Markosyan
 
Republica bolivariana de venezuela1
Roonald Perez
 
The very hungry_caterpillar_book
valeriewatt
 
90’s cartoons
Derek De Witt
 
Tranter Australia Information
bjs123
 
հեքիաթներ
Vika Markosyan
 
Ad

Similar to Hatkit Project - Datafiddler (20)

ODP
SCDJWS 6. REST JAX-P
Francesco Ierna
 
PPTX
6 10-presentation
Remi Arnaud
 
PPTX
Quantopix analytics system (qas)
Al Sabawi
 
ODP
Presto
Knoldus Inc.
 
PDF
Asp net interview_questions
Ghazi Anwar
 
PPT
Semantic Web Servers
webhostingguy
 
PPT
Switch to Backend 2023
Google Developer Students Club NIT Silchar
 
PDF
PDFArticle
Akhil Mittal
 
PPTX
Metadata Extraction and Content Transformation
Alfresco Software
 
PPT
Gt ea2009
George Thomas
 
PPT
The Social Data Web
George Thomas
 
PPT
Document Databases & RavenDB
Brian Ritchie
 
PDF
Import web resources using R Studio
Rupak Roy
 
PPTX
Practical OData
Vagif Abilov
 
PDF
Beginning with wcf service
Binu Bhasuran
 
PPTX
Node js crash course session 5
Abdul Rahman Masri Attal
 
PPT
REST vs WS-*: Myths Facts and Lies
Paul Fremantle
 
PPT
53 hui homework2
huis89
 
PDF
Asp.net interview questions
Akhil Mittal
 
PPT
Ruby On Rails Siddhesh
Siddhesh Bhobe
 
SCDJWS 6. REST JAX-P
Francesco Ierna
 
6 10-presentation
Remi Arnaud
 
Quantopix analytics system (qas)
Al Sabawi
 
Presto
Knoldus Inc.
 
Asp net interview_questions
Ghazi Anwar
 
Semantic Web Servers
webhostingguy
 
Switch to Backend 2023
Google Developer Students Club NIT Silchar
 
PDFArticle
Akhil Mittal
 
Metadata Extraction and Content Transformation
Alfresco Software
 
Gt ea2009
George Thomas
 
The Social Data Web
George Thomas
 
Document Databases & RavenDB
Brian Ritchie
 
Import web resources using R Studio
Rupak Roy
 
Practical OData
Vagif Abilov
 
Beginning with wcf service
Binu Bhasuran
 
Node js crash course session 5
Abdul Rahman Masri Attal
 
REST vs WS-*: Myths Facts and Lies
Paul Fremantle
 
53 hui homework2
huis89
 
Asp.net interview questions
Akhil Mittal
 
Ruby On Rails Siddhesh
Siddhesh Bhobe
 

Recently uploaded (20)

PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Cloud computing and distributed systems.
kkkkkhan
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Teaching material agriculture food technology
LiaRayya
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Approach and Philosophy of On baking technology
30anthuong17
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 

Hatkit Project - Datafiddler

  • 1. Developed by Martin Holst Swende 2010-2011 Twitter: @mhswende [email_address]
  • 2. This presentation is just a quick and steep dive into the Datafiddler. It does not cover much, but hopefully gives a bit of understanding about what the Datafiddler is capable of. The Datafiddler operates on data stored by the Hatkit Proxy in a MongoDB database. The proxy is not covered in this presentation. Two primary views exists; the tableview and the aggregrator. A third view, 3rd party plugins, is planned but not implemented in the UI.
  • 3. Dynamic display of data in a table-based layout (1:1 mapping)
  • 4. This is what data is fetched from each document ('row') in the database. The variable 'v1' will contain request.time These are the column definitions. This is python code which is evaluated. They have access to the variables, and a library of 'transformations' date(millis) takes an UTC timestamp and converts it to a nice human readable format. The second column will be titled Date and contain the result of date(v1)
  • 5. The v0 parameter is the object id. This column uses 'Coloring', which means that the value is not displayed, instead a color is calculated from the hash of the value. This is particularly useful e.g when values are long but not interesting. Cookie values take a lot of screen real estate, but often it is only interesting to see when they are changed – which is shown by the color.
  • 6. There are a lot of prefedined 'transformers' which can be used when defining the columns For example, the function below makes it possible to display both URL-parmeters and POST-parameters in the same column. showparams(url,form) Sorts parameters by keys. You can send in two dicts, and get the combined result. This makes it easier to show both form-data and url-data in the same column. Example variable v2: request.url variable v3: request.data column: sortparams(v2, v3) //Another version variable v1: request column: sortparams(form=v1.data,url=v1.url)
  • 7. It is simple to write the kind of view you need for the particular purpose at hand. Some example scenarios: - Analysing user interaction using several accounts with different browsers: * Color cookies * Color user-agent * Parameters * Response content type (?) - Analysing server infrastructure * Color server headers * Server header value for X-powered-by, Server etc. * File extension * Cookie names - Searching for reflected content (e.g. for XSS) * Parameter values * True/False if parameter value is found in response body (simple python hack) - Analyzing brute-force attempt * Request parameter username * Request parameter password * Response delay * Response body size * Response code * Response body hash After you write some good column definitions for a particular purpose, save it for next time
  • 8. This is an example of how an object (request-response) is stored in the database. Each individual field can be used in database queries, more advanced functionality can be achieved using javascript which is executed inside the database. Since MongoDB does not impose a schema, these structures were dynamically generated by the writer (Hatkit proxy) on the fly. Dynamic properties such as headers and parameters can be used for selection just as any ’static’ property, such as response.rtt which always will be there. This enables semantics like ”Select request.url.parameters.z from x where request.url.parameters.z exists”. … (but just to be clear: all keys/values are dynamic)
  • 9. Displays aggregated data in a tree structure (1:N mapping)
  • 10. Aggregation (grouping) is a feature of MongoDB. It is like a specialized Map/Reduce which can only be performed on <10 000 documents. You provide the framework with a couple of directives, and the database will return the results, which are different kinds of sums. This enables pretty nice kind of queries which can be displayed in a tree-form. Example: sitemap can be easily generated Example: Show all http response codes, sorted by host/path Example: Show all unique http header keys, sorted by extension Example: Show all request parameter names, grouped by host Example: Show all unique request parameter values, in grouped by host
  • 11.  
  • 12.  
  • 13.  
  • 14. Provides capabilities to use existing frameworks, libraries and applicationsfor analysing captured data
  • 15. 3rd party analysis – The idea is to use plugins that use the stored traffic and ’replays’ it through other frameworks. Status: API defined, no UI exists. Runnable through console. W3af plugin Plugin which uses the ’greppers’ in w3af to analyse each request/response pair. Requires w3af to be installed, calls relevant parts of the w3af code directly. Status: Code works, but not feature complete. Ratproxy plugin Plugin which starts ratproxy (by lcamtuf) and opens a port (X) for listening. It sets ratproxy to use port X as forward proxy, then replays all traffic through ratproxy, while capturing the output from the process. Status:PoC performed, but not nearly finished Httprint plugin Plugin which uses httprint to fingerprint remote servers. Status: Idea-stage, unsure if httprint is still alive
  • 16.  
  • 17. For ’breakers’ : Datafiddler is very useful for analyzing remote servers and applications, from a low-level infrastructure point-of-view to high-level application flow. For ’defenders’ : Hatkit proxy can be set as a reverse proxy, logging all incoming traffic. Datafiddler can be used as a tool to analyze user interaction, e.g. to detect malicious activity and perform post mortem analysis. The proxy is very lightweight on resources (using Rogan Dawes’ Owasp Proxy), and the backend (MongoDB) has great potential to scale and can handle massive amounts of data.
  • 18. Hatkit proxy requirements: Java (optional** : MongoDB) (mongodb java drivers included in binary release) ** Can be used in interception-only mode, where data is not stored. Datafiddler Requirements (only tested on Linux / Ubuntu): Python Qt4 PyQt4 bindings Python mongodb driver MongoDB (optional: w3af) (optional: ratproxy) To get up and running, grab Hatkit proxy : Src: http://martin.swende.se/hgwebdir.cgi/hatkit_proxy/ Bin: http://martin.swende.se/hgwebdir.cgi/hatkit_proxy/raw-file/tip/hatkit.zip And Datafiddler: Src: http://martin.swende.se/hgwebdir.cgi/hatkit_fiddler/