Computer Networks 2 - Project
The student will have to:
Analyze with Wireshark the traffic generated by a smartphone app.
Demonstrate a a form of Man-In-The-Middle against a smartphone browser.
Both activities will have to be summarized in a short report. Activity 1 has to be executed autonomously and its main objective is familiarizing with Wireshark usage. Activity 2 has to be shown as a demo.
The typical scenario is a PC and a smartphone, both owned by the student; PC connected to the Internet through eduroam and acting as hotspot on the same Wi-Fi interface connected at eduroam. In Activity 1 Wireshark is executed on the PC. In Activity 2 a web server and a DNS server are executed on the PC. In case the demo has to be delivered in streaming (due to the pandemic), PC and smartphone will be connected to the home Wi-Fi network of the student.
I suggest to follow these steps:
Execute on the PC one or more of the Wireshark Labs provided in Networks Lab, in order to become familiar with Wireshark.
Configure PC as hotspot and connect the smartphone to the hotspot, as described in the first section of "3 - MITM on smartphone" in Networks Lab.
You are now ready to execute activity 1 and activity 2.
Choose a smartphone app that requires authentication. Analyze the traffic generated by that application, in particular with respect to authentication. By "analyzing" I mean answering one or more of these questions:
does the app use https?
on which servers?
does it use SPID?
does it use OAuth?
does it use certificate pinning?
can you identify the DNS traffic of the app?
can you identify the servers involved?
This is just a non exhaustive list of "interesting" features that can be discovered with Wireshark. Having an account on the app is not strictly necessary for performing such analysis.
Suggested apps (non exhaustive list):
Safety4All - UniTS
Other apps of Italian Energy providers.
The student will have to show the following scenario:
PC connected to the Internet and acting as hotspot.
Another device, either a smartphone or another PC, connected to the hotspot.
A DNS Server and a Web Server run on the PC.
A browser on the device connects to an HTTP website S1 and to an HTTPS website S2.
The two websites must have different names and must correspond to the names of real websites. These websites may be chosen by the student.
The device resolves the names of the websites through the DNS Server on the PC.
The DNS Server maps the requested names on the IP address of the Web Server on the PC.
The device accesses the websites at the Web Server on the PC.
The above activities are described in detail in the 3 first "MITM LABS" provided in Networks Lab.
The demo must be shown and approved at least one week before the written exam.
Participation in the exam is allowed only when this constraint is satisfied. Once the demo has been approved, it will last “forever”.
Demo sessions with multiple students will be organized upon request.
The demo can be done from remote, with either Google Meet or Microsoft Teams. The student will share the PC screen to show Wireshark, web server, DNS server...whatever may be needed. The smartphone screen may be placed closed to the webcam at my request (to show the browser or whatever) or it may be mirrored on PC. There are many free tools for sharing the smartphone screen (see for example here); the free version of some tools has to be restarted after 5-10 minutes: no problems, I will wait; you do not need to pay a full version.
After completing the demo and before participating in the written exam, the student must provide a report as follows:
File in PDF format named “CompNet2 - 2020 - family name.pdf”
No more than 2 pages with a textual description of the main findings in Activity 1.
No more than 2 pages with:
Description of the scenario for the demo (devices, operating systems and other software).
Suggestions for improving the accompanying document (mistakes, inaccuracies, suggested changes or integrations).
An appendix with a potentially unlimited set of screenshots, referenced by the text, for demonstrating the findings of Activity 1.
Depending on the report, the grade of the exam may be increased up to 2 votes. I will decide based on the quality of the report itself: clarity, technical detail, relevance of the observations. I expect that zero increment will be common.
It is strongly advised to execute Activity 1 and show the demo much earlier than the exam.