CSC8520 Securing Networks Assessment :
CSC8520 Securing Networks Instructions:
There are two questions in CSC8520 Securing Networks Assignment 2 which forms 30% of the final grade of CSC8520:
- Question 1 (full mark: 20 marks),
- Question 2 (full mark: 10 marks).
The openssl toolkit for Question 1: The openssl is a suite of open source programs that has been implemented on Linux, Windows, Mac OS. You should be able to use the Command Line Interface (CLI) utility to complete Question 1 in Assignment 2 (no further software installation is required if you have completed Question 2 of CSC8520 Assignment 1).
The web server for Question 2: You need to install Python3 and Flask for run- ning the web server for Question 2. Please refer to Part II of Week 6 Practicum (of CSC8520) on software installation and web server access. You will be greeted with a web page titled as “CSC8520 A2 Login” for a successful server access (see Fig 1).
On the submission Please submit your solutions to the the online CSC8520 Securing Networks Assignment 2 submission portal on your CSC8520 Studeydesk.
Please submit your solutions to Question 1 and Question 2 together; please compress them into one file (.tar, .Zip, etc.), and submit with a file name as “your student ID + your name + a2solutions”.
Networks Question 1 (Internet Security: 20 marks)
In this question, you will need to complete the following tasks:
- Download a copy of real-life certificate (sample cert.cer) in the format of DER.
Figure 1: CSC8520 A2 Login Page
- Use the openssl utility to convert the certificate into text format. Notes: you can consider using “-inform DER” command in openssl because of its format of DER. (2 marks)
- Answer the following questions:
- Who issued the certificate? (1 mark)
- Who is the owner of the certificate? (1 mark)
- Which hash algorithm and public key cryptographic algorithm are used for generating this certificate? (2 marks)
- Write a bash script to check whether the given certificate (sample cert.cer) is on the Certificate Revocation List (CRL) from the Certificate Authority (CA) by following the steps below (14 marks in total):
Step 1: Extracting and printing out the CRL HTTP(S) of CA’s Server. (2 marks)
- Step 2: Extracting and printing out CRL’s filename. (2 marks)
Step 3: Downloading the CRL from CA’s server (you can use the wget command). (4 marks)
- Step 4: Extracting the list of serial numbers from the CRL. (2 marks)
Step 5: Extracting the serial number from the given certificate (sam- ple cert.cer). (2 marks)
Figure 2: An expected output for Question 1
Step 6: Checking whether the given certificate’s serial number (extract- ed in Step 5) is from the CA’s CRL (extracted in Step 4) or not. If “yes”, please print out “The given certificate is on the CRL, i.e., revoked by the CA”, otherwise please print out “The given certificate is not on the CRL, i.e., not revoked by the CA”. (2 marks)
See Fig 2 for an expected output for Question 1 (you may need to zoom in the picture for a clearer view).
Submission: Please submit two files for Question 1. The first file should be your bash script for Sub Question 4, with proper and sufficient comments included. The second file should be a .pdf document which contains (i) a screenshot of your bash script testing result, and (ii) your answers to Sub Questions 1-3 in Question 1.
Question 2 (Web Security: 10 marks)
A web server script (a2server.py) has been distributed to you. Please run the script with Python 3 locally to complete Question 2. You need to install Flask to run this server. If you want to know how to install Python 3 and Flask, please check Part II of Week 6 Practicum.
After starting the server locally (using the command Python3 a2server.py), please open your web browser (Chrome or Firefox preferred) and enter the following URL: http://localhost:7007.
- SQL injection attack (5 marks). Your goal in this sub question is to in- ject an SQL query statement which enables you to log in as Alice without
Figure 3: Post news item page
knowing Alices password. Alice’s email is [email protected], while Alice’s password is unknown to you. Based on what you have learned in CSC8520 Lecture 5 and Practicum 5, find a way to log in as Alice (without knowing her password)!
- Hint: The SQL query statement can be found as follows:
SELECT * FROM users WHERE email=’%s’ and password=’%s’”%(email,password)
- Cross-site Scripting (XSS) Attack (5 marks). Your goal in this sub ques- tion is to inject some Javscript code on a page that the admin user will look at and disclose his/her session cookie to you. You can follow the steps below to conduct this XSS attack for achieving the goal:
Step 1: Log in as Alice (after you conduct a successful SQL injection attack described in Sub Question 1 above), find the Section of “Post News item” (see Fig 3)and enter some Javscript code in a page that the admin user will look at and will cause the disclosure of his/her session cookie to you. After clickig “Submit”, you should be able to see a new section “News list”, under which there is an item called “alice say: Exciting News”. The phrase ”Exciting News” should be underscored because it’s a hyperlink, which the admin will be asked to click in Step 3 below. Please refer to Fig 4 for an expected output.
Figure 4: An expected output with a hyperlink (“Exciting News”) shown
Figure 5: An expected output with the admin’s session cookie displayed
Step 2: Log out as Alice and log in as admin with username: ad- [email protected], and password averysecureadminpassword.
Step 3: After logging in as admin successfully, please go to click the link (after Step 1 described above, prepared by Alice). Your XSS attack in Step 1 is successful if you can see admin’s session cookie informa- tion displayed on the ”News list”. Please refer to Fig 5 for an expected output (you may need to zoom in the picture for a clearer view).
Note: if you feel annoyed by the automatic popups after a successful persis- tent XSS attack, you can restart the web server which will refresh the SQL database.
Submission: Please submit a .pdf file for Question 2. In the .pdf file please include (1) the SQL query statement for Sub Question 1, and your explanation