PUA SRG

Meeting 4 Python Servers and Clients

21/03/2015

0 Ranking
It was discussed, that the attendees should be ranked differently, and it is thought that there should be
more workshop supervisors, hence, the need for Ranking.
The idea in short is as follows:
1. Each ranked task will be given a rank point, e.g. thinking of a small project idea: 1 rank point
2. Each attendee will be given an equal start, so everyone will start from 0 rank.
3. Upon completion of a ranked task, the attendee will have its points added to their rank.
4. There will be two main thresholds, supervisor level and reluctant level. These will vary with
time.
5. The attendees above supervisor level (s-level) will be supervisors and will be given the
materials earlier to prepare and assist in workshop supervision.
6. The attendees below reluctant level (r-level) will be considered reluctant to attend, how these
will be dealt with, at the time, will not be specified right now.
7. Attendance will be given a 1 rank point (increased over time), those who cannot attend
would have to prove that they did the work at home to gain the rank point.
8. All attendees part of the SRG will be called Neo Hackers or Neo for short.

1 Projects Discussed
Last time, it was required that each Neo gets an idea ready and starts working on it, here are the results:
1. First idea was Hoss's: GoogleTranslating through python's header request/response. Problems
with JSON.
2. Similar ideas were the 2H ideas: Logging onto facebook, automatic-likes, automatic-comments
using header requests and responses. They worked on it for quite a while! But they still have
problems with the cookies and secure requests.
3. Salv had a similar idea: Logging onto facebook, automatic-picture downloads using header
requests and responses. She said that there were no results.
4. AKG had a similar idea to that: Automatic-file downloads of a list of links using header
requests and responses. He said he did not work on his idea.
5. Ged and RWF had radical ideas: Cyber-Physical Security system models, building a bank
1/7

PUA SRG

Meeting 4 Python Servers and Clients

21/03/2015

model and simulating attacks/defences. While this is a bit out-of-scope, interfacing with arduino
through python or using ethernet simulation is very possible. They did not work on their ideas.
Also suggested virus wars for a class activity.
6. RedHawk did a little research and found Python Generator Hacking presentation, it was a
very nice presentation but unfortunately not directly security-related. Generator functions
though are a great tool to look into.
All in all, it seems that most Neo's are too busy with their curricular activities to care enough to work
through any security-related project. Hence, it is suggested to avoid giving out homework/assignments.
Rather, in-class evaluation is preferred.

2 Servers and Clients

Sockets
Sockets are the endpoints of a bidirectional communications channel. Sockets may communicate within
a process, between processes on the same machine, or between processes on different continents.
Sockets may be implemented over a number of different channel types: Unix domain sockets, TCP,
UDP, and so on. The socket library provides specific classes for handling the common transports as
well as a generic interface for handling the rest.
Sockets have their own vocabulary:
Term

Description
The family of protocols that will be used as the transport mechanism. These values are
domain
constants such as AF_INET, PF_INET, PF_UNIX, PF_X25, and so on.
The type of communications between the two endpoints, typically SOCK_STREAM for
type
connection-oriented protocols and SOCK_DGRAM for connectionless protocols.
Typically zero, this may be used to identify a variant of a protocol within a domain and
protocol
type.
The identifier of a network interface:

hostname

port

A string, which can be a host name, a dotted-quad address, or an IPV6 address in

colon (and possibly dot) notation
A string "<broadcast>", which specifies an INADDR_BROADCAST address.
A zero-length string, which specifies INADDR_ANY, or
An Integer, interpreted as a binary address in host byte order.
Each server listens for clients calling on one or more ports. A port may be a Fixnum port
number, a string containing a port number, or the name of a service.
2/7

PUA SRG

Meeting 4 Python Servers and Clients

21/03/2015

The socket Module:

To create a socket, you must use the socket.socket() function available in socket module, which has the
general syntax:
s = socket.socket (socket_family, socket_type, protocol=0)

Here is the description of the parameters:

socket_family: This is either AF_UNIX or AF_INET, as explained earlier.
socket_type: This is either SOCK_STREAM or SOCK_DGRAM.
protocol: This is usually left out, defaulting to 0.
Once you have socket object, then you can use required functions to create your client or server
program. Following is the list of functions required:

Server Socket Methods:

Method
Description
s.bind() This method binds address (hostname, port number pair) to socket.
s.listen() This method sets up and start TCP listener.
s.accept() This passively accept TCP client connection, waiting until connection arrives (blocking).

Client Socket Methods:

Method
Description
s.connect() This method actively initiates TCP server connection.

General Socket Methods:

Method

Description

s.recv()

This method receives TCP message

s.send()

This method transmits TCP message

s.recvfrom()

This method receives UDP message

s.sendto()

This method transmits UDP message

s.close()

This method closes socket

socket.gethostname()

Returns the hostname.

3/7

PUA SRG

Meeting 4 Python Servers and Clients

21/03/2015

A Simple Server
To write Internet servers, we use the socket function available in socket module to create a socket
object. A socket object is then used to call other functions to setup a socket server.
Now call bind(hostname, port) function to specify a port for your service on the given host.
Next, call the accept method of the returned object. This method waits until a client connects to the port
you specified, and then returns a connection object that represents the connection to that client.
#!/usr/bin/python

# This is server.py file

import socket

# Import socket module

s = socket.socket()
host = socket.gethostname()
port = 12345
s.bind((host, port))

#
#
#
#

Create a socket object

Get local machine name, you may leave it empty
Reserve a port for your service.
Bind to the port

s.listen(5)
# Now wait for client connection.
while True:
c, addr = s.accept()
# Establish connection with client.
print 'Got connection from', addr
c.send('Thank you for connecting'.encode())
c.close()
# Close the connection

A Simple Client
Now we will write a very simple client program which will open a connection to a given port 12345
and given host. This is very simple to create a socket client using Python's socket module function.
The socket.connect(hosname, port ) opens a TCP connection to hostname on the port. Once you have
a socket open, you can read from it like any IO object. When done, remember to close it, as you would
close a file.
The following code is a very simple client that connects to a given host and port, reads any available
data from the socket, and then exits:
#!/usr/bin/python

# This is client.py file

import socket

# Import socket module

s = socket.socket()
# Create a socket object
host = socket.gethostname() # Get local machine name, or use an ip address
port = 12345
# Reserve a port for your service.
s.connect((host, port))
print(s.recv(1024))
s.close

# Close the socket when done

4/7

PUA SRG

Meeting 4 Python Servers and Clients

21/03/2015

Now run this server.py in background and then run above client.py to see the result.
# Following would start a server in background.
$ python server.py &
# Once server is started run client as follows:
$ python client.py

This would produce following result:

Got connection from ('127.0.0.1', 48437)
Thank you for connecting

Python Internet modules

A list of some important modules which could be used in Python Network/Internet programming.
Protocol Common function Port No
Python module
HTTP
Web pages
80
httplib, urllib, xmlrpclib
NNTP Usenet news
119
nntplib
FTP
File transfers
20
ftplib, urllib
SMTP Sending email
25
smtplib
POP3
Fetching email
110
poplib
IMAP4 Fetching email
143
imaplib
Telnet
Command lines
23
telnetlib
Gopher Document transfers 70
gopherlib, urllib
Please check all the libraries mentioned above to work with FTP, SMTP, POP, and IMAP protocols.

Sources:
http://www.tutorialspoint.com/python/python_networking.htm
https://docs.python.org/3/library/socket.html
https://docs.python.org/3/library/socketserver.html

Further Advanced reading:

http://www.binarytides.com/python-socket-server-code-example/
https://docs.python.org/3/library/socketserver.html#asynchronous-mixins
https://docs.python.org/3/library/ssl.html

5/7

PUA SRG

Meeting 4 Python Servers and Clients

21/03/2015

Project Ideas
Implemented: Simplistic Walkie-Talkie-Style Chat Server/Client, Echo Server/Client, Calculator
Server/Client

Chat Server
#!/usr/bin/python
# This is server.py file
import socket
# Import socket module
s = socket.socket()
# Create a socket object
host = "192.168.0.111"
# Get local machine name
port = 12345
# Reserve a port for your service.
s.bind((host, port))
# Bind to the port
print("host is",host)
s.listen(5)
# Now wait for client connection.
while True:
c, addr = s.accept()
# Establish connection with client.
print('Got connection from', addr)
mymsg=""
while mymsg!="kill":
mymsg=input("Master SMK:")
if mymsg=="kill":
c.send("Get The Hell Out!".encode())
else:
c.send(mymsg.encode())
print(addr,":",c.recv(1024).decode())
c.close()
# Close the connection

Chat Client
#!/usr/bin/python3
# This is client.py file
import socket
# Import socket module
s = socket.socket()
# Create a socket object
host = 'localhost'
# Get local machine name
port = 12345
# Reserve a port for your service.
host = "192.168.0."+input("Server:")
s.connect((host, port))
while True:
print(host,":",s.recv(1024).decode())
s.send(input("Master SMK:").encode())
s.close
# Close the socket when done

6/7

3 Time Line
A proposed timeline of the session titles (each are detailed in a separate file called Meeting N).
Initiate Intro to Http
Intro to Http
PUA
Python Headers Servers Server
SRG
(Code) (Web) (Net)
(Web)

Break

Break

XSS
(Sec)

TBA

Exploit Tools
(Sec)
(Sec)

Summer Plans
and Research

Week 1

10

11

12

13

14

Meeting 0

10

Here are more details on the sessions.

Type

Topic

Details

Initiate PUA SRG

Clearly defining the objectives and goals of PUA SRG and matching them with the attendees'.

Code

Introduction to Python

An introduction to the python programming language which is a wealthy skill/tool in the field.

Web

Http Headers

Introducing HTTP Headers, their usage, how to manipulate them and the consequences.

Net

Introduction to Servers

Introducing ip addresses, ports, sockets, servers and clients. How to make simple servers/clients.

Web

Http Server

Building a simple Web server, a simple anatomy of what a web server consists of.

Security Cross-Site Scripting (XSS)

Introducing the XSS attack, demonstrating with examples how serious can these attacks be.

Security Exploit

Implementing a number of exploits over the python web servers to understand vulnerabilities.

Security Tools

Exploring useful security tools in web and network penetration testing.

TBA

To Be Announced

TBA

Research Summer Plans and Research

Another required meeting with votes, assessing what has been learned, how to proceed and
introducing a few research tips to start simple research in the field.