Upgrade to Pro — share decks privately, control downloads, hide ads and more …

One Weird Kernel Trick: Hijacking IPython Websockets

Kyle Kelley
July 10, 2014
Programming
2
740

One Weird Kernel Trick: Hijacking IPython Websockets

Lightning talk at #SciPy2014. Vulnerability disclosure of cross domain websocket hijacking in the IPython notebook. https://twitter.com/rgbkrk/status/487369535456935936

See also: http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython

Kyle Kelley

July 10, 2014
Tweet

More Decks by Kyle Kelley

See All by Kyle Kelley
Jupyter Frontends: From the classic Jupyter Notebook, to JupyterLab, nteract and beyond
rgbkrk
0
3.4k
ephemeral docker workloads with jupyter at pytn
rgbkrk
2
270
tmpnb at PyTexas
rgbkrk
1
760
Is This Your Pipe? Hijacking the Build Pipeline
rgbkrk
1
1.3k

Other Decks in Programming

See All in Programming
Rendez-vous service et optimisez votre environnement de développement
bastnic
1
520
[a11y] カート UI のフォーカスを可視化する
ryamakuchi
0
130
実録レガシー Rails アプリ改善ジャーニー / Legacy Rails app improvement journey
shutooike
3
150
ChatGPT APIでセキュリティニュースを要約するシステムを作ってみた
sh1n0g1
2
1.3k
Learning PHP with PHP Parser
inouehi
1
380
基盤システムへのマイクロフロントエンドの活用事例
sainu
2
140
#phperkaigi【実録】「PHP_CodeSniffer」で始める快適コードレビューライフ/codereviewlife
mrstsgk
0
270
本当に 0 からの 関数型プログラミングの歩き始め方 / How to Walk into Functional Programming from Scratch
guvalif
1
440
SQLite en production ? Et si vous réévaluiez vos options ?
guikingone
1
280
Larastan に自作 OSS ライブラリのテストをぶっ壊された話
mpyw
0
150
Jongler en asynchrone avec Symfony HttpClient
alli83
1
550
Run Your Firebase for Web App Locally Using Firebase Emulator Suite
dicoding
0
480

Featured

See All Featured
Unsuck your backbone
ammeep
660
56k
What the flash - Photography Introduction
edds
64
10k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
38
3.7k
What’s in a name? Adding method to the madness
productmarketing
PRO
13
2k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k
Documentation Writing (for coders)
carmenintech
51
3k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
6
920
The Mythical Team-Month
searls
210
40k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
How GitHub (no longer) Works
holman
299
140k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
The Language of Interfaces
destraynor
149
21k

Transcript

  1. One Weird Kernel Trick
    Hijacking IPython Websockets

    View Slide

  2. The IPython Notebook
    • Runs code on your (laptop | server | cluster | pi)
    • From your browser…
    • JavaScript -> Notebook Server -> Kernel
    • Kernel.execute

    View Slide

  3. Kernels and websockets

    View Slide

  4. Kernel
    Notebook Server
    !
    http://127.0.0.1:8888
    Kernel

    View Slide

  5. Hijacking Websockets

    View Slide

  6. Kernel
    Notebook Server
    !
    http://127.0.0.1:8888
    Kernel
    MALICIOUS Server
    !
    kerneltricks.com
    NEW TAB!!!

    View Slide

  7. ws://127.0.0.1:8888/kernels

    View Slide

  8. Kernel
    Notebook Server
    !
    http://127.0.0.1:8888
    Kernel
    MALICIOUS Server
    !
    kerneltricks.com

    View Slide

  9. !

    View Slide

  10. Mitigations
    • Kernel ID is a UUID, randomly generated
    • Using an authenticated notebook server protects
    you from this issue
    • Fixed in IPython 1.2+, 2.x series

    View Slide

  11. Let’s talk security

    View Slide

  12. [email protected]

    View Slide