Upgrade to Pro — share decks privately, control downloads, hide ads and more …

One Weird Kernel Trick: Hijacking IPython Websockets

Kyle Kelley
July 10, 2014
Programming
2
760

One Weird Kernel Trick: Hijacking IPython Websockets

Lightning talk at #SciPy2014. Vulnerability disclosure of cross domain websocket hijacking in the IPython notebook. https://twitter.com/rgbkrk/status/487369535456935936

See also: http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython

Kyle Kelley

July 10, 2014
Tweet

More Decks by Kyle Kelley

See All by Kyle Kelley
Notebooks: Tools for LLMs
rgbkrk
0
20
Jupyter Frontends: From the classic Jupyter Notebook, to JupyterLab, nteract and beyond
rgbkrk
0
3.4k
ephemeral docker workloads with jupyter at pytn
rgbkrk
2
280
tmpnb at PyTexas
rgbkrk
1
780
Is This Your Pipe? Hijacking the Build Pipeline
rgbkrk
1
1.3k

Other Decks in Programming

See All in Programming
マイクロサービスの効率的な監視〜不安定な依存先との闘い〜
taowata
4
890
[iOS Dev UK 23] Making developer tools with Swift
polpielladev
0
180
Henjou-Renderer
kinakomoti321
0
140
Unit of Workパターンで永続化とトランザクションを制御する
shimabox
6
1.3k
新卒研修でNext.js AppRouterを導入した 学びと反省
iuchimasatoshi
1
210
PicoRuby から始めるたのしい電子工作
ogom
0
530
身に覚えのないDeveloper Program License違反を通告されてアプリの検索順位を下げられた時の闘い方 / iosdc2023-rookies-lt
ski
0
340
第6回 AWSとGitHub勉強会 - AWS ECS Fargate環境の構築 -
ogiwarat
0
120
第4回 AWSとGitHub勉強会 - GitHub Actionsを使ったCD環境の構築 -
ogiwarat
0
110
脆弱性診断の内製化と外注
tsukushi
7
2.6k
Exploring Code Smells - ElixirConf US 2023
elainenaomi
1
230
Decoding Code Review - Elixir Conf US
elainenaomi
3
190

Featured

See All Featured
Build your cross-platform service in a week with App Engine
jlugia
223
17k
For a Future-Friendly Web
brad_frost
168
8.2k
Optimising Largest Contentful Paint
csswizardry
6
1.8k
How to train your dragon (web standard)
notwaldorf
70
4.7k
Building Flexible Design Systems
yeseniaperezcruz
317
36k
A designer walks into a library…
pauljervisheath
199
17k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
351
28k
Automating Front-end Workflow
addyosmani
1354
200k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
A Philosophy of Restraint
colly
195
15k
The Cult of Friendly URLs
andyhume
71
5.3k
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.1k

Transcript

  1. One Weird Kernel Trick
    Hijacking IPython Websockets

    View Slide

  2. The IPython Notebook
    • Runs code on your (laptop | server | cluster | pi)
    • From your browser…
    • JavaScript -> Notebook Server -> Kernel
    • Kernel.execute

    View Slide

  3. Kernels and websockets

    View Slide

  4. Kernel
    Notebook Server
    !
    http://127.0.0.1:8888
    Kernel

    View Slide

  5. Hijacking Websockets

    View Slide

  6. Kernel
    Notebook Server
    !
    http://127.0.0.1:8888
    Kernel
    MALICIOUS Server
    !
    kerneltricks.com
    NEW TAB!!!

    View Slide

  7. ws://127.0.0.1:8888/kernels

    View Slide

  8. Kernel
    Notebook Server
    !
    http://127.0.0.1:8888
    Kernel
    MALICIOUS Server
    !
    kerneltricks.com

    View Slide

  9. !

    View Slide

  10. Mitigations
    • Kernel ID is a UUID, randomly generated
    • Using an authenticated notebook server protects
    you from this issue
    • Fixed in IPython 1.2+, 2.x series

    View Slide

  11. Let’s talk security

    View Slide

  12. [email protected]

    View Slide