Upgrade to Pro — share decks privately, control downloads, hide ads and more …

One Weird Kernel Trick: Hijacking IPython Websockets

Kyle Kelley
July 10, 2014
Programming
2
840

One Weird Kernel Trick: Hijacking IPython Websockets

Lightning talk at #SciPy2014. Vulnerability disclosure of cross domain websocket hijacking in the IPython notebook. https://twitter.com/rgbkrk/status/487369535456935936

See also: http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython

Kyle Kelley

July 10, 2014
Tweet

More Decks by Kyle Kelley

See All by Kyle Kelley
Notebooks: Tools for LLMs
rgbkrk
0
27
Jupyter Frontends: From the classic Jupyter Notebook, to JupyterLab, nteract and beyond
rgbkrk
0
3.5k
ephemeral docker workloads with jupyter at pytn
rgbkrk
2
310
tmpnb at PyTexas
rgbkrk
1
850
Is This Your Pipe? Hijacking the Build Pipeline
rgbkrk
1
1.4k

Other Decks in Programming

See All in Programming
CREってこういうこと? 体験入社 - 提案資料 - / what-is-cre-trial-employment
shinden
1
550
Build Apps for iOS, Android & Desktop in 100% Kotlin With Compose Multiplatform (mDevCamp 2024)
zsmb
0
470
CDKコントリビュートの最初の壁を越えよう! -簡単issueの見つけ方-
badmintoncryer
3
230
はてなにおける CSS Modules、及び CSS Modules に足りないもの / CSS Modules in Hatena, and CSS Modules missing parts
mizdra
7
990
Hanami and htmx
bkuhlmann
0
230
2 週間で Twitter Bot を作ってみた
contour_gara
0
790
if constexpr文はテンプレート世界のラムダ式である
faithandbrave
3
690
スキーマ駆動開発による品質とスピードの両立 - 私達は何故、スキーマを書くのか
kentaroutakeda
0
180
禅の心を手に入れよ
eltociear
1
410
大規模UIKitベースアプリへのTCAの段階的導入/gradual-adoption-of-tca-in-a-large-scale-uikit-based-app
takehilo
2
210
PHPはいつから死んでいるかの調査
chiroruxx
2
420
VS Code をプロダクトにどう取り込むか
onomax
1
760

Featured

See All Featured
Testing 201, or: Great Expectations
jmmastey
30
6.4k
The Illustrated Children's Guide to Kubernetes
chrisshort
32
46k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Making Projects Easy
brettharned
109
5.5k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
14
1.5k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
66
14k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Debugging Ruby Performance
tmm1
70
11k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
GraphQLの誤解/rethinking-graphql
sonatard
56
9.3k

Transcript

  1. One Weird Kernel Trick Hijacking IPython Websockets

  2. The IPython Notebook • Runs code on your (laptop |

    server | cluster | pi) • From your browser… • JavaScript -> Notebook Server -> Kernel • Kernel.execute

  3. Kernels and websockets

  4. Kernel Notebook Server ! http://127.0.0.1:8888 Kernel

  5. Hijacking Websockets

  6. Kernel Notebook Server ! http://127.0.0.1:8888 Kernel MALICIOUS Server ! kerneltricks.com

    NEW TAB!!!

  7. ws://127.0.0.1:8888/kernels

  8. Kernel Notebook Server ! http://127.0.0.1:8888 Kernel MALICIOUS Server ! kerneltricks.com

  9. !

  10. Mitigations • Kernel ID is a UUID, randomly generated •

    Using an authenticated notebook server protects you from this issue • Fixed in IPython 1.2+, 2.x series

  11. Let’s talk security

  12. [email protected]