unstdio.org

First, I want to say that I am a big supporter of Grooveshark. I think it’s an awesome service and I have purchased merch from them. That being said, yesterday I started looking for a way to rip the songs from Grooveshark. It has been a while since I kept an up-to-date music collection.

The files that are streamed to your computer are temporarily stored on your local machine. This means that we can save the packets that are being sent to your computer as an actual audio file. First, we need to use a network protocol analyzer that will allow us to find the packets being sent the to the computer. This is where Wireshark comes in. We can start by downloading Wireshark and installing it. (not going to show you that here) Once we have it running, it should look like this: (May need to run as root)

Next we need to configure some settings. Since we know that we are accessing Grooveshark through a web page is a good bet that they are pushing these packets over http. We will limit the filter to only capture port 80 traffic since that’s all we really care about right now. Set this up in Capture -> Options. See below.

Now we can start the capture. Next go the the Grooveshark site and start playing a song. There will be a lot of packets showing up in your list. The main packet that you are looking for is one with a type of “audio/mpeg”. You can also make this easier if you use this filter: http.content_type == “audio/mpeg”

If you use the filter method then you should only see one packet show up. It should look something like this:

Right click on the packet and choose follow tcp stream. This should assemble all the related packets and bring up a summary asking you what you would like to do with the packets. On the right hand side there will be some options for how you would like to save your stream content. Choose “Raw” and click the “Save As” button. You can now save the file as whateveryouwant.mp3. You can now go to the folder that you saved it in and play the file in your favorite music player. (May need to chmod the file if was downloaded by root.)

Note: I found someone who has done the same thing when I was looking how to save the stream. So I can not take 100% credit for this.

Also: I looked into writing something to automate this process but there is already another project that is doing this. Check out http://groovedown.tasteless.us/

I had meant to write about this a couple days ago but just have been pretty busy. At Toorcon 12 I mentioned that the last talk I saw was about session hijacking (sidejacking) and they (Eric Butler and Ian Gallagher) released a pretty nifty tool that makes it really easy to steal a users session while on the same wifi AP. I downloaded it when I was at the airport and was the 14^th person to download it. After checking this morning it has 373,535 downloads. That’s amazing and kind of frightening since I know what this tool can do.

So the theory isn’t that new, it’s been a problem for quite a while. I actually remember talking about this at a coffee shop with a friend while still in college. When accessing most popular sites that require logins you receive a HTTP session cookie from the server once you authenticate. The vulnerability is not about getting a users password and user name, because most times those are done using SSL and you aren’t able to sniff that data. The vulnerability comes into play when you move from a https page to a http page. (ie login page to regular non-encrypted page) When you log into a page and successfully authenticate, you are issued (or start) a session id(cookie) by the server. That id is used by the site to recognize you as the user you logged in as. It displays certain preferences and adds functionality when you are logged in to that site. If you can somehow steal that id(cookie) lets say over wifi or something, since everything is broadcast to everyone on that access point, you would then become that person to the website. So for example, if I was sniffing wireless traffic and was able to obtain someone’s facebook session and used that session id to go back to facebook, I would then see their account and would be logged in as that user.

So if that’s not a new vulnerability then why has it been so popular in the last few days?

Firesheep. It’s a program that makes it super easy to do what I just described above automatically. No programming, or learning how to use packet tools, or loading cookies into your browser. I literally installed this firefox extension in less than 5 minutes. (Including DL time) The hardest part was trying to find out how to display the side bar.

So, like, how do I use this tool?

First, lets start with downloading the firefox extension. I’m using OS X but I’m pretty sure you can use Windows too but you have to install winpcap. You can download it here. Once you have it you can either open it with firefox or click on it and choose firefox as the application. Note: I had an older version of FF and I had to update my version before being able to install the extension. Once it’s installed, you can choose Tools -> Add-ons then find the Extensions tab. You should now see Firesheep 0.1 installed. Click preferences and check the Capture option to make sure that it’s pointed to your wireless device. (en0 for me) Websites is where you add new websites to the list of sites that you know how the session cookie is stored. Advanced is what type of traffic you would like to filer, default is TCP traffic on port 80. Once everything is setup you can then enable it by going to View -> Sidebar and then choosing Firesheep. You will then get a sidebar on the left hand side with a button that says start capturing. Once you start capturing people’s data and hijacking their sessions you are probably breaking one law or another depending on where you are. What you do at this point is up to you.

Can I protect against this?

Kinda. You can do a few things like VPN, tunnel http over ssh to a location that you know is legit, use ssl on the site if they have/allow it, or don’t access any of those sites while on public wifi. Those will definitely work but are not really convenient. I think the point of this tool was to make it so widespread for anyone to run this type of attack that it would force sites to use ssl for everything. So go complain to vulnerable sites that they need to improve their security.

It has been a long time coming for this project. The network part of our rack at work needed to be re-wired. It looked like a spaghetti mess. On my defense it was like this before I got there. I assume this happens all too often with small companies growing and adding more equipment without having a network plan.

When I started planning this out I had to go a route with minimal disruption on the network. I decided to map everything out where it was and where it was going. I also did this on a holiday weekend when no one was at the office. I started with the green wires. (phone) Once those were done I moved to the blue wires. (data) I also added a third color, black. Black denotes a machine that is in the rack directly connected to the switch. The project took about 6 hours including moving servers around in the rack to make space for the additional cable management pieces.

Here are a few pictures.

Start.

Stripped.

Finished.

This weekend I had a chance to do a couple things. First I built a Hackintosh (osx86). I will talk about that in a later blog. I was also able to get a wireless bridge to connect my xbox by my TV to my network without having a crossover cable to my laptop.

I went down to Fry’s to see what kind of deals they had. I looked around a bit and found a couple wireless bridges that did exactly what I wanted to do but they were 65-120$. If you are cheap tech person like me you have in your mind what you think something should cost. I my mind I could not justifying paying more than $40 for a BRIDGE. So I found something that might work. It was a 802.11g Airlink Wireless Music Bridge.

Again if you are like me the first question you ask is, “why couldn’t you use this as a regular wireless bridge?” and that is exactly what I asked the guy at the Fry’s store. Of course they don’t pay people enough to know what they are actually selling. So he insisted on telling me it was for music only and insisted on grabbing the $96 one. I asked him if it was limited to only a certain audio protocol, he of course had no idea and after talking with me for a minute or two he gave up and left. I decided to get it.

It was a good call on my part that I did. I was able to set it up working over WEP, but not WPA-PSK. I messed with it for about 2 hours trying to get it to work and checking the error logs but it as just a no go. So I think it was worth the $30 I spent but it would have been nice to get the WPA to work. I guess I’ll just have to find other ways of securing my wifi.