python exercise and need the explanation and answer to help me learn.
(A)- Python SSL module (5 points)
The Python SSL module is a wrapper around OpenSSL cryptography software.
Write a python script to use SSL model for answering the following questions:
What is the Open SSL version used by the python SSL module ?
Is the Open SSL version still supported by Open SSL community or outdated? Explain.
Using SSL module get the certificate of the website www.gwu.edu and save as text file gwu.crt
Decode the certificate you got in the previous step by using openssl command line tool (or the website sslshopper.com) to get the certificate information. (Hint: to display these fields in human-readable format: openssl x509 -in gwu.crt -text -noout | less)
Download and use SSLScan tool to get the certificate for the website www.gwu.edu:
What are the supported version of SSL and TLS protocols by the website?
List the supported ciphers
Does the server support TLS Fallback SCSV? Why TLS Fallback SCSV signal is important
(B)- Python hashlib module (3 points)Python supports cryptographic hashing natively. There is no need for third-party frameworks or libraries. Python ships with a hashlib module that exposes everything most programmers need for cryptographic hashing. The module’s attribute algorithms_guaranteed contains every hash function that is guaranteed to be available for all platforms.
Requirements:
HW2
(A)- Python SSL module (5 points)
The Python SSL module is a wrapper around OpenSSL cryptography software.
Write a python script to use SSL model for answering the following questions:
What is the Open SSL version used by the python SSL module ?
Is the Open SSL version still supported by Open SSL community or outdated? Explain.
Using SSL module get the certificate of the website and save as text file gwu.crt
Decode the certificate you got in the previous step by using openssl command line tool (or the website sslshopper.com) to get the certificate information. (Hint: to display these fields in human-readable format: openssl x509 -in gwu.crt -text -noout | less)
Download and use SSLScan tool to get the certificate for the website :
What are the supported version of SSL and TLS protocols by the website?
List the supported ciphers
Does the server support TLS Fallback SCSV? Why TLS Fallback SCSV signal is important?
Notes:
For more information on how to install OpenSSL on your windows machine, you may go to the following website:
()
You can also search for a better resource on how to install OpenSSL using google search engine.
To install SSLScan, please go to the following website:
(https://github.com/rbsec/sslscan/releases/download/2.0.16/sslscan-2.0.16.zip)
You can use Pycharm for answering part (A) questions that need Python coding.
(B)- Python hashlib module (3 points)
Python supports cryptographic hashing natively. There is no need for third-party frameworks or libraries. Python ships with a hashlib module that exposes everything most programmers need for cryptographic hashing. The module’s attribute algorithms_guaranteed contains every hash function that is guaranteed to be available for all platforms.
Having Docker installed on your machine. Do the following steps:
Step1:
Run jupyter notebook using the following docker image:
https://hub.docker.com/r/jupyter/tensorflow-notebook
Use a terminal to run the following commands:
docker pull jupyter/tensorflow-notebook
docker run -p8888:8888 jupyter/tensorflow-notebook
Step2:
Using Jupiter notebook that you have run in Step1:
Write python code to list hash functions supported by python hashlib module.
Make a screenshot for the python code and the output of code you have run.
Which hash functions are safe?
Which hash functions are unsafe? Justify
Make a screenshot for the output of the command “ docker run -p8888:8888 jupyter/tensorflow-notebook “
Notes:
For part (A) and part (B), use an MS Word document to prepare and submit your homework. Submitted homework should include python code you used to answer questions, screen shots of any output that demonstrates your prepared solution.
Due date is Oct-23-2023.
Answer sheet for HW2
Part (A)
(1):
Python code used to retrieve the Open SSL version used by the python SSL module:
Output of running python code:
(2):
Hint: include the reference for the source you used to answer this question.
(3):
Python code used to retrieve the website certificate using SSL module:
Output of running python code:
(4):
Output of decoding certificate data using website sslshopper.com:
Output of decoding certificate data using openssl tool:
(5-a):
Supported versions of SSL and TLS protocols by the website:
Not supported versions of SSL and TLS protocols by the website:
Screen shot for the output of tool:
(5-b):
List of the supported ciphers by the website:
Screen shot for the output of tool:
Does the server support TLS Fallback SCSV? Why TLS Fallback SCSV signal is important?
(5-c):
The server support (or does not) TLS Fallback SCSV.
Screen shot for the output of tool:
Why TLS Fallback SCSV signal is important?
Part (B):
(1):
Python code used to retrieve the hash functions supported by hashlib module:
Output of running python code:
(2):
Safe hash functions:
(3):
Unsafe hash functions:
Justification:
(4):
A screenshot for the output of the command:
HW3
(A)- SQL Injection (10 points)
Use Python SQLite module to demonstrate launching SQL injection attack.
Write a python script to use SQLite model to do the following steps:
Create database with name “org”. (createdb.py)
Create table with name EMPLOYEE and the following fields: (createEmpTable.py)
Insert into EMPLOYEE table the following records: (insertUsersInfo.py)
Part (A):
Show all records saved into the Employee table. (displayAllUsers.py)
Show one specific record for a single user (displayUserInfo.py).
Part (B):
You are only allowed to enter malicious code when running the code of the python code of (displayUserInfo.py).
Write the malicious code as part of your answer for this question.
Provide the screenshot of the output of running the malicious code that shows you have a successful attack.
Write Python code to prevent SQL injection you demonstrated in the module displayUserInfo.py. Name the new module displayUserInfoHackFixed.py
Only running the original displayUserInfo.py module, can you craft a malicious code to drop the table Test? Justify your answer.
Notes:
You can use PyCharm for performing the above steps.
Due date is October-26-2023.
Answer sheet for HW2
Part (A):
Show all records saved into the Employee table. (displayAllUsers.py)
Hint: use a screen shot to show the inserted records.
Show one specific record for a single user (displayUserInfo.py).
Hint: use a screen shot to show one inserted record.
Part (B)
(1):
Malicious code you have used to demonstrate SQL injection attack:
Output of running malicious code(screen shot):
(2):
Python code used to demonstrate fixing SQL injection attack:
(3):
Malicious code you have used to drop the table Test.
Output of running malicious code(screen shot):
Appendix
createdb.py
createEmpTable.py
createTestTable.py
insertUsersInfo.py
displayAllUsers.py
displayUserInfo.py
