Ruby Video
Talks
Speakers
Events
Topics
Leaderboard
Sign in
Talks
Speakers
Events
Topics
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Dávid Halász Does your network only let through HTTP connections? No problem! Let’s hijack some sockets from incoming HTTP connections and use it to smuggle any kind of traffic through an HTTP session! Concurrently! In Ruby! Warning: your infosec team already does not like me, but I have some cute stickers. David is a Software Engineer working for Red Hat. His first language is C, but fell in love with Ruby in 2012 and now codes in it for a living. #ruby #rubyconf #rubyconfau #programming
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In this talk, Dávid Halász, a software engineer at Red Hat, explores the concept of hijacking, proxying, and smuggling sockets using Ruby. He introduces the problem of needing to transmit data between browsers and virtual machines, which typically communicate through HTTP or WebSocket, but often require a different protocol like VNC. The session covers a variety of technical approaches and implementations, focused on efficient data handling using sockets. Key points discussed during the presentation include: - **Background**: Dávid shares his transition from C programming to Ruby, emphasizing his experience in open-source contributions and his work on in-browser remote consoles. - **Socket Management**: The talk explains how sockets operate, introducing both blocking I/O and non-blocking I/O operations. The importance of using the select system call to query socket readiness is highlighted. - **Efficiency Challenges**: The downsides of using select with multiple sockets are discussed, alongside strategies like event-driven solutions and using dynamic arrays to optimize socket readiness checks. - **Advanced Socket Techniques**: Alternatives such as epoll and KQueue for socket management are introduced, offering efficient ways to handle multiple connections. - **WebSockets and Rack**: Dávid explains the role of WebSockets in extending HTTP connections, and demonstrates how to hijack sockets in a Rack server environment to gain control over data communications. - **TCP Traffic Smuggling**: He delves into the concept of smuggling TCP traffic through HTTP connections. By upgrading connections to other protocols, users can bypass firewall restrictions. - **Live Demonstration**: A live demo is presented showcasing how his architecture can connect to VNC and SSH servers via a browser plugin, leveraging the principles discussed. - **Complex Architecture**: The implementation combines various technologies such as Rack with Ruby, JavaScript client interaction, and Docker for isolated service management. In conclusion, Hálsz emphasizes that manipulating connections effectively allows for seamless access to remote systems despite network constraints, demonstrating the power of Ruby in developing creative networking solutions. He encourages further exploration and application of these techniques as potential tools for developers navigating networking challenges.
Suggest modifications
Cancel