Technology of Privacy

Fall 2016

Problem Set Three

“DUE”: Monday, October 3, 2016,1:20 PM

Ungraded Assignment

Throughout the semester, you will be required to complete short, technology-focused assignments. In homage to undergraduate science and math education, these assignments are called “problem sets.”These assignments won’t be assigned or due every week.

These will do some or all of the following: give you hands-on exposure to technologies discussed in class, thus reinforcing the lesson; give the professor feedback about how well the class is understanding the material; andpreview technical material to be discussed in a future class (or to use the parlance of the day, “flipping” the classroom).

You must hand in your assignment electronically, sometimes via email, Box, or Canvas, and sometimes on the class’s shared server. These assignments will not be graded, but missing or incomplete assignments will count against the participation component of a student’s final grade.

For these ungraded assignments, you should feel free to work with classmates or discuss them on the class discussion board.

For two classes, we have learned how to use mitmproxy inside your very own Amazon Web Services (AWS) instance, the two tools you will be using for your second, final technical assignment. This problem set is designed to reinforce the basic workflow for mitmproxy and AWS.

  1. Following the “Care and Feeding” handout distributed in class, log in to the AWS dashboard, navigate to “EC2” and then “Instances,” select your assigned instance and go to Actions > Instance State > Start. You may need to refresh your browser page to verify when your server is botted. When your running instance is selected, find the assigned Public IP address in the lower, instance pane.
  1. Using the IP address assigned to your instance, ssh to your server using the username and password you set in class.
  1. Create a new folder called “mitmpractice” in your home directory and navigate into this directory.
  1. Run mitmproxy.
  1. Connect to your instance via Microsoft Remote Desktop (ie using the RDP protocol) and inside the Linux desktop, open Firefox. Make sure the network settings in Firefox direct traffic to “localhost” as a proxy server using port 8080.
  1. In Firefox, navigate to a webpage that you think might be interesting to inspect. Make sure your mitmproxy screen is cleared out (by hitting “C”) so that the flows you collect are isolated to the page you are inspecting.
  1. Note the total number of “flows” in the bottom left corner of the mitmproxy interface.
  1. Use your arrow keys to scroll through the flows, looking for those you think might be directly related to the content a user intends to view on a page (e.g. images), and those that are being used for other purposes (e.g. advertising, analytics). Choose a flow to inspect further by hitting “enter.” The “tab” key will allow you to see the request your computer sent to the web server, the response returned by that server, and additional information about that flow.
  1. Return to the main mitmproxy screen by hitting “q”
  1. Hit “w” to save all flows to a file called mitm.practice.raw. Quit mitmproxy by hitting “q”.
  1. From the command line, convert your mitm.practice file to a text format using mitmdump. The command to do this is:

% mitmdump -n -r mitm.practice.raw > mitm.practice.txt

  1. Use grep to search the mitm.practice.txt. Take note of something interesting in your results.
  1. Reboot your instance through the AWS dashboard. When it has restarted, use Cyberduck to download both the mitm.practice.raw and mitm.practice.txt files to your computer and upload any image file (e.g. a photo) to your instance.
  1. Find and open mitm.practice.txt on your local computer and verify that you can read its contents.
  1. When you have finished, shut down your instance in the AWS dashboard.

1