Giters

dynatrace-research / ld-preload-deception

This prototype hooks into the send and receive functions of glibc to insert deceptive elements into HTTP packets.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cyber-deceptiondeceptionld-preload

πŸ§™β€β™‚οΈπŸ’« Making HTTP packets deceptive with LD_PRELOAD

This prototype hooks into the send and receive functions of glibc to insert deceptive elements into HTTP packets. In particular, this prototype is able to modify the response code or any HTTP response header. Most importantly, this method works without deploying any firewall or proxy component, and without recompiling the original application.

Most modern applications rely on the glibc library to communicate with the operating system, i.e., to read files, or send and receive network packets. The LD_PRELOAD environment variable allows you to specify a list of shared libraries to load before any other libraries, including glibc. This makes it possible to hook into existing glibc functions and change their implementation. This is commonly known as the LD_PRELOAD trick.

To make this prototype as autonomous as possible, we also describe how to deploy a Kubernetes operator that automatically sets the LD_PRELOAD variable, effectivley allowing automatic, transparent, and flexible deception for all workloads in your cluster.

Getting started

  • βš™ If you want to build, run, and test the native shared library locally, read the README on the LD_PRELOAD module
  • πŸ–₯️ If you want to setup your local development environment and test the prototype with containers, read the DEVELOPER-GUIDE
  • β›΅ If you want to deploy this prototype as an operator to Kubernetes, either locally or to AWS, read the KUBERNETES-GUIDE
  • πŸ“Š If you want to conduct or reproduce our performance benchmarks, read the BENCHMARK-GUIDE

Folder structure

  • .devcontainer holds demo containers and configuration for easy local development
  • benchmark holds code for benchmarking the performance of the prototype and also some benchmarking results
  • bin holds pre-built binaries of the deception.so prototype
  • doc holds additional documentation, as referenced above
  • k8s-manifests holds manifests for deploying this prototype to Kubernetes environments
  • src holds the source code of the native shared library
  • third_party holds third-party dependencies for the native library

Contributors

Note: This project is not officially supported by Dynatrace.

For general questions or inquiries please get in touch with one of the following individuals.
Patrick Kern Mario Kahlhofer

About

This prototype hooks into the send and receive functions of glibc to insert deceptive elements into HTTP packets.

cyber-deceptiondeceptionld-preload

License:Apache License 2.0

Languages

Language:C 66.3%Language:Python 26.9%Language:Java 4.1%Language:Dockerfile 1.5%Language:Makefile 1.3%