Subverting Privacy Exploitation Using HTTP

Instructor - Eijah

Pre-Requisites - Previous experience in at least one programming language is required. Previous experience with C/C++ and cryptography is helpful, but not required.

Abstract - The world has become an increasingly dangerous place. Governments and corporations spend hundreds of millions of dollars each year to create new and cutting-edge technology designed for one purpose: the exploitation of our private communications. How did we let this happen? And what are we going to do about it? Are we willing to stand idly by and live in a state of fear while our freedom of speech is silently revoked? Or is there something we can do to challenge the status quo and use our skills to protect our privacy and the privacy of others? The Hypertext Transfer Protocol (HTTP) is an application-layer protocol that's the foundation of the modern Internet. Initially created by Tim Berners-Lee in 1989, HTTP is still the most popular protocol in use today. One of the core strengths of HTTP is that it's flexible enough to transmit any type of data. HTTP is also everywhere - it's in use on desktops, mobile devices, and even IoT. Due to the ubiquitous nature of HTTP, firewalls and proxies are configured by default to allow this type of traffic through. Could HTTP be used to communicate securely while completely bypassing network management rules? This workshop challenges the assumption that HTTP cannot guarantee confidentiality of data. It will introduce you to the HTTP protocol and demonstrate how it can be used to send data securely. We'll create command-line applications in C/C++ on Linux that will use HTTP to securely send messages across the Internet, while bypassing firewall and proxy rules. We'll use a variety of ciphers, hashes, and other cryptographic routines that are part of open-source libraries. Whether you're a professional programmer, find yourself a little rusty and want a refresher course, or even if you'd never created a secure application in C/C++ before; this workshop is for you. Please note that this is a medium-level, technical workshop and requires that attendees have prior experience in at least one programming language, preferably C or C++. Bring your laptop, a USB flash drive, and your favorite C/C++ 11 compiler (>= gcc/g++ 4.9.2 or msvc 2015).

Required Materials - Laptop with Windows, Linux, or OSX. USB flash drive for saving their progress.

Subverting Privacy Exploitation Using HTTP - Octavius 5