Python | COMSW 4181: Security I Homework Assignment #2
Problem 1: SSL Connection (35 points)
In class, you have learned the basic process of secure communication through an SSL connection between
servers and clients. In this exercise, you will be implementing such a communication link.
We have provided you with a client-server skeleton code communicating with each other through http. Specifi-
cally, you can run python server.py to host a basic server listening at localhost:80. Then python client.py
will allow you to send a get-request to the server. If the communication works correctly, the client will receive
a status code 200 indicating the successful connection. However, such a connection is insecure as no certi –
cate is involved to verify the true identity of the server. Therefore, any attacker can spoof to be the server
(localhost:80) and send malicious packets to the client.
You should edit the client.py and server.py such that they can establish a SSL handshake and communicate
securely with https. Provided client and server use the library requests (requests.kennethreitz.org/en/
master/) and http.server (docs.python.org/3/library/http.server.html). Besides these two libraries,
you might also need ssl (docs.python.org/3/library/ssl.html). In specific, you should first generate the
server’s certificate with openssl. Then the client should be able to check the server’s certificate every time the
client sends a get-request. To do that, the client should manually add the server’s certificate as the trusted CA
with requests APIs. Note that there is (for simplicity) no need for the server to check the certificate of the
client’s. Please submit your edited client.py, server.py, and the server’s certificate and key in UNI/p1/.
Problem 2: Wireshark (20 points)
Now that we have a simple SSL client and server (your edited client.py and server.py), we will take a
close look at the connections with Wireshark (wireshark.org/). Wireshark is a network protocol analyzer,
which lets you see what’s happening on your network by inspecting the packets going out of your machine.
Please familiarize yourself with the interface as far as necessary for this problem.
You need to capture all the packets involved in a complete https get-request sent by your client.py and the
corresponding response from the server.py. Save the log into UNI/p2/packets.pcapng. In UNI/p2/summary,
please report the ID numbers of the packets that are used to build up the SSL connection as well the ones
used to communicate through get-requests. Brie y explain the handshake process as well as the communicate
process with packets that you mentioned. Please submit UNI/p2/packets.pacpng and UNI/p2/summary.