Looking at the World from Eve's Perspective

Adrish Dey (~captain-pool)


1

Vote

Description:

Security has been the most talked about and researched domain in the field of computer science. With the advent of Data Hungry Machine Learning Models, Security becomes the top most priority to protect these data from getting into the wrong hands. Another important aspect is the advent of multimedia on the go services like, Youtube, Spotify, Saavn, Gaana, etc. it becomes really important to securely stream this data inorder to prevent piracy. In this talk, we will jump right into the wire and try to look at the data transmission from Eve, the "Eavesdropper's" Prespective. Finally we'll be looking into a case study how I was able to capture music, streamed on one the biggest music streaming platform in India. Finally we'll be using our dear old friend, Python to automate the process of Man in the Middle Attack, to download full playlists and save it on the disk.

Timeline:

  • Introduction [5 mins]
    • Who am I?
    • Why's Security an emerging field?
    • A Brief history of the biggest Data Breaches.
  • Introduction to Eavesdropping [10 mins]
    • What's Man in the Middle Attack
    • Why do we even care?
    • Case Study of Man in the Middle Attack on WhatsApp
  • Case Study: Saavn [5 min + 15 mins = 20 mins]
    • Zooming in on the Data packets.
    • Saving the Media Manually
    • Setting the Stage for final Showdown: Automating the process of the Analysis and Saving the Media [15 mins]
      • Introduction to browsermobproxy
      • Introduction to Selenium Webdriver
      • Analysing the Javascript being used.
      • Automating the Download Proceedure
      • Multithreading: To download files faster

Prerequisites:

  • Basic Python Syntaxes.
  • Idea about Multithreading (Optional)

Content URLs:

https://github.com/captain-pool/saavn_downloader/

Speaker Info:

  • A 3rd Year Student of Computer Science and Engineering, from Kolkata.
  • Google Summer of Code Student, 2019 @ Tensorflow
  • Was selected as one of the top 20 Finalist of ACM Kolkata B.Tech Awards, 2018, which was supposed to be only for 3rd and 4th year, in my 1st year
  • Runners Up of NASA SpaceAppsChallenge from Eatsern India.
  • Primary Focus is Computer Vision and Unity Simulations, Still I do enjoy looking into stuffs, how they work, and try to make it work the way I want
  • I love interacting with the community. Everytime, I do something cool and weird (which is quite regular), I try to share the experiences I gained, to the community.

Speaker Links:

Github: https://github.com/captain-pool

Section: Networking and Security
Type: Talks
Target Audience: Intermediate
Last Updated:

Hello Adrish,

The title of the proposal looks illegal, and probably the content also is. I suppose the intent is to talk about security, but with the current wording, it will be hard to consider it. Please edit the title/wording.

Also, the proposal is low on detail. It will be great if you can add some. Please also go through the best practices as listed here - https://github.com/pythonindia/junction/wiki/Speaker-best-practices

Regards,
Abhishek
CFP Co-oridinator

Abhishek Yadav (~zerothabhishek)

Thanks for the headsup @zerothabhishek Will edit it right away.

Adrish Dey (~captain-pool)

Also please read through https://en.wikipedia.org/wiki/Responsible_disclosure

Vijay Kumar (~bravegnu)

I tried to contact the Saavn Team and inform about this, but nobody responded. Neither did they fix the issue.

Adrish Dey (~captain-pool)

Hi Adrish, The topic seems to be illegal and I believe it violates PyCon COC, please try to present this topic as a security issue as mentioned by Abhishek

Joinal Ahmed Borbhuiya (~joinalahmed)

@joinalahmed @zerothabhishek @bravegnu, does this look good?

Adrish Dey (~captain-pool)

Login to add a new comment.