This page contains a list of potential project ideas that we are keen to develop during GSoC 2017. If you would like to apply as a GSoC student, please follow these three steps to get started:
- Read through this page and identify the project ideas you find interesting. Play around with our tools!
- Check out our application tips page.
- Join us on Slack and talk to your potential mentors:
If there are any questions, please don’t hesistate and get in touch!
GSoC and The Honeynet Project
During the previous years of GSoC, the Honeynet Project’s students have created a wide range of very successful open source security projects, many of which have gone on to become the industry standard open source tools in their respective fields. Examples for these include:
- Cuckoo Sandbox (2010+)
- Mitmproxy (2012+)
- Thug Client Honeypot (2012+)
- DroidBox Android Sandbox (2011+)
- ConPot ICS/SCADA Honeypot (2013+)
- Glastopf Web Application Honeypot (2009+)
- Dionaea (2009+)
If you can’t find something to immediately interest you, please take a look at GSoC 2009, GSoC 2010, GSoC 2011, GSoC 2012, GSoC 2013, GSoC 2014, GSoC 2015 and GSoC 2016 project ideas pages for other inspiration.
We are also always interested in hearing any ideas for additional relevant computer security and honeynet-related R&D projects (although remember that to qualify for receiving GSoC funding from Google your project deliverables need to fit in to GSoC’s 3-month project timescales!). If you have a suitable and interesting project, we will always try and find the right resources to mentor it and support you.
Please note – even if you aren’t an eligible GSoC student, we are also always looking for general volunteers who are enthusiastic and interested in getting involved in honeynet R&D.
Each sponsored GSoC 2017 project will have one or more mentors available to provide a guaranteed contact point to students, plus one or more technical advisors to help applicants with the technical direction and delivery of the project (often the original author of a tool or its current maintainer, and usually someone recognised as an international expert in their particular field). Our Google Summer of Code organisational administrators will also be available to all sponsored GSoC students for general advice and logistical support. We’ll also provide supporting hosted project infrastructure, if required.
GSoC 2017 Project Ideas Overview
- Port Independent Protocol Identification Library: Go Library that can be attached to a network stream to identify the protocols in use.
Mitmproxy – HTTPS interception proxy
- Mitmproxy Core: New features for mitmproxy’s Python 3 core
- Mitmproxy Web UI: Front-end development to bring mitmproxy to more users
- Semi-automated DroidBot: Semi-automated Android UI testing
- Android sandbox detection and countermeasure: Research Android’s sandboxing mechanism
Holmes Processing – Cyber threat intelligence at scale
- Holmes Framework to Automate Advanced Analytics: Manage the execution of advanced statistical and machine learning analysis operations
- Holmes Example Services: Develop four example programs that demonstrate how to develop services for executing static and dynamic analysis.
- Holmes Automated Malware Relationships: Develop a method capable of automatically identifying and managing the relationships between malware objects
Cuckoo Sandbox – malware analysis system.
- Longterm Analysis with Cuckoo Sandbox: Monitor specific malware samples and/or families over a longer period of time
- Unit testing & Continuous Integration for Cuckoo Sandbox: Help the cuckoo team with their testing story
- Rumāl: Revamp Rumāl’s web interface and complete social sharing elements
- Heralding: IMAP Implementation and Python 3 Conversion
- Conpot Protocol on Steroids: Read RFCs, implement them, catch bad guys!
- SNARE/TANNER: Make our web application honeypot attract new sorts of maliciousness.
- HoneyThing: Attract Mirai and other botnets with the TR-069 honeypot.
#1 – Port Independent Protocol Identification Library
MentorLukas RistBackup MentorHugo GasconSkills required
- Networking Basics
Project typeNew toolProject goalLibrary that can be attached to a network stream to identify the protocols in use.DescriptionWe are currently developing a protocol agnostic honeypot  and use a port to protocol mapping to choose the correct connection handler. This is obviously a very simplified approach and we would like to be able to assume arbitrary protocols on any port. With that assumption, we need means to identify the protocol used in a network stream. There are various papers around the different identification approaches . We assume the most efficient approach would be a layered architecture where we start with cheap and quick pattern matching before deploying more expensive measures (e.g. heuristics, statistics, machine learning). A good starting point would be getting familiar with packet manipulation using Go. The gopacket library is an excellent tool for that purpose. The wireshark wiki has an exhaustive collection of labeled pcap samples, excellent for testing a signature or training a model . There are implementations of this problem that go into the right direction .
Projects for Mitmproxy
Mitmproxy is an interactive TLS-capable man-in-the-middle proxy. It can be used to intercept, inspect, modify and replay HTTP, HTTP/2, HTTPS, WebSockets, and raw TCP traffic. Think of it as a mix of WireShark and the Chrome developer tools – you can hook up any device or program and see how it communicates on the network. Mitmproxy is used by software developers, penetration testers, privacy advocates and researchers to fix bugs, find vulnerabilities, uncover privacy violations, conduct empirical research, and more.
#2 – Mitmproxy Core
MentorThomas KriechbaumerBackup MentorMaximilian HilsSkills required
- Python 3 (strong)
- HTTP 1.1 and 2.0 (familiar)
- WebSockets (familiar)
Project typeImprove existing toolProject goalSpend the summer working on mitmproxy’s core and its addons!Description
We have a couple of feature requests for mitmproxy that would make really great additions to mitmproxy, but haven’t been tackled yet. This project would consist of multiple “mini-projects” spanning from a few days to multiple weeks, allowing you to work on isolated tasks at different parts of the code base.
- “Map Remote Editor”: Other proxies have a feature which maps one URL to another, e.g. one can map //example.com/foo.js to a local file that is served to the client instead. It is easy to write a mitmproxy script that does this, but we want this to be a built-in feature! Fun fact: This task was initially proposed by our last year GSoC student in issue #1454!
- Mitmproxy currently supports four different protocols: HTTP/1.x , HTTP/2.0, WebSockets, and a raw TCP mode as fallback for everything else. WebSockets and TCP are new additions that are not exposed in the UI yet. One project would be to display WebSocket connections in the mitmproxy flow list, and allow users to view all exchanged WebSocket frames.
- We currently depend on the watchdog library to watch the filesystem and reload mitmproxy scripts automatically. Due to numerous bugs in watchdog, we have restricted ourselves to using only watchdogs’s PollingObserver over time. Watchdog now is a large dependency with platform-specific binary components and multiple subdependencies which we do not really use, so we want reimplement the very small subset that is needed for mitmproxy in pure Python. This makes mitmproxy smaller and we don’t have to worry about watchdog breaking mitmproxy installations anymore.
- Mitmproxy already supports streaming of responses back to the client. However a commonly asked feature is to also support request streaming, e.g., large file uploads from a client to the server. Recent changes in the core should make this feature pretty straight-forward to implement.
- The mitmproxy project is keen to foster an addon ecosystem. This means that we need a clean, usable way for users to discover and install modules not bundled with mitmproxy itself.
- The next step for mitmproxy is to work on higher-level functionality like security scanners, reconnaissance tools and end-point discovery mechanisms. If you have a neat idea that is central enough to belong in the mitmproxy core, pitch us on it.
- Mitmproxy’s console interface can be improved in many areas – we have plans for a modal interface, configurable key bindings and other improvements.
See here for details on how to get started. We encourage you to also think beyond the features listed above – what would *you* do to improve mitmproxy?
#3 – Mitmproxy Web UI
MentorMaximilian HilsBackup MentorAldo Cortesi, Clemens BrunnerSkills required
- HTML/CSS (strong)
- HTTP (familiar)
Project typeImprove existing toolProject goalSpend the summer improving mitmproxy’s web interface!Description
Last December, we shipped the first version of our web front-end “mitmweb”, which finally brought a graphical user interface and Windows support to mitmproxy. Mitmweb is largely based on last year’s GSoC work and currently only supports mitmproxy’s most important features. Our long-term aim is to achieve feature-parity between the web-interface and the console application. The goal of this project is to add some major mitmproxy features to mitmweb, ideally with a better UX than what the console interface provides. For example, one part of your project would be to implement a replacement editor so that users can define rules to automatically modify requests and responses. Another aspect we’d like to tackle is traffic visualization. While we have a good idea of further features that we want to see implemented, the first task for your application is to try out mitmweb and make a rough list of ideas/features how you would improve mitmweb to show us that you understand the product. We’ll then mix that with what we have in mind and create a great project plan for the summer!
Mitmweb is based on a modern web app technology stack (React.js, Redux.js, ES6, Bootstrap, Gulp, …), so you can work with the latest technologies and focus on good code rather than IE support.