Category index for “security”

OAuth step by step

OAuth protocol has two versions: 1.0 and 2.0.

Most of services today use version 2.0, i suppose because it is easier to implement. Also, 2.0 can be realized in standalone applications (those, that don’t have a server).

To understand the protocols very useful to have a look at their realisation. Here i’ll show several scripts that talk to OAuth providers of different versions. Scripts will implement client application functionality. Only standard python libraries are used. This help to overview the OAuth protocol - everything is on single screen and familiar. Of course, for production application we must use third party oauth libs, they handle many special cases and so on. Purpose of these scripts is just understanding of the protocol and nothing else. It is often hard to keep the protocol flow in production-ready library, because it is splitted in many modules, some other packages are used. And the full vision is slipping out of sight.

Listen wifi with wireshark

I always knew, that it is possible to catch wifi network packets. But haven’t done it in practise (i was analysing network packets, but not in HTTP protocol). So i decided to do it, as this is interesting and useful. Such experience help to understand TCP-IP and HTTP protocols and also to pay more attention for web security.