It started almost a year back when I heard about GSoC for the first time in an introductory lecture by SDSLabs. I was quite a noob except knowing a little about competitive coding. Then came the day when Google announced the mentoring organisations and I remember going through every single organistion but I couldn’t understand WHAT and WHERE to do. I tried sorting organisations according to programming language but nope, nothing :( I don’t even know about a commit.
Though I had realised one thing that it’s not about language but it’s about field, I should have a background in any of these fields. I’ve tried Web and Android Development but neither fascinates me much. The deadline is one week away and then I met one of my classmate, Paras who was trying for GSoC and honestly I still didn’t have a clue. After the end of semester exams, I took him to my room and asked What the heck is all this? He told me about his project and introduced me to Information Security. Well, Infosec is cool after all who doesn’t want to be a hacker, right? I spent my summer learning more about infosec, git and basic web backend to step into web exploitation. I made a Tic-Tack-Toe game using javascript and put it on my GitHub. The next semester was all about Infosec.
Meanwhile, I started searching for open-source organisation to contribute in 2016 GSoC orgnisation list. Due to my interest in web security, I found OWASP ZAP a suitable candidate. But it’s code base is humongous. It took me almost half month till I found a TODO, which is doable. It is just an extension of an attack whose code is already present in the same file. With this small patch, I submitted my first PR, Wooohhhuuu !!!
Later I submitted an issue and another PR in January. Now odds are pretty good for me. Google was going to announce mentoring organisations on 27th Feb, 9:30 pm IST. At 9:31 pm, I got a message from Paras “We’re screwed, man. OWASP isn’t selected”.
I knew the same thing had happened with one my senior but I still played the gamble and it didn’t work. So I had to start from sea level.
I finalized Snare/Tanner and Mitmproxy after searching for almost one week. The code base of Mitmproxy is large and I’m not much familiar with networks, it might take a lot of time to just understand and I wouldn’t be able to contribute much, so I put it on hold, though it’s my first choice.
Snare/Tanner is a web security based project and also a new one, thus has a small code base. So I went for this one, contacted the mentor and started contributing by fixing bugs and writing missing tests.
The deadline for proposal submission is 2 weeks away, so I have to worry about proposal. I took some ideas from the Ideas page and a few my own to make a good list of tasks. Then I looked at my seniors’ proposals, used them as template and organize tasks with timeline. I got it reviewed from Jay Bosamiya and my mentor. I submitted the final version 2 days before.
The list of accepted student projects for Google Summer of Code ‘17 came on 4th May, 9:30 pm IST. I opened the website at 9:30 pm precisely and this made my day, technically night.
I’m looking forward to enjoy my summer with Honeynet. I’ll keep writing regular reports on this blog itself.
I would like to thank my mentor Evgeniya for helping me throughout the entire process, Jay bosamiya for reviewing my proposal and folks at InfoSecIITR for the entire Infosec journey, especially Paras for getting me started.