def run(self):
Attack.run(self)
self.pre_attack_init()
self.client.publish(self.client2_name + "/status",
"topic_name_fuzzing_type_1")
print "Please check if the attacked client continues working"
er = self.client.subscribe("$SYS/#", 1)
if er[0] == 0:
self.logger.info(
"Successfully subscribed to all system topics. ALERT!")
self.client.unsubscribe("$SYS/#")
else:
self.logger.info(
"Failed to subscribe to all system topics. Very good!")
# Trying to publish to a system topic, change the number of clients connected
self.logger.info(
"Please check from the broker monitor if 999 is published to $SYS/broker/clients/connected, it will be published in a seconds!"
)
time.sleep(2)
self.client.publish("$SYS/broker/clients/connected", 999)
self.logger.info(
"Please check from the broker monitor if 999 is published to $SYS/broker/clients/connected."
)
def run(self):
Attack.run(self)
self.pre_attack_init()
# Fill the size list as randomly generated
size_list = [0, self.max_payload_length]
size_list.extend([random.randint(0, self.max_payload_length) for _ in range(self.fuzzing_turn - 2)])
fuzzing = 0
self.logger.info("Size payload fuzzing is started. Please consider it may take some time.")
for payload_size in size_list:
if self.stopped_flag is True: # Attack is terminated
break
# Create payload and send it
random_strings = "".join([chr(_) for _ in range(65, 91)]) + "".join([chr(_) for _ in range(97, 123)])
random_character = random.choice(random_strings)
sized_payload = random_character * payload_size
PeniotCoAP.make_request(self.client, self.path, self.method, sized_payload)
# Informative procedures
self.logger.info("Turn {0} is completed".format(fuzzing + 1))
self.sent_message_count += 1
fuzzing += 1
time.sleep(1)
if self.stopped_flag is False:
self.logger.info("Payload size attack is finished.")
else:
self.logger.info("Payload size attack has been terminated.")
if self.client is not None:
self.client.stop()
self.client = None
def run(self):
Attack.run(self)
self.pre_attack_init()
payload = self.payload
if payload is None:
# Create seed with randomly
length = random.randint(1, self.max_length_of_random_payload)
payload = "".join(
[chr(random.randint(1, 127)) for _ in range(length)])
self.logger.info("Random payload fuzzing is started.")
for fuzzing in range(self.turn):
if self.stopped_flag is True:
break
while True:
try:
returned_strings = rdm.get_ascii_decodable_radamsa_malformed_input(
payload, self.count)
if type(returned_strings) == list:
fuzzer_messages = [
string.decode("utf-8")
for string in returned_strings
]
else:
fuzzer_messages = returned_strings.decode("utf-8")
break
except UnicodeDecodeError:
continue
# Check whether result is list or not
if type(fuzzer_messages) == list:
for message in fuzzer_messages:
self.channel.basic_publish(exchange=self.exchange,
routing_key=self.routing_key,
body=message)
# Increment sent message count
self.sent_message_count += 1
else:
self.channel.basic_publish(exchange=self.exchange,
routing_key=self.routing_key,
body=fuzzer_messages)
# Increment sent message count
self.sent_message_count += 1
time.sleep(1)
self.logger.info("Turn {0} is completed".format(fuzzing + 1))
if self.stopped_flag is False:
self.logger.info("Random payload fuzzing is finished.")
if self.connection is not None:
self.connection.close()
def run(self):
Attack.run(self)
self.pre_attack_init()
self.logger.info("Random payload fuzzing is started.")
if self.payload is None:
length = random.randint(1, self.max_length_of_random_payload)
self.payload = "".join(
[chr(random.randint(1, 127)) for _ in range(length)])
for fuzzing in range(self.fuzzing_turn):
if self.stopped_flag is True:
break
while self.stopped_flag is False:
try:
returned_strings = rdm.get_ascii_decodable_radamsa_malformed_input(
self.payload, self.fuzzing_count)
if type(returned_strings) == list:
fuzzer_messages = [
string.decode("utf-8")
for string in returned_strings
]
else:
fuzzer_messages = returned_strings.decode("utf-8")
break
except UnicodeDecodeError:
continue
# Check whether result is list or not
if type(fuzzer_messages) == list:
for message in fuzzer_messages:
PeniotCoAP.make_request(self.client, self.path,
self.method, message)
# Increment sent message count
self.sent_message_count += 1
else:
PeniotCoAP.make_request(self.client, self.path, self.method,
fuzzer_messages)
# Increment sent message count
self.sent_message_count += 1
time.sleep(1)
self.logger.info("Turn {0} is completed".format(fuzzing + 1))
if self.stopped_flag is False:
self.logger.info("Random payload fuzzing is finished.")
else:
self.logger.info("Random payload fuzzing has been terminated.")
if self.client is not None:
self.client.stop()
self.client = None
def run(self):
Attack.run(self)
self.pre_attack_process() # Sniff the packets so we can replay
self.pre_attack_init() # Do the necessary checks
try:
selected_packet = self.captured_packets[self.selected_index]
try:
self.client.connect(selected_packet.ip.dst_host)
except Exception as e:
self.logger.error("Failed to connect to broker")
self.logger.info(selected_packet)
self.client.publish(selected_packet.mqtt.topic,
selected_packet.mqtt.msg)
except IndexError as _:
self.logger.error("Invalid packet index. Indices start from 0...")
def run(self):
Attack.run(self)
self.pre_attack_init()
self.client.loop_start()
self.logger.info("Random payload fuzzing is started.")
if self.payload is None:
length = random.randint(1, self.max_length_of_random_payload)
self.payload = "".join([chr(random.randint(1, 127)) for _ in range(length)])
for fuzzing in range(self.turn):
if self.stopped_flag is True:
break
while True:
try:
returned_strings = rdm.get_ascii_decodable_radamsa_malformed_input(self.payload, self.count)
if type(returned_strings) == list:
fuzzer_messages = [string.decode("utf-8") for string in returned_strings]
else:
fuzzer_messages = returned_strings.decode("utf-8")
break
except UnicodeDecodeError:
self.logger.debug("Error occurred while decoding payload in random payload fuzzing.")
continue
# Check whether result is list or not
if type(fuzzer_messages) == list:
for message in fuzzer_messages:
self.client.publish(self.topic, message)
# Increment sent message count
self.sent_message_count += 1
else:
self.client.publish(self.topic, fuzzer_messages)
# Increment sent message count
self.sent_message_count += 1
time.sleep(1)
self.logger.info("Turn {0} is completed with message content = {1}".format(fuzzing + 1, fuzzer_messages))
self.client.loop_stop()
self.logger.info("Random payload fuzzing is finished.")
def run(self):
Attack.run(self)
self.pre_attack_init()
assert self.turn >= 2
# Fill the size list as randomly generated
size_list = [0, self.max_payload_length]
size_list.extend([
random.randint(0, self.max_payload_length)
for _ in range(self.turn - 2)
])
fuzzing = 0
self.logger.info(
"Size payload fuzzing is started. Please consider it may take some time."
)
for payload_size in size_list:
if self.stopped_flag is True:
break
# Create payload and send it
random_strings = "".join([chr(_)
for _ in range(65, 91)]) + "".join(
[chr(_) for _ in range(97, 123)])
random_character = random.choice(random_strings)
sized_payload = random_character * payload_size
self.channel.basic_publish(exchange=self.exchange,
routing_key=self.routing_key,
body=sized_payload)
# Informative procedures
self.logger.info("Turn {0} is completed".format(fuzzing + 1))
self.sent_message_count += 1
fuzzing += 1
time.sleep(1)
if self.stopped_flag is False:
self.logger.info("Payload size attack is finished.")
def run(self):
Attack.run(self)
self.pre_attack_init()
# Fill the size list as randomly generated
size_list = [0, self.max_payload_length]
size_list.extend([
random.randint(0, self.max_payload_length)
for _ in range(self.fuzzing_turn - 2)
])
fuzzing = 0
self.logger.info(
"Size payload fuzzing is started. Please consider it may take some time."
)
for payload_size in size_list:
if self.stopped_flag is True: # An external interrupt can force us to finish the attack
break
# Create payload and send it
random_strings = "".join([chr(_)
for _ in range(65, 91)]) + "".join(
[chr(_) for _ in range(97, 123)])
random_character = random.choice(random_strings)
sized_payload = random_character * payload_size
self.client.publish(self.topic, sized_payload)
# Increment sent message count
self.logger.info(
"Turn {0} is completed and {1} bytes of message is sent.".
format(fuzzing + 1, payload_size))
self.sent_message_count += 1
fuzzing += 1
time.sleep(1)
if self.stopped_flag is False:
self.logger.info("Payload size attack is finished.")
def run(self):
Attack.run(self)
self.pre_attack_init()
subscribe = paho.SUBSCRIBE
unsubscribe = paho.UNSUBSCRIBE
# Quality of service creator
random_qosses = [0, 1, 2]
# Currently include "A...Za...z"
random_strings = "".join([chr(_) for _ in range(65, 91)]) + "".join(
[chr(_) for _ in range(97, 123)])
'''
(fuzz_client, message_type, topics, dup=False, optional_remaining_length=2,
command_dup_shift_times=3, command_base_xor_part=0x2):
'''
test_cases = [
dict(message_type=subscribe,
topics=[
self.random_topic_generator(subscribe, random_strings,
random_qosses)
],
dup=False,
optional_remaining_length=2,
command_dup_shift_times=3,
command_base_xor_part=0x2),
dict(message_type=subscribe,
topics=[
self.random_topic_generator(subscribe, random_strings,
random_qosses),
self.random_topic_generator(subscribe, random_strings,
random_qosses)
],
dup=False,
optional_remaining_length=3,
command_dup_shift_times=3,
command_base_xor_part=0x2),
dict(message_type=subscribe,
topics=[
self.random_topic_generator(subscribe, random_strings,
random_qosses)
],
dup=False,
optional_remaining_length=2,
command_dup_shift_times=5,
command_base_xor_part=0x2),
dict(message_type=subscribe,
topics=[
self.random_topic_generator(subscribe, random_strings,
random_qosses)
],
dup=False,
optional_remaining_length=2,
command_dup_shift_times=3,
command_base_xor_part=0x5),
dict(message_type=unsubscribe,
topics=[
self.random_topic_generator(unsubscribe, random_strings,
random_qosses)
],
dup=False,
optional_remaining_length=2,
command_dup_shift_times=3,
command_base_xor_part=0x2),
dict(message_type=unsubscribe,
topics=[
self.random_topic_generator(unsubscribe, random_strings,
random_qosses),
self.random_topic_generator(unsubscribe, random_strings,
random_qosses)
],
dup=False,
optional_remaining_length=3,
command_dup_shift_times=3,
command_base_xor_part=0x2),
dict(message_type=unsubscribe,
topics=[
self.random_topic_generator(unsubscribe, random_strings,
random_qosses)
],
dup=False,
optional_remaining_length=2,
command_dup_shift_times=5,
command_base_xor_part=0x2),
dict(message_type=unsubscribe,
topics=[
self.random_topic_generator(unsubscribe, random_strings,
random_qosses)
],
dup=False,
optional_remaining_length=2,
command_dup_shift_times=3,
command_base_xor_part=0x5)
]
for test_case in test_cases:
if self.stopped_flag is True:
break
self.send_subscribe_or_unsubscribe(
self.client, test_case["message_type"], test_case["topics"],
test_case["dup"], test_case["optional_remaining_length"],
test_case["command_dup_shift_times"],
test_case["command_base_xor_part"])
# Increment sent message count
self.sent_message_count += 1
self.logger.info(
"Test case {0} has been run in generation based fuzzing".
format(str(test_case)))
time.sleep(1)
