def test_injection_from_dict_with_template(self, n=100):
for i in range(2, n, 2):
config = '''
X:_data_:
Y:_sxor_(_data_, '\xaa'):
data1="""44444444%s41414141%s"""
''' % ("X" * i, "Y" * i)
inj_dict = {'X': 'a' * (i // 2), 'Y': 'b' * (i // 2)}
psi = StegoInjector(config)
templ_pkt = psi.inject('\x00' * i, 'data1')
print templ_pkt, "<----"
stego_pkt = psi.injectByTag(inj_dict,
template='data1',
pkt=templ_pkt)
testable = 'DDDD%sAAAA%s' % ('a' * (i // 2), 'b' * (i // 2))
# print( stego_pkt, testable )
extr_dict = psi.extractByTag(stego_pkt, 'data1')
# print( extr_dict, inj_dict )
self.assertTrue(extr_dict == inj_dict)
def test_extraction_from_dict(self, n=4):
config = '''
X:_data_:
Y:_data_:
data1="""44444444%s41414141%s"""
''' % ("X" * n, "Y" * n)
inj_dict = {'X': 'a' * (n // 2), 'Y': 'b' * (n // 2)}
psi = StegoInjector(config)
pkt = 'DDDDaaAAAAbb'
extr_dict = psi.extractByTag(pkt, template='data1')
self.assertTrue(inj_dict == extr_dict)
def test_injection_equivalence( self ) :
config = '''
X:_data_:
Y:_sxor_(_data_, chr(_index_) ):
data1 = """XXXXYYYY"""
'''
psi = StegoInjector( config )
data = "\x00"*4
data_dict = { 'X' : "\x00" * 2, 'Y' : '\x00' * 2}
pkt1 = psi.inject(data, 'data1')
pkt2 = psi.injectByTag( data_dict, 'data1' )
# print( pkt1.encode('hex'), pkt2.encode('hex') )
self.assertTrue( pkt1 == pkt2 )
extr1 = psi.extract( pkt1, 'data1' )
extr_dict = psi.extractByTag( pkt2, 'data1' )
self.assertTrue( data == extr1 )
self.assertTrue( data_dict == extr_dict )
def test_injection_from_dict(self, n=100):
for i in range(2, n, 2):
config = '''
X:_data_:
Y:_sxor_(_data_, '\xaa'):
data1="""44444444%s41414141%s"""
''' % ("X" * i, "Y" * i)
inj_dict = {'X': 'a' * (i / 2), 'Y': 'b' * (i / 2)}
psi = StegoInjector(config)
stego_pkt = psi.injectByTag(inj_dict, template='data1')
testable = 'DDDD%sAAAA%s' % ('a' * (i / 2), 'b' * (i / 2))
# print stego_pkt, testable
extr_dict = psi.extractByTag(stego_pkt, 'data1')
# print extr_dict, inj_dict
self.failUnless(extr_dict == inj_dict)
class DataTransformer:
"""
This class provides automated data transformations.
It uses the :class:`covertutils.datamanipulation.stegoinjector.StegoInjector` class to create alterations to existing data chunks.
**Transformation List**
The Transformation List argument is a specially structured list to dictate to the `DataTranformer` which changes should be done to data packet.
Specifically, for a SYN - (RST, ACK) sequence to be simulated, the following configuration should be used:
.. code:: python
X:_data_:
L:_data_:
K:_data_:
ip_tcp_syn = '''45000028LLLL000040067ccd7f0000017f000001XXXX0050KKKKKKKK0000000050022000917c0000'''
ip_tcp_rst_ack = '''450000280001000040067ccd7f0000017f0000010014005000000000XXXXXXXXXX50142000916a0000'''
The Transformation List that has to be used should dictate the class to:
- Unpack Sequence Number from `ip_tcp_syn` template (K tag)
- Increment it by 1
- Place it to a `ip_tcp_rst_ack` template (X tag)
- All the above while handling **endianess**, **integer overflow checks**, etc
The `transformation_list` is declared below:
.. code:: python
transformation_list = [ ( # Tranformation #1
( 'ip_tcp_syn:K', 'ip_tcp_rst_ack:X' ), # From template:tag to template:tag
('!I','!I') # Unpack as an 4-byte Integer (reverse Endianess as of network Endianess) and pack it to 4-byte Integer (reverse Endianess again)
'_data_ + 1' # Eval this string (with the extracted/unpacked data as '_data_') and pack the result.
),
# No other transformations
]
"""
def __init__(self, stego_configuration, transformation_list):
"""
:param str stego_configuration: The Stego Configuration to initialize the internal :class:`covertutils.datamanipulation.stegoinjector.StegoInjector` object.
:param list transformation_list: The Tranformation List as described above.
"""
self.injector = StegoInjector(stego_configuration)
self.transformation_list = transformation_list
def runAll(self, pkt, template=None):
"""
Runs all Tranformations in the `transformation_list` that relate to the specified template.
:param str pkt: The data packet to run the Tranformations on. In `Raw Bytes`.
:param str template: The template string that describes the given data packet. If `None` the :func:`covertutils.datamanipulation.stegoinjector.StegoInjector.guessTemplate` function will try to guess the correct template.
:rtype: str
:return: Returns the `pkt` with all the related tranformations applied.
"""
if not template:
template = self.injector.guessTemplate(pkt)
for trans_tuple in self.transformation_list:
templates, struct_strs, eval_str = trans_tuple
(out_template_tag, in_template_tag) = templates
out_template, out_tag = out_template_tag.split(':')
in_template, in_tag = in_template_tag.split(':')
(out_struct, in_struct) = struct_strs
# if template != out_template :
# continue
out_data = self.injector.extractByTag(pkt, template)[out_tag]
structed_data = unpack(out_struct, out_data)[0]
# ==========================
_data_ = structed_data
output_data = eval(eval_str)
# print( structed_data, eval_str, output_data )
# ==========================
injectable_data = pack(in_struct, output_data)
# injectable_dict = {'X' : injectable_data }
# print( injectable_data.encode('hex') )
# print( self.injector.getCapacity( template ), len( injectable_data) )
# pkt = self.injector.injectByTag( injectable_dict, template, pkt )
pkt = self.injector.inject(injectable_data, template, pkt)
return pkt
