def handler_scenario(scenario):
"""
Execute scenarios from the scenario pool
:param scenario: A list containing a scenario
:return: none
"""
global attack_duration, protocol, host, port, payloads, user_agents, start_time, max_request_multiplier, min_request_multiplier,dataset_path
up_time = datetime.now() - start_time
if up_time.seconds < attack_duration:
context = scenario[1]
version = scenario[2]
resource_path = scenario[3]
token = scenario[4]
method = scenario[5]
request_target = scenario[0] * random.randint(min_request_multiplier, max_request_multiplier)
current_requests = 0
ip = scenario[6]
cookie = scenario[7]
request_path = "{}://{}:{}/{}/{}/{}".format(protocol, host, port, context, version, resource_path)
random_user_agent = random.choice(user_agents)
random_payload = random.choice(payloads)
for i in range(request_target):
up_time = datetime.now() - start_time
if up_time.seconds >= attack_duration:
break
response = util_methods.send_simple_request(request_path, method, token, ip, cookie, random_user_agent, payload=random_payload)
request_string = "{},{},{},{},{},{},{}".format(datetime.now(), request_path, method, token, ip, cookie, response.status_code)
util_methods.log(dataset_path, request_string, "a")
time.sleep(generate_biased_random(0, 3, 2))
current_requests += 1
def request_handler(i):
"""
Handle the requests
:return: None
"""
global attack_duration, protocol, host, port, payloads, user_agents, api_list, dataset_path
up_time = datetime.now() - start_time
if up_time.seconds < attack_duration:
api = random.choice(api_list)
context = api.context
version = api.version
resource_path = random.choice(api.resources['DELETE'])
# random_user = random.choice(api.users)
random_user = api.single_user
method = "DELETE"
accept = content_type = "application/json"
# sleep the process for a random period of time
time.sleep(abs(int(np.random.normal() * 10)))
request_path = "{}://{}:{}/{}/{}/{}".format(protocol, host, port,
context, version,
resource_path)
random_user_agent = random.choice(user_agents)
token = random_user[0]
ip = random_user[2]
cookie = random_user[3]
path_param = generate_random_string(10)
try:
response = util_methods.send_simple_request(request_path,
method,
token,
ip,
cookie,
accept,
content_type,
random_user_agent,
path_params=path_param)
request_info = "{},{},{},{},{}/{},{},{},{},{},\"{}\",{}".format(
datetime.now(),
ip,
token,
method,
request_path,
path_param,
cookie,
accept,
content_type,
ip,
random_user_agent,
response.status_code,
)
util_methods.log(dataset_path, request_info, "a")
except requests.exceptions.RequestException:
msg_string = "[Error] {} - Request Failure\n\t {}".format(
datetime.now(), str(ex))
print(msg_string)
util_methods.log(attack_tool_log_path, msg_string, "a")
def request_handler(i):
"""
Handle the requests
:return: None
"""
global attack_duration, protocol, host, port, payloads, user_agents, api_list, dataset_path
up_time = datetime.now() - start_time
if up_time.seconds < attack_duration:
random_api = random.choice(api_list)
context = random_api.context
version = random_api.version
resource_path = random.choice(random_api.resources['DELETE'])
random_user = random_api.single_user
resource_method = "DELETE"
accept = content_type = "application/json"
# sleep the process for a random period of time
time.sleep(abs(int(np.random.normal() * 10)))
request_path = "{}://{}:{}/{}/{}/{}".format(protocol, host, port,
context, version,
resource_path)
random_user_agent = random.choice(user_agents)
token = random_user[0]
ip = random_user[2]
cookie = random_user[3]
path_param = generate_random_string(10)
try:
response = util_methods.send_simple_request(request_path,
resource_method,
token,
ip,
cookie,
accept,
content_type,
random_user_agent,
path_params=path_param)
request_info = "{},{},{},{},{}/{},{},{},{},{},\"{}\",{}".format(
datetime.now(), ip, token, resource_method, request_path,
path_param, cookie, accept, content_type, ip,
random_user_agent, response.status_code)
util_methods.write_to_file(dataset_path, request_info, "a")
except requests.exceptions.ConnectionError as e:
error_code = 521
request_info = "{},{},{},{},{}/{},{},{},{},{},\"{}\",{}".format(
datetime.now(), ip, token, resource_method, request_path,
path_param, cookie, accept, content_type, ip,
random_user_agent, error_code)
util_methods.write_to_file(dataset_path, request_info, "a")
logger.error("Connection Error: {}".format(e))
except requests.exceptions.RequestException:
logger.exception("Request Failure")
def simulate_user(user_data):
"""
Simulate the behaviour of a user during the attack duration.
:param user_data: A dictionary containing the user data
:return: None
"""
global attack_duration, protocol, host, port, payloads, user_agents, start_time, dataset_path, invoke_patterns, max_request_multiplier, min_request_multiplier
up_time = datetime.now() - start_time
if up_time.seconds < attack_duration:
for app_name, app in user_data.items():
sleep_pattern = invoke_patterns[random.choice(list(invoke_patterns.keys()))]
for scenario in app:
scenario[0] *= random.randint(min_request_multiplier, max_request_multiplier)
invoke_pattern_indices = util_methods.generate_method_invoke_pattern(app)
for i in invoke_pattern_indices:
up_time = datetime.now() - start_time
if up_time.seconds >= attack_duration:
break
sleep_time = np.absolute(np.random.normal(sleep_pattern['mean'], sleep_pattern['std']))
time.sleep(sleep_time)
scenario = app[i]
path = scenario[2]
token = scenario[3]
method = scenario[4]
request_path = "{}://{}:{}/{}".format(protocol, host, port, path)
random_user_agent = scenario[7]
ip = scenario[5]
cookie = scenario[6]
random_payload = random.choice(payloads)
accept = content_type = "application/json"
try:
response = util_methods.send_simple_request(request_path, method, token, ip, cookie, accept, content_type, random_user_agent, payload=random_payload)
request_info = "{},{},{},{},{},{},{},{},{},\"{}\",{}".format(datetime.now(), ip, token, method, request_path, cookie, accept, content_type, ip,
random_user_agent,
response.status_code,
)
util_methods.log(dataset_path, request_info, "a")
except requests.exceptions.RequestException:
msg_string = "[Error] {} - Request Failure\n\t {}".format(datetime.now(), str(ex))
print(msg_string)
util_methods.log(attack_tool_log_path, msg_string, "a")
def execute_scenario(scenario):
"""
Execute scenarios from the scenario pool to simulate abnormal token usage
:param scenario: A list containing a scenario
:return: none
"""
global attack_duration, protocol, host, port, payloads, user_agents, start_time, max_request_multiplier, min_request_multiplier, dataset_path
up_time = datetime.now() - start_time
if up_time.seconds < attack_duration:
# multiply normal request count by a random value between user defined min and max value
request_target = scenario[0] * random.randint(min_request_multiplier,
max_request_multiplier)
context = scenario[1]
version = scenario[2]
resource_path = scenario[3]
token = scenario[4]
method = scenario[5]
ip = scenario[6]
cookie = scenario[7]
user_agent = scenario[10]
request_path = "{}://{}:{}/{}/{}/{}".format(protocol, host, port,
context, version,
resource_path)
random_payload = random.choice(payloads)
# sending requests until the request target achieved or attack duration elapses
for i in range(request_target):
up_time = datetime.now() - start_time
if up_time.seconds >= attack_duration:
break
response = util_methods.send_simple_request(request_path,
method,
token,
ip,
cookie,
user_agent,
payload=random_payload)
request_info = "{},{},{},{},{},{},{},\"{}\"".format(
datetime.now(), request_path, method, token, ip, cookie,
response.status_code, user_agent)
util_methods.log(dataset_path, request_info, "a")
# sleep the process for a random period of time between 0 and 3 seconds but biased to 0
time.sleep(generate_biased_random(0, 3, 2))
def request_handler(i):
"""
Handle the requests
:return: None
"""
global attack_duration, protocol, host, port, payloads, user_agents, api_list, dataset_path
up_time = datetime.now() - start_time
if up_time.seconds < attack_duration:
api = random.choice(api_list)
context = api.context
version = api.version
resource_path = random.choice(api.resources['DELETE'])
random_user = random.choice(api.users)
token = random_user[0]
method = "DELETE"
# time.sleep(generate_biased_random(0, 10, 2))
time.sleep(random.randint(0, 10))
request_path = "{}://{}:{}/{}/{}/{}".format(protocol, host, port,
context, version,
resource_path)
random_user_agent = random.choice(user_agents)
ip = random_user[2]
cookie = random_user[3]
path_param = generate_random_string(10)
response = util_methods.send_simple_request(request_path,
method,
token,
ip,
cookie,
random_user_agent,
path_params=path_param)
request_info = "{},{},{},{},{},{},{},\"{}\"".format(
datetime.now(), request_path, method, token, ip, cookie,
response.status_code, random_user_agent)
util_methods.log(dataset_path, request_info, "a")
print("Request sent with token: %s" % token, flush=True)
def execute_scenario(scenario):
"""
Execute a scenario from the scenario pool to simulate the usage of a stolen token
:param scenario: A list containing a scenario
:return: none
"""
global attack_duration, protocol, host, port, payloads, user_agents, start_time, dataset_path
up_time = datetime.now() - start_time
if up_time.seconds < attack_duration:
request_target = scenario[0]
context = scenario[1]
version = scenario[2]
resource_path = scenario[3]
token = scenario[4]
method = scenario[5]
request_path = "{}://{}:{}/{}/{}/{}".format(protocol, host, port, context, version, resource_path)
random_user_agent = random.choice(user_agents)
random_ip = generate_unique_ip()
random_cookie = generate_cookie()
random_payload = random.choice(payloads)
for i in range(request_target):
up_time = datetime.now() - start_time
if up_time.seconds >= attack_duration:
break
response = util_methods.send_simple_request(request_path, method, token, random_ip, random_cookie, random_user_agent, payload=random_payload)
request_info = "{},{},{},{},{},{},{},\"{}\"".format(datetime.now(), request_path, method, token, random_ip, random_cookie, response.status_code, random_user_agent)
util_methods.log(dataset_path, request_info, "a")
# print("Request sent with token: %s" % token, flush=True)
# sleep the process for a random period of time between 0 and 5 seconds but biased to 0
time.sleep(generate_biased_random(0, 5, 2))
def simulate_user(user_data):
"""
Simulate the behaviour of a user during the attack duration.
:param user_data: A dictionary containing the user data
:return: None
"""
global attack_duration, protocol, host, port, payloads, user_agents, start_time, dataset_path, invoke_patterns
up_time = datetime.now() - start_time
sleep_pattern = invoke_patterns[random.choice(list(
invoke_patterns.keys()))]
if up_time.seconds < attack_duration:
for app in user_data.values():
invoke_pattern_indices = util_methods.generate_method_invoke_pattern(
app)
for i in invoke_pattern_indices:
up_time = datetime.now() - start_time
if up_time.seconds >= attack_duration:
break
sleep_time = np.absolute(
np.random.normal(sleep_pattern['mean'],
sleep_pattern['std']))
time.sleep(sleep_time)
scenario = app[i]
invoke_path = scenario[2]
token = scenario[3]
http_method = scenario[4]
request_path = "{}://{}:{}/{}".format(protocol, host, port,
invoke_path)
random_user_agent = random.choice(user_agents)
random_ip = generate_unique_ip()
random_cookie = generate_cookie()
random_payload = random.choice(payloads)
accept = content_type = "application/json"
try:
response = util_methods.send_simple_request(
request_path,
http_method,
token,
random_ip,
random_cookie,
accept,
content_type,
random_user_agent,
payload=random_payload)
request_info = "{},{},{},{},{},{},{},{},{},\"{}\",{}".format(
datetime.now(),
random_ip,
token,
http_method,
request_path,
random_cookie,
accept,
content_type,
random_ip,
random_user_agent,
response.status_code,
)
util_methods.write_to_file(dataset_path, request_info, "a")
except requests.exceptions.ConnectionError as e:
error_code = 521
request_info = "{},{},{},{},{},{},{},{},{},\"{}\",{}".format(
datetime.now(),
random_ip,
token,
http_method,
request_path,
random_cookie,
accept,
content_type,
random_ip,
random_user_agent,
error_code,
)
util_methods.write_to_file(dataset_path, request_info, "a")
logger.error("Connection Error: {}".format(e))
except requests.exceptions.RequestException:
logger.exception("Request Failure")