def get_smb_platform_data(platform: str, timestamp: float):
"""
Gets platform-dependent data for SMB 2 packets
:param platform: the platform for which to get SMB 2 packet data
:param timestamp: a timestamp for calculating the boot-time
:return: server_guid, security_blob, capabilities, data_size and server_start_time of the given platform
"""
Util.check_platform(platform)
if platform == "linux":
server_guid = "ubuntu"
security_blob = security_blob_ubuntu
capabilities = 0x5
data_size = 0x800000
server_start_time = 0
elif platform == "macos":
server_guid = binascii.b2a_hex(os.urandom(15)).decode()
security_blob = security_blob_macos
capabilities = 0x6
data_size = 0x400000
server_start_time = 0
else:
server_guid = binascii.b2a_hex(os.urandom(15)).decode()
security_blob = security_blob_windows
capabilities = 0x7
data_size = 0x100000
server_start_time = Util.get_filetime_format(
Util.get_rnd_boot_time(timestamp))
return server_guid, security_blob, capabilities, data_size, server_start_time
def get_ip_data(self, ip_address: str):
"""
:param ip_address: the ip of which (packet-)data shall be returned
:return: MSS, TTL and Window Size values of the given IP
"""
# Set MSS (Maximum Segment Size) based on MSS distribution of IP address
mss_dist = self.statistics.get_mss_distribution(ip_address)
if len(mss_dist) > 0:
mss_prob_dict = lea.Lea.fromValFreqsDict(mss_dist)
mss_value = mss_prob_dict.random()
else:
mss_value = Util.handle_most_used_outputs(self.most_used_mss_value)
# Set TTL based on TTL distribution of IP address
ttl_dist = self.statistics.get_ttl_distribution(ip_address)
if len(ttl_dist) > 0:
ttl_prob_dict = lea.Lea.fromValFreqsDict(ttl_dist)
ttl_value = ttl_prob_dict.random()
else:
ttl_value = Util.handle_most_used_outputs(self.most_used_ttl_value)
# Set Window Size based on Window Size distribution of IP address
win_dist = self.statistics.get_win_distribution(ip_address)
if len(win_dist) > 0:
win_prob_dict = lea.Lea.fromValFreqsDict(win_dist)
win_value = win_prob_dict.random()
else:
win_value = Util.handle_most_used_outputs(self.most_used_win_size)
return mss_value, ttl_value, win_value
def get_smb_version(platform: str):
"""
Returns SMB version based on given platform
:param platform: the platform as string
:return: SMB version as string
"""
Util.check_platform(platform)
if platform == "linux":
return rnd.choice(list(smb_versions_per_samba.values()))
elif platform == "macos":
return "2.1"
else:
return smb_versions_per_win[platform]
def generate_attack_packets(self) -> None:
ip_attacker = self.get_param_value(self.IP_SOURCE)
mac_attacker = self.get_param_value(self.MAC_SOURCE)
ip_amplifier = self.get_param_value(self.IP_DESTINATION)
mac_amplifier = self.get_param_value(self.MAC_DESTINATION)
ip_victim = self.get_param_value(self.IP_VICTIM)
timestamp_next_pkt = self.get_param_value(self.INJECT_AT_TIMESTAMP)
self.attack_start_utime = timestamp_next_pkt
attack_duration = self.get_param_value(self.ATTACK_DURATION)
attack_ends_time = timestamp_next_pkt + attack_duration
_, src_ttl, _ = self.get_ip_data(ip_attacker)
sport = Util.generate_source_port_from_platform('linux')
# Use MAC of the actual source, but the IP of the victim
attacker_ether = inet.Ether(src=mac_attacker, dst=mac_amplifier)
attacker_ip = inet.IP(src=ip_victim, dst=ip_amplifier, ttl=src_ttl, flags='DF')
while timestamp_next_pkt <= attack_ends_time:
request_udp = inet.UDP(sport=sport, dport=Memcd.memcached_port)
request_memcd = Memcd.Memcached_Request(Request=b'stats\r\n', RequestID=inet.RandShort())
request = (attacker_ether / attacker_ip / request_udp / request_memcd)
request.time = timestamp_next_pkt
self.add_packet(request, ip_victim, ip_amplifier)
timestamp_next_pkt = self.timestamp_controller.next_timestamp()
def test_get_smb_platform_data_win(self):
guid, blob, cap, d_size, time = SMBLib.get_smb_platform_data(
"win7", 100)
self.assertEqual((blob, cap, d_size),
(SMBLib.security_blob_windows, 0x7, 0x100000))
self.assertTrue(isinstance(guid, str) and len(guid) > 0)
self.assertTrue(time <= Utility.get_filetime_format(100))
def test_get_rnd_x86_nop_with_sideeffects(self):
result = Utility.get_rnd_x86_nop(1000, False)
for i in range(0, len(result)):
with self.subTest(i=i):
self.assertTrue(
result[i].to_bytes(1, "little") in Utility.x86_nops or
result[i].to_bytes(1, "little") in Utility.x86_pseudo_nops)
def append_ips(
ip_address_input: t.List[str]) -> t.Tuple[bool, t.List[str]]:
"""
Recursive appending function to handle lists and ranges of IP addresses.
:param ip_address_input: The IP address(es) as list of strings, comma-separated or dash-separated string.
:return: List of all given IP addresses.
"""
ip_list = []
is_valid = True
for ip in ip_address_input:
if '-' in ip:
ip_range = ip.split('-')
ip_range = Util.get_ip_range(ip_range[0], ip_range[1])
if not ip_range:
is_valid = False
is_valid, ips = append_ips(ip_range)
ip_list.extend(ips)
else:
try:
ipaddress.ip_address(ip)
ip_list.append(ip)
except ValueError:
return False, ip_list
return is_valid, ip_list
def __init__(self):
"""
Creates a new instance of the SMBScanAttack.
This Attack injects TCP Syn Requests to the port 445 of several ips and related response into the output
pcap file.
If port 445 is open, it will simulate and inject the SMB Protocol Negotiation too.
"""
# Initialize attack
super(SMBScanAttack,
self).__init__("SMBScan Attack", "Injects an SMB scan",
"Scanning/Probing")
self.host_os = Util.get_rnd_os()
# Define allowed parameters and their type
self.update_params([
Parameter(self.IP_SOURCE, IPAddress()),
Parameter(self.IP_DESTINATION, IPAddress()),
Parameter(self.MAC_DESTINATION, MACAddress()),
Parameter(self.TARGET_COUNT, IntegerPositive()),
Parameter(self.HOSTING_PERCENTAGE, Percentage()),
Parameter(self.PORT_SOURCE, Port()),
Parameter(self.MAC_SOURCE, MACAddress()),
Parameter(self.IP_SOURCE_RANDOMIZE, Boolean()),
Parameter(self.PACKETS_PER_SECOND, Float()),
Parameter(self.PORT_SOURCE_RANDOMIZE, Boolean()),
Parameter(self.HOSTING_IP, IPAddress()),
Parameter(self.HOSTING_VERSION, String()),
Parameter(self.SOURCE_PLATFORM, SpecificString(Util.platforms)),
Parameter(self.PROTOCOL_VERSION, String())
])
def test_get_ip_range_backwards(self):
end = "192.168.178.254"
start = "192.168.179.1"
result = [
"192.168.179.1", "192.168.179.0", "192.168.178.255",
"192.168.178.254"
]
self.assertEqual(Utility.get_ip_range(start, end), result)
def test_get_rnd_x86_nop_without_sideeffects(self):
result = Utility.get_rnd_x86_nop(1000, True)
for i in range(0, len(result)):
with self.subTest(i=i):
self.assertIn(result[i].to_bytes(1, "little"),
Utility.x86_nops)
self.assertNotIn(result[i].to_bytes(1, "little"),
Utility.x86_pseudo_nops)
def get_intermediate_timestamp(self,
divisor: int = 2,
factor: int = 1) -> int:
"""
Calculates a timestamp, which lays within the input pcap.
By default a timestamp in the middle of the pcap.
:param divisor: The number of intervals in which the pcap length should be divided.
:param factor: The number of the interval from which to get the timestamp.
:return: The calculated timestamp.
"""
start = Util.get_timestamp_from_datetime_str(
self.statistics.get_pcap_timestamp_start())
end = Util.get_timestamp_from_datetime_str(
self.statistics.get_pcap_timestamp_end())
if factor > divisor:
print("Error: timestamp out of range (factor > divisor)")
return start
return start + ((end - start) / divisor) * factor
def choose_attack(input_name):
""""
Finds the attack best matching to input_name
:param input_name: The name of the attack the user put in
:return: The best matching attack in case one was found
"""
import Attack
# Find all attacks, exclude some classes
package = Attack
available_attacks = []
for _, name, __ in pkgutil.iter_modules(package.__path__):
if name != 'BaseAttack' and name != 'AttackParameters':
available_attacks.append(name)
highest_sim = 0.0
highest_sim_attack = None
for attack in available_attacks:
# Check if attack name is accurate
if input_name == attack:
return attack
# Compares input with one of the available attacks
# Makes comparison with lowercase version with generic endings removed
# List of generic attack name endings can be found in ID2TLib.Utility
counter_check = attack.lower()
if not any(ending in input_name
for ending in Util.generic_attack_names):
counter_check = Util.remove_generic_ending(counter_check)
similarity = difflib.SequenceMatcher(None, input_name.lower(),
counter_check).ratio()
# Exact match, return appropriate attack name
if similarity == 1.0:
return attack
# Found more likely match
if similarity > highest_sim:
highest_sim = similarity
highest_sim_attack = attack
# Found no exactly matching attack name, print best match and exit
if highest_sim >= 0.6:
print('Found no attack of name ' + input_name +
'. The closest match was ' + highest_sim_attack +
'. Use ./id2t -l for a list of available attacks.')
exit(1)
# Found no reasonably matching attack name, recommend -l and exit
else:
print('Found no attack of name ' + input_name +
' or one similar to it.'
' Use ./id2t -l for an overview of available attacks.')
exit(1)
def init_param(self, param: str) -> bool:
"""
Initialize a parameter with its default values specified in this attack.
:param param: parameter, which should be initialized
:return: True if initialization was successful, False if not
"""
value = None
if param == self.INJECT_AFTER_PACKET:
value = rnd.randint(0, self.statistics.get_packet_count())
# attacker configuration
elif param == self.NUMBER_ATTACKERS:
# FIXME
value = rnd.randint(1, 16)
elif param == self.IP_SOURCE:
num_attackers = self.get_param_value(self.NUMBER_ATTACKERS)
if not num_attackers:
return False
# The most used IP class in background traffic
most_used_ip_class = Util.handle_most_used_outputs(
self.statistics.get_most_used_ip_class())
value = self.generate_random_ipv4_address(most_used_ip_class,
num_attackers)
elif param == self.MAC_SOURCE:
num_attackers = self.get_param_value(self.NUMBER_ATTACKERS)
if not num_attackers:
return False
value = self.generate_random_mac_address(num_attackers)
elif param == self.PORT_SOURCE:
self.default_port = int(inet.RandShort())
value = self.default_port
elif param == self.PACKETS_PER_SECOND:
value = 0.0
elif param == self.ATTACK_DURATION:
value = rnd.randint(5, 30)
# victim configuration
elif param == self.IP_DESTINATION:
value = self.statistics.get_random_ip_address()
elif param == self.MAC_DESTINATION:
ip_dst = self.get_param_value(self.IP_DESTINATION)
if not ip_dst:
return False
value = self.get_mac_address(ip_dst)
elif param == self.VICTIM_BUFFER:
value = rnd.randint(1000, 10000)
elif param == self.LATENCY_MAX:
value = 0
if value is None:
return False
return self.add_param_value(param, value)
def init_param(self, param: str) -> bool:
"""
Initialize a parameter with its default values specified in this attack.
:param param: parameter, which should be initialized
:return: True if initialization was successful, False if not
"""
value = None
if param == self.IP_SOURCE:
value = self.statistics.get_most_used_ip_address()
elif param == self.IP_SOURCE_RANDOMIZE:
value = 'False'
elif param == self.MAC_SOURCE:
ip_src = self.get_param_value(self.IP_SOURCE)
if ip_src is None:
return False
value = self.get_mac_address(ip_src)
elif param == self.TARGET_COUNT:
value = 200
elif param == self.IP_DESTINATION:
value = "1.1.1.1"
elif param == self.MAC_DESTINATION:
ip_dst = self.get_param_value(self.IP_DESTINATION)
if ip_dst is None:
return False
value = self.get_mac_address(ip_dst)
elif param == self.PORT_SOURCE:
value = rnd.randint(1024, 65535)
elif param == self.PORT_SOURCE_RANDOMIZE:
value = 'True'
elif param == self.PACKETS_PER_SECOND:
value = self.statistics.get_most_used_pps()
elif param == self.INJECT_AFTER_PACKET:
value = rnd.randint(0, self.statistics.get_packet_count())
elif param == self.INJECT_AT_TIMESTAMP:
value = self.get_intermediate_timestamp()
elif param == self.HOSTING_PERCENTAGE:
value = 0.5
elif param == self.HOSTING_IP:
value = "1.1.1.1"
elif param == self.HOSTING_VERSION:
value = SMBLib.get_smb_version(platform=self.host_os)
elif param == self.SOURCE_PLATFORM:
value = Util.get_rnd_os()
elif param == self.PROTOCOL_VERSION:
value = "1"
if value is None:
return False
return self.add_param_value(param, value)
def get_reply_latency(self,
ip_src,
ip_dst,
default: int = 0,
mode: str = None):
"""
Gets the minimum and the maximum reply latency for all the connections of a specific IP.
:param ip_src: The source IP for which to retrieve the reply latency.
:param ip_dst: The destination IP for which to retrieve the reply latency.
:param default: The default value to return if no latency could be calculated.
:param mode: either "local" or "public"
:return minimum and maximum latency
"""
if not mode:
mode = Util.get_network_mode(ip_src, ip_dst)
minimum = {"local": 900, "public": 3000}
if default != 0:
minimum[mode] = default
result = self.statistics.process_db_query\
("SELECT minLatency, maxLatency FROM ip_statistics WHERE ipAddress in ('{0}, {1}');".
format(ip_src, ip_dst))
min_latency = minimum[mode]
max_latency = minimum[mode]
for ip in result:
# retrieve minimum latency
if ip[0]:
retrieved = ip[0]
else:
retrieved = np.median(self.all_min_latencies)
min_latency = min(min_latency, retrieved)
# retrieve maximum latency
if ip[1]:
retrieved = ip[1]
else:
retrieved = np.median(self.all_max_latencies)
max_latency = min(max_latency, retrieved)
min_latency = int(
min_latency) * 10**-6 # convert from micro to seconds
max_latency = int(max_latency) * 10**-6
return min_latency, max_latency
def init_param(self, param: str) -> bool:
"""
Initialize a parameter with its default values specified in this attack.
:param param: parameter, which should be initialized
:return: True if initialization was successful, False if not
"""
value = None
# The most used IP class in background traffic
if param == self.NUMBER_ATTACKERS:
value = rnd.randint(1, 16)
if param == self.IP_SOURCE:
most_used_ip_class = Util.handle_most_used_outputs(
self.statistics.get_most_used_ip_class())
num_attackers = self.get_param_value(self.NUMBER_ATTACKERS)
if num_attackers is None:
return False
value = self.generate_random_ipv4_address(most_used_ip_class,
num_attackers)
elif param == self.MAC_SOURCE:
num_attackers = self.get_param_value(self.NUMBER_ATTACKERS)
if num_attackers is None:
return False
value = self.generate_random_mac_address(num_attackers)
elif param == self.IP_DESTINATION:
value = self.statistics.get_random_ip_address()
elif param == self.MAC_DESTINATION:
ip_dst = self.get_param_value(self.IP_DESTINATION)
if ip_dst is None:
return False
value = self.get_mac_address(ip_dst)
elif param == self.PACKETS_PER_SECOND:
value = self.statistics.get_most_used_pps()
elif param == self.INJECT_AFTER_PACKET:
value = rnd.randint(0, self.statistics.get_packet_count())
elif param == self.ATTACK_DURATION:
value = 30
if value is None:
return False
return self.add_param_value(param, value)
def init_param(self, param: str) -> bool:
"""
Initialize a parameter with its default values specified in this attack.
:param param: parameter, which should be initialized
:return: True if initialization was successful, False if not
"""
value = None
if param == self.IP_DESTINATION:
# The most used IP class in background traffic
most_used_ip_class = Util.handle_most_used_outputs(
self.statistics.get_most_used_ip_class())
value = self.generate_random_ipv4_address(most_used_ip_class)
elif param == self.MAC_DESTINATION:
value = self.generate_random_mac_address()
elif param == self.IP_SOURCE:
ip_dst = self.get_param_value(self.IP_DESTINATION)
if not ip_dst:
return False
value = self.statistics.get_random_ip_address(ips=[ip_dst])
elif param == self.MAC_SOURCE:
ip_src = self.get_param_value(self.IP_SOURCE)
if not ip_src:
return False
value = self.get_mac_address(ip_src)
elif param == self.PACKETS_PER_SECOND:
value = self.statistics.get_most_used_pps()
elif param == self.INJECT_AFTER_PACKET:
value = rnd.randint(0, self.statistics.get_packet_count())
elif param == self.IP_SOURCE_RANDOMIZE:
value = 'False'
elif param == self.CUSTOM_PAYLOAD:
value = ""
elif param == self.CUSTOM_PAYLOAD_FILE:
value = ""
if value is None:
return False
return self.add_param_value(param, value)
def get_remaining_bandwidth(self,
timestamp: int = 0,
ip_src: str = "",
ip_dst: str = ""):
"""
This function calculates the remaining bandwidth based on the maximum bandwidth available and the kbytes already
sent inside the interval corresponding to the timestamp given.
!!! custom_max_bandwidth is mutually exclusive to custom_bandwidth_local and/or custom_bandwidth_public
:param timestamp: the timestamp of the current packet
:param ip_src: the source IP
:param ip_dst: the destination IP
:return: the remaining bandwidth in kbyte/s
"""
mode = Util.get_network_mode(ip_src, ip_dst)
if self.custom_max_bandwidth != 0:
bandwidth = self.custom_max_bandwidth
else:
bandwidth = self.statistics.get_kbyte_rate(
mode, self.custom_bandwidth_local,
self.custom_bandwidth_public)
remaining_bandwidth = bandwidth
current_table = self.statistics.stats_db.get_current_interval_statistics_table(
)
kbytes_sent, interval = self.statistics.get_interval_stat(
table_name=current_table, field="kbytes", timestamp=timestamp)
if not kbytes_sent:
kbytes_sent = 0
kbytes_sent = kbytes_sent
duration = self.statistics.get_current_interval_len()
used_bandwidth = float((kbytes_sent * 1000) / duration)
remaining_bandwidth -= used_bandwidth
return remaining_bandwidth, interval
def test_generate_source_port_from_platform_oldwin_nextport(self):
self.assertEqual(
Utility.generate_source_port_from_platform("winxp", 2000), 2001)
h = os.getcwd()
inputDir = h + '/Data/'
# Check the list of files available
inputfiles = os.listdir(inputDir)
# eg : file = 'sample.csv'
# Load Data Set
for file in inputfiles :
if not '.csv' in file:
continue
filename = file
filename = filename.split('.')[0]
file = inputDir + '/' + file
dSet_df = pd.DataFrame()
dSet_df = ut.loadData(file)
st.backtest(dSet_df,lag,filename)
def test_get_interval_pps_below_max(self):
cipps = [(5, 1), (10, 2), (15, 3)]
self.assertEqual(Utility.get_interval_pps(cipps, 3), 1)
self.assertEqual(Utility.get_interval_pps(cipps, 7), 2)
self.assertEqual(Utility.get_interval_pps(cipps, 12), 3)
def generate_attack_packets(self):
"""
Creates the attack packets.
"""
# Timestamp
timestamp_next_pkt = self.get_param_value(self.INJECT_AT_TIMESTAMP)
pps = self.get_param_value(self.PACKETS_PER_SECOND)
# calculate complement packet rates of BG traffic per interval
complement_interval_pps = self.statistics.calculate_complement_packet_rates(
pps)
# Initialize parameters
mac_source = self.get_param_value(self.MAC_SOURCE)
ip_source = self.get_param_value(self.IP_SOURCE)
# FIXME: why is port_source never used?
port_source = self.get_param_value(self.PORT_SOURCE)
mac_destination = self.get_param_value(self.MAC_DESTINATION)
ip_destination = self.get_param_value(self.IP_DESTINATION)
port_destination = self.get_param_value(self.PORT_DESTINATION)
# Check ip.src == ip.dst
self.ip_src_dst_catch_equal(ip_source, ip_destination)
# Set TTL based on TTL distribution of IP address
source_ttl_dist = self.statistics.get_ttl_distribution(ip_source)
if len(source_ttl_dist) > 0:
source_ttl_prob_dict = lea.Lea.fromValFreqsDict(source_ttl_dist)
source_ttl_value = source_ttl_prob_dict.random()
else:
source_ttl_value = Util.handle_most_used_outputs(
self.statistics.get_most_used_ttl_value())
destination_ttl_dist = self.statistics.get_ttl_distribution(
ip_destination)
if len(destination_ttl_dist) > 0:
destination_ttl_prob_dict = lea.Lea.fromValFreqsDict(
destination_ttl_dist)
destination_ttl_value = destination_ttl_prob_dict.random()
else:
destination_ttl_value = Util.handle_most_used_outputs(
self.statistics.get_most_used_ttl_value())
# Set Window Size based on Window Size distribution of IP address
source_win_dist = self.statistics.get_win_distribution(ip_source)
if len(source_win_dist) > 0:
source_win_prob_dict = lea.Lea.fromValFreqsDict(source_win_dist)
else:
source_win_dist = self.statistics.get_win_distribution(
self.statistics.get_most_used_ip_address())
source_win_prob_dict = lea.Lea.fromValFreqsDict(source_win_dist)
destination_win_dist = self.statistics.get_win_distribution(
ip_destination)
if len(destination_win_dist) > 0:
destination_win_prob_dict = lea.Lea.fromValFreqsDict(
destination_win_dist)
else:
destination_win_dist = self.statistics.get_win_distribution(
self.statistics.get_most_used_ip_address())
destination_win_prob_dict = lea.Lea.fromValFreqsDict(
destination_win_dist)
# Set MSS (Maximum Segment Size) based on MSS distribution of IP address
mss_value = Util.handle_most_used_outputs(
self.statistics.get_most_used_mss_value())
if not mss_value:
mss_value = 1465
# Inject EternalBlue exploit packets
# Read Win7_eternalblue_exploit pcap file
source_origin_wins, destination_origin_wins = {}, {}
exploit_raw_packets = scapy.utils.RawPcapReader(
self.template_attack_pcap_path)
port_source = rnd.randint(
self.minDefaultPort,
self.maxDefaultPort) # experiments show this range of ports
# conversations = {(ip.src, ip.dst, port.src, port.dst): packets}
conversations, order_list_conversations = self.packets_to_convs(
exploit_raw_packets)
exploit_raw_packets.close()
conv_start_timesamp = timestamp_next_pkt
for conv_index, conv in enumerate(order_list_conversations):
# the distance between the starts of the converstaions
conv_start_timesamp = conv_start_timesamp + rnd.uniform(
0.001, 0.01)
timestamp_next_pkt = conv_start_timesamp
conv_pkts = conversations[conv]
inter_arrival_times = self.get_inter_arrival_time(conv_pkts)
if conv_index == len(
order_list_conversations) - 2: # Not the last conversation
timestamp_next_pkt = self.packets[-1].time + rnd.uniform(
0.001, 0.01)
if conv_index != len(
order_list_conversations) - 1: # Not the last conversation
port_source += 2
for self.pkt_num, pkt in enumerate(conv_pkts):
eth_frame = inet.Ether(pkt[0])
ip_pkt = eth_frame.payload
tcp_pkt = ip_pkt.payload
if self.pkt_num == 0:
if tcp_pkt.getfieldval("dport") == SMBLib.smb_port:
orig_ip_dst = ip_pkt.getfieldval("dst")
# Request
if ip_pkt.getfieldval("dst") == orig_ip_dst: # victim IP
# Ether
eth_frame.setfieldval("src", mac_source)
eth_frame.setfieldval("dst", mac_destination)
# IP
ip_pkt.setfieldval("src", ip_source)
ip_pkt.setfieldval("dst", ip_destination)
ip_pkt.setfieldval("ttl", source_ttl_value)
# TCP
tcp_pkt.setfieldval("sport", port_source)
tcp_pkt.setfieldval("dport", port_destination)
# Window Size
source_origin_win = tcp_pkt.getfieldval("window")
if source_origin_win not in source_origin_wins:
source_origin_wins[
source_origin_win] = source_win_prob_dict.random(
)
new_win = source_origin_wins[source_origin_win]
tcp_pkt.setfieldval("window", new_win)
# MSS
tcp_options = tcp_pkt.getfieldval("options")
if tcp_options:
if tcp_options[0][0] == "MSS":
tcp_options[0] = ("MSS", mss_value)
tcp_pkt.setfieldval("options", tcp_options)
new_pkt = (eth_frame / ip_pkt / tcp_pkt)
new_pkt.time = timestamp_next_pkt
pps = max(
Util.get_interval_pps(complement_interval_pps,
timestamp_next_pkt), 10)
timestamp_next_pkt = self.timestamp_controller.next_timestamp(
) + inter_arrival_times[
self.pkt_num] # float(timeSteps.random())
# Reply
else:
# Ether
eth_frame.setfieldval("src", mac_destination)
eth_frame.setfieldval("dst", mac_source)
# IP
ip_pkt.setfieldval("src", ip_destination)
ip_pkt.setfieldval("dst", ip_source)
ip_pkt.setfieldval("ttl", destination_ttl_value)
# TCP
tcp_pkt.setfieldval("dport", port_source)
tcp_pkt.setfieldval("sport", port_destination)
# Window Size
destination_origin_win = tcp_pkt.getfieldval("window")
if destination_origin_win not in destination_origin_wins:
destination_origin_wins[
destination_origin_win] = destination_win_prob_dict.random(
)
new_win = destination_origin_wins[
destination_origin_win]
tcp_pkt.setfieldval("window", new_win)
# MSS
tcp_options = tcp_pkt.getfieldval("options")
if tcp_options:
if tcp_options[0][0] == "MSS":
tcp_options[0] = ("MSS", mss_value)
tcp_pkt.setfieldval("options", tcp_options)
new_pkt = (eth_frame / ip_pkt / tcp_pkt)
pps = max(
Util.get_interval_pps(complement_interval_pps,
timestamp_next_pkt), 10)
timestamp_next_pkt = self.timestamp_controller.next_timestamp(
) + inter_arrival_times[
self.pkt_num] # float(timeSteps.random())
new_pkt.time = timestamp_next_pkt
self.add_packet(new_pkt, ip_source, ip_destination)
else: # Last conversation where the victim start a connection with the attacker
timestamp_next_pkt = self.packets[-1].time + rnd.uniform(
0.001, 0.01)
port_source = rnd.randint(self.minDefaultPort,
self.maxDefaultPort)
for self.pkt_num, pkt in enumerate(conv_pkts):
eth_frame = inet.Ether(pkt[0])
ip_pkt = eth_frame.payload
tcp_pkt = ip_pkt.payload
# Request
if tcp_pkt.getfieldval("dport") == self.last_conn_dst_port:
# Ether
eth_frame.setfieldval("src", mac_destination)
eth_frame.setfieldval("dst", mac_source)
# IP
ip_pkt.setfieldval("src", ip_destination)
ip_pkt.setfieldval("dst", ip_source)
ip_pkt.setfieldval("ttl", destination_ttl_value)
# TCP
tcp_pkt.setfieldval("sport", port_source)
# destination port is fixed 4444
# Window Size
destination_origin_win = tcp_pkt.getfieldval("window")
if destination_origin_win not in destination_origin_wins:
destination_origin_wins[
destination_origin_win] = destination_win_prob_dict.random(
)
new_win = destination_origin_wins[
destination_origin_win]
tcp_pkt.setfieldval("window", new_win)
# MSS
tcp_options = tcp_pkt.getfieldval("options")
if tcp_options:
if tcp_options[0][0] == "MSS":
tcp_options[0] = ("MSS", mss_value)
tcp_pkt.setfieldval("options", tcp_options)
new_pkt = (eth_frame / ip_pkt / tcp_pkt)
new_pkt.time = timestamp_next_pkt
pps = max(
Util.get_interval_pps(complement_interval_pps,
timestamp_next_pkt), 10)
timestamp_next_pkt = self.timestamp_controller.next_timestamp(
) + inter_arrival_times[
self.pkt_num] # float(timeSteps.random())
# Reply
else:
# Ether
eth_frame.setfieldval("src", mac_source)
eth_frame.setfieldval("dst", mac_destination)
# IP
ip_pkt.setfieldval("src", ip_source)
ip_pkt.setfieldval("dst", ip_destination)
ip_pkt.setfieldval("ttl", source_ttl_value)
# TCP
tcp_pkt.setfieldval("dport", port_source)
# source port is fixed 4444
# Window Size
source_origin_win = tcp_pkt.getfieldval("window")
if source_origin_win not in source_origin_wins:
source_origin_wins[
source_origin_win] = source_win_prob_dict.random(
)
new_win = source_origin_wins[source_origin_win]
tcp_pkt.setfieldval("window", new_win)
# MSS
tcp_options = tcp_pkt.getfieldval("options")
if tcp_options:
if tcp_options[0][0] == "MSS":
tcp_options[0] = ("MSS", mss_value)
tcp_pkt.setfieldval("options", tcp_options)
new_pkt = (eth_frame / ip_pkt / tcp_pkt)
pps = max(
Util.get_interval_pps(complement_interval_pps,
timestamp_next_pkt), 10)
timestamp_next_pkt = self.timestamp_controller.next_timestamp(
) + inter_arrival_times[
self.pkt_num] # float(timeSteps.random())
new_pkt.time = timestamp_next_pkt
self.add_packet(new_pkt, ip_source, ip_destination)
if __name__ == '__main__':
start = datetime(2013, 1, 2, 0, 0, 0, 0, pytz.utc)
end = datetime(2013, 11, 14, 0, 0, 0, 0, pytz.utc)
# Path for files
h = os.getcwd()
inputDir = h + '/Data/'
KLSETickerfile = 'KLSETickers.txt'
filename = 'Chen_KLCI_Main'
filepath = inputDir + KLSETickerfile
tickers = ut.readfile(filepath)
filepath = inputDir + filename + '.csv'
ohlc = pd.read_csv(filepath, parse_dates=True, index_col=0)
#ohlc=ohlc.tz_localize('UTC')
data = pd.DataFrame(index=ohlc.index)
for ticker in tickers:
data[ticker] = pd.DataFrame(ohlc[ticker])
ticker = ticker.replace('_Close', "")
if ticker == 'KLCI':
data[ticker + '_PerChange'] = ohlc[ticker + '_Close'] / ohlc[
ticker + '_Close'].shift(1) - 1
data[ticker + '_PerChange'] = data[ticker + '_PerChange'].shift(1)
else:
def generate_attack_packets(self):
"""
Creates the attack packets.
"""
# Timestamp
timestamp_next_pkt = self.get_param_value(self.INJECT_AT_TIMESTAMP)
# Initialize parameters
mac_source = self.get_param_value(self.MAC_SOURCE)
ip_source = self.get_param_value(self.IP_SOURCE)
port_source = self.get_param_value(self.PORT_SOURCE)
mac_destination = self.get_param_value(self.MAC_DESTINATION)
ip_destination = self.get_param_value(self.IP_DESTINATION)
port_destination = self.get_param_value(self.PORT_DESTINATION)
# Check ip.src == ip.dst
self.ip_src_dst_catch_equal(ip_source, ip_destination)
# Set TTL based on TTL distribution of IP address
source_ttl_dist = self.statistics.get_ttl_distribution(ip_source)
if len(source_ttl_dist) > 0:
source_ttl_prob_dict = lea.Lea.fromValFreqsDict(source_ttl_dist)
source_ttl_value = source_ttl_prob_dict.random()
else:
source_ttl_value = Util.handle_most_used_outputs(
self.statistics.get_most_used_ttl_value())
destination_ttl_dist = self.statistics.get_ttl_distribution(
ip_destination)
if len(destination_ttl_dist) > 0:
destination_ttl_prob_dict = lea.Lea.fromValFreqsDict(
destination_ttl_dist)
destination_ttl_value = destination_ttl_prob_dict.random()
else:
destination_ttl_value = Util.handle_most_used_outputs(
self.statistics.get_most_used_ttl_value())
# Set Window Size based on Window Size distribution of IP address
source_win_dist = self.statistics.get_win_distribution(ip_source)
if len(source_win_dist) > 0:
source_win_prob_dict = lea.Lea.fromValFreqsDict(source_win_dist)
else:
source_win_dist = self.statistics.get_win_distribution(
self.statistics.get_most_used_ip_address())
source_win_prob_dict = lea.Lea.fromValFreqsDict(source_win_dist)
destination_win_dist = self.statistics.get_win_distribution(
ip_destination)
if len(destination_win_dist) > 0:
destination_win_prob_dict = lea.Lea.fromValFreqsDict(
destination_win_dist)
else:
destination_win_dist = self.statistics.get_win_distribution(
self.statistics.get_most_used_ip_address())
destination_win_prob_dict = lea.Lea.fromValFreqsDict(
destination_win_dist)
# Set MSS (Maximum Segment Size) based on MSS distribution of IP address
mss_value = Util.handle_most_used_outputs(
self.statistics.get_most_used_mss_value())
if not mss_value:
mss_value = 1465
# Scan (MS17)
# Read Win7_eternalblue_scan pcap file
orig_ip_dst = None
exploit_raw_packets = scapy.utils.RawPcapReader(
self.template_scan_pcap_path)
inter_arrival_times = self.get_inter_arrival_time(exploit_raw_packets)
exploit_raw_packets.close()
exploit_raw_packets = scapy.utils.RawPcapReader(
self.template_scan_pcap_path)
source_origin_wins, destination_origin_wins = {}, {}
for self.pkt_num, pkt in enumerate(exploit_raw_packets):
eth_frame = inet.Ether(pkt[0])
ip_pkt = eth_frame.payload
tcp_pkt = ip_pkt.payload
if self.pkt_num == 0:
if tcp_pkt.getfieldval("dport") == SMBLib.smb_port:
orig_ip_dst = ip_pkt.getfieldval("dst") # victim IP
# Request
if ip_pkt.getfieldval("dst") == orig_ip_dst: # victim IP
# Ether
eth_frame.setfieldval("src", mac_source)
eth_frame.setfieldval("dst", mac_destination)
# IP
ip_pkt.setfieldval("src", ip_source)
ip_pkt.setfieldval("dst", ip_destination)
ip_pkt.setfieldval("ttl", source_ttl_value)
# TCP
tcp_pkt.setfieldval("sport", port_source)
tcp_pkt.setfieldval("dport", port_destination)
# Window Size (mapping)
source_origin_win = tcp_pkt.getfieldval("window")
if source_origin_win not in source_origin_wins:
source_origin_wins[
source_origin_win] = source_win_prob_dict.random()
new_win = source_origin_wins[source_origin_win]
tcp_pkt.setfieldval("window", new_win)
# MSS
tcp_options = tcp_pkt.getfieldval("options")
if tcp_options:
if tcp_options[0][0] == "MSS":
tcp_options[0] = ("MSS", mss_value)
tcp_pkt.setfieldval("options", tcp_options)
new_pkt = (eth_frame / ip_pkt / tcp_pkt)
new_pkt.time = timestamp_next_pkt
# FIXME: double check inter_arrival_times calculation
timestamp_next_pkt = self.timestamp_controller.next_timestamp(
) + inter_arrival_times[
self.pkt_num] # float(timeSteps.random())
# Reply
else:
# Ether
eth_frame.setfieldval("src", mac_destination)
eth_frame.setfieldval("dst", mac_source)
# IP
ip_pkt.setfieldval("src", ip_destination)
ip_pkt.setfieldval("dst", ip_source)
ip_pkt.setfieldval("ttl", destination_ttl_value)
# TCP
tcp_pkt.setfieldval("dport", port_source)
tcp_pkt.setfieldval("sport", port_destination)
# Window Size
destination_origin_win = tcp_pkt.getfieldval("window")
if destination_origin_win not in destination_origin_wins:
destination_origin_wins[
destination_origin_win] = destination_win_prob_dict.random(
)
new_win = destination_origin_wins[destination_origin_win]
tcp_pkt.setfieldval("window", new_win)
# MSS
tcp_options = tcp_pkt.getfieldval("options")
if tcp_options:
if tcp_options[0][0] == "MSS":
tcp_options[0] = ("MSS", mss_value)
tcp_pkt.setfieldval("options", tcp_options)
new_pkt = (eth_frame / ip_pkt / tcp_pkt)
# FIXME: double check inter_arrival_times calculation
timestamp_next_pkt = self.timestamp_controller.next_timestamp(
) + inter_arrival_times[
self.pkt_num] # + float(timeSteps.random())
new_pkt.time = timestamp_next_pkt
self.add_packet(new_pkt, ip_source, ip_destination)
exploit_raw_packets.close()
def test_generate_source_port_from_platform_oldwin_maxport(self):
self.assertTrue(1024 <= Utility.generate_source_port_from_platform(
"winxp", 5000) <= 5000)
def test_generate_source_port_from_platform_linux(self):
self.assertTrue(32768 <= Utility.generate_source_port_from_platform(
"linux") <= 61000)
def test_generate_source_port_from_platform_newwinmac_firstport(self):
self.assertTrue(49152 <= Utility.generate_source_port_from_platform(
"win7") <= 65535)
def process_attack(self, attack: str, params: str, time=False):
"""
Takes as input the name of an attack (classname) and the attack parameters as string. Parses the string of
attack parameters, creates the attack by writing the attack packets and returns the path of the written pcap.
:param attack: The classname of the attack to inject.
:param params: The parameters for attack customization, see attack class for supported params.
:param time: Measure packet generation time or not.
:return: The file path to the created pcap file.
"""
attack = self.choose_attack(attack)
self.create_attack(attack, self.seed)
print("Validating and adding attack parameters.")
# Add attack parameters if provided
params_dict = []
if isinstance(params, list) and params:
# Convert attack param list into dictionary
for entry in params:
if entry.count('=') != 1:
print(
'ERROR: Incorrect attack parameter syntax (\'{}\'). Ignoring.'
.format(entry))
continue
params_dict.append(entry.split('='))
params_dict = dict(params_dict)
# Check if Parameter.INJECT_AT_TIMESTAMP and Parameter.INJECT_AFTER_PACKET are provided at the same time
# if TRUE: delete Parameter.INJECT_AT_TIMESTAMP (lower priority) and use Parameter.INJECT_AFTER_PACKET
if (self.current_attack.INJECT_AFTER_PACKET in params_dict) and (
self.current_attack.INJECT_AT_TIMESTAMP in params_dict):
print("CONFLICT: Parameters", attack.INJECT_AT_TIMESTAMP,
"and", self.current_attack.INJECT_AFTER_PACKET,
"given at the same time. Ignoring",
self.current_attack.INJECT_AT_TIMESTAMP, "and using",
self.current_attack.INJECT_AFTER_PACKET,
"instead to derive the timestamp.")
del params_dict[self.current_attack.INJECT_AT_TIMESTAMP]
# Extract attack_note parameter, if not provided returns an empty string
key_attack_note = "attack.note"
attack_note = params_dict.get(key_attack_note, "")
params_dict.pop(
key_attack_note, None
) # delete entry if found, otherwise return an empty string
# Pass paramters to attack controller
self.set_params(params_dict)
else:
attack_note = "This attack used only default parameters."
self.current_attack.init_mutual_params()
self.current_attack.init_params()
self.current_attack.init_objects()
print("Generating attack packets...", end=" ")
sys.stdout.flush() # force python to print text immediately
if time:
self.current_attack.set_start_time()
# Generate attack packets
self.current_attack.generate_attack_packets()
if time:
self.current_attack.set_finish_time()
duration = self.current_attack.get_packet_generation_time()
# Write attack into pcap file
attack_result = self.current_attack.generate_attack_pcap()
self.total_packets = attack_result[0]
temp_attack_pcap_path = attack_result[1]
if len(attack_result) == 3:
# Extract the list of additional files, if available
self.additional_files += attack_result[2]
print("done. (total: " + str(self.total_packets) + " pkts", end="")
if time:
print(" in ", duration, " seconds", end="")
print(".)")
# Warning if attack duration gets exceeded by more than 1 second
if self.current_attack.ATTACK_DURATION in [x.name for x in self.current_attack.params] and \
self.current_attack.get_param_value(self.current_attack.ATTACK_DURATION) != 0:
attack_duration = self.current_attack.get_param_value(
self.current_attack.ATTACK_DURATION)
packet_duration = abs(self.current_attack.attack_end_utime -
self.current_attack.attack_start_utime)
time_diff = abs(attack_duration - packet_duration)
if self.current_attack.exceeding_packets > 0 and time_diff > 1:
exceeding_packets = ""
if self.current_attack.exceeding_packets:
exceeding_packets = " ({} attack pkts)".format(
self.current_attack.exceeding_packets)
print(
"Warning: attack duration was exceeded by {0} seconds{1}.".
format(time_diff, exceeding_packets))
elif time_diff > 1:
print(
"Warning: attack duration was not reached by generated pkts by {} seconds."
.format(time_diff))
# Warning if pcap length gets exceeded
pcap_end = Util.get_timestamp_from_datetime_str(
self.statistics.get_pcap_timestamp_end())
time_diff = pcap_end - self.current_attack.attack_end_utime
if time_diff < 0:
print("Warning: end of pcap exceeded by " +
str(round(abs(time_diff), 2)) + " seconds.")
# Store label into LabelManager
label = Label.Label(attack, self.get_attack_start_utime(),
self.get_attack_end_utime(), self.total_packets,
self.seed, self.current_attack.params, attack_note)
self.label_mgr.add_labels(label)
return temp_attack_pcap_path, duration
def generate_attack_packets(self):
"""
Creates the attack packets.
"""
pps = self.get_param_value(self.PACKETS_PER_SECOND)
# Timestamp
first_timestamp = self.get_param_value(self.INJECT_AT_TIMESTAMP)
# store start time of attack
self.attack_start_utime = first_timestamp
# Initialize parameters
ip_destination = self.get_param_value(self.IP_DESTINATION)
mac_destination = self.get_param_value(self.MAC_DESTINATION)
# Determine source IP and MAC address
num_attackers = self.get_param_value(self.NUMBER_ATTACKERS)
# user supplied self.NUMBER_ATTACKERS
if (num_attackers != None) and (num_attackers != 0):
# The most used IP class in background traffic
most_used_ip_class = Util.handle_most_used_outputs(
self.statistics.get_most_used_ip_class())
# Create random attackers based on user input self.NUMBER_ATTACKERS
ip_source = self.generate_random_ipv4_address(
most_used_ip_class, num_attackers)
mac_source = self.generate_random_mac_address(num_attackers)
else: # user did not supply self.NUMBER_ATTACKS
# use default values for IP_SOURCE/MAC_SOURCE or overwritten values
# if user supplied any values for those params
ip_source = self.get_param_value(self.IP_SOURCE)
mac_source = self.get_param_value(self.MAC_SOURCE)
ip_source_list = []
mac_source_list = []
if isinstance(ip_source, list):
ip_source_list = ip_source
else:
ip_source_list.append(ip_source)
if isinstance(mac_source, list):
mac_source_list = mac_source
else:
mac_source_list.append(mac_source)
if (num_attackers == None) or (num_attackers == 0):
num_attackers = min(len(ip_source_list), len(mac_source_list))
# Check ip.src == ip.dst
self.ip_src_dst_catch_equal(ip_source_list, ip_destination)
# Get MSS, TTL and Window size value for destination IP
destination_mss_value, destination_ttl_value, destination_win_value = self.get_ip_data(
ip_destination)
attack_duration = self.get_param_value(self.ATTACK_DURATION)
attack_ends_time = first_timestamp + attack_duration
victim_pps = pps * num_attackers
self.timestamp_controller.set_pps(victim_pps)
for attacker in range(num_attackers):
# Get MSS, TTL and Window size value for source IP(attacker)
source_mss_value, source_ttl_value, source_win_value = self.get_ip_data(
ip_source_list[attacker])
attacker_seq = rnd.randint(1000, 50000)
victim_seq = rnd.randint(1000, 50000)
sport = 1025
min_delay, max_delay = self.get_reply_latency(
ip_source_list[attacker], ip_destination)
# Timestamps of first self.packets shouldn't be exactly the same to look more realistic
timestamp_next_pkt = rnd.uniform(
first_timestamp, self.timestamp_controller.next_timestamp())
while timestamp_next_pkt <= attack_ends_time:
# Establish TCP connection
if sport > 65535:
sport = 1025
# prepare reusable Ethernet- and IP-headers
attacker_ether = inet.Ether(src=mac_source_list[attacker],
dst=mac_destination)
attacker_ip = inet.IP(src=ip_source_list[attacker],
dst=ip_destination,
ttl=source_ttl_value,
flags='DF')
victim_ether = inet.Ether(src=mac_destination,
dst=mac_source_list[attacker])
victim_ip = inet.IP(src=ip_destination,
dst=ip_source_list[attacker],
ttl=destination_ttl_value,
flags='DF')
# connection request from attacker (client)
syn_tcp = inet.TCP(sport=sport,
dport=SMBLib.smb_port,
window=source_win_value,
flags='S',
seq=attacker_seq,
options=[('MSS', source_mss_value)])
attacker_seq += 1
syn = (attacker_ether / attacker_ip / syn_tcp)
syn.time = timestamp_next_pkt
timestamp_next_pkt = self.timestamp_controller.next_timestamp(
min_delay)
self.add_packet(syn, ip_source_list[attacker], ip_destination)
# response from victim (server)
synack_tcp = inet.TCP(sport=SMBLib.smb_port,
dport=sport,
seq=victim_seq,
ack=attacker_seq,
flags='SA',
window=destination_win_value,
options=[('MSS', destination_mss_value)])
victim_seq += 1
synack = (victim_ether / victim_ip / synack_tcp)
synack.time = timestamp_next_pkt
self.timestamp_controller.set_pps(pps)
timestamp_next_pkt = self.timestamp_controller.next_timestamp(
min_delay)
self.add_packet(synack, ip_source_list[attacker],
ip_destination)
# acknowledgement from attacker (client)
ack_tcp = inet.TCP(sport=sport,
dport=SMBLib.smb_port,
seq=attacker_seq,
ack=victim_seq,
flags='A',
window=source_win_value,
options=[('MSS', source_mss_value)])
ack = (attacker_ether / attacker_ip / ack_tcp)
ack.time = timestamp_next_pkt
timestamp_next_pkt = self.timestamp_controller.next_timestamp()
self.add_packet(ack, ip_source_list[attacker], ip_destination)
# send NBT session header packet with maximum LENGTH-field
req_tcp = inet.TCP(sport=sport,
dport=SMBLib.smb_port,
seq=attacker_seq,
ack=victim_seq,
flags='AP',
window=source_win_value,
options=[('MSS', source_mss_value)])
req_payload = NBTSession(TYPE=0x00, LENGTH=0x1FFFF)
attacker_seq += len(req_payload)
req = (attacker_ether / attacker_ip / req_tcp / req_payload)
req.time = timestamp_next_pkt
self.timestamp_controller.set_pps(victim_pps)
timestamp_next_pkt = self.timestamp_controller.next_timestamp(
min_delay)
self.add_packet(req, ip_source_list[attacker], ip_destination)
# final ack from victim (server)
last_ack_tcp = inet.TCP(sport=SMBLib.smb_port,
dport=sport,
seq=victim_seq,
ack=attacker_seq,
flags='A',
window=destination_win_value,
options=[('MSS', destination_mss_value)
])
last_ack = (victim_ether / victim_ip / last_ack_tcp)
last_ack.time = timestamp_next_pkt
self.timestamp_controller.set_pps(pps)
timestamp_next_pkt = self.timestamp_controller.next_timestamp(
min_delay)
self.add_packet(last_ack, ip_source_list[attacker],
ip_destination)
sport += 1
def generate_attack_packets(self):
"""
Creates the attack packets.
"""
# Timestamp
timestamp_next_pkt = self.get_param_value(self.INJECT_AT_TIMESTAMP)
# Initialize parameters
mac_source = self.get_param_value(self.MAC_SOURCE)
ip_source = self.get_param_value(self.IP_SOURCE)
if isinstance(ip_source, list):
ip_source = ip_source[0]
mac_destination = self.get_param_value(self.MAC_DESTINATION)
ip_destination = self.get_param_value(self.IP_DESTINATION)
if isinstance(ip_destination, list):
ip_destination = ip_destination[0]
port_destination = self.get_param_value(self.PORT_DESTINATION)
target_host = self.get_param_value(self.TARGET_HOST)
target_uri = "/" # self.get_param_value(self.TARGET_URI)
# Check ip.src == ip.dst
self.ip_src_dst_catch_equal(ip_source, ip_destination)
# Set TTL based on TTL distribution of IP address
source_ttl_dist = self.statistics.get_ttl_distribution(ip_source)
if len(source_ttl_dist) > 0:
source_ttl_prob_dict = lea.Lea.fromValFreqsDict(source_ttl_dist)
source_ttl_value = source_ttl_prob_dict.random()
else:
source_ttl_value = Util.handle_most_used_outputs(self.statistics.get_most_used_ttl_value())
destination_ttl_dist = self.statistics.get_ttl_distribution(ip_destination)
if len(destination_ttl_dist) > 0:
destination_ttl_prob_dict = lea.Lea.fromValFreqsDict(destination_ttl_dist)
destination_ttl_value = destination_ttl_prob_dict.random()
else:
destination_ttl_value = Util.handle_most_used_outputs(
self.statistics.get_most_used_ttl_value())
# Inject SQLi Attack
# Read SQLi Attack pcap file
orig_ip_dst = None
exploit_raw_packets = scapy.utils.RawPcapReader(self.template_attack_pcap_path)
inter_arrival_times, inter_arrival_time_dist = self.get_inter_arrival_time(exploit_raw_packets, True)
time_steps = lea.Lea.fromValFreqsDict(inter_arrival_time_dist)
exploit_raw_packets.close()
exploit_raw_packets = scapy.utils.RawPcapReader(self.template_attack_pcap_path)
port_source = rnd.randint(self.minDefaultPort, self.maxDefaultPort) # experiments show this range of ports
# Random TCP sequence numbers
global attacker_seq
attacker_seq = rnd.randint(1000, 50000)
global victim_seq
victim_seq = rnd.randint(1000, 50000)
for self.pkt_num, pkt in enumerate(exploit_raw_packets):
eth_frame = inet.Ether(pkt[0])
ip_pkt = eth_frame.payload
tcp_pkt = ip_pkt.payload
str_tcp_seg = str(tcp_pkt.payload)
# Clean payloads
eth_frame.payload = inet.NoPayload()
ip_pkt.payload = inet.NoPayload()
tcp_pkt.payload = inet.NoPayload()
# FIXME: no getfieldval in class bytes
if self.pkt_num == 0:
prev_orig_port_source = tcp_pkt.getfieldval("sport")
orig_ip_dst = ip_pkt.getfieldval("dst") # victim IP
# Last connection
if tcp_pkt.getfieldval("dport") != 80 and tcp_pkt.getfieldval("sport") != 80:
# New connection, new random TCP sequence numbers
attacker_seq = rnd.randint(1000, 50000)
victim_seq = rnd.randint(1000, 50000)
# First packet in a connection has ACK = 0
tcp_pkt.setfieldval("ack", 0)
# Attacker --> vicitm
if ip_pkt.getfieldval("dst") == orig_ip_dst: # victim IP
# There are 363 TCP connections with different source ports, for each of them we generate random port
if tcp_pkt.getfieldval("sport") != prev_orig_port_source and tcp_pkt.getfieldval("dport") != 4444 \
and (tcp_pkt.getfieldval("dport") == 80 or tcp_pkt.getfieldval("sport") == 80):
port_source = rnd.randint(self.minDefaultPort, self.maxDefaultPort)
prev_orig_port_source = tcp_pkt.getfieldval("sport")
# New connection, new random TCP sequence numbers
attacker_seq = rnd.randint(1000, 50000)
victim_seq = rnd.randint(1000, 50000)
# First packet in a connection has ACK = 0
tcp_pkt.setfieldval("ack", 0)
# Ether
eth_frame.setfieldval("src", mac_source)
eth_frame.setfieldval("dst", mac_destination)
# IP
ip_pkt.setfieldval("src", ip_source)
ip_pkt.setfieldval("dst", ip_destination)
ip_pkt.setfieldval("ttl", source_ttl_value)
# TCP
# Regular connection
if tcp_pkt.getfieldval("dport") == 80 or tcp_pkt.getfieldval("sport") == 80:
tcp_pkt.setfieldval("sport", port_source)
tcp_pkt.setfieldval("dport", port_destination)
str_tcp_seg = self.modify_http_header(str_tcp_seg, '/ATutor', target_uri, orig_ip_dst, target_host)
# TCP Seq, Ack
if tcp_pkt.getfieldval("ack") != 0:
tcp_pkt.setfieldval("ack", victim_seq)
tcp_pkt.setfieldval("seq", attacker_seq)
if not (tcp_pkt.getfieldval("flags") == 16 and len(str_tcp_seg) == 0): # flags=A:
attacker_seq += max(len(str_tcp_seg), 1)
new_pkt = (eth_frame / ip_pkt / tcp_pkt / str_tcp_seg)
new_pkt.time = timestamp_next_pkt
timestamp_next_pkt = self.timestamp_controller.next_timestamp() + float(time_steps.random())
# Victim --> attacker
else:
# Ether
eth_frame.setfieldval("src", mac_destination)
eth_frame.setfieldval("dst", mac_source)
# IP
ip_pkt.setfieldval("src", ip_destination)
ip_pkt.setfieldval("dst", ip_source)
ip_pkt.setfieldval("ttl", destination_ttl_value)
# TCP
# Regular connection
if tcp_pkt.getfieldval("dport") == 80 or tcp_pkt.getfieldval("sport") == 80:
tcp_pkt.setfieldval("dport", port_source)
tcp_pkt.setfieldval("sport", port_destination)
str_tcp_seg = self.modify_http_header(str_tcp_seg, '/ATutor', target_uri, orig_ip_dst, target_host)
# TCP Seq, ACK
tcp_pkt.setfieldval("ack", attacker_seq)
tcp_pkt.setfieldval("seq", victim_seq)
strLen = len(str_tcp_seg)
if not (tcp_pkt.getfieldval("flags") == 16 and strLen == 0): # flags=A:
victim_seq += max(strLen, 1)
new_pkt = (eth_frame / ip_pkt / tcp_pkt / str_tcp_seg)
timestamp_next_pkt = self.timestamp_controller.next_timestamp() + float(time_steps.random())
new_pkt.time = timestamp_next_pkt
self.add_packet(new_pkt, ip_source, ip_destination)
exploit_raw_packets.close()
print "Initialising BackTest 0.1. Please enjoy a drink while I crunch the numbers"
lag = 2
#inputDir = os.path.dirname(__file__) + '/Forex Input'
h = os.getcwd()
inputDir = h + '/Data/'
# Check the list of files available
inputfiles = os.listdir(inputDir)
# eg : file = 'sample.csv'
# Load Data Set
for file in inputfiles:
if not '.csv' in file:
continue
filename = file
filename = filename.split('.')[0]
file = inputDir + '/' + file
dSet_df = pd.DataFrame()
dSet_df = ut.loadData(file)
st.backtest(dSet_df, lag, filename)
if __name__ == '__main__':
start = datetime(2013, 1, 2, 0, 0, 0, 0, pytz.utc)
end = datetime(2013, 11, 14, 0, 0, 0, 0, pytz.utc)
# Path for files
h = os.getcwd()
inputDir = h + '/Data/'
KLSETickerfile = 'KLSETickers.txt'
filename = 'Chen_KLCI_Main'
filepath = inputDir + KLSETickerfile
tickers = ut.readfile(filepath)
filepath = inputDir + filename + '.csv'
ohlc = pd.read_csv(filepath,parse_dates=True,index_col=0)
#ohlc=ohlc.tz_localize('UTC')
data = pd.DataFrame(index=ohlc.index)
for ticker in tickers:
data[ticker]=pd.DataFrame(ohlc[ticker])
ticker = ticker.replace('_Close',"")
if ticker == 'KLCI':
data[ticker + '_PerChange'] = ohlc[ticker + '_Close']/ohlc[ticker + '_Close'].shift(1)-1
data[ticker + '_PerChange'] = data[ticker + '_PerChange'].shift(1)