def test_filtering_via_fuzzy_matching(self): test_name = sys._getframe().f_code.co_name.replace('test_', '') headers = {} headers["Host"] = [randomStr(10) + self.input + randomStr(10)] response = yield self.doRequest(self.localOptions['backend'], headers=headers) self.check_for_censorship(response.body, test_name)
def test_fuzzy_match_blocking(self): hostname_field = randomStr(10) + self.input + randomStr(10) payload = "GET / HTTP/1.1\n\r" payload += "Host: %s\n\r" % hostname_field d = self.sendPayload(payload) d.addCallback(self.check_for_manipulation, payload) return d
def test_random_invalid_request(self): """ We test sending data to a TCP echo server, if what we get back is not what we have sent then there is tampering going on. This is for example what squid will return when performing such request: HTTP/1.0 400 Bad Request Server: squid/2.6.STABLE21 Date: Sat, 23 Jul 2011 02:22:44 GMT Content-Type: text/html Content-Length: 1178 Expires: Sat, 23 Jul 2011 02:22:44 GMT X-Squid-Error: ERR_INVALID_REQ 0 X-Cache: MISS from cache_server X-Cache-Lookup: NONE from cache_server:3128 Via: 1.0 cache_server:3128 (squid/2.6.STABLE21) Proxy-Connection: close """ payload = randomStr(10) + "\n\r" def got_all_data(received_array): if not self.localOptions['nopayloadmatch']: first = received_array[0] if first != payload: self.report['tampering'] = True else: self.report['tampering'] = 'unknown' d = self.sendPayload(payload) d.addCallback(got_all_data) return d
def setupTestCases(self, test_cases): """ Creates all the necessary test_cases (a list of tuples containing the NetTestCase (test_class, test_method)) example: [(test_classA, test_method1), (test_classA, test_method2), (test_classA, test_method3), (test_classA, test_method4), (test_classA, test_method5), (test_classB, test_method1), (test_classB, test_method2)] Note: the inputs must be valid for test_classA and test_classB. net_test_file: is either a file path or a file like object that will be used to generate the test_cases. """ test_class, _ = test_cases[0] self.testVersion = test_class.version self.testName = test_class_name_to_name(test_class.name) self.testCases = test_cases self.testClasses = set([]) self.testHelpers = {} if config.reports.unique_id is True: self.reportID = randomStr(64) for test_class, test_method in self.testCases: self.testClasses.add(test_class)
def get_headers(self): headers = {} if self.localOptions['headers']: try: f = open(self.localOptions['headers']) except IOError: raise Exception("Specified input file does not exist") content = ''.join(f.readlines()) f.close() headers = yaml.safe_load(content) return headers else: # XXX generate these from a random choice taken from # whatheaders.com # http://s3.amazonaws.com/data.whatheaders.com/whatheaders-latest.xml.zip headers = { "User-Agent": [ random.choice( net.userAgents)], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], "Accept-Encoding": ["gzip,deflate,sdch"], "Accept-Language": ["en-US,en;q=0.8"], "Accept-Charset": ["ISO-8859-1,utf-8;q=0.7,*;q=0.3"], "Host": [ randomStr(15) + '.com']} return headers
def test_subdomain_blocking(self): payload = "GET / HTTP/1.1\n\r" payload += "Host: %s\n\r" % randomStr(10) + '.' + self.input d = self.sendPayload(payload) d.addCallback(self.check_for_manipulation, payload) return d
def _setupTestCases(self, test_cases): """ Creates all the necessary test_cases (a list of tuples containing the NetTestCase (test_class, test_method)) example: [(test_classA, [test_method1, test_method2, test_method3, test_method4, test_method5]), (test_classB, [test_method1, test_method2])] Note: the inputs must be valid for test_classA and test_classB. net_test_file: is either a file path or a file like object that will be used to generate the test_cases. """ test_class, _ = test_cases[0] self.testName = normalizeTestName(test_class.name) self.testVersion = test_class.version self._testCases = test_cases self.usageOptions = usageOptionsFactory(self.testName, self.testVersion) if config.reports.unique_id is True: self.reportId = randomStr(64) for test_class, test_methods in self._testCases: self._accumulateTestOptions(test_class)
def test_subdomain_blocking(self): payload = "GET / HTTP/1.1\n\r" payload += "Host: %s\n\r" % randomStr(10) + "." + self.input d = self.sendPayload(payload) d.addCallback(self.check_for_manipulation, payload) return d
def generateReportID(): """ Generates a report ID for usage in the database backed oonib collector. XXX note how this function is different from the one in report/api.py """ report_id = randomStr(100) return report_id
def test_random_big_request_method(self): """ This generates a request that looks like this: Xx*512 / HTTP/1.1 """ payload = randomStr(1024) + ' / HTTP/1.1\n\r' d = self.sendPayload(payload) d.addCallback(self.check_for_manipulation, payload) return d
def test_random_invalid_version_number(self): """ This generates a request that looks like this: GET / HTTP/XxX """ payload = 'GET / HTTP/' + randomStr(3) payload += '\n\r' d = self.sendPayload(payload) d.addCallback(self.check_for_manipulation, payload) return d
def test_random_invalid_field_count(self): """ This generates a request that looks like this: XxXxX XxXxX XxXxX XxXxX This may trigger some bugs in the HTTP parsers of transparent HTTP proxies. """ payload = ' '.join(randomStr(5) for x in range(4)) payload += "\n\r" d = self.sendPayload(payload) d.addCallback(self.check_for_manipulation, payload) return d
def get_headers(self): headers = {} if self.localOptions['headers']: # XXX test this code try: f = open(self.localOptions['headers']) except IOError: raise Exception("Specified input file does not exist") content = ''.join(f.readlines()) f.close() headers = yaml.load(content) return headers else: headers = {"User-Agent": [random.choice(net.userAgents)[0]], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], "Accept-Encoding": ["gzip,deflate,sdch"], "Accept-Language": ["en-US,en;q=0.8"], "Accept-Charset": ["ISO-8859-1,utf-8;q=0.7,*;q=0.3"], "Host": [randomStr(15)+'.com'] } return headers
def get_headers(self): headers = {} if self.localOptions['headers']: # XXX test this code try: f = open(self.localOptions['headers']) except IOError: raise Exception("Specified input file does not exist") content = ''.join(f.readlines()) f.close() headers = yaml.load(content) return headers else: headers = { "User-Agent": [random.choice(net.userAgents)[0]], "Accept": [ "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" ], "Accept-Encoding": ["gzip,deflate,sdch"], "Accept-Language": ["en-US,en;q=0.8"], "Accept-Charset": ["ISO-8859-1,utf-8;q=0.7,*;q=0.3"], "Host": [randomStr(15) + '.com'] } return headers
def test_filtering_via_fuzzy_matching(self): headers = {} headers["Host"] = [randomStr(10) + self.input + randomStr(10)] return self.doRequest(self.localOptions['backend'], headers=headers)
def test_filtering_of_subdomain(self): headers = {} headers["Host"] = [randomStr(10) + '.' + self.input] return self.doRequest(self.localOptions['backend'], headers=headers)
def generateReportID(): return otime.timestamp() + '_' + randomStr(20)
raise web.HTTPError(400, "Missing Request Field %s" % e) print "Parsed this data %s" % report_data software_name = report_data['software_name'] software_version = report_data['software_version'] test_name = report_data['test_name'] test_version = report_data['test_version'] probe_asn = report_data['probe_asn'] content = report_data['content'] if not probe_asn: probe_asn = "AS0" report_id = otime.timestamp() + '_' \ + probe_asn + '_' \ + randomStr(50) # The report filename contains the timestamp of the report plus a # random nonce report_filename = os.path.join(config.main.report_dir, report_id) response = {'backend_version': config.backend_version, 'report_id': report_id } self.writeToReport(report_filename, report_data['content']) self.write(response) def writeToReport(self, report_filename, data):