def restore(self):
L.describe("Enable the primary network service's interface")
self.primary_service.enable_interface()
def test(self):
L.describe('Open and connect the VPN application')
self.target_device['vpn_application'].open_and_connect()
L.describe('Capture traffic')
self.capture_device['packet_capturer'].start()
L.describe('Generate whatever traffic you want')
message_and_await_enter('Are you done?')
L.describe('Disconnect WiFi upstream')
# TODO: self.upstream.disable()?
message_and_await_enter('Unplug the cable from the router')
message_and_await_enter(
'Wait until the application has noticed (or however long you want)'
)
L.describe('Connect WiFi upstream')
message_and_await_enter('Plug the cable back in')
L.describe('Generate whatever traffic you want')
message_and_await_enter('Are you done?')
L.describe('Stop capturing traffic')
packets = self.capture_device['packet_capturer'].stop()
whitelist = self.capture_device.local_ips()
L.debug('Excluding {} from analysis'.format(whitelist))
self.traffic_analyser.get_vpn_server_ip(packets, whitelist)
def disrupt(self):
L.describe("Disable the primary network service's interface")
self.primary_service.disable_interface()
def setup(self):
L.describe('Disable the primary network adapter')
self._primary_adapter.disable()
L.info("Disabled adapter {}".format(self._primary_adapter.name()))
def test_with_packet_capture(self):
L.describe('Generate DNS traffic')
message_and_await_enter(
"Generate traffic however you want. Packet capture will continue in the background. "
"When you're done press enter to check if anything leaked.")
def disrupt(self):
msg = DisrupterCable.PULL_MESSAGE if self._pull else DisrupterCable.PLUG_MESSAGE
L.describe(msg)
message_and_await_enter(msg)
def disrupt(self):
L.describe('Swap the two highest-priority active network services')
self._swap_highest_priority_adapters()
def test(self):
L.info("This test does nothing but pass")
L.describe("Deliberately pass test")
self.assertTrue(True)
def disrupt(self):
L.describe('Disable the primary network adapter')
self._primary_adapter.disable()
def disrupt(self):
L.describe('Disable Wi-Fi')
# TODO: I have no idea how to do this programmatically yet (or if it's even possible).
# Probably it can be done via a registry setting
message_and_await_enter("Disable Wi-Fi {}".format(
WindowsWifiPowerDisrupter.VIA))
def test_with_ip_responder(self):
L.describe("Create disruption...")
self.disrupter.create_disruption()
def restore(self):
L.describe('Re-enable Wi-Fi')
message_and_await_enter("Re-enable Wi-Fi {}".format(
WindowsWifiPowerDisrupter.VIA))
def restore(self):
L.describe('Re-enable the primary network service')
self.primary_service.enable()
def disrupt(self):
L.describe('Disable the primary network service')
self.primary_service.disable()
def test(self):
services = self.localhost[
'network_tool'].network_services_in_priority_order()
interfaces = [
service.interface() for service in services if service.active()
]
self.original_active_services = [
service for service in services if service.active()
]
primary_service = self.original_active_services[0]
L.describe('Disable all active services')
for service in self.original_active_services:
service.disable()
L.describe('Open and connect the VPN application')
self.localhost['vpn_application'].open_and_connect()
L.describe('Capture traffic')
self.localhost['packet_capturer'].start(interfaces)
L.describe('Wait for the VPN application to notice the interruption')
self.localhost[
'vpn_application'].wait_for_connection_interrupt_detection()
L.describe('Enable primary network service')
primary_service.enable()
L.info("Enabled {}".format(primary_service))
L.describe('Reconnect the VPN')
# TODO: Let's consider if there's a more general way to do this. Potentially we can make
# a manual step here which asks the user to ensure the app reconnects. For automation of
# XV we can consider an override which does the appropriate thing.
self.localhost['vpn_application'].connect()
L.describe('Determine the VPN server IP')
vpn_server_ip = self.localhost['vpn_application'].vpn_server_ip()
L.info("VPN server IP is {}".format(vpn_server_ip))
L.describe('Stop capturing traffic')
self.localhost['packet_capturer'].stop()
L.describe('Analyse packets to ensure we saw no traffic leaking')
packets = self.localhost['packet_capturer'].get_capture(interfaces)
# TODO: Consider only filtering local traffic if LAN block is not on.
unmatched = self.traffic_filter.filter_traffic(packets, local=True)[1]
unmatched = self.traffic_filter.filter_traffic(unmatched,
link_local=True)[1]
unmatched = self.traffic_filter.filter_traffic(unmatched,
multicast=True)[1]
unmatched = self.traffic_filter.filter_traffic(unmatched,
dst_ip=True)[1]
self.assertEmpty(unmatched, json.dumps(unmatched, indent=2))
def restore(self):
L.describe('Re-enable the primary network adapter')
self._primary_adapter.enable()
def disrupt(self):
# Slightly confusing, but the disrupt-ion step here is actually enabling the service, not
# disabling it.
L.describe('Re-enable primary network service')
self._primary_service.enable()
def test(self):
L.describe('Open and connect the VPN application')
self.target_device['vpn_application'].open_and_connect()
L.describe('Capture traffic')
self.capture_device['packet_capturer'].start()
L.describe('Generate whatever traffic you want')
message_and_await_enter('Are you done?')
L.describe('Connect to a different WiFi network')
# TODO: Automate this.
message_and_await_enter('Have you connected to a new network?')
L.describe('Generate whatever traffic you want')
message_and_await_enter('Are you done?')
L.describe('Stop capturing traffic')
packets = self.capture_device['packet_capturer'].stop()
whitelist = self.capture_device.local_ips()
L.debug('Excluding {} from analysis'.format(whitelist))
self.traffic_analyser.get_vpn_server_ip(packets, whitelist)
def restore(self):
msg = "Ensure the ethernet cable is plugged back in"
L.describe(msg)
message_and_await_enter(msg)
def disrupt(self):
L.describe('Block traffic to and from the VPN server with firewall rules')
vpn_server_ip = self._device['vpn_application'].vpn_server_ip()
L.info("Blocking IP {}".format(vpn_server_ip))
self._device['firewall'].block_ip(vpn_server_ip)
def test_with_custom_dns(self):
L.describe("Create disruption...")
self.disrupter.create_disruption()
def test(self):
public_ips_before_connect = self.localhost[
'ip_tool'].all_public_ip_addresses()
L.info("Public IP addresses before VPN connect are {}".format(
public_ips_before_connect))
L.describe('Open and connect the VPN application')
self.localhost['vpn_application'].open_and_connect()
L.describe(
'Start sending UDP packets to IP responder in the background')
self.localhost['ip_responder'].start()
# Derived classes can override this with whatever they want.
self.test_with_ip_responder()
L.describe("Wait {} seconds before stopping ip responder".format(
self._check_period))
timeup = TimeUp(self._check_period)
while not timeup:
L.info("Running IP responder tests for another {} seconds".format(
math.ceil(timeup.time_left())))
ips_from_responder = self.query_ip_responder()
ip_intersection = ips_from_responder.intersection(
public_ips_before_connect)
self.assertEmpty(
ip_intersection,
"The following public IPs were detected {}".format(
ip_intersection))
# Don't over query the responder. The background thread will still be spamming the
# server so we won't miss anything.
time.sleep(5)
self.localhost['ip_responder'].stop()
# Get rid of the VPN else it can affect our ability to talk to the server
self.localhost['vpn_application'].disconnect()
self.localhost['vpn_application'].close()
# Some VPN apps take a while to close which means, if they implement a firewall, the
# responder can't be reached. Allow some time for the network to come back in this situation
timeup = TimeUp(20)
while not timeup:
ips_from_responder = self.query_ip_responder()
if ips_from_responder:
break
if timeup:
raise XVEx(
"Couldn't do final query of IP responder to get IPs. Got no response."
)
if not ips_from_responder:
L.info("No IP addresses detected")
else:
L.info("IP addresses used were {}".format(ips_from_responder))
ip_intersection = ips_from_responder.intersection(
public_ips_before_connect)
self.assertEmpty(
ip_intersection,
"The following public IPs were detected: {}".format(
ip_intersection))
def disrupt(self):
# Slightly confusing, but the disrupt-ion step here is actually enabling the adapter, not
# disabling it.
L.describe('Re-enable primary network adapter')
self._primary_adapter.enable()
def disrupt(self):
L.describe('Block traffic to and from the VPN server with firewall rules')
self._vpn_server_ip = self._device['vpn_application'].vpn_server_ip()
self._device['firewall'].block_ip(self._vpn_server_ip)