def test_injection_from_dict_with_template(self, n=100): for i in range(2, n, 2): config = ''' X:_data_: Y:_sxor_(_data_, '\xaa'): data1="""44444444%s41414141%s""" ''' % ("X" * i, "Y" * i) inj_dict = {'X': 'a' * (i // 2), 'Y': 'b' * (i // 2)} psi = StegoInjector(config) templ_pkt = psi.inject('\x00' * i, 'data1') print templ_pkt, "<----" stego_pkt = psi.injectByTag(inj_dict, template='data1', pkt=templ_pkt) testable = 'DDDD%sAAAA%s' % ('a' * (i // 2), 'b' * (i // 2)) # print( stego_pkt, testable ) extr_dict = psi.extractByTag(stego_pkt, 'data1') # print( extr_dict, inj_dict ) self.assertTrue(extr_dict == inj_dict)
def test_injection_equivalence( self ) : config = ''' X:_data_: Y:_sxor_(_data_, chr(_index_) ): data1 = """XXXXYYYY""" ''' psi = StegoInjector( config ) data = "\x00"*4 data_dict = { 'X' : "\x00" * 2, 'Y' : '\x00' * 2} pkt1 = psi.inject(data, 'data1') pkt2 = psi.injectByTag( data_dict, 'data1' ) # print( pkt1.encode('hex'), pkt2.encode('hex') ) self.assertTrue( pkt1 == pkt2 ) extr1 = psi.extract( pkt1, 'data1' ) extr_dict = psi.extractByTag( pkt2, 'data1' ) self.assertTrue( data == extr1 ) self.assertTrue( data_dict == extr_dict )
def test_injection_from_dict(self, n=100): for i in range(2, n, 2): config = ''' X:_data_: Y:_sxor_(_data_, '\xaa'): data1="""44444444%s41414141%s""" ''' % ("X" * i, "Y" * i) inj_dict = {'X': 'a' * (i / 2), 'Y': 'b' * (i / 2)} psi = StegoInjector(config) stego_pkt = psi.injectByTag(inj_dict, template='data1') testable = 'DDDD%sAAAA%s' % ('a' * (i / 2), 'b' * (i / 2)) # print stego_pkt, testable extr_dict = psi.extractByTag(stego_pkt, 'data1') # print extr_dict, inj_dict self.failUnless(extr_dict == inj_dict)
class DataTransformer: """ This class provides automated data transformations. It uses the :class:`covertutils.datamanipulation.stegoinjector.StegoInjector` class to create alterations to existing data chunks. **Transformation List** The Transformation List argument is a specially structured list to dictate to the `DataTranformer` which changes should be done to data packet. Specifically, for a SYN - (RST, ACK) sequence to be simulated, the following configuration should be used: .. code:: python X:_data_: L:_data_: K:_data_: ip_tcp_syn = '''45000028LLLL000040067ccd7f0000017f000001XXXX0050KKKKKKKK0000000050022000917c0000''' ip_tcp_rst_ack = '''450000280001000040067ccd7f0000017f0000010014005000000000XXXXXXXXXX50142000916a0000''' The Transformation List that has to be used should dictate the class to: - Unpack Sequence Number from `ip_tcp_syn` template (K tag) - Increment it by 1 - Place it to a `ip_tcp_rst_ack` template (X tag) - All the above while handling **endianess**, **integer overflow checks**, etc The `transformation_list` is declared below: .. code:: python transformation_list = [ ( # Tranformation #1 ( 'ip_tcp_syn:K', 'ip_tcp_rst_ack:X' ), # From template:tag to template:tag ('!I','!I') # Unpack as an 4-byte Integer (reverse Endianess as of network Endianess) and pack it to 4-byte Integer (reverse Endianess again) '_data_ + 1' # Eval this string (with the extracted/unpacked data as '_data_') and pack the result. ), # No other transformations ] """ def __init__(self, stego_configuration, transformation_list): """ :param str stego_configuration: The Stego Configuration to initialize the internal :class:`covertutils.datamanipulation.stegoinjector.StegoInjector` object. :param list transformation_list: The Tranformation List as described above. """ self.injector = StegoInjector(stego_configuration) self.transformation_list = transformation_list def runAll(self, pkt, template=None): """ Runs all Tranformations in the `transformation_list` that relate to the specified template. :param str pkt: The data packet to run the Tranformations on. In `Raw Bytes`. :param str template: The template string that describes the given data packet. If `None` the :func:`covertutils.datamanipulation.stegoinjector.StegoInjector.guessTemplate` function will try to guess the correct template. :rtype: str :return: Returns the `pkt` with all the related tranformations applied. """ if not template: template = self.injector.guessTemplate(pkt) injectable_dict = {} for trans_tuple in self.transformation_list: templates, struct_strs, eval_str = trans_tuple # (in_template_tag, out_template_tag) = templates (out_template_tag, in_template_tag) = templates out_template, out_tag = out_template_tag.split(':') in_template, in_tag = in_template_tag.split(':') (out_struct, in_struct) = struct_strs # if template != out_template : # continue out_data = self.injector.extractByTag(pkt, template)[out_tag] # out_data = str(out_data) # print out_tag, len(out_data), type(out_data) # print unpack( out_struct, out_data ) structed_data = unpack(out_struct, out_data)[0] # ========================== _data_ = structed_data output_data = eval(eval_str) # print( structed_data, eval_str, output_data ) # ========================== injectable_data = pack(in_struct, output_data) injectable_dict[in_tag] = injectable_data # print( injectable_data.encode('hex') ) # print( self.injector.getCapacityDict( template ) ) # pkt = self.injector.blankPacket( pkt, template ) # pkt = pkt.encode('hex') # pkt = self.injector.blankifyPacketFields( pkt, template, zero = True ) # print pkt # pkt = pkt.decode('hex') # print pkt.encode('hex') pkt = self.injector.injectByTag(injectable_dict, template, pkt) # pkt = self.injector.inject( injectable_data, template, pkt ) return pkt