def Setup(self):
self.name = "SF|SR Probe to Closed Port"
self.expect = "detect.output.4"
# Packet 1
payload = TCP(sport=555, dport=79, seq=10000,
flags=dnet.TH_SYN|dnet.TH_RST)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.0.10"),
id=5624,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 2
payload = TCP(sport=556, dport=79, seq=10000,
flags=dnet.TH_SYN|dnet.TH_FIN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.0.10"),
id=5625,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
def sendRawRequest(socket, clientaddr, serveraddr, userid, dataid):
"""
sends 1 raw request from clientaddr to serveraddr.
"""
message = ''
message += struct.pack("i", userid)
message += struct.pack("i", dataid)
# left off: just added this
udpOut = UDP()
udpOut.sport = udpIn.dport
udpOut.dport = udpIn.sport
udpOut.data = message
udpOut.ulen=len(udpOut)
udpOut = UDP(str(udpOut))
ipOut = IP(src=ipIn.dst, dst=ipIn.src)
ipOut.p = 0x11
ipOut.data = UDP(str(udpOut))
ipOut.v = 4
ipOut.len = len(ipOut)
# put the data id into the dcsp field. (first 6 bits of tos)
ipOut.tos = dataid << 2
ethOut = Ethernet(src = ethIn.dst, dst=ethIn.src,type=ethernet.ETH_TYPE_IP, data = ipOut)
def Setup(self):
self.name = "Ping"
self.expect = "gen.output.1"
payload = ICMP(type = 8, data=ICMP.Echo(id=123, seq=1, data="12345690"))
ip = IP(src=dnet.ip_aton("192.0.2.254"),
dst=dnet.ip_aton("192.18.0.10"),
id=5624,
p=dnet.IP_PROTO_ICMP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
def Setup(self):
self.name = "Connection to open port"
self.expect = "gen.output.2"
# Packet 1
payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.254"),
dst=dnet.ip_aton("192.18.0.10"),
id=5624,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 2
payload = TCP(sport=555, dport=80,
seq=10001, ack=194595108,
flags=dnet.TH_ACK)
ip = IP(src=dnet.ip_aton("192.0.2.254"),
dst=dnet.ip_aton("192.18.0.10"),
id=5625, p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 3
payload = TCP(sport=555, dport=80,
seq=10001, ack=194595108,
flags=dnet.TH_ACK)
payload.data = 'Honeyd fools you'
ip = IP(src=dnet.ip_aton("192.0.2.254"),
dst=dnet.ip_aton("192.18.0.10"),
id=5625, p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
def Setup(self):
self.name = "Routing to Open Port"
self.expect = "route.output.1"
# Packet 1
payload = TCP(sport=555, dport=80, seq=10000,
flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.3.10"),
id=8143, ttl=1,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 2
payload = TCP(sport=555, dport=80, seq=10000,
flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.3.10"),
id=8144, ttl=2,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 3
payload = TCP(sport=555, dport=80, seq=10000,
flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.3.10"),
id=8145, ttl=3,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
def Setup(self):
self.name = "Routing to Open Port"
self.expect = "route.output.1"
# Packet 1
payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.3.10"),
id=8143,
ttl=1,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 2
payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.3.10"),
id=8144,
ttl=2,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 3
payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.3.10"),
id=8145,
ttl=3,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
def main(serverInterface, serverIp):
dstaddr = (serverInterface, 2048, 0, 1, clientMac.decode('hex')) # where to send the packets.
serveripn = socket.inet_aton(serverIp)
# bind on an extra socket, so the kernel knows the udp port is opened.
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.bind((serverIp, serverport))
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol.
# s.bind((serverip, serverport))
s.bind((serverInterface, 0))
print ("generating flows.")
flows = []
for i in range(flowct):
dstip, srcip, dstport, srcport = getFlowKey(serverIp)
flow = []
for j in range(pktsPerFlow):
message = struct.pack("i", 1)
udpOut = UDP()
udpOut.sport = srcport
udpOut.dport = dstport
udpOut.data = message
udpOut.ulen=len(udpOut)
udpOut = UDP(str(udpOut))
ipOut = IP(src=srcip, dst=dstip)
ipOut.p = 0x11
ipOut.data = UDP(str(udpOut))
ipOut.v = 4
ipOut.len = len(ipOut)
ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut)
eo = str(ethOut)
flow.append(str(ethOut))
flows.append(flow)
print ("%s flows generated, with %s packets each."%(len(flows), len(flows[0])))
print ("sending flows packets to: %s"%str(dstaddr))
for flow in flows:
for pktstr in flow:
s.sendto(pktstr, dstaddr)
time.sleep(delay)
print ("everything send. exiting.")
return
def modify_pkt_rnd(net_packet):
# net.data is layer 4 packet
# so net.data.data is layer 5 or just a payload of layer 4
net = IP(net_packet.get_payload())
tran_len = len(net.data)
payload_len = net.len - tran_len
if not payload_len:
return net.pack()
new_data = bytearray(net.data.pack())
for idx in range(10):
rnd_byte = randrange(0, payload_len)
# God, please, i hope there's no off-by-one error
new_data[(tran_len - payload_len) + rnd_byte] = rnd_byte
# new_data[rnd_byte] = bytes([rnd_byte])
net.data = new_data
return net.pack()
def setUp(self):
# echo = dpkt.icmp.ICMP.Echo()
# echo.id = random.randint(0, 0xffff)
# echo.seq = random.randint(0, 0xffff)
# echo.data = 'hello world'
#
# icmp = dpkt.icmp.ICMP()
# icmp.type = dpkt.icmp.ICMP_ECHO
# icmp.data = echo
# packet generation is done directly using dpkt package and
self.packet = Ethernet()
ip = IP(src='\x01\x02\x03\x04', dst='\x05\x06\x07\x08', p=1)
icmp = ICMP(type=8, data=ICMP.Echo(id=123, seq=1, data='foobar'))
ip.data = icmp
self.packet.src = "\x00\x00\x55\x55\x00\x00"
self.packet.dst = "\x00\x00\x11\x11\x00\x00"
self.packet.data = ip
self.print_packet(self.packet)
self.max_pkt_size = 1400
self.pld_gen = CTRexPktBuilder.CTRexPayloadGen(self.packet, self.max_pkt_size)
def main(serverInterface, serverIp):
# open a socket to the switch here. Just do a send when you have a
# permission that you want to add. You can work in the controller
# interface later on, connect right to the switch, for now.
declassifierSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
declassifierSocket.connect((declassifierIp, declassifierPort))
print ("connected to declassifier.")
serveripn = socket.inet_aton(serverIp)
# bind on an extra socket, so the kernel knows the udp port is opened.
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.bind((serverIp, serverport))
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol.
# s.bind((serverip, serverport))
s.bind((serverInterface, 0))
print ("Starting listening loop.")
currentPermissions = set() # cache of the current permissions for flows.
while True:
pkt, srcaddr = s.recvfrom(1514) # 1500 is the mtu.. but still will this work?
print srcaddr
# print srcaddr
# srcaddr = list(srcaddr)
# srcaddr[2] = 4
# srcaddr = tuple(srcaddr)
if len(pkt)>4:
ethIn = Ethernet(pkt)
if type(ethIn.data) == IP:
ipIn = ethIn.data
if type(ipIn.data) == UDP:
udpIn = ipIn.data
if (ipIn.dst == serveripn) and (ipIn.data.dport == serverport):
# print ("got server packet")
userid, dataid = struct.unpack("ii", udpIn.data)
# print ("got request for user id: %s data id: %s"%(userid, dataid))
# print ("writing flow information to file. ")
# flowData = "%s,%s,%s,%s:%s\n"%(socket.inet_ntoa(ipIn.src), socket.inet_ntoa(ipIn.dst), udpIn.sport, udpIn.dport, userid)
# f = open(flowDataFile, "a")
# f.write(flowData)
# f.close()
# pack the information about the flow, that
# you send to the declassifier.
permission = userid
flowPermission = ''
flowPermission += ipIn.dst
flowPermission += ipIn.src
flowPermission += struct.pack("!H", udpIn.dport)
flowPermission += struct.pack("!H", udpIn.sport)
flowPermission += struct.pack("!i", permission)
# add the permissions, if they're not added yet.
if flowPermission not in currentPermissions:
currentPermissions.add(flowPermission)
# print ("intended message: %s (%s) --> %s (%s)"%\
# (socket.inet_ntoa(ipIn.dst), udpIn.dport, socket.inet_ntoa(ipIn.src), udpIn.sport))
# send the permission information to the declassifier.
# print ("sending %s bytes to declassifier"%len(flowPermission))
declassifierSocket.send(flowPermission)
# time.sleep(.000001)
# print("flow permissions sent to declassifier.")
# response just indicates whether the user has
# permission to access it according to the
# server. If you see a 0 response at the client,
# something is wrong.
if userid == dataid:
message = struct.pack("i", 1)
else:
message = struct.pack("i", 0)
# print ("sending message back to client")
udpOut = UDP()
udpOut.sport = udpIn.dport
udpOut.dport = udpIn.sport
udpOut.data = message
udpOut.ulen=len(udpOut)
udpOut = UDP(str(udpOut))
ipOut = IP(src=ipIn.dst, dst=ipIn.src)
ipOut.p = 0x11
ipOut.data = UDP(str(udpOut))
ipOut.v = 4
ipOut.len = len(ipOut)
# put the data id into the dcsp field. (first 6 bits of tos)
ipOut.tos = dataid << 2
ethOut = Ethernet(src = ethIn.dst, dst=ethIn.src,type=ethernet.ETH_TYPE_IP, data = ipOut)
# print ("-----")
# print len(message)
# print len(str(udpOut))
# print len(str(ipOut))
# print len(ethOut)
# print len(udpIn)
# print len(udpOut)
# print "_--------_"
# print str(udpIn).encode('hex_codec')
# print str(udpOut).encode('hex_codec')
# print `ethOut`
ethOut = str(ethOut)
s.sendto(ethOut, srcaddr)
def main(serverInterface, serverIp):
dstaddr = (serverInterface, 2048, 0, 1, clientMac.decode('hex')) # where to send the packets.
# open a socket to the switch here. Just do a send when you have a
# permission that you want to add. You can work in the controller
# interface later on, connect right to the switch, for now.
declassifierSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
declassifierSocket.connect((declassifierIp, declassifierPort))
print ("connected to declassifier.")
serveripn = socket.inet_aton(serverIp)
# bind on an extra socket, so the kernel knows the udp port is opened.
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.bind((serverIp, serverport))
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol.
# s.bind((serverip, serverport))
s.bind((serverInterface, 0))
print ("generating permissions")
permissionrecords = set()
for i in range(permissionct):
dstip = socket.inet_aton(socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))))
srcip = socket.inet_aton(serverIp)
dstport = random.randint(1, 50000)
srcport = serverport
permissionrecord = (dstip, srcip, dstport, srcport)
permissionrecords.add(permissionrecord)
permission = 1 # the valid permission is always 1.
flowPermission = ''
flowPermission += srcip
flowPermission += dstip
flowPermission += struct.pack("!H", srcport)
flowPermission += struct.pack("!H", dstport)
flowPermission += struct.pack("!i", permission)
declassifierSocket.send(flowPermission)
time.sleep(permissionDelay)
declassifierSocket.close()
print ("%s unique flow permissions generated and send to declassifier."%len(permissionrecords))
print ("generating valid flows.")
validflows = []
permissionrecords = list(permissionrecords)
for i in range(validflowct):
validrecord = permissionrecords[i]
dstip, srcip, dstport, srcport = validrecord
flow = []
for j in range(pktsPerFlow):
message = struct.pack("i", 1)
udpOut = UDP()
udpOut.sport = srcport
udpOut.dport = dstport
udpOut.data = message
udpOut.ulen=len(udpOut)
udpOut = UDP(str(udpOut))
ipOut = IP(src=srcip, dst=dstip)
ipOut.p = 0x11
ipOut.data = UDP(str(udpOut))
ipOut.v = 4
ipOut.len = len(ipOut)
ipOut.tos = 1 << 2 # these are valid flows, so put 1 into the ip dscp field.
ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut)
eo = str(ethOut)
flow.append(str(ethOut))
validflows.append(flow)
print ("%s valid flows generated, with %s packets each."%(len(validflows), len(validflows[0])))
print ("generating invalidflows")
invalidflows = []
for i in range(len(validflows), len(validflows)+invalidflowct):
validrecord = permissionrecords[i]
dstip, srcip, dstport, srcport = validrecord
flow = []
for j in range(pktsPerFlow):
message = struct.pack("i", 1)
udpOut = UDP()
udpOut.sport = srcport
udpOut.dport = dstport
udpOut.data = message
udpOut.ulen=len(udpOut)
udpOut = UDP(str(udpOut))
ipOut = IP(src=srcip, dst=dstip)
ipOut.p = 0x11
ipOut.data = UDP(str(udpOut))
ipOut.v = 4
ipOut.len = len(ipOut)
if j == invalidPacketLoc:
ipOut.tos = 0 << 2 # mark the invalid packet.
else:
ipOut.tos = 1 << 2 # mark the valid packets.
ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut)
flow.append(str(ethOut))
invalidflows.append(flow)
print ("%s invalid flows generated, with %s packets each."%(len(invalidflows), len(invalidflows[0])))
print ("sending valid flows packets to: %s"%str(dstaddr))
for flow in validflows:
for pktstr in flow:
s.sendto(pktstr, dstaddr)
time.sleep(delay)
print ("sending invalid flow packets to: %s"%str(dstaddr))
for flow in invalidflows:
for pktstr in flow:
s.sendto(pktstr, dstaddr)
time.sleep(delay)
print ("everything send. exiting.")
return
