def run(self): Attack.run(self) self.pre_attack_init() self.client.publish(self.client2_name + "/status", "topic_name_fuzzing_type_1") print "Please check if the attacked client continues working" er = self.client.subscribe("$SYS/#", 1) if er[0] == 0: self.logger.info( "Successfully subscribed to all system topics. ALERT!") self.client.unsubscribe("$SYS/#") else: self.logger.info( "Failed to subscribe to all system topics. Very good!") # Trying to publish to a system topic, change the number of clients connected self.logger.info( "Please check from the broker monitor if 999 is published to $SYS/broker/clients/connected, it will be published in a seconds!" ) time.sleep(2) self.client.publish("$SYS/broker/clients/connected", 999) self.logger.info( "Please check from the broker monitor if 999 is published to $SYS/broker/clients/connected." )
def run(self): Attack.run(self) self.pre_attack_init() # Fill the size list as randomly generated size_list = [0, self.max_payload_length] size_list.extend([random.randint(0, self.max_payload_length) for _ in range(self.fuzzing_turn - 2)]) fuzzing = 0 self.logger.info("Size payload fuzzing is started. Please consider it may take some time.") for payload_size in size_list: if self.stopped_flag is True: # Attack is terminated break # Create payload and send it random_strings = "".join([chr(_) for _ in range(65, 91)]) + "".join([chr(_) for _ in range(97, 123)]) random_character = random.choice(random_strings) sized_payload = random_character * payload_size PeniotCoAP.make_request(self.client, self.path, self.method, sized_payload) # Informative procedures self.logger.info("Turn {0} is completed".format(fuzzing + 1)) self.sent_message_count += 1 fuzzing += 1 time.sleep(1) if self.stopped_flag is False: self.logger.info("Payload size attack is finished.") else: self.logger.info("Payload size attack has been terminated.") if self.client is not None: self.client.stop() self.client = None
def run(self): Attack.run(self) self.pre_attack_init() payload = self.payload if payload is None: # Create seed with randomly length = random.randint(1, self.max_length_of_random_payload) payload = "".join( [chr(random.randint(1, 127)) for _ in range(length)]) self.logger.info("Random payload fuzzing is started.") for fuzzing in range(self.turn): if self.stopped_flag is True: break while True: try: returned_strings = rdm.get_ascii_decodable_radamsa_malformed_input( payload, self.count) if type(returned_strings) == list: fuzzer_messages = [ string.decode("utf-8") for string in returned_strings ] else: fuzzer_messages = returned_strings.decode("utf-8") break except UnicodeDecodeError: continue # Check whether result is list or not if type(fuzzer_messages) == list: for message in fuzzer_messages: self.channel.basic_publish(exchange=self.exchange, routing_key=self.routing_key, body=message) # Increment sent message count self.sent_message_count += 1 else: self.channel.basic_publish(exchange=self.exchange, routing_key=self.routing_key, body=fuzzer_messages) # Increment sent message count self.sent_message_count += 1 time.sleep(1) self.logger.info("Turn {0} is completed".format(fuzzing + 1)) if self.stopped_flag is False: self.logger.info("Random payload fuzzing is finished.") if self.connection is not None: self.connection.close()
def run(self): Attack.run(self) self.pre_attack_init() self.logger.info("Random payload fuzzing is started.") if self.payload is None: length = random.randint(1, self.max_length_of_random_payload) self.payload = "".join( [chr(random.randint(1, 127)) for _ in range(length)]) for fuzzing in range(self.fuzzing_turn): if self.stopped_flag is True: break while self.stopped_flag is False: try: returned_strings = rdm.get_ascii_decodable_radamsa_malformed_input( self.payload, self.fuzzing_count) if type(returned_strings) == list: fuzzer_messages = [ string.decode("utf-8") for string in returned_strings ] else: fuzzer_messages = returned_strings.decode("utf-8") break except UnicodeDecodeError: continue # Check whether result is list or not if type(fuzzer_messages) == list: for message in fuzzer_messages: PeniotCoAP.make_request(self.client, self.path, self.method, message) # Increment sent message count self.sent_message_count += 1 else: PeniotCoAP.make_request(self.client, self.path, self.method, fuzzer_messages) # Increment sent message count self.sent_message_count += 1 time.sleep(1) self.logger.info("Turn {0} is completed".format(fuzzing + 1)) if self.stopped_flag is False: self.logger.info("Random payload fuzzing is finished.") else: self.logger.info("Random payload fuzzing has been terminated.") if self.client is not None: self.client.stop() self.client = None
def run(self): Attack.run(self) self.pre_attack_process() # Sniff the packets so we can replay self.pre_attack_init() # Do the necessary checks try: selected_packet = self.captured_packets[self.selected_index] try: self.client.connect(selected_packet.ip.dst_host) except Exception as e: self.logger.error("Failed to connect to broker") self.logger.info(selected_packet) self.client.publish(selected_packet.mqtt.topic, selected_packet.mqtt.msg) except IndexError as _: self.logger.error("Invalid packet index. Indices start from 0...")
def run(self): Attack.run(self) self.pre_attack_init() self.client.loop_start() self.logger.info("Random payload fuzzing is started.") if self.payload is None: length = random.randint(1, self.max_length_of_random_payload) self.payload = "".join([chr(random.randint(1, 127)) for _ in range(length)]) for fuzzing in range(self.turn): if self.stopped_flag is True: break while True: try: returned_strings = rdm.get_ascii_decodable_radamsa_malformed_input(self.payload, self.count) if type(returned_strings) == list: fuzzer_messages = [string.decode("utf-8") for string in returned_strings] else: fuzzer_messages = returned_strings.decode("utf-8") break except UnicodeDecodeError: self.logger.debug("Error occurred while decoding payload in random payload fuzzing.") continue # Check whether result is list or not if type(fuzzer_messages) == list: for message in fuzzer_messages: self.client.publish(self.topic, message) # Increment sent message count self.sent_message_count += 1 else: self.client.publish(self.topic, fuzzer_messages) # Increment sent message count self.sent_message_count += 1 time.sleep(1) self.logger.info("Turn {0} is completed with message content = {1}".format(fuzzing + 1, fuzzer_messages)) self.client.loop_stop() self.logger.info("Random payload fuzzing is finished.")
def run(self): Attack.run(self) self.pre_attack_init() assert self.turn >= 2 # Fill the size list as randomly generated size_list = [0, self.max_payload_length] size_list.extend([ random.randint(0, self.max_payload_length) for _ in range(self.turn - 2) ]) fuzzing = 0 self.logger.info( "Size payload fuzzing is started. Please consider it may take some time." ) for payload_size in size_list: if self.stopped_flag is True: break # Create payload and send it random_strings = "".join([chr(_) for _ in range(65, 91)]) + "".join( [chr(_) for _ in range(97, 123)]) random_character = random.choice(random_strings) sized_payload = random_character * payload_size self.channel.basic_publish(exchange=self.exchange, routing_key=self.routing_key, body=sized_payload) # Informative procedures self.logger.info("Turn {0} is completed".format(fuzzing + 1)) self.sent_message_count += 1 fuzzing += 1 time.sleep(1) if self.stopped_flag is False: self.logger.info("Payload size attack is finished.")
def run(self): Attack.run(self) self.pre_attack_init() # Fill the size list as randomly generated size_list = [0, self.max_payload_length] size_list.extend([ random.randint(0, self.max_payload_length) for _ in range(self.fuzzing_turn - 2) ]) fuzzing = 0 self.logger.info( "Size payload fuzzing is started. Please consider it may take some time." ) for payload_size in size_list: if self.stopped_flag is True: # An external interrupt can force us to finish the attack break # Create payload and send it random_strings = "".join([chr(_) for _ in range(65, 91)]) + "".join( [chr(_) for _ in range(97, 123)]) random_character = random.choice(random_strings) sized_payload = random_character * payload_size self.client.publish(self.topic, sized_payload) # Increment sent message count self.logger.info( "Turn {0} is completed and {1} bytes of message is sent.". format(fuzzing + 1, payload_size)) self.sent_message_count += 1 fuzzing += 1 time.sleep(1) if self.stopped_flag is False: self.logger.info("Payload size attack is finished.")
def run(self): Attack.run(self) self.pre_attack_init() subscribe = paho.SUBSCRIBE unsubscribe = paho.UNSUBSCRIBE # Quality of service creator random_qosses = [0, 1, 2] # Currently include "A...Za...z" random_strings = "".join([chr(_) for _ in range(65, 91)]) + "".join( [chr(_) for _ in range(97, 123)]) ''' (fuzz_client, message_type, topics, dup=False, optional_remaining_length=2, command_dup_shift_times=3, command_base_xor_part=0x2): ''' test_cases = [ dict(message_type=subscribe, topics=[ self.random_topic_generator(subscribe, random_strings, random_qosses) ], dup=False, optional_remaining_length=2, command_dup_shift_times=3, command_base_xor_part=0x2), dict(message_type=subscribe, topics=[ self.random_topic_generator(subscribe, random_strings, random_qosses), self.random_topic_generator(subscribe, random_strings, random_qosses) ], dup=False, optional_remaining_length=3, command_dup_shift_times=3, command_base_xor_part=0x2), dict(message_type=subscribe, topics=[ self.random_topic_generator(subscribe, random_strings, random_qosses) ], dup=False, optional_remaining_length=2, command_dup_shift_times=5, command_base_xor_part=0x2), dict(message_type=subscribe, topics=[ self.random_topic_generator(subscribe, random_strings, random_qosses) ], dup=False, optional_remaining_length=2, command_dup_shift_times=3, command_base_xor_part=0x5), dict(message_type=unsubscribe, topics=[ self.random_topic_generator(unsubscribe, random_strings, random_qosses) ], dup=False, optional_remaining_length=2, command_dup_shift_times=3, command_base_xor_part=0x2), dict(message_type=unsubscribe, topics=[ self.random_topic_generator(unsubscribe, random_strings, random_qosses), self.random_topic_generator(unsubscribe, random_strings, random_qosses) ], dup=False, optional_remaining_length=3, command_dup_shift_times=3, command_base_xor_part=0x2), dict(message_type=unsubscribe, topics=[ self.random_topic_generator(unsubscribe, random_strings, random_qosses) ], dup=False, optional_remaining_length=2, command_dup_shift_times=5, command_base_xor_part=0x2), dict(message_type=unsubscribe, topics=[ self.random_topic_generator(unsubscribe, random_strings, random_qosses) ], dup=False, optional_remaining_length=2, command_dup_shift_times=3, command_base_xor_part=0x5) ] for test_case in test_cases: if self.stopped_flag is True: break self.send_subscribe_or_unsubscribe( self.client, test_case["message_type"], test_case["topics"], test_case["dup"], test_case["optional_remaining_length"], test_case["command_dup_shift_times"], test_case["command_base_xor_part"]) # Increment sent message count self.sent_message_count += 1 self.logger.info( "Test case {0} has been run in generation based fuzzing". format(str(test_case))) time.sleep(1)