def coap_scrap_response(resp_packet):
"""Parse response packet and scraps CoAP response from stdout."""
parsed_response = ""
if resp_packet.haslayer(IP):
del resp_packet[IP].chksum
del resp_packet[IP].id
if resp_packet.haslayer(UDP):
del resp_packet[UDP].chksum
save_stdout, sys.stdout = sys.stdout, StringIO()
coap = CoAP(resp_packet[UDP].load)
coap.show()
sys.stdout, save_stdout = save_stdout, sys.stdout
parsed_response = save_stdout.getvalue()
return parsed_response
def coap_check_url(test_params, method, url):
"""Check on CoAP server whether resource named url is available."""
packet = CoAP()
# 1 - GET
# 2 - POST
# 3 - PUT
# 4 - DELETE
if method in COAP_REV_CODES:
packet[CoAP].code = COAP_REV_CODES[method]
else:
packet[CoAP].code = 1 # GET
packet[CoAP].msg_id = random.randint(0, 32768) # nosec
packet[CoAP].options = [("Uri-Path", url)]
print_verbose(
test_params,
prepare_separator("-",
pre_separator_text="\n",
post_separator_text="Request:"),
)
show_verbose(test_params, packet)
print_verbose(test_params, prepare_separator("-", pre_separator_text="\n"))
answer = udp_sr1(test_params, bytes(packet))
if answer is not None:
parsed_response = coap_scrap_response(answer)
code = coap_convert_code(parsed_response)
print_verbose(
test_params,
prepare_separator("-",
pre_separator_text="\n",
post_separator_text="Response:"),
)
show_verbose(test_params, answer)
print_verbose(test_params, parsed_response)
in_size = len(packet) + UDP_LOW_LAYERS_HEADERS_SIZE_IPV4
out_size = len(answer) + UDP_LOW_LAYERS_HEADERS_SIZE_IPV4
if code != "Empty":
print("SENT size:{} RECV size:{} AMPLIFICATION FACTOR:{:0.2f}%".
format(
in_size,
out_size,
amplification_factor(in_size, out_size),
))
return code
else:
print_verbose(
test_params,
prepare_separator("-",
pre_separator_text="\n",
post_separator_text="No response"),
)
print_verbose(test_params, prepare_separator("-", pre_separator_text="\n"))
return None
def coap_scrap_response(resp_packet):
"""Parse response packet and scraps CoAP response from stdout."""
parsed_response = ""
save_stdout, sys.stdout = sys.stdout, StringIO()
try:
if resp_packet.haslayer(IP):
del resp_packet[IP].chksum
del resp_packet[IP].id
if resp_packet.haslayer(UDP):
del resp_packet[UDP].chksum
coap = CoAP(resp_packet[UDP].load)
coap.show()
except (NameError) as exc:
print("Exception: {}".format(exc))
finally:
sys.stdout, save_stdout = save_stdout, sys.stdout
parsed_response = save_stdout.getvalue()
return parsed_response
def coap_check_url(test_params, method, url):
"""Check on CoAP server whether resource named url is available."""
packet = CoAP()
# 1 - GET
# 2 - POST
# 3 - PUT
# 4 - DELETE
if method in COAP_REV_CODES:
packet[CoAP].code = COAP_REV_CODES[method]
else:
packet[CoAP].code = 1 # GET
packet[CoAP].msg_id = random.randint(0, 32768)
packet[CoAP].options = [("Uri-Path", url)]
print_verbose(test_params, "\n" + 30 * "-" + "Request:\n")
show_verbose(test_params, packet)
print_verbose(test_params, "\n" + 30 * "-" + "\n")
answer = udp_sr1(test_params, bytes(packet))
if answer is not None:
parsed_response = coap_scrap_response(answer)
code = coap_convert_code(parsed_response)
print_verbose(test_params, "\n" + 30 * "-" + "Response:\n")
show_verbose(test_params, answer)
print_verbose(test_params, parsed_response)
if code != "Empty":
print (
"SENT size:{} RECV size:{} AMPLIFICATION FACTOR:{:0.2f}%".format(
len(packet),
len(answer),
amplification_factor(len(packet), len(answer)),
)
)
return code
else:
print_verbose(test_params, "\n" + 30 * "-" + "\n No response\n")
print_verbose(test_params, "\n" + 30 * "-" + "\n")
return None
def test_payload(self, test_params, test_timeouts, alive_before=True):
"""Send payload for fuzzing."""
if not alive_before:
alive_before = service_ping(test_params)
if not alive_before:
print(
"[+] Server {}:{} is not responding before sending payload"
.format(test_params.dst_endpoint.ip_addr,
test_params.dst_endpoint.port))
else:
print_verbose(
test_params,
"[+] Server {}:{} is alive before sending payload".format(
test_params.dst_endpoint.ip_addr,
test_params.dst_endpoint.port))
if not alive_before and not test_params.ignore_ping_check:
print(
"[.] Fuzzing stopped for {}:{} because server is not responding\n"
" (use --ignore-ping-check if you want to continue anyway)!"
.format(test_params.dst_endpoint.ip_addr,
test_params.dst_endpoint.port))
return False
print_verbose(test_params, 60 * "-" + "\nRequest:")
payload_sent_time = time.time()
test_result = sr1_file(test_params, self.payload_file,
test_params.verbose)
print_verbose(test_params, 60 * "-")
print("[.] Payload {} sent".format(self.payload_file))
if test_result is not None:
test_timeouts.append((time.time() - payload_sent_time,
self.payload_file, test_result))
print(60 * "-" + "\nResponse:")
try:
CoAP(test_result[Raw].load).show()
print(60 * "-")
except TypeError:
print(60 * "-")
else:
print("Received no response from server")
print(60 * "-")
alive_after = service_ping(test_params)
if not alive_after and alive_before:
print("[+] Server {}:{} is dead after sending payload".format(
test_params.dst_endpoint.ip_addr,
test_params.dst_endpoint.port))
test_params.test_stats.active_endpoints[
test_params.protocol].append("{}:{} - payload: {}".format(
test_params.dst_endpoint.ip_addr,
test_params.dst_endpoint.port, self.payload_file))
print(
"Waiting {} seconds for the server to start again.".format(60))
time.sleep(60)
if not service_ping(test_params):
print("Server did not respawn (wait 1)!")
time.sleep(60)
if not service_ping(test_params):
print("Server did not respawn (wait 2)!\nExiting!")
return False
else:
print("Server is alive again (after 2 waits)!")
if alive_after:
print_verbose(
test_params,
"[+] Server {}:{} is alive after sending payload {}".format(
test_params.dst_endpoint.ip_addr,
test_params.dst_endpoint.port, self.payload_file))
print_verbose(
test_params,
"[+] Finished fuzzing with payload: {}".format(self.payload_file))
print_verbose(test_params, 60 * "=")
return True