diff options
| -rwxr-xr-x | test/fuzzer.py | 278 |
1 files changed, 0 insertions, 278 deletions
diff --git a/test/fuzzer.py b/test/fuzzer.py deleted file mode 100755 index 766122c..0000000 --- a/test/fuzzer.py +++ /dev/null @@ -1,278 +0,0 @@ -#!/usr/bin/env python2.7 -""" - This is a python ICMP/Ping script, - which can be used to fuzz the proxy/forwarder - to detect security issues. - - This script was originally taken from: - https://gist.githubusercontent.com/pklaus/856268/raw/a4e295d0dbd1140bddc90616e93ab3b19718a87b/ping.py -""" - -import os -import time -import socket -import struct -import select -import random -import asyncore - -UINT_MAX=4294967295 -USHORT_MAX=65535 -ICMP_ECHO_REQUEST = 8 -ICMP_PROTO = socket.getprotobyname('icmp') -ERROR_DESCR = { - 1: ' - Note that ICMP messages can only be ' - 'sent from processes running as root.', - 10013: ' - Note that ICMP messages can only be sent by' - ' users or processes with administrator rights.' -} - -__all__ = ['create_packet', 'do_one', 'verbose_ping', 'PingQuery', - 'multi_ping_query'] - - -def checksum(source_string): - # I'm not too confident that this is right but testing seems to - # suggest that it gives the same answers as in_cksum in ping.c. - sum = 0 - count_to = (len(source_string) / 2) * 2 - count = 0 - while count < count_to: - this_val = ord(source_string[count + 1])*256+ord(source_string[count]) - sum = sum + this_val - sum = sum & 0xffffffff # Necessary? - count = count + 2 - if count_to < len(source_string): - sum = sum + ord(source_string[len(source_string) - 1]) - sum = sum & 0xffffffff # Necessary? - sum = (sum >> 16) + (sum & 0xffff) - sum = sum + (sum >> 16) - answer = ~sum - answer = answer & 0xffff - # Swap bytes. Bugger me if I know why. - answer = answer >> 8 | (answer << 8 & 0xff00) - return answer - - -def create_packet(id, data=None): - """Create a new echo request packet based on the given "id".""" - # Header is type (8), code (8), checksum (16), id (16), sequence (16) - header = struct.pack('bbHHh', ICMP_ECHO_REQUEST, 0, 0, id, 1) - if data is None: - data = 192 * 'Q' - # Calculate the checksum on the data and the dummy header. - my_checksum = checksum(header + data) - # Now that we have the right checksum, we put that in. It's just easier - # to make up a new header than to stuff it into the dummy. - header = struct.pack('bbHHh', ICMP_ECHO_REQUEST, 0, - socket.htons(my_checksum), id, 1) - return header + data - - -def do_one(dest_addr, timeout=1, data=None): - """ - Sends one ping to the given "dest_addr" which can be an ip or hostname. - "timeout" can be any integer or float except negatives and zero. - - Returns either the delay (in seconds) or None on timeout and an invalid - address, respectively. - - """ - try: - my_socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, ICMP_PROTO) - except socket.error as e: - if e.errno in ERROR_DESCR: - # Operation not permitted - raise socket.error(''.join((e.args[1], ERROR_DESCR[e.errno]))) - raise # raise the original error - try: - host = socket.gethostbyname(dest_addr) - except socket.gaierror: - return - # Maximum for an unsigned short int c object counts to 65535 so - # we have to sure that our packet id is not greater than that. - packet_id = int((id(timeout) * random.random()) % 65535) - packet = create_packet(packet_id, data) - while packet: - # The icmp protocol does not use a port, but the function - # below expects it, so we just give it a dummy port. - sent = my_socket.sendto(packet, (dest_addr, 1)) - packet = packet[sent:] - delay = receive_ping(my_socket, packet_id, time.time(), timeout) - my_socket.close() - return delay - - -def receive_ping(my_socket, packet_id, time_sent, timeout): - # Receive the ping from the socket. - time_left = timeout - while True: - started_select = time.time() - ready = select.select([my_socket], [], [], time_left) - how_long_in_select = time.time() - started_select - if ready[0] == []: # Timeout - return - time_received = time.time() - rec_packet, addr = my_socket.recvfrom(1024) - icmp_header = rec_packet[20:28] - type, code, checksum, p_id, sequence = struct.unpack( - 'bbHHh', icmp_header) - if p_id == packet_id: - return time_received - time_sent - time_left -= time_received - time_sent - if time_left <= 0: - return - - -def verbose_ping(dest_addr, data=None, timeout=2, count=4): - """ - Sends one ping to the given "dest_addr" which can be an ip or hostname. - - "timeout" can be any integer or float except negatives and zero. - "count" specifies how many pings will be sent. - - Displays the result on the screen. - - """ - for i in range(count): - print('ping {}...'.format(dest_addr)) - delay = do_one(dest_addr, timeout, data) - if delay == None: - print('failed. (Timeout within {} seconds.)'.format(timeout)) - else: - delay = round(delay * 1000.0, 4) - print('get ping in {} milliseconds.'.format(delay)) - print('') - - -class PingQuery(asyncore.dispatcher): - def __init__(self, host, p_id, timeout=0.5, ignore_errors=False, data=None): - """ - Derived class from "asyncore.dispatcher" for sending and - receiving an icmp echo request/reply. - - Usually this class is used in conjunction with the "loop" - function of asyncore. - - Once the loop is over, you can retrieve the results with - the "get_result" method. Assignment is possible through - the "get_host" method. - - "host" represents the address under which the server can be reached. - "timeout" is the interval which the host gets granted for its reply. - "p_id" must be any unique integer or float except negatives and zeros. - - If "ignore_errors" is True, the default behaviour of asyncore - will be overwritten with a function which does just nothing. - - """ - asyncore.dispatcher.__init__(self) - try: - self.create_socket(socket.AF_INET, socket.SOCK_RAW, ICMP_CODE) - except socket.error as e: - if e.errno in ERROR_DESCR: - # Operation not permitted - raise socket.error(''.join((e.args[1], ERROR_DESCR[e.errno]))) - raise # raise the original error - self.time_received = 0 - self.time_sent = 0 - self.timeout = timeout - # Maximum for an unsigned short int c object counts to 65535 so - # we have to sure that our packet id is not greater than that. - self.packet_id = int((id(timeout) / p_id) % 65535) - self.host = host - self.packet = create_packet(self.packet_id, data) - if ignore_errors: - # If it does not care whether an error occured or not. - self.handle_error = self.do_not_handle_errors - self.handle_expt = self.do_not_handle_errors - - def writable(self): - return self.time_sent == 0 - - def handle_write(self): - self.time_sent = time.time() - while self.packet: - # The icmp protocol does not use a port, but the function - # below expects it, so we just give it a dummy port. - sent = self.sendto(self.packet, (self.host, 1)) - self.packet = self.packet[sent:] - - def readable(self): - # As long as we did not sent anything, the channel has to be left open. - if (not self.writable() - # Once we sent something, we should periodically check if the reply - # timed out. - and self.timeout < (time.time() - self.time_sent)): - self.close() - return False - # If the channel should not be closed, we do not want to read something - # until we did not sent anything. - return not self.writable() - - def handle_read(self): - read_time = time.time() - packet, addr = self.recvfrom(1024) - header = packet[20:28] - type, code, checksum, p_id, sequence = struct.unpack("bbHHh", header) - if p_id == self.packet_id: - # This comparison is necessary because winsocks do not only get - # the replies for their own sent packets. - self.time_received = read_time - self.close() - - def get_result(self): - """Return the ping delay if possible, otherwise None.""" - if self.time_received > 0: - return self.time_received - self.time_sent - - def get_host(self): - """Return the host where to the request has or should been sent.""" - return self.host - - def do_not_handle_errors(self): - # Just a dummy handler to stop traceback printing, if desired. - pass - - def create_socket(self, family, type, proto): - # Overwritten, because the original does not support the "proto" arg. - sock = socket.socket(family, type, proto) - sock.setblocking(0) - self.set_socket(sock) - # Part of the original but is not used. (at least at python 2.7) - # Copied for possible compatiblity reasons. - self.family_and_type = family, type - - # If the following methods would not be there, we would see some very - # "useful" warnings from asyncore, maybe. But we do not want to, or do we? - def handle_connect(self): - pass - - def handle_accept(self): - pass - - def handle_close(self): - self.close() - -def build_pt_pkt(ip, port, state, ack, seq, rsv, data): - if type(ip) is int: - dst_ip = ip - elif type(ip) is str: - dst_ip = struct.unpack('<L', socket.inet_aton(ip))[0] - else: - raise Exception('ip is not of type str|int') - dst_port = int(port) - return struct.pack('!IIIIIIHH', - 0xdeadc0de, dst_ip, dst_port, state, ack, len(data), - seq, rsv) + data - - -if __name__ == '__main__': - # Testing - while True: - pt_pkt = build_pt_pkt('127.0.0.1', '22', 1, 2, - random.randint(0, USHORT_MAX), - random.randint(0, USHORT_MAX), 'blah') - - verbose_ping('127.0.0.1', pt_pkt, 1, 1) - random.seed(time.clock()) |