BaseAttack.py 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277
  1. import ipaddress
  2. import random
  3. import re
  4. from abc import abstractmethod, ABCMeta
  5. import ID2TLib.libpcapreader as pr
  6. from Attack import AttackParameters
  7. from Attack.AttackParameters import Parameter
  8. from Attack.AttackParameters import ParameterTypes
  9. class BaseAttack(metaclass=ABCMeta):
  10. """
  11. Abstract base class for all attack classes. Provides basic functionalities, like parameter validation.
  12. """
  13. def __init__(self, statistics, name, description, attack_type):
  14. """
  15. To be called within the individual attack class to initialize the required parameters.
  16. :param statistics: A reference to the Statistics class.
  17. :param name: The name of the attack class.
  18. :param description: A short description of the attack.
  19. :param attack_type: The type the attack belongs to, like probing/scanning, malware.
  20. """
  21. # Reference to statistics class
  22. self.statistics = statistics
  23. # Class fields
  24. self.attack_name = name
  25. self.attack_description = description
  26. self.attack_type = attack_type
  27. self.params = {}
  28. self.supported_params = {}
  29. self.attack_start_utime = 0
  30. self.attack_end_utime = 0
  31. @abstractmethod
  32. def get_packets(self):
  33. """
  34. Creates the packets containing the attack.
  35. :return: A list of packets ordered ascending by the packet's timestamp.
  36. """
  37. pass
  38. ################################################
  39. # HELPER VALIDATION METHODS
  40. # Used to validate the given parameter values
  41. ################################################
  42. @staticmethod
  43. def _is_mac_address(mac_address: str):
  44. """
  45. Verifies if the given string is a valid MAC address. Accepts the formats 00:80:41:ae:fd:7e and 00-80-41-ae-fd-7e.
  46. :param mac_address: The MAC address as string.
  47. :return: True if the MAC address is valid, otherwise False.
  48. """
  49. result = re.match('^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$', mac_address, re.MULTILINE)
  50. return result is not None
  51. @staticmethod
  52. def _is_ip_address(ip_address: str):
  53. """
  54. Verifies that the given string or list of IP addresses (strings) is a valid IPv4/IPv6 address.
  55. Accepts comma-separated lists of IP addresses, like "192.169.178.1, 192.168.178.2"
  56. :param ip_address: The IP address(es) as list of strings or comma-separated string.
  57. :return: True if all IP addresses are valid, otherwise False. And a list of IP addresses as string.
  58. """
  59. ip_address_output = []
  60. # a comma-separated list of IP addresses must be splitted first
  61. if isinstance(ip_address, str):
  62. ip_address = ip_address.split(',')
  63. for ip in ip_address:
  64. try:
  65. ipaddress.ip_address(ip)
  66. ip_address_output.append(ip)
  67. except ValueError:
  68. return False, ip_address_output
  69. if len(ip_address_output) == 1:
  70. return True, ip_address_output[0]
  71. else:
  72. return True, ip_address_output
  73. @staticmethod
  74. def _is_port(ports_input: str):
  75. """
  76. Verifies if the given value is a valid port. Accepts port ranges, like 80-90, 80..99, 80...99.
  77. :param ports_input: The port number as int or string.
  78. :return: True if the port number is valid, otherwise False. If a single port or a comma-separated list of ports
  79. was given, a list of int is returned. If a port range was given, the range is resolved
  80. and a list of int is returned.
  81. """
  82. def _is_invalid_port(num):
  83. """
  84. Checks whether the port number is invalid.
  85. :param num: The port number as int.
  86. :return: True if the port number is invalid, otherwise False.
  87. """
  88. return num < 0 or num > 65535
  89. ports_input = ports_input.replace(' ', '').split(',')
  90. ports_output = []
  91. for port_entry in ports_input:
  92. if isinstance(port_entry, int):
  93. if _is_invalid_port(port_entry):
  94. return False
  95. ports_output.append(port_entry)
  96. elif isinstance(port_entry, str) and port_entry.isdigit():
  97. # port_entry describes a single port
  98. port_entry = int(port_entry)
  99. if _is_invalid_port(port_entry):
  100. return False
  101. ports_output.append(port_entry)
  102. elif '-' in port_entry or '..' in port_entry:
  103. # port_entry describes a port range
  104. # allowed format: '1-49151', '1..49151', '1...49151'
  105. match = re.match('^([0-9]{1,5})(?:-|\.{2,3})([0-9]{1,5})$', port_entry)
  106. # check validity of port range
  107. # and create list of ports derived from given start and end port
  108. (port_start, port_end) = int(match.group(1)), int(match.group(2))
  109. if _is_invalid_port(port_start) or _is_invalid_port(port_end):
  110. return False
  111. else:
  112. ports_list = [i for i in range(port_start, port_end + 1)]
  113. # append ports at ports_output list
  114. ports_output += ports_list
  115. if len(ports_output) == 1:
  116. return True, ports_output[0]
  117. else:
  118. return True, ports_output
  119. @staticmethod
  120. def _is_timestamp(timestamp: str):
  121. """
  122. Checks whether the given value is in a valid timestamp format. The accepted format is:
  123. YYYY-MM-DD h:m:s, whereas h, m, s may be one or two digits.
  124. :param timestamp: The timestamp to be checked.
  125. :return: True if the timestamp is valid, otherwise False.
  126. """
  127. is_valid = re.match('[0-9]{4}(?:-[0-9]{1,2}){2} (?:[0-9]{1,2}:){2}[0-9]{1,2}', timestamp)
  128. return is_valid is not None
  129. @staticmethod
  130. def _is_boolean(value):
  131. """
  132. Checks whether the given value (string or bool) is a boolean. Strings are valid booleans if they are in:
  133. {y, yes, t, true, on, 1, n, no, f, false, off, 0}.
  134. :param value: The value to be checked.
  135. :return: True if the value is a boolean, otherwise false. And the casted boolean.
  136. """
  137. # If value is already a boolean
  138. if isinstance(value, bool):
  139. return True, value
  140. # If value is a string
  141. # True values are y, yes, t, true, on and 1;
  142. # False values are n, no, f, false, off and 0.
  143. # Raises ValueError if value is anything else.
  144. try:
  145. import distutils.core
  146. value = distutils.util.strtobool(value.lower())
  147. is_bool = True
  148. except ValueError:
  149. is_bool = False
  150. return is_bool, value
  151. @staticmethod
  152. def _is_float(value):
  153. """
  154. Checks whether the given value is a float.
  155. :param value: The value to be checked.
  156. :return: True if the value is a float, otherwise False. And the casted float.
  157. """
  158. try:
  159. value = float(value)
  160. return True, value
  161. except ValueError:
  162. return False, value
  163. #########################################
  164. # HELPER METHODS
  165. #########################################
  166. def add_param_value(self, param, value: str):
  167. """
  168. Adds the pair param : value to the dictionary of attack parameters. Prints and error message and skips the
  169. parameter if the validation fails.
  170. :param param: The parameter name.
  171. :param value: The parameter's value.
  172. :return: None.
  173. """
  174. # by default no param is valid
  175. is_valid = False
  176. # get AttackParameters instance associated with param
  177. # for default values assigned in attack classes, like Parameter.PORT_OPEN
  178. if isinstance(param, AttackParameters.Parameter):
  179. param_name = param
  180. # for values given by user input, like port.open
  181. else:
  182. # Get Enum key of given string identifier
  183. param_name = AttackParameters.Parameter(param)
  184. # Get parameter type of attack's required_params
  185. param_type = self.supported_params.get(param_name)
  186. # Verify validity of given value with respect to parameter type
  187. if param_type is None:
  188. print('Parameter ' + str(param_name) + ' not available for chosen attack. Skipping parameter.')
  189. # If value is query -> get value from database
  190. elif self.statistics.is_query(value):
  191. value = self.statistics.process_db_query(value, False)
  192. if value is not None and value is not "":
  193. is_valid = True
  194. else:
  195. print('Error in given parameter value: ' + value + '. Data could not be retrieved.')
  196. # Validate parameter depending on parameter's type
  197. elif param_type == ParameterTypes.TYPE_IP_ADDRESS:
  198. is_valid, value = self._is_ip_address(value)
  199. elif param_type == ParameterTypes.TYPE_PORT:
  200. is_valid, value = self._is_port(value)
  201. elif param_type == ParameterTypes.TYPE_MAC_ADDRESS:
  202. is_valid = self._is_mac_address(value)
  203. elif param_type == ParameterTypes.TYPE_INTEGER_POSITIVE:
  204. is_valid = value is None or (value.isdigit() and int(value) >= 0)
  205. elif param_type == ParameterTypes.TYPE_FLOAT:
  206. is_valid, value = self._is_float(value)
  207. # this is required to avoid that the timestamp's microseconds of the first attack packet is '000000'
  208. # but microseconds are only chosen randomly if the given parameter does not already specify it
  209. # e.g. inject.at-timestamp=123456.987654 -> is not changed
  210. # e.g. inject.at-timestamp=123456 -> is changed to: 123456.[random digits]
  211. if param_name == Parameter.INJECT_AT_TIMESTAMP and is_valid and ((value - int(value)) == 0):
  212. value = value + random.uniform(0, 0.999999)
  213. elif param_type == ParameterTypes.TYPE_TIMESTAMP:
  214. is_valid = self._is_timestamp(value)
  215. elif param_type == ParameterTypes.TYPE_BOOLEAN:
  216. is_valid, value = self._is_boolean(value)
  217. elif param_type == ParameterTypes.TYPE_PACKET_POSITION:
  218. ts = pr.pcap_processor(self.statistics.pcap_filepath).get_timestamp_mu_sec(int(value))
  219. if 0 <= int(value) <= self.statistics.get_packet_count() and ts >= 0:
  220. is_valid = True
  221. param_name = Parameter.INJECT_AT_TIMESTAMP
  222. value = (ts / 1000000) # convert microseconds from getTimestampMuSec into seconds
  223. # add value iff validation was successful
  224. if is_valid:
  225. self.params[param_name] = value
  226. else:
  227. print("ERROR: Parameter " + str(param) + " or parameter value " + str(value) +
  228. " not valid. Skipping parameter.")
  229. def get_param_value(self, param: Parameter):
  230. """
  231. Returns the parameter value for a given parameter.
  232. :param param: The parameter whose value is wanted.
  233. :return: The parameter's value.
  234. """
  235. return self.params[param]