3
0

BaseAttack.py 34 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887
  1. import abc
  2. import csv
  3. import hashlib
  4. import ipaddress
  5. import math
  6. import os
  7. import random
  8. import random as rnd
  9. import re
  10. import socket
  11. import sys
  12. import tempfile
  13. import time
  14. import collections
  15. import typing as t
  16. import ID2TLib.libpcapreader as pr
  17. import lea
  18. import numpy as np
  19. import scapy.layers.inet as inet
  20. import scapy.utils
  21. import Attack.AttackParameters as atkParam
  22. import ID2TLib.Utility as Util
  23. class BaseAttack(metaclass=abc.ABCMeta):
  24. """
  25. Abstract base class for all attack classes. Provides basic functionalities, like parameter validation.
  26. """
  27. ValuePair = collections.namedtuple('ValuePair', ['value', 'user_specified'])
  28. def __init__(self, name, description, attack_type):
  29. """
  30. To be called within the individual attack class to initialize the required parameters.
  31. :param name: The name of the attack class.
  32. :param description: A short description of the attack.
  33. :param attack_type: The type the attack belongs to, like probing/scanning, malware.
  34. """
  35. # Reference to statistics class
  36. self.statistics = None
  37. # Class fields
  38. self.attack_name = name
  39. self.attack_description = description
  40. self.attack_type = attack_type
  41. self.params = {}
  42. self.supported_params = {}
  43. self.attack_start_utime = 0
  44. self.attack_end_utime = 0
  45. self.start_time = 0
  46. self.finish_time = 0
  47. self.packets = []
  48. self.path_attack_pcap = ""
  49. # get_reply_delay
  50. self.all_min_delays = None
  51. self.all_max_delays = None
  52. self.most_used_mss_value = None
  53. self.most_used_ttl_value = None
  54. self.most_used_win_size = None
  55. def set_statistics(self, statistics):
  56. """
  57. Specify the statistics object that will be used to calculate the parameters of this attack.
  58. The statistics are used to calculate default parameters and to process user supplied
  59. queries.
  60. :param statistics: Reference to a statistics object.
  61. """
  62. self.statistics = statistics
  63. # get_reply_delay
  64. self.all_min_delays = self.statistics.process_db_query("SELECT minDelay FROM conv_statistics LIMIT 500;")
  65. self.all_max_delays = self.statistics.process_db_query("SELECT maxDelay FROM conv_statistics LIMIT 500;")
  66. self.most_used_mss_value = self.statistics.get_most_used_mss_value()
  67. self.most_used_ttl_value = self.statistics.get_most_used_ttl_value()
  68. self.most_used_win_size = self.statistics.get_most_used_win_size()
  69. @abc.abstractmethod
  70. def init_params(self):
  71. """
  72. Initialize all required parameters taking into account user supplied values. If no value is supplied,
  73. or if a user defined query is supplied, use a statistics object to do the calculations.
  74. A call to this function requires a call to 'set_statistics' first.
  75. """
  76. pass
  77. @abc.abstractmethod
  78. def generate_attack_packets(self):
  79. """
  80. Creates the attack packets.
  81. """
  82. pass
  83. @abc.abstractmethod
  84. def generate_attack_pcap(self):
  85. """
  86. Creates a pcap containing the attack packets.
  87. :return: The location of the generated pcap file.
  88. """
  89. pass
  90. ################################################
  91. # HELPER VALIDATION METHODS
  92. # Used to validate the given parameter values
  93. ################################################
  94. @staticmethod
  95. def _is_mac_address(mac_address: t.Union[str, t.List[str]]) -> bool:
  96. """
  97. Verifies if the given string is a valid MAC address.
  98. Accepts the formats 00:80:41:ae:fd:7e and 00-80-41-ae-fd-7e.
  99. :param mac_address: The MAC address as string.
  100. :return: True if the MAC address is valid, otherwise False.
  101. """
  102. pattern = re.compile('^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$', re.MULTILINE)
  103. if isinstance(mac_address, list):
  104. for mac in mac_address:
  105. if re.match(pattern, mac) is None:
  106. return False
  107. else:
  108. if re.match(pattern, mac_address) is None:
  109. return False
  110. return True
  111. @staticmethod
  112. def _is_ip_address(ip_address: t.Union[str, t.List[str]]) -> t.Tuple[bool, t.Union[str, t.List[str]]]:
  113. """
  114. Verifies that the given string or list of IP addresses (strings) is a valid IPv4/IPv6 address.
  115. Accepts comma-separated lists of IP addresses, like "192.169.178.1, 192.168.178.2"
  116. :param ip_address: The IP address(es) as list of strings, comma-separated or dash-separated string.
  117. :return: True if all IP addresses are valid, otherwise False. And a list of IP addresses as string.
  118. """
  119. def append_ips(ip_address_input: t.List[str]) -> t.Tuple[bool, t.List[str]]:
  120. """
  121. Recursive appending function to handle lists and ranges of IP addresses.
  122. :param ip_address_input: The IP address(es) as list of strings, comma-separated or dash-separated string.
  123. :return: List of all given IP addresses.
  124. """
  125. ip_list = []
  126. is_valid = True
  127. for ip in ip_address_input:
  128. if '-' in ip:
  129. ip_range = ip.split('-')
  130. ip_range = Util.get_ip_range(ip_range[0], ip_range[1])
  131. is_valid, ips = append_ips(ip_range)
  132. ip_list.extend(ips)
  133. else:
  134. try:
  135. ipaddress.ip_address(ip)
  136. ip_list.append(ip)
  137. except ValueError:
  138. return False, ip_list
  139. return is_valid, ip_list
  140. # a comma-separated list of IP addresses must be split first
  141. if isinstance(ip_address, str):
  142. ip_address = ip_address.split(',')
  143. result, ip_address_output = append_ips(ip_address)
  144. if len(ip_address_output) == 1:
  145. return result, ip_address_output[0]
  146. else:
  147. return result, ip_address_output
  148. @staticmethod
  149. def _is_port(ports_input: t.Union[t.List[str], t.List[int], str, int])\
  150. -> t.Union[bool, t.Tuple[bool, t.List[t.Union[int, str]]]]:
  151. """
  152. Verifies if the given value is a valid port. Accepts port ranges, like 80-90, 80..99, 80...99.
  153. :param ports_input: The port number as int or string.
  154. :return: True if the port number is valid, otherwise False. If a single port or a comma-separated list of ports
  155. was given, a list of int is returned. If a port range was given, the range is resolved
  156. and a list of int is returned.
  157. """
  158. def _is_invalid_port(num: int) -> bool:
  159. """
  160. Checks whether the port number is invalid.
  161. :param num: The port number as int.
  162. :return: True if the port number is invalid, otherwise False.
  163. """
  164. return num < 1 or num > 65535
  165. if ports_input is None or ports_input is "":
  166. return False
  167. if isinstance(ports_input, str):
  168. ports_input = ports_input.replace(' ', '').split(',')
  169. elif isinstance(ports_input, int):
  170. ports_input = [ports_input]
  171. elif len(ports_input) is 0:
  172. return False
  173. ports_output = []
  174. for port_entry in ports_input:
  175. if isinstance(port_entry, int):
  176. if _is_invalid_port(port_entry):
  177. return False
  178. ports_output.append(port_entry)
  179. # TODO: validate last condition
  180. elif isinstance(port_entry, str) and port_entry.isdigit():
  181. # port_entry describes a single port
  182. port_entry = int(port_entry)
  183. if _is_invalid_port(port_entry):
  184. return False
  185. ports_output.append(port_entry)
  186. elif '-' in port_entry or '..' in port_entry:
  187. # port_entry describes a port range
  188. # allowed format: '1-49151', '1..49151', '1...49151'
  189. match = re.match(r'^([0-9]{1,5})(?:-|\.{2,3})([0-9]{1,5})$', str(port_entry))
  190. # check validity of port range
  191. # and create list of ports derived from given start and end port
  192. (port_start, port_end) = int(match.group(1)), int(match.group(2))
  193. if _is_invalid_port(port_start) or _is_invalid_port(port_end):
  194. return False
  195. else:
  196. ports_list = [i for i in range(port_start, port_end + 1)]
  197. # append ports at ports_output list
  198. ports_output += ports_list
  199. if len(ports_output) == 1:
  200. return True, ports_output[0]
  201. else:
  202. return True, ports_output
  203. @staticmethod
  204. def _is_timestamp(timestamp: str) -> bool:
  205. """
  206. Checks whether the given value is in a valid timestamp format. The accepted format is:
  207. YYYY-MM-DD h:m:s, whereas h, m, s may be one or two digits.
  208. :param timestamp: The timestamp to be checked.
  209. :return: True if the timestamp is valid, otherwise False.
  210. """
  211. is_valid = re.match(r'[0-9]{4}(?:-[0-9]{1,2}){2} (?:[0-9]{1,2}:){2}[0-9]{1,2}', timestamp)
  212. return is_valid is not None
  213. @staticmethod
  214. def _is_boolean(value):
  215. """
  216. Checks whether the given value (string or bool) is a boolean. Strings are valid booleans if they are in:
  217. {y, yes, t, true, on, 1, n, no, f, false, off, 0}.
  218. :param value: The value to be checked.
  219. :return: True if the value is a boolean, otherwise false. And the casted boolean.
  220. """
  221. # If value is already a boolean
  222. if isinstance(value, bool):
  223. return True, value
  224. # If value is a string
  225. # True values are y, yes, t, true, on and 1;
  226. # False values are n, no, f, false, off and 0.
  227. # Raises ValueError if value is anything else.
  228. try:
  229. import distutils.core
  230. import distutils.util
  231. value = bool(distutils.util.strtobool(value.lower()))
  232. is_bool = True
  233. except ValueError:
  234. is_bool = False
  235. return is_bool, value
  236. @staticmethod
  237. def _is_float(value):
  238. """
  239. Checks whether the given value is a float.
  240. :param value: The value to be checked.
  241. :return: True if the value is a float, otherwise False. And the casted float.
  242. """
  243. try:
  244. value = float(value)
  245. return True, value
  246. except ValueError:
  247. return False, value
  248. @staticmethod
  249. def _is_domain(val: str) -> bool:
  250. """
  251. Verifies that the given string is a valid URI.
  252. :param val: The URI as string.
  253. :return: True if URI is valid, otherwise False.
  254. """
  255. domain = re.match(r'^(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$', val)
  256. return domain is not None
  257. #########################################
  258. # HELPER METHODS
  259. #########################################
  260. @staticmethod
  261. def set_seed(seed):
  262. """
  263. :param seed: The random seed to be set.
  264. """
  265. seed_final = None
  266. if isinstance(seed, int):
  267. seed_final = seed
  268. elif isinstance(seed, str):
  269. if seed.isdigit():
  270. seed_final = int(seed)
  271. else:
  272. hashed_seed = hashlib.sha1(seed.encode()).digest()
  273. seed_final = int.from_bytes(hashed_seed, byteorder="little")
  274. if seed_final:
  275. random.seed(seed_final)
  276. np.random.seed(seed_final & 0xFFFFFFFF)
  277. def set_start_time(self) -> None:
  278. """
  279. Set the current time as global starting time.
  280. """
  281. self.start_time = time.time()
  282. def set_finish_time(self) -> None:
  283. """
  284. Set the current time as global finishing time.
  285. """
  286. self.finish_time = time.time()
  287. def get_packet_generation_time(self) -> float:
  288. """
  289. :return difference between starting and finishing time.
  290. """
  291. return self.finish_time - self.start_time
  292. def add_param_value(self, param, value, user_specified: bool = True) -> None:
  293. """
  294. Adds the pair param : value to the dictionary of attack parameters. Prints and error message and skips the
  295. parameter if the validation fails.
  296. :param param: Name of the parameter that we wish to modify.
  297. :param value: The value we wish to assign to the specified parameter.
  298. :param user_specified: Whether the value was specified by the user (or left default)
  299. :return: None.
  300. """
  301. # by default no param is valid
  302. is_valid = False
  303. param_name = None
  304. # get AttackParameters instance associated with param
  305. # for default values assigned in attack classes, like Parameter.PORT_OPEN
  306. if isinstance(param, atkParam.Parameter):
  307. param_name = param
  308. # for values given by user input, like port.open
  309. elif any(param == item.value for item in atkParam.Parameter):
  310. # Get Enum key of given string identifier
  311. param_name = atkParam.Parameter(param)
  312. else:
  313. print("ERROR: Parameter " + param + " is not supported by ID2T.")
  314. sys.exit(-1)
  315. # Get parameter type of attack's required_params
  316. param_type = self.supported_params.get(param_name)
  317. # This function call is valid only if there is a statistics object available.
  318. if self.statistics is None:
  319. raise RuntimeError(
  320. 'Error: Statistics-dependent attack parameter added without setting a statistics object first.')
  321. # Verify validity of given value with respect to parameter type
  322. if param_type is None:
  323. print('Parameter ' + str(param_name) + ' not available for chosen attack. Skipping parameter.')
  324. # If value is query -> get value from database
  325. elif param_name != atkParam.Parameter.INTERVAL_SELECT_STRATEGY and self.statistics.is_query(value):
  326. value = self.statistics.process_db_query(value, False)
  327. if value is not None and value is not "":
  328. is_valid = True
  329. else:
  330. print('Error in given parameter value: ' + str(value) + '. Data could not be retrieved.')
  331. # Validate parameter depending on parameter's type
  332. elif param_type == atkParam.ParameterTypes.TYPE_IP_ADDRESS:
  333. is_valid, value = self._is_ip_address(value)
  334. elif param_type == atkParam.ParameterTypes.TYPE_PORT:
  335. is_valid, value = self._is_port(value)
  336. elif param_type == atkParam.ParameterTypes.TYPE_MAC_ADDRESS:
  337. is_valid = self._is_mac_address(value)
  338. elif param_type == atkParam.ParameterTypes.TYPE_INTEGER_POSITIVE:
  339. if isinstance(value, int) and int(value) >= 0:
  340. is_valid = True
  341. elif isinstance(value, str) and value.isdigit() and int(value) >= 0:
  342. is_valid = True
  343. value = int(value)
  344. elif param_type == atkParam.ParameterTypes.TYPE_STRING:
  345. if isinstance(value, str):
  346. is_valid = True
  347. elif param_type == atkParam.ParameterTypes.TYPE_FLOAT:
  348. is_valid, value = self._is_float(value)
  349. # this is required to avoid that the timestamp's microseconds of the first attack packet is '000000'
  350. # but microseconds are only chosen randomly if the given parameter does not already specify it
  351. # e.g. inject.at-timestamp=123456.987654 -> is not changed
  352. # e.g. inject.at-timestamp=123456 -> is changed to: 123456.[random digits]
  353. if param_name == atkParam.Parameter.INJECT_AT_TIMESTAMP and is_valid and ((value - int(value)) == 0):
  354. value = value + random.uniform(0, 0.999999)
  355. elif param_type == atkParam.ParameterTypes.TYPE_TIMESTAMP:
  356. is_valid = self._is_timestamp(value)
  357. elif param_type == atkParam.ParameterTypes.TYPE_BOOLEAN:
  358. is_valid, value = self._is_boolean(value)
  359. elif param_type == atkParam.ParameterTypes.TYPE_PACKET_POSITION:
  360. ts = pr.pcap_processor(self.statistics.pcap_filepath, "False", Util.RESOURCE_DIR).get_timestamp_mu_sec(int(value))
  361. if 0 <= int(value) <= self.statistics.get_packet_count() and ts >= 0:
  362. is_valid = True
  363. param_name = atkParam.Parameter.INJECT_AT_TIMESTAMP
  364. value = (ts / 1000000) # convert microseconds from getTimestampMuSec into seconds
  365. elif param_type == atkParam.ParameterTypes.TYPE_DOMAIN:
  366. is_valid = self._is_domain(value)
  367. elif param_type == atkParam.ParameterTypes.TYPE_FILEPATH:
  368. is_valid = os.path.isfile(value)
  369. elif param_type == atkParam.ParameterTypes.TYPE_PERCENTAGE:
  370. is_valid_float, value = self._is_float(value)
  371. if is_valid_float:
  372. is_valid = 0 <= value <= 1
  373. else:
  374. is_valid = False
  375. elif param_type == atkParam.ParameterTypes.TYPE_PADDING:
  376. if isinstance(value, int):
  377. is_valid = 0 <= value <= 100
  378. elif isinstance(value, str) and value.isdigit():
  379. value = int(value)
  380. is_valid = 0 <= value <= 100
  381. elif param_type == atkParam.ParameterTypes.TYPE_INTERVAL_SELECT_STRAT:
  382. is_valid = value in {"random", "optimal", "custom"}
  383. # add value iff validation was successful
  384. if is_valid:
  385. self.params[param_name] = self.ValuePair(value, user_specified)
  386. else:
  387. print("ERROR: Parameter " + str(param) + " or parameter value " + str(value) +
  388. " not valid. Skipping parameter.")
  389. def get_param_value(self, param: atkParam.Parameter):
  390. """
  391. Returns the parameter value for a given parameter.
  392. :param param: The parameter whose value is wanted.
  393. :return: The parameter's value.
  394. """
  395. parameter = self.params.get(param)
  396. if parameter is not None:
  397. return parameter.value
  398. else:
  399. return None
  400. def get_param_user_specified(self, param: atkParam.Parameter) -> bool:
  401. """
  402. Returns whether the parameter value was specified by the user for a given parameter.
  403. :param param: The parameter whose user-specified flag is wanted.
  404. :return: The parameter's user-specified flag.
  405. """
  406. parameter = self.params.get(param)
  407. if parameter is not None:
  408. return parameter.user_specified
  409. else:
  410. return False
  411. def check_parameters(self):
  412. """
  413. Checks whether all parameter values are defined. If a value is not defined, the application is terminated.
  414. However, this should not happen as all attack should define default parameter values.
  415. """
  416. # parameters which do not require default values
  417. non_obligatory_params = [atkParam.Parameter.INJECT_AFTER_PACKET, atkParam.Parameter.NUMBER_ATTACKERS]
  418. for param, param_type in self.supported_params.items():
  419. # checks whether all params have assigned values, INJECT_AFTER_PACKET must not be considered because the
  420. # timestamp derived from it is set to Parameter.INJECT_AT_TIMESTAMP
  421. if param not in self.params.keys() and param not in non_obligatory_params:
  422. print("\033[91mCRITICAL ERROR: Attack '" + self.attack_name + "' does not define the parameter '" +
  423. str(param) + "'.\n The attack must define default values for all parameters."
  424. + "\n Cannot continue attack generation.\033[0m")
  425. import sys
  426. sys.exit(0)
  427. def write_attack_pcap(self, packets: list, append_flag: bool = False, destination_path: str = None):
  428. """
  429. Writes the attack's packets into a PCAP file with a temporary filename.
  430. :return: The path of the written PCAP file.
  431. """
  432. # Only check params initially when attack generation starts
  433. if append_flag is False and destination_path is None:
  434. # Check if all req. parameters are set
  435. self.check_parameters()
  436. # Determine destination path
  437. if destination_path is not None and os.path.exists(destination_path):
  438. destination = destination_path
  439. else:
  440. temp_file = tempfile.NamedTemporaryFile(delete=False, suffix='.pcap')
  441. destination = temp_file.name
  442. # Write packets into pcap file
  443. pktdump = scapy.utils.PcapWriter(destination, append=append_flag)
  444. pktdump.write(packets)
  445. # Store pcap path and close file objects
  446. pktdump.close()
  447. return destination
  448. def get_reply_delay(self, ip_dst, default=2000):
  449. """
  450. Gets the minimum and the maximum reply delay for all the connections of a specific IP.
  451. :param ip_dst: The IP to reterive its reply delay.
  452. :param default: The default value to return if no delay could be fount. If < 0 raise an exception instead
  453. :return minDelay: minimum delay
  454. :return maxDelay: maximum delay
  455. """
  456. result = self.statistics.process_db_query(
  457. "SELECT AVG(minDelay), AVG(maxDelay) FROM conv_statistics WHERE ipAddressB='" + ip_dst + "';")
  458. if result[0][0] and result[0][1]:
  459. min_delay = result[0][0]
  460. max_delay = result[0][1]
  461. else:
  462. min_delay = np.median(self.all_min_delays)
  463. max_delay = np.median(self.all_max_delays)
  464. if math.isnan(min_delay): # max_delay is nan too then
  465. if default < 0:
  466. raise ValueError("Could not calculate min/max_delay")
  467. min_delay = default
  468. max_delay = default
  469. min_delay = int(min_delay) * 10 ** -6 # convert from micro to seconds
  470. max_delay = int(max_delay) * 10 ** -6
  471. return min_delay, max_delay
  472. @staticmethod
  473. def packets_to_convs(exploit_raw_packets):
  474. """
  475. Classifies a bunch of packets to conversations groups. A conversation is a set of packets go between host A
  476. (IP,port) to host B (IP,port)
  477. :param exploit_raw_packets: A set of packets contains several conversations.
  478. :return conversations: A set of arrays, each array contains the packet of specific conversation
  479. :return orderList_conversations: An array contains the conversations ids (IP_A,port_A, IP_b,port_B) in the
  480. order they appeared in the original packets.
  481. """
  482. conversations = {}
  483. order_list_conversations = []
  484. for pkt_num, pkt in enumerate(exploit_raw_packets):
  485. eth_frame = inet.Ether(pkt[0])
  486. ip_pkt = eth_frame.payload
  487. ip_dst = ip_pkt.getfieldval("dst")
  488. ip_src = ip_pkt.getfieldval("src")
  489. tcp_pkt = ip_pkt.payload
  490. port_dst = tcp_pkt.getfieldval("dport")
  491. port_src = tcp_pkt.getfieldval("sport")
  492. conv_req = (ip_src, port_src, ip_dst, port_dst)
  493. conv_rep = (ip_dst, port_dst, ip_src, port_src)
  494. if conv_req not in conversations and conv_rep not in conversations:
  495. pkt_list = [pkt]
  496. conversations[conv_req] = pkt_list
  497. # Order list of conv
  498. order_list_conversations.append(conv_req)
  499. else:
  500. if conv_req in conversations:
  501. pkt_list = conversations[conv_req]
  502. pkt_list.append(pkt)
  503. conversations[conv_req] = pkt_list
  504. else:
  505. pkt_list = conversations[conv_rep]
  506. pkt_list.append(pkt)
  507. conversations[conv_rep] = pkt_list
  508. return conversations, order_list_conversations
  509. @staticmethod
  510. def is_valid_ip_address(addr):
  511. """
  512. Checks if the IP address family is supported.
  513. :param addr: IP address to be checked.
  514. :return: Boolean
  515. """
  516. try:
  517. socket.inet_aton(addr)
  518. return True
  519. except socket.error:
  520. return False
  521. @staticmethod
  522. def ip_src_dst_equal_check(ip_source, ip_destination):
  523. """
  524. Checks if the source IP and destination IP are equal.
  525. :param ip_source: source IP address.
  526. :param ip_destination: destination IP address.
  527. """
  528. equal = False
  529. if isinstance(ip_source, list) and isinstance(ip_destination, list):
  530. for ip in ip_source:
  531. if ip in ip_destination:
  532. equal = True
  533. elif isinstance(ip_source, list):
  534. if ip_destination in ip_source:
  535. equal = True
  536. elif isinstance(ip_destination, list):
  537. if ip_source in ip_destination:
  538. equal = True
  539. else:
  540. if ip_source == ip_destination:
  541. equal = True
  542. if equal:
  543. print("\nERROR: Invalid IP addresses; source IP is the same as destination IP: " + ip_destination + ".")
  544. sys.exit(0)
  545. @staticmethod
  546. def get_inter_arrival_time(packets, distribution: bool = False):
  547. """
  548. Gets the inter-arrival times array and its distribution of a set of packets.
  549. :param packets: the packets to extract their inter-arrival time.
  550. :param distribution: build distribution dictionary or not
  551. :return inter_arrival_times: array of the inter-arrival times
  552. :return dict: the inter-arrival time distribution as a histogram {inter-arrival time:frequency}
  553. """
  554. inter_arrival_times = []
  555. prvs_pkt_time = 0
  556. for index, pkt in enumerate(packets):
  557. timestamp = pkt[2][0] + pkt[2][1] / 10 ** 6
  558. if index == 0:
  559. prvs_pkt_time = timestamp
  560. inter_arrival_times.append(0)
  561. else:
  562. inter_arrival_times.append(timestamp - prvs_pkt_time)
  563. prvs_pkt_time = timestamp
  564. if distribution:
  565. # Build a distribution dictionary
  566. freq, values = np.histogram(inter_arrival_times, bins=20)
  567. dist_dict = {}
  568. for i, val in enumerate(values):
  569. if i < len(freq):
  570. dist_dict[str(val)] = freq[i]
  571. return inter_arrival_times, dist_dict
  572. else:
  573. return inter_arrival_times
  574. @staticmethod
  575. def clean_white_spaces(str_param):
  576. """
  577. Delete extra backslash from white spaces. This function is used to process the payload of packets.
  578. :param str_param: the payload to be processed.
  579. """
  580. str_param = str_param.replace("\\n", "\n")
  581. str_param = str_param.replace("\\r", "\r")
  582. str_param = str_param.replace("\\t", "\t")
  583. str_param = str_param.replace("\\\'", "\'")
  584. return str_param
  585. def modify_http_header(self, str_tcp_seg, orig_target_uri, target_uri, orig_ip_dst, target_host):
  586. """
  587. Substitute the URI and HOST in a HTTP header with new values.
  588. :param str_tcp_seg: the payload to be processed.
  589. :param orig_target_uri: old URI
  590. :param target_uri: new URI
  591. :param orig_ip_dst: old host
  592. :param target_host: new host
  593. """
  594. if len(str_tcp_seg) > 0:
  595. # convert payload bytes to str => str = "b'..\\r\\n..'"
  596. str_tcp_seg = str_tcp_seg[2:-1]
  597. str_tcp_seg = str_tcp_seg.replace(orig_target_uri, target_uri)
  598. str_tcp_seg = str_tcp_seg.replace(orig_ip_dst, target_host)
  599. str_tcp_seg = self.clean_white_spaces(str_tcp_seg)
  600. return str_tcp_seg
  601. def get_ip_data(self, ip_address: str):
  602. """
  603. :param ip_address: the ip of which (packet-)data shall be returned
  604. :return: MSS, TTL and Window Size values of the given IP
  605. """
  606. # Set MSS (Maximum Segment Size) based on MSS distribution of IP address
  607. mss_dist = self.statistics.get_mss_distribution(ip_address)
  608. if len(mss_dist) > 0:
  609. mss_prob_dict = lea.Lea.fromValFreqsDict(mss_dist)
  610. mss_value = mss_prob_dict.random()
  611. else:
  612. mss_value = Util.handle_most_used_outputs(self.most_used_mss_value)
  613. # Set TTL based on TTL distribution of IP address
  614. ttl_dist = self.statistics.get_ttl_distribution(ip_address)
  615. if len(ttl_dist) > 0:
  616. ttl_prob_dict = lea.Lea.fromValFreqsDict(ttl_dist)
  617. ttl_value = ttl_prob_dict.random()
  618. else:
  619. ttl_value = Util.handle_most_used_outputs(self.most_used_ttl_value)
  620. # Set Window Size based on Window Size distribution of IP address
  621. win_dist = self.statistics.get_win_distribution(ip_address)
  622. if len(win_dist) > 0:
  623. win_prob_dict = lea.Lea.fromValFreqsDict(win_dist)
  624. win_value = win_prob_dict.random()
  625. else:
  626. win_value = Util.handle_most_used_outputs(self.most_used_win_size)
  627. return mss_value, ttl_value, win_value
  628. #########################################
  629. # RANDOM IP/MAC ADDRESS GENERATORS
  630. #########################################
  631. @staticmethod
  632. def generate_random_ipv4_address(ip_class, n: int = 1):
  633. # TODO: document ip_class
  634. """
  635. Generates n random IPv4 addresses.
  636. :param ip_class:
  637. :param n: The number of IP addresses to be generated
  638. :return: A single IP address, or if n>1, a list of IP addresses
  639. """
  640. def is_invalid(ip_address_param: ipaddress.IPv4Address):
  641. """
  642. TODO FILL ME
  643. :param ip_address_param:
  644. :return:
  645. """
  646. return ip_address_param.is_multicast or ip_address_param.is_unspecified or ip_address_param.is_loopback or \
  647. ip_address_param.is_link_local or ip_address_param.is_reserved or ip_address_param.is_private
  648. # Generate a random IP from specific class
  649. def generate_address(ip_class_param):
  650. """
  651. TODO FILL ME
  652. :param ip_class_param:
  653. :return:
  654. """
  655. if ip_class_param == "Unknown":
  656. return ipaddress.IPv4Address(random.randint(0, 2 ** 32 - 1))
  657. else:
  658. # For DDoS attack, we do not generate private IPs
  659. if "private" in ip_class_param:
  660. ip_class_param = ip_class_param[0] # convert A-private to A
  661. ip_classes_byte1 = {"A": {1, 126}, "B": {128, 191}, "C": {192, 223}, "D": {224, 239}, "E": {240, 254}}
  662. temp = list(ip_classes_byte1[ip_class_param])
  663. min_b1 = temp[0]
  664. max_b1 = temp[1]
  665. b1 = random.randint(min_b1, max_b1)
  666. b2 = random.randint(1, 255)
  667. b3 = random.randint(1, 255)
  668. b4 = random.randint(1, 255)
  669. ip_address = ipaddress.IPv4Address(str(b1) + "." + str(b2) + "." + str(b3) + "." + str(b4))
  670. return ip_address
  671. ip_addresses = []
  672. for i in range(0, n):
  673. address = generate_address(ip_class)
  674. while is_invalid(address):
  675. address = generate_address(ip_class)
  676. ip_addresses.append(str(address))
  677. if n == 1:
  678. return ip_addresses[0]
  679. else:
  680. return ip_addresses
  681. @staticmethod
  682. def generate_random_ipv6_address(n: int = 1):
  683. """
  684. Generates n random IPv6 addresses.
  685. :param n: The number of IP addresses to be generated
  686. :return: A single IP address, or if n>1, a list of IP addresses
  687. """
  688. def is_invalid(ip_address: ipaddress.IPv6Address):
  689. """
  690. TODO FILL ME
  691. :param ip_address:
  692. :return:
  693. """
  694. return ip_address.is_multicast or ip_address.is_unspecified or ip_address.is_loopback or \
  695. ip_address.is_link_local or ip_address.is_private or ip_address.is_reserved
  696. def generate_address():
  697. """
  698. TODO FILL ME
  699. :return:
  700. """
  701. return ipaddress.IPv6Address(random.randint(0, 2 ** 128 - 1))
  702. ip_addresses = []
  703. for i in range(0, n):
  704. address = generate_address()
  705. while is_invalid(address):
  706. address = generate_address()
  707. ip_addresses.append(str(address))
  708. if n == 1:
  709. return ip_addresses[0]
  710. else:
  711. return ip_addresses
  712. @staticmethod
  713. def generate_random_mac_address(n: int = 1):
  714. """
  715. Generates n random MAC addresses.
  716. :param n: The number of MAC addresses to be generated.
  717. :return: A single MAC address, or if n>1, a list of MAC addresses
  718. """
  719. def is_invalid(address_param: str):
  720. first_octet = int(address_param[0:2], 16)
  721. is_multicast_address = bool(first_octet & 0b01)
  722. is_locally_administered = bool(first_octet & 0b10)
  723. return is_multicast_address or is_locally_administered
  724. def generate_address():
  725. # FIXME: cleanup
  726. mac = [random.randint(0x00, 0xff) for i in range(0, 6)]
  727. return ':'.join(map(lambda x: "%02x" % x, mac))
  728. mac_addresses = []
  729. for i in range(0, n):
  730. address = generate_address()
  731. while is_invalid(address):
  732. address = generate_address()
  733. mac_addresses.append(address)
  734. if n == 1:
  735. return mac_addresses[0]
  736. else:
  737. return mac_addresses
  738. @staticmethod
  739. def get_ports_from_nmap_service_dst(ports_num):
  740. """
  741. Read the most ports_num frequently open ports from nmap-service-tcp file to be used in the port scan.
  742. :return: Ports numbers to be used as default destination ports or default open ports in the port scan.
  743. """
  744. ports_dst = []
  745. file = open(Util.RESOURCE_DIR + 'nmap-services-tcp.csv', 'rt')
  746. spamreader = csv.reader(file, delimiter=',')
  747. for count in range(ports_num):
  748. # escape first row (header)
  749. next(spamreader)
  750. # save ports numbers
  751. ports_dst.append(next(spamreader)[0])
  752. file.close()
  753. # rnd.shuffle ports numbers partially
  754. if ports_num == 1000: # used for port.dst
  755. # FIXME: cleanup
  756. temp_array = [[0 for i in range(10)] for i in range(100)]
  757. port_dst_shuffled = []
  758. for count in range(0, 10):
  759. temp_array[count] = ports_dst[count * 100:(count + 1) * 100]
  760. rnd.shuffle(temp_array[count])
  761. port_dst_shuffled += temp_array[count]
  762. else: # used for port.open
  763. rnd.shuffle(ports_dst)
  764. port_dst_shuffled = ports_dst
  765. return port_dst_shuffled