Rooba
/
scapy
mirror of https://github.com/secdev/scapy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

IPv6 attack tests

This commit is contained in:
gpotter2 2018-02-15 22:28:36 +01:00
parent 7d2bbe8b94
commit 0c87865941
2 changed files with 168 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scapy/layers/inet6.py
View File

@ -3547,7 +3547,7 @@ def NDP_Attack_NA_Spoofing(iface=None, mac_src_filter=None, tgt_filter=None,
# Otherwise, the NS is a NUD related one, i.e. the peer is
# unicasting the NS to check the target is still alive (L2
# information is still in its cache and it is verified)
received_snma = socket.inet_pton(socket.AF_INET6, dst)
received_snma = inet_pton(socket.AF_INET6, dst)
expected_snma = in6_getnsma(tgt)
if received_snma != expected_snma:
print("solicited node multicast @ does not match target @!")

167
test/regression.uts
View File

@ -3558,6 +3558,173 @@ tr6.graphdef.startswith("digraph trace {") == True
'"2001:db8::1 53/udp";' in tr6.graphdef
conf.AS_resolver = conf.AS_resolver
############
############
+ IPv6 attacks
= Define test utilities
import mock
@mock.patch("scapy.layers.inet6.sniff")
@mock.patch("scapy.layers.inet6.sendp")
def test_attack(function, pktlist, sendp_mock, sniff_mock, options=()):
pktlist = [Ether(raw(x)) for x in pktlist]
ret_list = []
def _fake_sniff(lfilter=None, prn=None, **kwargs):
for p in pktlist:
if lfilter and lfilter(p) and prn:
prn(p)
sniff_mock.side_effect = _fake_sniff
def _fake_sendp(pkt, *args, **kwargs):
ret_list.append(Ether(raw(pkt)))
sendp_mock.side_effect = _fake_sendp
function(*options)
return ret_list
= Test NDP_Attack_DAD_DoS_via_NS
data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:00:11:11')/IPv6(src="::", dst="ff02::1:ff00:1111")/ICMPv6ND_NS(tgt="ffff::1111", code=17, res=3758096385),
Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:5d:c3:53')/IPv6(src="::", dst="ff02::1:ff5d:c353")/ICMPv6ND_NS(tgt="b643:44c3:f659:f8e6:31c0:6437:825d:c353"),
Ether()/IP()/ICMP()]
results = test_attack(NDP_Attack_DAD_DoS_via_NS, data)
assert len(results) == 2
a = results[0][IPv6]
assert a[IPv6].src == "::"
assert a[IPv6].dst == "ff02::1:ff00:1111"
assert a[IPv6].hlim == 255
assert a[ICMPv6ND_NS].tgt == "ffff::1111"
b = results[1][IPv6]
assert b[IPv6].src == "::"
assert b[IPv6].dst == "ff02::1:ff5d:c353"
assert b[IPv6].hlim == 255
assert b[ICMPv6ND_NS].tgt == "b643:44c3:f659:f8e6:31c0:6437:825d:c353"
= Test NDP_Attack_DAD_DoS_via_NA
data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:00:11:11')/IPv6(src="::", dst="ff02::1:ff00:1111")/ICMPv6ND_NS(tgt="ffff::1111", code=17, res=3758096385),
Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:5d:c3:53')/IPv6(src="::", dst="ff02::1:ff5d:c353")/ICMPv6ND_NS(tgt="b643:44c3:f659:f8e6:31c0:6437:825d:c353"),
Ether()/IP()/ICMP()]
results = test_attack(NDP_Attack_DAD_DoS_via_NA, data, options=(None, None, None, "ab:ab:ab:ab:ab:ab"))
assert len(results) == 2
results[0].dst = "ff:ff:ff:ff:ff:ff"
results[1].dst = "ff:ff:ff:ff:ff:ff"
a = results[0]
assert a[Ether].dst == "ff:ff:ff:ff:ff:ff"
assert a[Ether].src == "ab:ab:ab:ab:ab:ab"
assert a[IPv6].src == "ffff::1111"
assert a[IPv6].dst == "ff02::1:ff00:1111"
assert a[IPv6].hlim == 255
assert a[ICMPv6ND_NA].tgt == "ffff::1111"
assert a[ICMPv6NDOptDstLLAddr].lladdr == "ab:ab:ab:ab:ab:ab"
b = results[1]
assert b[Ether].dst == "ff:ff:ff:ff:ff:ff"
assert b[Ether].src == "ab:ab:ab:ab:ab:ab"
assert b[IPv6].src == "b643:44c3:f659:f8e6:31c0:6437:825d:c353"
assert b[IPv6].dst == "ff02::1:ff5d:c353"
assert b[IPv6].hlim == 255
assert b[ICMPv6ND_NA].tgt == "b643:44c3:f659:f8e6:31c0:6437:825d:c353"
assert b[ICMPv6NDOptDstLLAddr].lladdr == "ab:ab:ab:ab:ab:ab"
= Test NDP_Attack_NA_Spoofing
data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:d4:e5:f6')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="ff02::1:ffd4:e5f6")/ICMPv6ND_NS(tgt="ff02::1:ffd4:e5f6", code=171, res=3758096),
Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:e4:68:c9:4f')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="fe9c:98b0:52b5:7033:5db0:394f:e468:c94f")/ICMPv6ND_NS(),
Ether()/IP()/ICMP()]
results = test_attack(NDP_Attack_NA_Spoofing, data, options=(None, None, None, "ff:ff:ff:ff:ff:ff", None))
assert len(results) == 2
a = results[0]
assert a[Ether].dst == "aa:aa:aa:aa:aa:aa"
assert a[Ether].src == "ff:ff:ff:ff:ff:ff"
assert a[IPv6].src == "ff02::1:ffd4:e5f6"
assert a[IPv6].dst == "753a:727c:97b5:f71d:51ea:3901:ab52:e110"
assert a[IPv6].hlim == 255
assert a[ICMPv6ND_NA].R == 0
assert a[ICMPv6ND_NA].S == 1
assert a[ICMPv6ND_NA].O == 1
assert a[ICMPv6ND_NA].tgt == "ff02::1:ffd4:e5f6"
assert a[ICMPv6NDOptDstLLAddr].lladdr == "ff:ff:ff:ff:ff:ff"
b = results[1]
assert b[Ether].dst == "aa:aa:aa:aa:aa:aa"
assert b[Ether].src == "ff:ff:ff:ff:ff:ff"
assert b[IPv6].src == "::"
assert b[IPv6].dst == "753a:727c:97b5:f71d:51ea:3901:ab52:e110"
assert b[IPv6].hlim == 255
assert b[ICMPv6ND_NA].R == 0
assert b[ICMPv6ND_NA].S == 1
assert b[ICMPv6ND_NA].O == 1
assert b[ICMPv6ND_NA].tgt == "::"
assert b[ICMPv6NDOptDstLLAddr].lladdr == "ff:ff:ff:ff:ff:ff"
= Test NDP_Attack_Kill_Default_Router
data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:d4:e5:f6')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="ff02::1:ffd4:e5f6")/ICMPv6ND_RA(routerlifetime=1),
Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ab:52:e1:10')/IPv6(src="fe9c:98b0:52b5:7033:5db0:394f:e468:c94f", dst="753a:727c:97b5:f71d:51ea:3901:ab52:e110")/ICMPv6ND_RA(routerlifetime=1),
Ether()/IP()/"RANDOM"]
results = test_attack(NDP_Attack_Kill_Default_Router, data)
assert len(results) == 2
a = results[0][IPv6]
assert a[IPv6].src == "753a:727c:97b5:f71d:51ea:3901:ab52:e110"
assert a[IPv6].dst == "ff02::1"
assert a[IPv6].hlim == 255
assert a[ICMPv6ND_RA].M == 0
assert a[ICMPv6ND_RA].O == 0
assert a[ICMPv6ND_RA].H == 0
assert a[ICMPv6ND_RA].P == 0
assert a[ICMPv6ND_RA].routerlifetime == 0
assert a[ICMPv6ND_RA].reachabletime == 0
assert a[ICMPv6ND_RA].retranstimer == 0
assert a[ICMPv6NDOptSrcLLAddr].lladdr == "aa:aa:aa:aa:aa:aa"
b = results[1][IPv6]
assert b[IPv6].src == "fe9c:98b0:52b5:7033:5db0:394f:e468:c94f"
assert b[IPv6].dst == "ff02::1"
assert b[IPv6].hlim == 255
assert b[ICMPv6ND_RA].M == 0
assert b[ICMPv6ND_RA].O == 0
assert b[ICMPv6ND_RA].H == 0
assert b[ICMPv6ND_RA].P == 0
assert b[ICMPv6ND_RA].routerlifetime == 0
assert b[ICMPv6ND_RA].reachabletime == 0
assert b[ICMPv6ND_RA].retranstimer == 0
assert b[ICMPv6NDOptSrcLLAddr].lladdr == "aa:aa:aa:aa:aa:aa"
= Test NDP_Attack_Fake_Router
ra = Ether()/IPv6()/ICMPv6ND_RA()
ra /= ICMPv6NDOptPrefixInfo(prefix="2001:db8:1::", prefixlen=64)
ra /= ICMPv6NDOptPrefixInfo(prefix="2001:db8:2::", prefixlen=64)
ra /= ICMPv6NDOptSrcLLAddr(lladdr="00:11:22:33:44:55")
rad = Ether(raw(ra))
data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ab:52:e1:10')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="ff02::1:ffd4:e5f6")/ICMPv6ND_RS(code=11, res=3758096),
Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ab:52:e1:10')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="fe9c:98b0:52b5:7033:5db0:394f:e468:c94f")/ICMPv6ND_RS(),
Ether()/IP()/ICMP()]
results = test_attack(NDP_Attack_Fake_Router, data, options=(ra,))
assert len(results) == 2
assert results[0] == rad
assert results[1] == rad
= Test NDP_Attack_NS_Spoofing
r = test_attack(NDP_Attack_NS_Spoofing, [], options=("aa:aa:aa:aa:aa:aa", "753a:727c:97b5:f71d:51ea:3901:ab52:e110", "2001:db8::1", 'e4a0:654b:1a24:1b15:761d:2e5d:245d:ba83', "cc:cc:cc:cc:cc:cc", "dd:dd:dd:dd:dd:dd"))[0]
assert r[Ether].dst == "dd:dd:dd:dd:dd:dd"
assert r[Ether].src == "cc:cc:cc:cc:cc:cc"
assert r[IPv6].hlim == 255
assert r[IPv6].src == "753a:727c:97b5:f71d:51ea:3901:ab52:e110"
assert r[IPv6].dst == "e4a0:654b:1a24:1b15:761d:2e5d:245d:ba83"
assert r[ICMPv6ND_NS].tgt == "2001:db8::1"
assert r[ICMPv6NDOptSrcLLAddr].lladdr == "aa:aa:aa:aa:aa:aa"
# Below is our Homework : here is the mountain ...
#