[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [ooni-probe/master] Write documentation for HTTP Invalid Requests test
commit d67eecfd05f03002e3a9334db82ab2d8c2658368
Author: Arturo Filastò <art@xxxxxxxxx>
Date: Thu Nov 29 17:09:34 2012 +0100
Write documentation for HTTP Invalid Requests test
---
docs/source/tests/http_invalid_requests.rst | 164 ++++++++++++++++++++
nettests/manipulation/http_invalid_request_line.py | 19 ++-
ooni/templates/tcpt.py | 2 +-
requirements.txt | 2 +-
4 files changed, 177 insertions(+), 10 deletions(-)
diff --git a/docs/source/tests/http_invalid_requests.rst b/docs/source/tests/http_invalid_requests.rst
new file mode 100644
index 0000000..f14a18d
--- /dev/null
+++ b/docs/source/tests/http_invalid_requests.rst
@@ -0,0 +1,164 @@
+Details
+=======
+
+*Test Name*: HTTP Invalid Request Line
+
+*Current version*: 0.1.3
+
+*NetTest*: HTTP Invalid Request Line (https://gitweb.torproject.org/ooni-probe.git/blob/HEAD:/nettests/manipulation/http_invalid_request_line.py)
+
+*Test Helper*: TCPEchoHelper (https://gitweb.torproject.org/ooni-probe.git/blob/HEAD:/oonib/testhelpers/tcp_helpers.py)
+
+*Test Type*: Traffic Manipulation
+
+*Requires Root*: No
+
+*WARNING*: This test is more dangerous to run than any other one and you
+should do it only if you know what you are doing.
+
+Description
+===========
+
+The goal of this test is to do some very basic and not very noisy fuzzing
+on the HTTP request line. We generate a series of requests that are not
+valid HTTP requests.
+
+The remote backend runs a TCP echo server. If the response from the backend
+does not match with what we have sent then we say that tampering is occuring.
+
+The idea behind this is that certain transparent HTTP proxies may not be
+properly parsing the HTTP request line.
+
+Unless elsewhere stated 'Xx'\*N refers to N\*2 random upper or lowercase ascii
+letters or numbers ('XxXx' will be 4).
+
+What we fuzz is the following:
+
+test random invalid method
+**************************
+
+This sends random 4 letter HTTP request method.
+
+The request on the wire will look like this:
+
+::
+ XxXxX / HTTP/1.1\n\r
+
+
+test random invalid field count
+******************************
+
+This generates a request that looks like this:
+
+::
+ XxXxX XxXxX XxXxX XxXxX
+
+ This may trigger some bugs in the HTTP parsers of transparent HTTP
+ proxies.
+
+
+test random big request method
+******************************
+
+This generates a request that looks like this:
+
+::
+
+ Xx*512 / HTTP/1.1
+
+
+test random invalid version number
+**********************************
+
+This generates a request that looks like this:
+
+::
+ GET / HTTP/XxX
+
+This attemps to trigger bugs in the parsing of the HTTP version number, that
+is usually being split on the `.`.
+
+How to run the test
+===================
+
+`./bin/ooniprobe nettests/manipulation/http_invalid_request_line.py -b <address of backend>`
+
+*address of the backend* is the hostname or IP address of a backend that runs
+a TCP echo server on port 80.
+
+Sample report
+=============
+
+From running:
+
+`./bin/ooniprobe nettests/manipulation/http_invalid_request_line.py -b 127.0.0.1 -p 57002`
+
+::
+
+ ###########################################
+ # OONI Probe Report for HTTP Invalid Request Line test
+ # Thu Nov 29 16:41:15 2012
+ ###########################################
+ ---
+ options:
+ collector: null
+ help: 0
+ logfile: null
+ pcapfile: null
+ reportfile: null
+ resume: 0
+ subargs: [-b, 127.0.0.1, -p, '57002']
+ test: nettests/manipulation/http_invalid_request_line.py
+ probe_asn: null
+ probe_cc: null
+ probe_ip: 127.0.0.1
+ software_name: ooniprobe
+ software_version: 0.0.7.1-alpha
+ start_time: 1354200075.0
+ test_name: HTTP Invalid Request Line
+ test_version: 0.1.3
+ ...
+ ---
+ input: null
+ report:
+ received: ["L3F6 / HTTP/1.1\n\r"]
+ sent: ["L3F6 / HTTP/1.1\n\r"]
+ tampering: false
+ test_name: test_random_invalid_method
+ test_runtime: 5.011919021606445
+ test_started: 1354203675.481258
+ ...
+ ---
+ input: null
+ report:
+ received: ["GET / HTTP/Ayo\n\r"]
+ sent: ["GET / HTTP/Ayo\n\r"]
+ tampering: false
+ test_name: test_random_invalid_version_number
+ test_runtime: 5.019288063049316
+ test_started: 1354203675.48221
+ ...
+ ---
+ input: null
+ report:
+ received: ["RZRcu OyLtu Jtu2T cs0ER\n\r"]
+ sent: ["RZRcu OyLtu Jtu2T cs0ER\n\r"]
+ tampering: false
+ test_name: test_random_invalid_field_count
+ test_runtime: 5.022854804992676
+ test_started: 1354203675.483127
+ ...
+ ---
+ input: null
+ report:
+ received: ["iB2HrwJeB512y5CrAAaIpETZ5RMprmGO4RCex24Kmqkjguc2XsOrGXR3qJIERw1IX13uGWVs1kOd96Y0zsR4ufcktGFnP0gYakTq7GA63rNNOmlG9tNXABnBEHfkHYhrwdrewAKdqZ2lGls66NBY7fbL9xkOsHBjXq7TkvS8MOeTb74wcxKymp1NLOa8u7C8XP9qpafQtWBrC4dkEVjppjlFyetg1tu8zomDUCBx9y2tB411d8lw7WOSMfDiQWG327aVanxaOj9WgZ2u2eu0595UiJxZxMk1LYa96vHvmB1DrX0DoJUkUg2fcEOlia3pVoFfcpbd3TQ0GwEoewU3F48Qvpf2AuOIcPgrYa1XszLCyUoToygc5J6WgIH7f1phsEpmmZ6my9KChZdnazc7mNbCwLB3Z1wMwcoFW1XuDvAhTr8OYoY17360SYkAqEBhYh8uiD4xdIq0T0KJzsJW5wghjCMjRjFyfk3wyDXaPLp7vkeeqbA3FNFatFQlUCTIkqqqM3EjAojynvCDVyrThGlmsauS9Ejhc9TaDojeT3s8HZY3KIDHwCRvpGgpwFie2NyhzmwY2y4YFMcnGXT2jlwsVE1K2fZZ7yGbKqbciuh5Q32JNvQBdGy3N63PWyZIxWhfythHOVBE9GXAr99DqEXUeiRkfNer5aVRt87rDBuLx13IrbCE6runHdoZEq0iXs7IySfw5qqt00fExbaN9UlSDyxyYIrIymrSTSUWWprTqiezn1toQZpxEl53pv4ZnLx00CSMYxWTzMDNSHLpovdAI9A27ugY2uHmPETKHbaLsTzNRtNiZAS9WidDi0oAxdICB47dnJA2CXvBaXeq2nsRasgQ9qqNl0RbTC8vhXgIq8nZZQn0iehXsP5mPXshpALyfAhoLwiChRif8FODkKdAgciLviTvyadpecb6HqRVfM8rLzMPkuXT2I21yB7NVQQLraJOeDO
TvmtsV2gw2I2ON8xKtHO78VQfo357yBryndTQTRTk9FPnijwcwusn\
+ \ / HTTP/1.1\n\r"]
+ sent: ["iB2HrwJeB512y5CrAAaIpETZ5RMprmGO4RCex24Kmqkjguc2XsOrGXR3qJIERw1IX13uGWVs1kOd96Y0zsR4ufcktGFnP0gYakTq7GA63rNNOmlG9tNXABnBEHfkHYhrwdrewAKdqZ2lGls66NBY7fbL9xkOsHBjXq7TkvS8MOeTb74wcxKymp1NLOa8u7C8XP9qpafQtWBrC4dkEVjppjlFyetg1tu8zomDUCBx9y2tB411d8lw7WOSMfDiQWG327aVanxaOj9WgZ2u2eu0595UiJxZxMk1LYa96vHvmB1DrX0DoJUkUg2fcEOlia3pVoFfcpbd3TQ0GwEoewU3F48Qvpf2AuOIcPgrYa1XszLCyUoToygc5J6WgIH7f1phsEpmmZ6my9KChZdnazc7mNbCwLB3Z1wMwcoFW1XuDvAhTr8OYoY17360SYkAqEBhYh8uiD4xdIq0T0KJzsJW5wghjCMjRjFyfk3wyDXaPLp7vkeeqbA3FNFatFQlUCTIkqqqM3EjAojynvCDVyrThGlmsauS9Ejhc9TaDojeT3s8HZY3KIDHwCRvpGgpwFie2NyhzmwY2y4YFMcnGXT2jlwsVE1K2fZZ7yGbKqbciuh5Q32JNvQBdGy3N63PWyZIxWhfythHOVBE9GXAr99DqEXUeiRkfNer5aVRt87rDBuLx13IrbCE6runHdoZEq0iXs7IySfw5qqt00fExbaN9UlSDyxyYIrIymrSTSUWWprTqiezn1toQZpxEl53pv4ZnLx00CSMYxWTzMDNSHLpovdAI9A27ugY2uHmPETKHbaLsTzNRtNiZAS9WidDi0oAxdICB47dnJA2CXvBaXeq2nsRasgQ9qqNl0RbTC8vhXgIq8nZZQn0iehXsP5mPXshpALyfAhoLwiChRif8FODkKdAgciLviTvyadpecb6HqRVfM8rLzMPkuXT2I21yB7NVQQLraJOeDOTvmt
sV2gw2I2ON8xKtHO78VQfo357yBryndTQTRTk9FPnijwcwusn\
+ \ / HTTP/1.1\n\r"]
+ tampering: false
+ test_name: test_random_big_request_method
+ test_runtime: 5.026142120361328
+ test_started: 1354203675.484211
+ ...
+
+
diff --git a/nettests/manipulation/http_invalid_request_line.py b/nettests/manipulation/http_invalid_request_line.py
index 00ab24d..01626ab 100644
--- a/nettests/manipulation/http_invalid_request_line.py
+++ b/nettests/manipulation/http_invalid_request_line.py
@@ -1,12 +1,14 @@
# -*- encoding: utf-8 -*-
from twisted.python import usage
-from ooni.utils import randomStr
+from ooni.utils import log
+from ooni.utils import randomStr, randomSTR
from ooni.templates import tcpt
class UsageOptions(usage.Options):
optParameters = [['backend', 'b', '127.0.0.1',
- 'The OONI backend that runs a TCP echo server']]
+ 'The OONI backend that runs a TCP echo server'],
+ ['backendport', 'p', 80, 'Specify the port that the TCP echo server is running (should only be set for debugging)']]
class HTTPInvalidRequestLine(tcpt.TCPTest):
"""
@@ -14,10 +16,10 @@ class HTTPInvalidRequestLine(tcpt.TCPTest):
on the HTTP request line. We generate a series of requests that are not
valid HTTP requests.
- Unless elsewhere stated 'Xx'*N refers to N*2 random upper or lowercase ascii
- letters or numbers ('XxXx' will be 4).
+ Unless elsewhere stated 'Xx'*N refers to N*2 random upper or lowercase
+ ascii letters or numbers ('XxXx' will be 4).
"""
- name = "HTTP Invalid Requests"
+ name = "HTTP Invalid Request Line"
version = "0.1.3"
authors = "Arturo Filastò"
@@ -28,14 +30,15 @@ class HTTPInvalidRequestLine(tcpt.TCPTest):
requiredOptions = ['backend']
def setUp(self):
- self.port = 80
+ self.port = int(self.localOptions['backendport'])
self.address = self.localOptions['backend']
def check_for_manipulation(self, response, payload):
+ log.debug("Checking if %s == %s" % (response, payload))
if response != payload:
self.report['tampering'] = True
else:
- self.report['tampering'] = 'unknown'
+ self.report['tampering'] = False
def test_random_invalid_method(self):
"""
@@ -57,7 +60,7 @@ class HTTPInvalidRequestLine(tcpt.TCPTest):
Proxy-Connection: close
"""
- payload = randomStr(10) + " / HTTP/1.1\n\r"
+ payload = randomSTR(4) + " / HTTP/1.1\n\r"
d = self.sendPayload(payload)
d.addCallback(self.check_for_manipulation, payload)
diff --git a/ooni/templates/tcpt.py b/ooni/templates/tcpt.py
index 26f38ed..323ead8 100644
--- a/ooni/templates/tcpt.py
+++ b/ooni/templates/tcpt.py
@@ -68,7 +68,7 @@ class TCPTest(NetTestCase):
self.report['received'].append(proto.received_data)
proto.transport.loseConnection()
log.debug("Closing connection")
- d1.callback(self.report['received'])
+ d1.callback(proto.received_data)
def timedOut(proto):
self.report['failure'] = 'tcp_timed_out_error'
diff --git a/requirements.txt b/requirements.txt
index 4ddb915..ce2e721 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,7 +14,7 @@ repoze.sphinx.autointerface>=0.7.1
https://hg.secdev.org/scapy/archive/tip.zip#egg=scapy
storm>=0.19
transaction>=1.3.0
-txtorcon
+txtorcon>=0.7
wsgiref>=0.1.2
zope.component>=4.0.0
zope.event>=4.0.0
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits