An evil attacker server demonstration - type B. More...

#include <HttpServerDirectEvilB.h>

Inheritance diagram for inet::httptools::HttpServerDirectEvilB:

Protected Member Functions
virtual int	numInitStages () const override

virtual void	initialize (int stage) override

virtual std::string	generateBody () override

Protected Member Functions inherited from inet::httptools::HttpServerDirect
virtual void	finish () override

virtual void	handleMessage (cMessage *msg) override

Protected Member Functions inherited from inet::httptools::HttpServerBase
virtual void	refreshDisplay () const override

HttpReplyMessage *	generateDocument (HttpRequestMessage request, const char resource, int size=0)

HttpReplyMessage *	generateResourceMessage (HttpRequestMessage *request, std::string resource, HttpContentType category)

HttpReplyMessage *	handleGetRequest (HttpRequestMessage *request, std::string resource)

HttpReplyMessage *	generateErrorReply (HttpRequestMessage *request, int code)

cPacket *	handleReceivedMessage (cMessage *msg)

void	registerWithController ()

void	readSiteDefinition (std::string file)

std::string	readHtmlBodyFile (std::string file, std::string path)

Protected Member Functions inherited from inet::httptools::HttpNodeBase
void	sendDirectToModule (HttpNodeBase receiver, cPacket packet, simtime_t constdelay=0.0, rdObject *rd=nullptr)

double	transmissionDelay (cPacket *packet)

void	logRequest (const HttpRequestMessage *httpRequest)

void	logResponse (const HttpReplyMessage *httpResponse)

void	logEntry (std::string line)

std::string	formatHttpRequestShort (const HttpRequestMessage *httpRequest)

std::string	formatHttpResponseShort (const HttpReplyMessage *httpResponse)

std::string	formatHttpRequestLong (const HttpRequestMessage *httpRequest)

std::string	formatHttpResponseLong (const HttpReplyMessage *httpResponse)

virtual bool	handleOperationStage (LifecycleOperation operation, int stage, IDoneCallback doneCallback) override
	Perform one stage of a lifecycle operation. More...

Private Attributes
int	badLow = 0

int	badHigh = 0

Additional Inherited Members
Public Member Functions inherited from inet::httptools::HttpServerBase
	HttpServerBase ()

	~HttpServerBase ()

const std::string &	getHostName ()

Public Member Functions inherited from inet::httptools::HttpNodeBase
	HttpNodeBase ()

Public Member Functions inherited from inet::ILifecycle
virtual	~ILifecycle ()

Protected Attributes inherited from inet::httptools::HttpServerBase
std::string	hostName

int	port = -1

bool	scriptedMode = false

std::map< std::string, HtmlPageData >	htmlPages

std::map< std::string, unsigned int >	resources

simtime_t	activationTime

long	htmlDocsServed = 0

long	imgResourcesServed = 0

long	textResourcesServed = 0

long	badRequests = 0

rdObject *	rdReplyDelay = nullptr
	The processing delay of the server. More...

rdObject *	rdHtmlPageSize = nullptr
	The HTML page size distribution for the site. More...

rdObject *	rdTextResourceSize = nullptr
	The text resource size distribution for the site. More...

rdObject *	rdImageResourceSize = nullptr
	The image resource size distribution for the site. More...

rdObject *	rdNumResources = nullptr
	Number of resources per HTML page. More...

rdObject *	rdTextImageResourceRatio = nullptr
	The ratio of text resources to images referenced in HTML pages. More...

rdObject *	rdErrorMsgSize = nullptr
	The size of error messages. More...

Protected Attributes inherited from inet::httptools::HttpNodeBase
unsigned long	linkSpeed = 0

int	httpProtocol = 0

std::string	logFileName

bool	enableLogging = true

LOG_FORMAT	outputFormat = lf_short

bool	m_bDisplayMessage = true

bool	m_bDisplayResponseContent = true

cModule *	host = nullptr

Detailed Description

An evil attacker server demonstration - type B.

Demonstrates subclassing the server to create a custom site. This site is an attacker – a puppetmaster – which serves HTML pages containing attack code. In this case, we are simulating JavaScript attack code which prompts the unsuspecting browser to issue a number of requests for non-existing resources (random URLs) to the victim site. Delays are specified to simulate hiding the attack from the browser user by use of JavaScript timeouts or similar mechanisms. The generateBody virtual function is redefined to create a page containing the attack code.

See also: HttpServerDirect

Author: Kristjan V. Jonsson

Member Function Documentation

std::string inet::httptools::HttpServerDirectEvilB::generateBody ( )

overrideprotectedvirtual

Reimplemented from inet::httptools::HttpServerBase.

 {
     int numResources = badLow + (int)uniform(0, badHigh - badLow);
     double rndDelay;
     std::string result;
 
     char tempBuf[128];
     int refSize;
     for (int i = 0; i < numResources; i++) {
         rndDelay = 10.0 + uniform(0, 2.0);
         refSize = (int)uniform(500, 1000);    // The random size represents a random reference string length
         sprintf(tempBuf, "TEXT%.4d.txt;%s;%f;%s;%d\n", i, "www.good.com", rndDelay, "TRUE", refSize);
         result.append(tempBuf);
     }
 
     return result;
 }

void inet::httptools::HttpServerDirectEvilB::initialize ( int stage )

overrideprotectedvirtual

Reimplemented from inet::httptools::HttpServerDirect.

 {
     HttpServerDirect::initialize(stage);
 
     if (stage == INITSTAGE_LOCAL) {
         badLow = par("minBadRequests");
         badHigh = par("maxBadRequests");
 
         EV_INFO << "Badguy " << hostName << " was initialized to launch an attack on www.good.com" << endl;
         EV_INFO << "Minimum " << badLow << " and maximum " << badHigh << " bad requests for each hit." << endl;
     }
 }