Simple Module HttpServerEvilA

Package: inet.applications.httptools.server
File: src/inet/applications/httptools/server/HttpServerEvilA.ned

C++ definition

Demonstrates subclassing the server to create a custom site. This site is an attacker -- a puppetmaster -- which serves HTML pages containing attack code. In this case, we are simulating JavaScript attack code which prompts the unsuspecting browser to request a number of images from a victim site. Delays are specified to simulate hiding the attack from the browser user by use of JavaScript timeouts or similar mechanisms. The generateBody virtual function is redefined to create a page containing the attack code.

This module definition has two additional parameters to the standard HttpServerDirect definition: * minBadRequests specifies the lower bound on bad requests caused to be sent to the victim by the browser. * maxBadRequests specifies the upper bound on bad requests caused to be sent to the victim by the browser.

Author: Kristjan V. Jonsson

HttpServerEvilA

Usage diagram:

The following diagram shows usage relationships between types. Unresolved types are missing from the diagram.

Inheritance diagram:

The following diagram shows inheritance relationships for this type. Unresolved types are missing from the diagram.

Parameters:

Name Type Default value Description
hostName string

The domain name of the server

port int

The listening port number

httpProtocol int

The http protocol: 10 for http/1.0, 11 for http/1.1. Not used at the present time.

logFile string

Name of server log file. Events are appended, allowing sharing of file for multiple servers.

siteDefinition string

The site script file. Blank to disable.

config xml

The XML configuration file for random sites

activationTime int

The initial activation delay. Zero to disable.

minBadRequests int

The lower bound of bad requests.

maxBadRequests int

The upper bound of bad requests

Gates:

Name Direction Size Description
tcpIn input
tcpOut output

Source code:

//
// Demonstrates subclassing the server to create a custom site. This site is an attacker -- a puppetmaster --
// which serves HTML pages containing attack code. In this case, we are simulating JavaScript attack code which prompts
// the unsuspecting browser to request a number of images from a victim site. Delays are specified to simulate hiding
// the attack from the browser user by use of JavaScript timeouts or similar mechanisms.
// The generateBody virtual function is redefined to create a page containing the attack code.
//
// This module definition has two additional parameters to the standard HttpServerDirect definition:
// * minBadRequests specifies the lower bound on bad requests caused to be sent to the victim by the browser.
// * maxBadRequests specifies the upper bound on bad requests caused to be sent to the victim by the browser.
//
// @author  Kristjan V. Jonsson
//
simple HttpServerEvilA like ITCPApp
{
    parameters:
        string hostName;        // The domain name of the server
        int port;               // The listening port number
        int httpProtocol;       // The http protocol: 10 for http/1.0, 11 for http/1.1. Not used at the present time.
        string logFile;         // Name of server log file. Events are appended, allowing sharing of file for multiple servers.
        string siteDefinition;  // The site script file. Blank to disable.
        xml config;             // The XML configuration file for random sites
        int activationTime;     // The initial activation delay. Zero to disable.
        int minBadRequests;     // The lower bound of bad requests.
        int maxBadRequests;     // The upper bound of bad requests
    gates:
        input tcpIn;
        output tcpOut;
}