Package: inet.applications.httptools.server
HttpServerDirectEvilA
simple moduleDemonstrates subclassing the server to create a custom site. This site is an attacker -- a puppetmaster -- which serves HTML pages containing attack code. In this case, we are simulating JavaScript attack code which prompts the unsuspecting browser to request a number of images from a victim site. Delays are specified to simulate hiding the attack from the browser user by use of JavaScript timeouts or similar mechanisms. The generateBody virtual function is redefined to create a page containing the attack code.
Author: Kristjan V. Jonsson
Inheritance diagram
The following diagram shows inheritance relationships for this type. Unresolved types are missing from the diagram.
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
| hostName | string | "" |
The domain name of the server. |
| port | int | 80 |
The listening port number. |
| httpProtocol | int | 11 |
The http protocol: 10 for http/1.0, 11 for http/1.1. Not used at the present time. |
| logFile | string | "" |
Name of server log file. Events are appended, allowing sharing of file for multiple servers. |
| siteDefinition | string | "" |
The site script file. Blank to disable. |
| activationTime | double | 0s |
The initial activation delay. Zero to disable. |
| linkSpeed | double | 11Mbps |
Used to model transmission delays. |
| minBadRequests | int |
Specifies the lower bound of bad requests to be sent to the victim by the browser. |
|
| maxBadRequests | int |
Specifies the upper bound of bad requests to be sent to the victim by the browser |
|
| config | xml |
The XML configuration file for random sites. |
|
| httpControllerModule | string | "httpController" |
Path to the HttpController module. |
Properties
| Name | Value | Description |
|---|---|---|
| lifecycleSupport |
Gates
| Name | Direction | Size | Description |
|---|---|---|---|
| httpIn | input |
Source code
// // Demonstrates subclassing the server to create a custom site. This site is an attacker -- a puppetmaster -- // which serves HTML pages containing attack code. In this case, we are simulating JavaScript attack code which prompts // the unsuspecting browser to request a number of images from a victim site. Delays are specified to simulate hiding // the attack from the browser user by use of JavaScript timeouts or similar mechanisms. // The generateBody virtual function is redefined to create a page containing the attack code. // // @author Kristjan V. Jonsson // simple HttpServerDirectEvilA like IHttpDirectApp { parameters: string hostName = default(""); // The domain name of the server. int port = default(80); // The listening port number. int httpProtocol = default(11); // The http protocol: 10 for http/1.0, 11 for http/1.1. Not used at the present time. string logFile = default(""); // Name of server log file. Events are appended, allowing sharing of file for multiple servers. string siteDefinition = default(""); // The site script file. Blank to disable. double activationTime @unit(s) = default(0s); // The initial activation delay. Zero to disable. double linkSpeed @unit(bps) = default(11Mbps); // Used to model transmission delays. int minBadRequests; // Specifies the lower bound of bad requests to be sent to the victim by the browser. int maxBadRequests; // Specifies the upper bound of bad requests to be sent to the victim by the browser xml config; // The XML configuration file for random sites. string httpControllerModule = default("httpController"); // Path to the ~HttpController module. @lifecycleSupport; gates: input httpIn @directIn; }File: src/inet/applications/httptools/server/HttpServerDirectEvilA.ned
This documentation is released under the Creative Commons license