Package: inet.applications.httptools.server
HttpServerDirectEvilA
simple moduleDemonstrates subclassing the server to create a custom site. This site is an attacker -- a puppetmaster -- which serves HTML pages containing attack code. In this case, we are simulating JavaScript attack code which prompts the unsuspecting browser to request a number of images from a victim site. Delays are specified to simulate hiding the attack from the browser user by use of JavaScript timeouts or similar mechanisms. The generateBody virtual function is redefined to create a page containing the attack code.
This module definition has two additional parameters to the standard HttpServerDirect definition: * minBadRequests specifies the lower bound on bad requests caused to be sent to the victim by the browser. * maxBadRequests specifies the upper bound on bad requests caused to be sent to the victim by the browser.
Author: Kristjan V. Jonsson
Inheritance diagram
The following diagram shows inheritance relationships for this type. Unresolved types are missing from the diagram.
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
| hostName | string | "" |
The domain name of the server |
| port | int | 80 |
The listening port number |
| httpProtocol | int | 11 |
The http protocol: 10 for http/1.0, 11 for http/1.1. Not used at the present time. |
| logFile | string | "" |
Name of server log file. Events are appended, allowing sharing of file for multiple servers. |
| siteDefinition | string | "" |
The site script file. Blank to disable. |
| activationTime | double | 0s |
The initial activation delay. Zero to disable. |
| linkSpeed | double | 11Mbps |
Used to model transmission delays. |
| minBadRequests | int |
The lower bound of bad requests. |
|
| maxBadRequests | int |
The upper bound of bad requests |
|
| config | xml |
The XML configuration file for random sites |
Gates
| Name | Direction | Size | Description |
|---|---|---|---|
| httpIn | input |
Source code
// // Demonstrates subclassing the server to create a custom site. This site is an attacker -- a puppetmaster -- // which serves HTML pages containing attack code. In this case, we are simulating JavaScript attack code which prompts // the unsuspecting browser to request a number of images from a victim site. Delays are specified to simulate hiding // the attack from the browser user by use of JavaScript timeouts or similar mechanisms. // The generateBody virtual function is redefined to create a page containing the attack code. // // This module definition has two additional parameters to the standard HttpServerDirect definition: // * minBadRequests specifies the lower bound on bad requests caused to be sent to the victim by the browser. // * maxBadRequests specifies the upper bound on bad requests caused to be sent to the victim by the browser. // // @author Kristjan V. Jonsson // simple HttpServerDirectEvilA like IHttpDirectApp { parameters: string hostName = default(""); // The domain name of the server int port = default(80); // The listening port number int httpProtocol = default(11); // The http protocol: 10 for http/1.0, 11 for http/1.1. Not used at the present time. string logFile = default(""); // Name of server log file. Events are appended, allowing sharing of file for multiple servers. string siteDefinition = default(""); // The site script file. Blank to disable. double activationTime @unit(s) = default(0s); // The initial activation delay. Zero to disable. double linkSpeed @unit(bps) = default(11Mbps); // Used to model transmission delays. int minBadRequests; // The lower bound of bad requests. int maxBadRequests; // The upper bound of bad requests xml config; // The XML configuration file for random sites gates: input httpIn @directIn; }File: src/inet/applications/httptools/server/HttpServerDirectEvilA.ned
This documentation is released under the Creative Commons license