Package: inet.applications.httptools.server
HttpServerEvilA
simple moduleDemonstrates subclassing the server to create a custom site. This site is an attacker -- a puppetmaster -- which serves HTML pages containing attack code. In this case, we are simulating JavaScript attack code which prompts the unsuspecting browser to request a number of images from a victim site. Delays are specified to simulate hiding the attack from the browser user by use of JavaScript timeouts or similar mechanisms. The generateBody virtual function is redefined to create a page containing the attack code.
This module definition has two additional parameters to the standard HttpServerDirect definition: * minBadRequests specifies the lower bound on bad requests caused to be sent to the victim by the browser. * maxBadRequests specifies the upper bound on bad requests caused to be sent to the victim by the browser.
Author: Kristjan V. Jonsson
Inheritance diagram
The following diagram shows inheritance relationships for this type. Unresolved types are missing from the diagram.
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
| hostName | string |
The domain name of the server |
|
| port | int |
The listening port number |
|
| httpProtocol | int |
The http protocol: 10 for http/1.0, 11 for http/1.1. Not used at the present time. |
|
| logFile | string |
Name of server log file. Events are appended, allowing sharing of file for multiple servers. |
|
| siteDefinition | string |
The site script file. Blank to disable. |
|
| config | xml |
The XML configuration file for random sites |
|
| activationTime | double |
The initial activation delay. Zero to disable. |
|
| minBadRequests | int |
The lower bound of bad requests. |
|
| maxBadRequests | int |
The upper bound of bad requests |
Gates
| Name | Direction | Size | Description |
|---|---|---|---|
| tcpIn | input | ||
| tcpOut | output |
Source code
// // Demonstrates subclassing the server to create a custom site. This site is an attacker -- a puppetmaster -- // which serves HTML pages containing attack code. In this case, we are simulating JavaScript attack code which prompts // the unsuspecting browser to request a number of images from a victim site. Delays are specified to simulate hiding // the attack from the browser user by use of JavaScript timeouts or similar mechanisms. // The generateBody virtual function is redefined to create a page containing the attack code. // // This module definition has two additional parameters to the standard HttpServerDirect definition: // * minBadRequests specifies the lower bound on bad requests caused to be sent to the victim by the browser. // * maxBadRequests specifies the upper bound on bad requests caused to be sent to the victim by the browser. // // @author Kristjan V. Jonsson // simple HttpServerEvilA like ITCPApp { parameters: string hostName; // The domain name of the server int port; // The listening port number int httpProtocol; // The http protocol: 10 for http/1.0, 11 for http/1.1. Not used at the present time. string logFile; // Name of server log file. Events are appended, allowing sharing of file for multiple servers. string siteDefinition; // The site script file. Blank to disable. xml config; // The XML configuration file for random sites double activationTime @unit(s); // The initial activation delay. Zero to disable. int minBadRequests; // The lower bound of bad requests. int maxBadRequests; // The upper bound of bad requests gates: input tcpIn; output tcpOut; }File: src/inet/applications/httptools/server/HttpServerEvilA.ned
This documentation is released under the Creative Commons license