Commits

Anonymous committed f14db71

Logging UDP Fuzz

Comments (0)

Files changed (3)

src/protocol/base.py

                         'clientport' : raddr[1], \
                         'serverip' : caddr[0], 'serverport' : caddr[1], \
                         'conncount' : 1, 'direction' : 's2c' })
-                    
+                    dgram_time = time.time() 
                     if self.rules is not None:
-                        pkt = self.processrules(pkt, conndata)
+                        pkt = self.processrules(pkt, conndata,dgram_time)
                     
                     
                     tdata = (raddr[0], raddr[1], caddr[0], caddr[1], "s2c",
-                             repr(pkt), time.time())
+                             repr(pkt), dgram_time)
                     self.trafficdb.dgram.put(tdata)       
                                   
                     proto = self.proto_lookup(raddr[0], raddr[1])
                         'clientport' : caddr[1], \
                         'serverip' : rdst, 'serverport' : rpt, \
                         'conncount' : 1, 'direction' : 'c2s' })
-    
+                dgram_time = time.time() 
+                
                 if self.rules is not None:
-                    pkt = self.processrules(pkt, conndata)
+                    pkt = self.processrules(pkt, conndata, dgram_time)
 
 
                 tdata = (caddr[0], caddr[1], rdst, rpt, "c2s", repr(pkt), 
-                         time.time())
+                         dgram_time)
                 self.trafficdb.dgram.put(tdata)                  
                 self.log.debug("UDPProtocol[m]: sending data from %s to %s" 
                                % (caddr, raddr))
         to modify bytes that is being sent from the client to the server
         """
 
-    def processrules(self, string, conndata):
+    def processrules(self, string, conndata, dgram_time):
         """
         TODO: This code is not 100% ideal. It places a lot of responsibility on
         the caller for processing the rule chain, etc. This should be abstracted
                     break
         
         for rule in matchingrules:
-            self.log.debug("Matched rule: %s" % (rule))
-            
+            self.log.debug("Matched UDP Rule: %s" % (rule))
+           
+            was_fuzzed = False
             if rule.action.name == "muck":
                 string = rule.action.execute(data=string)
             if rule.action.name == "fuzz":
-               was_fuzzed, string = rule.action.execute(data=string)
-        
+                old_string = string
+                was_fuzzed, string = rule.action.execute(data=string)
+                if was_fuzzed:
+                    tdata = (conndata.clientip, conndata.clientport, 
+                             conndata.serverip, conndata.serverport,
+                             conndata.direction, repr(old_string),
+                             repr(string), dgram_time)
+                    self.trafficdb.qfuzzudp.put(tdata)
         return string 
         
     def update(self, publisher, **kwargs):
 #ssl_1: sslproto.SSLProtocol:5222
 ssl_2: sslproto.SSLProtocol:443
 #http_2: https.HTTPS:4445
-; Rocking Proto
+; Rocking Proto
         self.qConn = Queue.Queue()
         self.dgram = Queue.Queue()
         self.qfuzztcp = Queue.Queue()
+        self.qfuzzudp = Queue.Queue()
 
     # This method defines the traffic db schema. 
     # TODO: Clean this up a bit. Add PKs and FK refs to maintain ref integrity.  
             )
         """
  
+        fuzzudp = """
+            CREATE TABLE fuzzudp(
+                saddr TEXT,
+                sport INTEGER,
+                daddr TEXT,
+                dport INTEGER,
+                direction TEXT,
+                oldBody BLOB,
+                fuzzBody BLOB,
+                timestamp TEXT         
+            )
+        """
+
+
         self.curr.execute(connections)
         self.curr.execute(flows)
         self.curr.execute(dgrams)
         self.curr.execute(fuzztcp)
-        
+        self.curr.execute(fuzzudp)
         self.curr.execute("")
         
     # This method should be kicked off as a separate thread
                 self.curr.execute("insert into fuzztcp values(?,?,?,?,?)",
                                   entry);
  
+            while not self.qfuzzudp.empty():
+                entry = self.qfuzzudp.get()
+                self.curr.execute("insert into fuzzudp values(?,?,?,?,?,?,?,?)",
+                                  entry);
+
 
                 
             self.conn.commit()