use of horse.wtf.nzyme.MockNzyme in project nzyme by lennartkoopmann.
the class SentryInterceptorSetTest method cleanSentry.
@BeforeMethod
public void cleanSentry() {
NzymeLeader nzyme = new MockNzyme();
nzyme.getDatabase().useHandle(handle -> handle.execute("DELETE FROM sentry_ssids;"));
nzyme.getDatabase().useHandle(handle -> handle.execute("DELETE FROM alerts;"));
}
use of horse.wtf.nzyme.MockNzyme in project nzyme by lennartkoopmann.
the class SentryInterceptorSetTest method testProbeRespWithAlertDisabled.
@Test
public void testProbeRespWithAlertDisabled() throws MalformedFrameException, IllegalRawDataException, InterruptedException {
LoopbackUplink uplink = new LoopbackUplink();
NzymeLeader nzyme = new MockNzyme();
nzyme.registerUplink(uplink);
Sentry sentry = new Sentry(nzyme, 2);
try {
assertEquals(sentry.getSSIDs().size(), 0);
assertNull(uplink.getLastAlert());
Dot11FrameInterceptor interceptor = new SentryInterceptorSet(sentry, nzyme.getAlertsService(), false).getInterceptors().get(1);
interceptor.intercept(new Dot11ProbeResponseFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.PROBE_RESP_1_PAYLOAD, Frames.PROBE_RESP_1_HEADER, META_NO_WEP));
Thread.sleep(2500);
assertEquals(sentry.getSSIDs().size(), 1);
assertTrue(sentry.knowsSSID("Home 5F48"));
assertNull(uplink.getLastAlert());
} finally {
sentry.stop();
}
}
use of horse.wtf.nzyme.MockNzyme in project nzyme by lennartkoopmann.
the class UnexpectedBSSIDInterceptorSetTest method testGetInterceptors.
@Test
public void testGetInterceptors() throws MalformedFrameException, IllegalRawDataException {
NzymeLeader nzyme = new MockNzyme();
LoopbackUplink loopback = new LoopbackUplink();
nzyme.registerUplink(loopback);
UnexpectedBSSIDInterceptorSet set = new UnexpectedBSSIDInterceptorSet(nzyme.getAlertsService(), nzyme.getConfiguration().dot11Networks());
assertEquals(set.getInterceptors().size(), 2);
for (Dot11FrameInterceptor interceptor : set.getInterceptors()) {
if (interceptor.forSubtype() == Dot11FrameSubtype.BEACON) {
assertEquals(interceptor.raisesAlerts(), new ArrayList<Class<? extends Alert>>() {
{
add(UnexpectedBSSIDBeaconAlert.class);
}
});
// Expected beacon.
interceptor.intercept(new Dot11BeaconFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.BEACON_1_PAYLOAD, Frames.BEACON_1_HEADER, META_NO_WEP));
assertNull(loopback.getLastAlert());
// Beacon from a wrong BSSID but different network. Should not trigger.
interceptor.intercept(new Dot11BeaconFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.BEACON_3_PAYLOAD, Frames.BEACON_3_HEADER, META_NO_WEP));
assertNull(loopback.getLastAlert());
// Unexpected beacon.
interceptor.intercept(new Dot11BeaconFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.BEACON_WTF_SPOOFED_MAC_PAYLOAD, Frames.BEACON_WTF_SPOOFED_MAC_HEADER, META_NO_WEP));
assertNotNull(loopback.getLastAlert());
assertEquals(UnexpectedBSSIDBeaconAlert.class, loopback.getLastAlert().getClass());
}
loopback.clear();
if (interceptor.forSubtype() == Dot11FrameSubtype.PROBE_RESPONSE) {
assertEquals(interceptor.raisesAlerts(), new ArrayList<Class<? extends Alert>>() {
{
add(UnexpectedBSSIDProbeRespAlert.class);
}
});
// Expected probe-resp.
interceptor.intercept(new Dot11ProbeResponseFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.PROBE_RESP_3_PAYLOAD, Frames.PROBE_RESP_3_HEADER, META_NO_WEP));
assertNull(loopback.getLastAlert());
// Probe-resp from a wrong BSSID but different network. Should not trigger.
interceptor.intercept(new Dot11ProbeResponseFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.PROBE_RESP_1_PAYLOAD, Frames.PROBE_RESP_1_HEADER, META_NO_WEP));
assertNull(loopback.getLastAlert());
// Unexpected probe-resp.
interceptor.intercept(new Dot11ProbeResponseFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.PROBE_RESP_WTF_SPOOFED_MAC_PAYLOAD, Frames.PROBE_RESP_WTF_SPOOFED_MAC_HEADER, META_NO_WEP));
assertNotNull(loopback.getLastAlert());
assertEquals(UnexpectedBSSIDProbeRespAlert.class, loopback.getLastAlert().getClass());
}
loopback.clear();
}
}
use of horse.wtf.nzyme.MockNzyme in project nzyme by lennartkoopmann.
the class UnexpectedFingerprintInterceptorSetTest method testGetInterceptors.
@Test
public void testGetInterceptors() throws MalformedFrameException, IllegalRawDataException {
NzymeLeader nzyme = new MockNzyme();
LoopbackUplink loopback = new LoopbackUplink();
nzyme.registerUplink(loopback);
UnexpectedFingerprintInterceptorSet set = new UnexpectedFingerprintInterceptorSet(nzyme.getAlertsService(), nzyme.getConfiguration().dot11Networks());
assertEquals(set.getInterceptors().size(), 2);
for (Dot11FrameInterceptor interceptor : set.getInterceptors()) {
reset(loopback, nzyme);
if (interceptor.forSubtype() == Dot11FrameSubtype.BEACON) {
assertEquals(interceptor.raisesAlerts(), new ArrayList<Class<? extends Alert>>() {
{
add(UnexpectedFingerprintBeaconAlert.class);
}
});
// Expected beacon.
interceptor.intercept(new Dot11BeaconFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.BEACON_1_PAYLOAD, Frames.BEACON_1_HEADER, META_NO_WEP));
assertNull(loopback.getLastAlert());
reset(loopback, nzyme);
// Beacon with a wrong fingerprint but different BSSID. Should not trigger.
interceptor.intercept(new Dot11BeaconFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.BEACON_3_PAYLOAD, Frames.BEACON_3_HEADER, META_NO_WEP));
assertNull(loopback.getLastAlert());
reset(loopback, nzyme);
// TODO: Unexpected fingerprint.
interceptor.intercept(new Dot11BeaconFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.BEACON_2_PAYLOAD, Frames.BEACON_2_PAYLOAD, META_NO_WEP));
assertNotNull(loopback.getLastAlert());
assertEquals(UnexpectedFingerprintBeaconAlert.class, loopback.getLastAlert().getClass());
reset(loopback, nzyme);
}
if (interceptor.forSubtype() == Dot11FrameSubtype.PROBE_RESPONSE) {
assertEquals(interceptor.raisesAlerts(), new ArrayList<Class<? extends Alert>>() {
{
add(UnexpectedFingerprintProbeRespAlert.class);
}
});
// TODO: Don't have appropriate frames in library so creating them directly for this part of the test.
// Expected probe-resp.
interceptor.intercept(Dot11ProbeResponseFrame.create("WTF", "ff:ff:ff:ff:ff:ff", "00:c0:ca:95:68:3b", "dfac3abce0c722f9609343f7dfa208afa51a1c7decbd2eb6f96c78051f0a594b", new Dot11TaggedParameters(new MetricRegistry(), Dot11TaggedParameters.PROBERESP_TAGGED_PARAMS_POSITION, Frames.PROBE_RESP_1_PAYLOAD), META_NO_WEP, new byte[] {}, new byte[] {}));
assertNull(loopback.getLastAlert());
reset(loopback, nzyme);
// Probe-resp with a wrong fingerprint but different BSSID. Should not trigger.
interceptor.intercept(Dot11ProbeResponseFrame.create("WTF", "ff:ff:ff:ff:ff:ff", "0a:c0:ca:95:68:3b", "WRONGdfac3abce0c722f9609343f7dfa208afa51a1c7decbd2eb6f96c78051f0a594b", new Dot11TaggedParameters(new MetricRegistry(), Dot11TaggedParameters.PROBERESP_TAGGED_PARAMS_POSITION, Frames.PROBE_RESP_1_PAYLOAD), META_NO_WEP, new byte[] {}, new byte[] {}));
assertNull(loopback.getLastAlert());
reset(loopback, nzyme);
// Unexpected fingerprint.
interceptor.intercept(Dot11ProbeResponseFrame.create("WTF", "ff:ff:ff:ff:ff:ff", "00:c0:ca:95:68:3b", "WRONGdfac3abce0c722f9609343f7dfa208afa51a1c7decbd2eb6f96c78051f0a594b", new Dot11TaggedParameters(new MetricRegistry(), Dot11TaggedParameters.PROBERESP_TAGGED_PARAMS_POSITION, Frames.PROBE_RESP_1_PAYLOAD), META_NO_WEP, new byte[] {}, new byte[] {}));
assertNotNull(loopback.getLastAlert());
assertEquals(UnexpectedFingerprintProbeRespAlert.class, loopback.getLastAlert().getClass());
reset(loopback, nzyme);
}
}
}
use of horse.wtf.nzyme.MockNzyme in project nzyme by lennartkoopmann.
the class UnexpectedSSIDInterceptorSetTest method testGetInterceptors.
@Test
public void testGetInterceptors() throws MalformedFrameException, IllegalRawDataException {
NzymeLeader nzyme = new MockNzyme();
LoopbackUplink loopback = new LoopbackUplink();
nzyme.registerUplink(loopback);
UnexpectedSSIDInterceptorSet set = new UnexpectedSSIDInterceptorSet(nzyme.getAlertsService(), nzyme.getConfiguration().dot11Networks());
assertEquals(set.getInterceptors().size(), 2);
for (Dot11FrameInterceptor interceptor : set.getInterceptors()) {
if (interceptor.forSubtype() == Dot11FrameSubtype.BEACON) {
assertEquals(interceptor.raisesAlerts(), new ArrayList<Class<? extends Alert>>() {
{
add(UnexpectedSSIDBeaconAlert.class);
}
});
// Expected beacon.
interceptor.intercept(new Dot11BeaconFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.BEACON_1_PAYLOAD, Frames.BEACON_1_HEADER, META_NO_WEP));
assertNull(loopback.getLastAlert());
// Beacon with a wrong SSID but different BSSID. Should not trigger.
interceptor.intercept(new Dot11BeaconFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.BEACON_3_PAYLOAD, Frames.BEACON_3_HEADER, META_NO_WEP));
assertNull(loopback.getLastAlert());
// Unexpected beacon.
interceptor.intercept(new Dot11BeaconFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.BEACON_WTF_WRONG_SSID_PAYLOAD, Frames.BEACON_WTF_WRONG_SSID_HEADER, META_NO_WEP));
assertNotNull(loopback.getLastAlert());
assertEquals(UnexpectedSSIDBeaconAlert.class, loopback.getLastAlert().getClass());
}
loopback.clear();
if (interceptor.forSubtype() == Dot11FrameSubtype.PROBE_RESPONSE) {
assertEquals(interceptor.raisesAlerts(), new ArrayList<Class<? extends Alert>>() {
{
add(UnexpectedSSIDProbeRespAlert.class);
}
});
// Expected probe-resp.
interceptor.intercept(new Dot11ProbeResponseFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.PROBE_RESP_3_PAYLOAD, Frames.PROBE_RESP_3_HEADER, META_NO_WEP));
assertNull(loopback.getLastAlert());
// Probe-resp with a wrong SSID but different BSSID. Should not trigger.
interceptor.intercept(new Dot11ProbeResponseFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.PROBE_RESP_1_PAYLOAD, Frames.PROBE_RESP_1_HEADER, META_NO_WEP));
assertNull(loopback.getLastAlert());
// Unexpected probe-resp.
interceptor.intercept(new Dot11ProbeResponseFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.PROBE_RESP_WTF_WRONG_SSID_PAYLOAD, Frames.PROBE_RESP_WTF_WRONG_SSID_HEADER, META_NO_WEP));
assertNotNull(loopback.getLastAlert());
assertEquals(UnexpectedSSIDProbeRespAlert.class, loopback.getLastAlert().getClass());
}
loopback.clear();
}
}
Aggregations