Examples with Sentry horse.wtf.nzyme.dot11.networks.sentry.Sentry used on opensource projects

Search in sources :

Example 1 with Sentry

use of horse.wtf.nzyme.dot11.networks.sentry.Sentry in project nzyme by lennartkoopmann.

the class Sentry method loadTable.

private void loadTable() {
    List<SentrySSID> entries = nzyme.getDatabase().withHandle(handle -> handle.createQuery("SELECT * FROM sentry_ssids").mapTo(SentrySSID.class).list());
    LOG.info("Loading <{}> SSIDs from database into sentry table.", entries.size());
    for (SentrySSID entry : entries) {
        this.table.put(entry.ssid(), entry);
    }
}
Also used : SentrySSID(horse.wtf.nzyme.dot11.networks.sentry.db.SentrySSID)

Example 2 with Sentry

use of horse.wtf.nzyme.dot11.networks.sentry.Sentry in project nzyme by lennartkoopmann.

the class Sentry method tickSSID.

public void tickSSID(String ssid, DateTime date) {
    if (ssid == null || ssid.trim().isEmpty() || !Tools.isHumanlyReadable(ssid)) {
        throw new RuntimeException("Cannot use NULL, empty or non-humanly-readable SSID in Sentry.");
    }
    if (table.containsKey(ssid)) {
        SentrySSID entry = table.get(ssid);
        table.put(ssid, SentrySSID.create(ssid, entry.firstSeen(), date));
    } else {
        table.put(ssid, SentrySSID.create(ssid, date, date));
    }
}
Also used : SentrySSID(horse.wtf.nzyme.dot11.networks.sentry.db.SentrySSID)

Example 3 with Sentry

use of horse.wtf.nzyme.dot11.networks.sentry.Sentry in project nzyme by lennartkoopmann.

the class SentryInterceptorSetTest method testProbeRespWithAlertDisabled.

@Test
public void testProbeRespWithAlertDisabled() throws MalformedFrameException, IllegalRawDataException, InterruptedException {
    LoopbackUplink uplink = new LoopbackUplink();
    NzymeLeader nzyme = new MockNzyme();
    nzyme.registerUplink(uplink);
    Sentry sentry = new Sentry(nzyme, 2);
    try {
        assertEquals(sentry.getSSIDs().size(), 0);
        assertNull(uplink.getLastAlert());
        Dot11FrameInterceptor interceptor = new SentryInterceptorSet(sentry, nzyme.getAlertsService(), false).getInterceptors().get(1);
        interceptor.intercept(new Dot11ProbeResponseFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.PROBE_RESP_1_PAYLOAD, Frames.PROBE_RESP_1_HEADER, META_NO_WEP));
        Thread.sleep(2500);
        assertEquals(sentry.getSSIDs().size(), 1);
        assertTrue(sentry.knowsSSID("Home 5F48"));
        assertNull(uplink.getLastAlert());
    } finally {
        sentry.stop();
    }
}
Also used : MockNzyme(horse.wtf.nzyme.MockNzyme) NzymeLeader(horse.wtf.nzyme.NzymeLeader) MetricRegistry(com.codahale.metrics.MetricRegistry) Anonymizer(horse.wtf.nzyme.dot11.anonymization.Anonymizer) Sentry(horse.wtf.nzyme.dot11.networks.sentry.Sentry) Dot11FrameInterceptor(horse.wtf.nzyme.dot11.Dot11FrameInterceptor) Dot11ProbeResponseFrameParser(horse.wtf.nzyme.dot11.parsers.Dot11ProbeResponseFrameParser) LoopbackUplink(horse.wtf.nzyme.notifications.uplinks.misc.LoopbackUplink) Test(org.testng.annotations.Test)

Example 4 with Sentry

use of horse.wtf.nzyme.dot11.networks.sentry.Sentry in project nzyme by lennartkoopmann.

the class NzymeLeaderImpl method initializeProbes.

private void initializeProbes() {
    // Broad monitor probes.
    for (Dot11MonitorDefinition m : configuration.dot11Monitors()) {
        Dot11MonitorProbe probe = new Dot11MonitorProbe(Dot11ProbeConfiguration.create("broad-monitor-" + m.device(), getUplinks(), getNodeID(), m.device(), m.channels(), m.channelHopInterval(), m.channelHopCommand(), m.skipEnableMonitor(), m.maxIdleTimeSeconds(), configuration.dot11Networks(), configuration.dot11TrapDevices()), frameProcessor, metrics, anonymizer, this, false);
        probeExecutor.submit(probe.loop());
        this.probes.add(probe);
    // Initialization happens in thread.
    }
    // Broad monitor interceptors.
    frameProcessor.registerDot11Interceptors(new BroadMonitorInterceptorSet(this).getInterceptors());
    // Bandit interceptors.
    frameProcessor.registerDot11Interceptors(new BanditIdentifierInterceptorSet(getContactManager()).getInterceptors());
    // Sentry interceptors.
    frameProcessor.registerDot11Interceptors(new SentryInterceptorSet(sentry, alerts, configuration.dot11Alerts().contains(Alert.TYPE_WIDE.UNKNOWN_SSID)).getInterceptors());
    // Deauth counter.
    frameProcessor.registerDot11Interceptors(new DeauthFrameCounterInterceptorSet(deauthenticationMonitor).getInterceptors());
    // Dot11 alerting interceptors.
    if (configuration.dot11Alerts().contains(Alert.TYPE_WIDE.UNEXPECTED_BSSID)) {
        frameProcessor.registerDot11Interceptors(new UnexpectedBSSIDInterceptorSet(getAlertsService(), configuration.dot11Networks()).getInterceptors());
    }
    if (configuration.dot11Alerts().contains(Alert.TYPE_WIDE.UNEXPECTED_SSID)) {
        frameProcessor.registerDot11Interceptors(new UnexpectedSSIDInterceptorSet(getAlertsService(), configuration.dot11Networks()).getInterceptors());
    }
    if (configuration.dot11Alerts().contains(Alert.TYPE_WIDE.CRYPTO_CHANGE)) {
        frameProcessor.registerDot11Interceptors(new CryptoChangeInterceptorSet(getAlertsService(), configuration.dot11Networks()).getInterceptors());
    }
    if (configuration.dot11Alerts().contains(Alert.TYPE_WIDE.UNEXPECTED_CHANNEL)) {
        frameProcessor.registerDot11Interceptors(new UnexpectedChannelInterceptorSet(getAlertsService(), configuration.dot11Networks()).getInterceptors());
    }
    if (configuration.dot11Alerts().contains(Alert.TYPE_WIDE.UNEXPECTED_FINGERPRINT)) {
        frameProcessor.registerDot11Interceptors(new UnexpectedFingerprintInterceptorSet(getAlertsService(), configuration.dot11Networks()).getInterceptors());
    }
    if (configuration.dot11Alerts().contains(Alert.TYPE_WIDE.PWNAGOTCHI_ADVERTISEMENT)) {
        frameProcessor.registerDot11Interceptor(new PwnagotchiAdvertisementInterceptor(getAlertsService()));
    }
    // Traps.
    for (Dot11TrapDeviceDefinition td : configuration.dot11TrapDevices()) {
        Dot11TrapConfiguration tc = td.trap();
        // This part doesn't belong here but it's fine for now. Probably want a factory. TODO REFACTOR.
        Trap trap;
        try {
            switch(tc.type()) {
                case PROBE_REQUEST_1:
                    trap = new ProbeRequestTrap(this, td.device(), tc.configuration().getStringList(ConfigurationKeys.SSIDS), tc.configuration().getString(ConfigurationKeys.TRANSMITTER), tc.configuration().getInt(ConfigurationKeys.DELAY_SECONDS));
                    break;
                case BEACON_1:
                    trap = new BeaconTrap(this, td.device(), tc.configuration().getStringList(ConfigurationKeys.SSIDS), tc.configuration().getString(ConfigurationKeys.TRANSMITTER), tc.configuration().getInt(ConfigurationKeys.DELAY_MILLISECONDS), tc.configuration().getString(ConfigurationKeys.FINGERPRINT));
                    break;
                default:
                    LOG.error("Cannot construct trap of type [{}]. Unknown type. Skipping.", tc.type());
                    continue;
            }
            trap.checkConfiguration();
        } catch (ConfigException e) {
            LOG.error("Invalid configuration for trap of type [{}]. Skipping.", tc.type(), e);
            continue;
        } catch (Exception e) {
            LOG.error("Failed to construct trap of type [{}]. Skipping.", tc.type(), e);
            continue;
        }
        // Register interceptors of this trap.
        LOG.info("Registering frame interceptors of [{}].", trap.getClass().getCanonicalName());
        frameProcessor.registerDot11Interceptors(trap.requestedInterceptors());
        // Start probe.
        Dot11SenderProbe probe = new Dot11SenderProbe(Dot11ProbeConfiguration.create("trap-sender-" + td.device() + "-" + tc.type(), getUplinks(), getNodeID(), td.device(), ImmutableList.copyOf(td.channels()), td.channelHopInterval(), td.channelHopCommand(), td.skipEnableMonitor(), 60, configuration.dot11Networks(), configuration.dot11TrapDevices()), trap, metrics);
        trap.setProbe(probe);
        probeExecutor.submit(probe.loop());
        probes.add(probe);
    }
}
Also used : ProbeRequestTrap(horse.wtf.nzyme.dot11.deception.traps.ProbeRequestTrap) BeaconTrap(horse.wtf.nzyme.dot11.deception.traps.BeaconTrap) ProbeRequestTrap(horse.wtf.nzyme.dot11.deception.traps.ProbeRequestTrap) Trap(horse.wtf.nzyme.dot11.deception.traps.Trap) ConfigException(com.typesafe.config.ConfigException) ConfigException(com.typesafe.config.ConfigException) SchedulerException(org.quartz.SchedulerException) IOException(java.io.IOException) BeaconTrap(horse.wtf.nzyme.dot11.deception.traps.BeaconTrap)

Example 5 with Sentry

use of horse.wtf.nzyme.dot11.networks.sentry.Sentry in project nzyme by lennartkoopmann.

the class SentryInterceptorSetTest method testProbeRespWithAlertEnabled.

@Test
public void testProbeRespWithAlertEnabled() throws MalformedFrameException, IllegalRawDataException, InterruptedException {
    LoopbackUplink uplink = new LoopbackUplink();
    NzymeLeader nzyme = new MockNzyme();
    nzyme.registerUplink(uplink);
    Sentry sentry = new Sentry(nzyme, 2);
    try {
        assertEquals(sentry.getSSIDs().size(), 0);
        assertNull(uplink.getLastAlert());
        Dot11FrameInterceptor interceptor = new SentryInterceptorSet(sentry, nzyme.getAlertsService(), true).getInterceptors().get(1);
        interceptor.intercept(new Dot11ProbeResponseFrameParser(new MetricRegistry(), new Anonymizer(false, "")).parse(Frames.PROBE_RESP_1_PAYLOAD, Frames.PROBE_RESP_1_HEADER, META_NO_WEP));
        Thread.sleep(2500);
        assertEquals(sentry.getSSIDs().size(), 1);
        assertTrue(sentry.knowsSSID("Home 5F48"));
        assertNotNull(uplink.getLastAlert());
        assertEquals(uplink.getLastAlert().getClass(), UnknownSSIDAlert.class);
    } finally {
        sentry.stop();
    }
}
Also used : MockNzyme(horse.wtf.nzyme.MockNzyme) NzymeLeader(horse.wtf.nzyme.NzymeLeader) MetricRegistry(com.codahale.metrics.MetricRegistry) Anonymizer(horse.wtf.nzyme.dot11.anonymization.Anonymizer) Sentry(horse.wtf.nzyme.dot11.networks.sentry.Sentry) Dot11FrameInterceptor(horse.wtf.nzyme.dot11.Dot11FrameInterceptor) Dot11ProbeResponseFrameParser(horse.wtf.nzyme.dot11.parsers.Dot11ProbeResponseFrameParser) LoopbackUplink(horse.wtf.nzyme.notifications.uplinks.misc.LoopbackUplink) Test(org.testng.annotations.Test)

Aggregations

MetricRegistry (com.codahale.metrics.MetricRegistry)4 MockNzyme (horse.wtf.nzyme.MockNzyme)4 NzymeLeader (horse.wtf.nzyme.NzymeLeader)4 Dot11FrameInterceptor (horse.wtf.nzyme.dot11.Dot11FrameInterceptor)4 Anonymizer (horse.wtf.nzyme.dot11.anonymization.Anonymizer)4 Sentry (horse.wtf.nzyme.dot11.networks.sentry.Sentry)4 LoopbackUplink (horse.wtf.nzyme.notifications.uplinks.misc.LoopbackUplink)4 Test (org.testng.annotations.Test)4 SentrySSID (horse.wtf.nzyme.dot11.networks.sentry.db.SentrySSID)2 Dot11BeaconFrameParser (horse.wtf.nzyme.dot11.parsers.Dot11BeaconFrameParser)2 Dot11ProbeResponseFrameParser (horse.wtf.nzyme.dot11.parsers.Dot11ProbeResponseFrameParser)2 ConfigException (com.typesafe.config.ConfigException)1 BeaconTrap (horse.wtf.nzyme.dot11.deception.traps.BeaconTrap)1 ProbeRequestTrap (horse.wtf.nzyme.dot11.deception.traps.ProbeRequestTrap)1 Trap (horse.wtf.nzyme.dot11.deception.traps.Trap)1 IOException (java.io.IOException)1 SchedulerException (org.quartz.SchedulerException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial