public void PerformSMBTest_Port445_Exists() { TcpListener tcpListener = SMBServiceFakeHelper.CreateSMBService(SMBDirectHostPort); try { SMBServiceFakeHelper.PerformSingleSMBServiceListen(tcpListener); SpoofDetectionResult result = SMBTester.PerformSMBTest(IPAddress.Parse(RemoteServerAddress), LocalServerAddress); Assert.IsTrue(result.Detected); Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence); Assert.AreEqual(Protocol.SMB, result.Protocol); Assert.IsNull(result.ErrorMessage); Assert.AreEqual("Open", result.Response); Assert.AreEqual(RemoteServerAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(SMBDirectHostPort, result.Endpoint.Port); } catch (SocketException ex) { //If there is already a service, we can't run this test. Just pass the test. if (ex.Message == "Only one usage of each socket address (protocol/network address/port) is normally permitted") { return; } throw; } finally { tcpListener.Stop(); } }
public void PerformWPADTest_AuthPermutations() { HttpListener httpListener = WPADServiceFakeHelper.CreateWPADService(String.Format("http://{0}:{1}/", ServerAddress, ServerPort)); try { WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, ""); SpoofDetectionResult result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, null, null, null); Assert.IsTrue(result.Detected); Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence); Assert.AreEqual("HTTP Code OK", result.Response); WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, ""); result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "Guest", null, null); Assert.IsTrue(result.Detected); Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence); Assert.AreEqual("HTTP Code OK", result.Response); WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, ""); result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "Guest", "test", null); Assert.IsTrue(result.Detected); Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence); Assert.AreEqual("HTTP Code OK", result.Response); WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, ""); result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "Guest", "test", "test"); Assert.IsTrue(result.Detected); Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence); Assert.AreEqual("HTTP Code OK", result.Response); WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, ""); result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "Guest", null, "test"); Assert.IsTrue(result.Detected); Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence); Assert.AreEqual("HTTP Code OK", result.Response); WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, ""); result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, null, "test", "test"); Assert.IsTrue(result.Detected); Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence); Assert.AreEqual("HTTP Code OK", result.Response); WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, ""); result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, null, null, "test"); Assert.IsTrue(result.Detected); Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence); Assert.AreEqual("HTTP Code OK", result.Response); } finally { httpListener.Close(); } }
public void PerformSMBTest_NoService() { //This test is pointless if we're already running an SMB server, so establish that first //There's obvious race conditions here, but you shouldn't really be messing with an SMB service while in middle of running SMB tests... TcpListener tcpListener = SMBServiceFakeHelper.CreateSMBService(NBOverTCPPort); try { SMBServiceFakeHelper.PerformSingleSMBServiceListen(tcpListener); } catch (SocketException ex) { if (ex.Message == "Only one usage of each socket address (protocol/network address/port) is normally permitted") { return; } throw; } finally { tcpListener.Stop(); } tcpListener = SMBServiceFakeHelper.CreateSMBService(SMBDirectHostPort); try { SMBServiceFakeHelper.PerformSingleSMBServiceListen(tcpListener); } catch (SocketException ex) { if (ex.Message == "Only one usage of each socket address (protocol/network address/port) is normally permitted") { return; } throw; } finally { tcpListener.Stop(); } //Now attempt to connect to service that doesn't exist SpoofDetectionResult result = SMBTester.PerformSMBTest(IPAddress.Parse(RemoteServerAddress), LocalServerAddress); Assert.IsFalse(result.Detected); Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence); Assert.AreEqual(Protocol.SMB, result.Protocol); Assert.AreEqual(String.Format("No connection could be made because the target machine actively refused it {0}:{1}", RemoteServerAddress, SMBDirectHostPort), result.ErrorMessage); Assert.IsNull(result.Response); Assert.AreEqual(RemoteServerAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(SMBDirectHostPort, result.Endpoint.Port); }
public void PerformWPADTest_NoServer() { SpoofDetectionResult result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "test", "test", "test"); Assert.IsFalse(result.Detected); Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence); Assert.AreEqual(Protocol.WPAD, result.Protocol); Assert.AreEqual("Unknown HTTP error (Unable to connect to the remote server)", result.ErrorMessage); Assert.IsNull(result.Response); Assert.AreEqual(ServerAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(ServerPort, result.Endpoint.Port); }
public void PerformWPADTest_ResponseSinkhole() { using (Socket socket = WPADServiceFakeHelper.CreateHTTPSinkholeTcpSocket(ServerAddress, ServerPort)) { SpoofDetectionResult result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "test", "test", "test"); Assert.IsFalse(result.Detected); Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence); Assert.AreEqual(Protocol.WPAD, result.Protocol); Assert.IsNull(result.Response); Assert.AreEqual("Unknown HTTP error (The operation has timed out.)", result.ErrorMessage); Assert.AreEqual(ServerAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(ServerPort, result.Endpoint.Port); } }
public void PerformWPADTest_TotalJunk() { using (Socket socket = WPADServiceFakeHelper.CreateJunkTcpSocket(ServerAddress, ServerPort)) { SpoofDetectionResult result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "test", "test", "test"); Assert.IsFalse(result.Detected); Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence); Assert.AreEqual(Protocol.WPAD, result.Protocol); Assert.IsNull(result.Response); Assert.AreEqual( "Unknown HTTP error (The server committed a protocol violation. Section=ResponseStatusLine)", result.ErrorMessage); Assert.AreEqual(ServerAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(ServerPort, result.Endpoint.Port); } }
public void PerformWPADTest() { HttpListener httpListener = WPADServiceFakeHelper.CreateWPADService(String.Format("http://{0}:{1}/", ServerAddress, ServerPort)); try { WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, ""); SpoofDetectionResult result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "test", "test", "test"); Assert.IsTrue(result.Detected); Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence); Assert.AreEqual(Protocol.WPAD, result.Protocol); Assert.IsNull(result.ErrorMessage); Assert.AreEqual("HTTP Code OK", result.Response); Assert.AreEqual(ServerAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(ServerPort, result.Endpoint.Port); } finally { httpListener.Close(); } }