Exemple #1
0
 public SimulatedLoginAttemptGenerator(ExperimentalConfiguration experimentalConfiguration, SimulatedAccounts simAccounts, IpPool ipPool, SimulatedPasswords simPasswords)
 {
     _simAccounts = simAccounts;
     _experimentalConfiguration = experimentalConfiguration;
     _ipPool       = ipPool;
     _simPasswords = simPasswords;
 }
Exemple #2
0
        public async Task RunAsync(DebugLogger _logger, IpPool _ipPool)
        {
            TestConfiguration configuration = InitTest();

            _logger.WriteStatus("   "); _logger.WriteStatus("   "); _logger.WriteStatus("   ");


            _logger.WriteStatus("01)--------------------------------------------------------------------------");
            _logger.WriteStatus("Test With Correct User Account");
            CreateTestAccount(configuration, Username1, Password1);
            for (int i = 0; i < 1; i++)
            {
                LoginAttempt attempt = await AuthenticateAsync(configuration, Username1, Password1, Ip1);

                _logger.WriteStatus("Result - " + attempt.Outcome);
            }
            _logger.WriteStatus("-----------------------------------------------------------------------------");

            _logger.WriteStatus("   ");
            _logger.WriteStatus("02)--------------------------------------------------------------------------");
            _logger.WriteStatus("Test With Correct User Account with multiple login attempts ");
            string[] usernames = CreateUserAccounts(configuration, 200);
            foreach (string username in usernames.Skip(10))
            {
                await AuthenticateAsync(configuration, username, Password1, clientAddress : Ip1);
            }
            for (int i = 0; i < 1; i++)
            {
                LoginAttempt attempt = await AuthenticateAsync(configuration, Username1, Password1, Ip1);

                _logger.WriteStatus("Result - " + attempt.Outcome);
            }
            _logger.WriteStatus("-----------------------------------------------------------------------------");

            _logger.WriteStatus("   ");
            _logger.WriteStatus("03)--------------------------------------------------------------------------");
            _logger.WriteStatus("Test With InCorrect Username ");
            for (int i = 0; i < 1; i++)
            {
                LoginAttempt attempt = await AuthenticateAsync(configuration, "Invalid Account", Password1, Ip2, cookieProvidedByBrowser : "GimmeCookie");

                _logger.WriteStatus("Result - " + attempt.Outcome);
            }
            _logger.WriteStatus("-----------------------------------------------------------------------------");

            _logger.WriteStatus("   ");
            _logger.WriteStatus("04)--------------------------------------------------------------------------");
            _logger.WriteStatus("Test With InCorrect Username Multiple Attempts ");
            for (int i = 0; i < 1; i++)
            {
                LoginAttempt attempt = await AuthenticateAsync(configuration, "Invalid Account", Password1, Ip2, cookieProvidedByBrowser : "GimmeCookie");

                _logger.WriteStatus("Result - " + attempt.Outcome);
            }
            _logger.WriteStatus("-----------------------------------------------------------------------------");

            _logger.WriteStatus("   ");
            _logger.WriteStatus("05)--------------------------------------------------------------------------");
            _logger.WriteStatus("Test With InCorrect Password ");
            for (int i = 0; i < 1; i++)
            {
                LoginAttempt attempt = await AuthenticateAsync(configuration, Username1, "Incorrect Password", Ip3, cookieProvidedByBrowser : "GimmeCookie");

                _logger.WriteStatus("Result - " + attempt.Outcome);
            }
            _logger.WriteStatus("-----------------------------------------------------------------------------");

            _logger.WriteStatus("   ");
            _logger.WriteStatus("06)--------------------------------------------------------------------------");
            _logger.WriteStatus("Test With InCorrect Password Multiple Attempts ");
            for (int i = 0; i < 1; i++)
            {
                LoginAttempt attempt = await AuthenticateAsync(configuration, Username1, "Incorrect Password", Ip3, cookieProvidedByBrowser : "GimmeCookie");

                _logger.WriteStatus("Result - " + attempt.Outcome);
            }
            _logger.WriteStatus("-----------------------------------------------------------------------------");
        }
Exemple #3
0
 public SimulatedAccounts(IpPool ipPool, SimulatedPasswords simPasswords, DebugLogger logger)
 {
     _ipPool       = ipPool;
     _logger       = logger;
     _simPasswords = simPasswords;
 }
Exemple #4
0
        public async Task RunAsync()
        {
            _logger.WriteStatus("In RunInBackground");

            //_logger.WriteStatus("Priming password-tracking with known common passwords");
            _simPasswords.PrimeWithKnownPasswordsAsync(_binomialLadderFilter, 40);
            //_logger.WriteStatus("Finished priming password-tracking with known common passwords");

            //_logger.WriteStatus("Creating IP Pool");
            _ipPool = new IpPool(_experimentalConfiguration);
            //_logger.WriteStatus("Generating simualted account records");
            _simAccounts = new SimulatedAccounts(_ipPool, _simPasswords, _logger);
            _simAccounts.Generate(_experimentalConfiguration);

            //_logger.WriteStatus("Creating login-attempt generator");
            _attemptGenerator = new SimulatedLoginAttemptGenerator(_experimentalConfiguration, _simAccounts, _ipPool,
                                                                   _simPasswords);
            _logger.WriteStatus("Finiished creating login-attempt generator");

            FricSimulator fri = new FricSimulator();

            _logger.WriteStatus("   ");
            _logger.WriteStatus("   ");
            _logger.WriteStatus("Click Enter To First Testing Step");
            _logger.WriteStatus("   ");
            _logger.WriteStatus("   ");
            Console.Read();

            await fri.RunAsync(_logger, _ipPool);

            _logger.WriteStatus("   ");
            _logger.WriteStatus("   ");
            _logger.WriteStatus("Click Enter To Second Testing Step");
            _logger.WriteStatus("   ");
            _logger.WriteStatus("   ");
            Console.Read();
            Console.Read();

            _logger.WriteStatus("Running Password File to check");
            _logger.WriteStatus("   ");

            foreach (
                ConcurrentStreamWriter writer in
                new[]
                { _Attempts })
            {
                lock (writer)
                {
                    writer.WriteLine(string.Format("{0}\t{1}\t{2}\t{3}\t{4}\t{5}",
                                                   "UserID",
                                                   "IP",
                                                   "IsFrequentlyGuessedPw",
                                                   "IsPasswordCorrect",
                                                   "IsFromAttackAttacker",
                                                   "IsAGuess"
                                                   ));
                }
            }

            TimeSpan testTimeSpan       = _experimentalConfiguration.TestTimeSpan;
            double   ticksBetweenLogins = ((double)testTimeSpan.Ticks) /
                                          (double)_experimentalConfiguration.TotalLoginAttemptsToIssue;

            _experimentalConfiguration.TotalLoginAttemptsToIssue = 30000;
            int interlockedCount = 0;

            Parallel.For(0L, (long)_experimentalConfiguration.TotalLoginAttemptsToIssue, (count, pls) =>
            {
                interlockedCount = Interlocked.Add(ref interlockedCount, 1);
                if (interlockedCount % 10000 == 0)
                {
                    _logger.WriteStatus("Login Attempt {0:N0}", interlockedCount);
                }
                DateTime eventTimeUtc = StartTimeUtc.AddTicks((long)(ticksBetweenLogins * interlockedCount));
                SimulatedLoginAttempt simAttempt;
                if (StrongRandomNumberGenerator.GetFraction() <
                    _experimentalConfiguration.FractionOfLoginAttemptsFromAttacker)
                {
                    switch (_experimentalConfiguration.AttackersStrategy)
                    {
                    case ExperimentalConfiguration.AttackStrategy.UseUntilLikelyPopular:
                        simAttempt =
                            _attemptGenerator.MaliciousLoginAttemptBreadthFirstAvoidMakingPopular(eventTimeUtc);
                        break;

                    case ExperimentalConfiguration.AttackStrategy.Weighted:
                        simAttempt = _attemptGenerator.MaliciousLoginAttemptWeighted(eventTimeUtc);
                        break;

                    case ExperimentalConfiguration.AttackStrategy.BreadthFirst:
                    default:
                        simAttempt = _attemptGenerator.MaliciousLoginAttemptBreadthFirst(eventTimeUtc);
                        break;
                    }
                }
                else
                {
                    simAttempt = _attemptGenerator.BenignLoginAttempt(eventTimeUtc);
                }


                SimIpHistory ipHistory = _ipHistoryCache.GetOrAdd(simAttempt.AddressOfClientInitiatingRequest,
                                                                  (ip) => new SimIpHistory(
                                                                      _experimentalConfiguration.BlockingOptions
                                                                      .NumberOfFailuresToTrackForGoingBackInTimeToIdentifyTypos));
                double[] scores = ipHistory.GetAllScores(_experimentalConfiguration.BlockingOptions.BlockScoreHalfLife,
                                                         simAttempt.TimeOfAttemptUtc);

                simAttempt.UpdateSimulatorState(this, ipHistory);

                double decayingInvalidPasswordAttempts = 0d;
                if (simAttempt.IsPasswordValid)
                {
                    DecayingDouble incorrectPasswordAttempts;
                    if (_incorrectPasswordCounts.TryGetValue(simAttempt.Password, out incorrectPasswordAttempts))
                    {
                        decayingInvalidPasswordAttempts = incorrectPasswordAttempts.GetValue(_experimentalConfiguration.BlockingOptions.BlockScoreHalfLife, simAttempt.TimeOfAttemptUtc);
                    }
                }
                else
                {
                    decayingInvalidPasswordAttempts = 1d;
                    DecayingDouble incorrectPasswordAttempts;
                    if (_incorrectPasswordCounts.TryGetValue(simAttempt.Password, out incorrectPasswordAttempts))
                    {
                        decayingInvalidPasswordAttempts += incorrectPasswordAttempts.GetValue(_experimentalConfiguration.BlockingOptions.BlockScoreHalfLife, simAttempt.TimeOfAttemptUtc);
                    }
                    _incorrectPasswordCounts[simAttempt.Password] = new DecayingDouble(decayingInvalidPasswordAttempts, simAttempt.TimeOfAttemptUtc);
                }

                var ipInfo          = _ipPool.GetIpAddressDebugInfo(simAttempt.AddressOfClientInitiatingRequest);
                string outputString = string.Format("{0}\t{1}\t{2}\t{3}\t{4}\t{5}",
                                                    simAttempt.SimAccount?.UsernameOrAccountId ?? "<null>",
                                                    simAttempt.AddressOfClientInitiatingRequest,
                                                    simAttempt.IsFrequentlyGuessedPassword ? "Frequent" : "Infrequent",
                                                    simAttempt.IsPasswordValid ? "Correct" : "Incorrect",
                                                    simAttempt.IsFromAttacker ? "FromAttacker" : "FromUser",
                                                    simAttempt.IsGuess ? "IsGuess" : "NotGuess",
                                                    simAttempt.IsFromAttacker
                       ? (ipInfo.UsedByBenignUsers ? "IsInBenignPool" : "NotUsedByBenign")
                       : (ipInfo.UsedByAttackers ? "IsInAttackersIpPool" : "NotUsedByAttacker"),
                                                    ipInfo.IsPartOfProxy ? "ProxyIP" : "NotAProxy",
                                                    string.IsNullOrEmpty(simAttempt.MistakeType) ? "-" : simAttempt.MistakeType,
                                                    decayingInvalidPasswordAttempts,
                                                    simAttempt.SimAccount?.MaxConsecutiveIncorrectAttempts.GetValue(_experimentalConfiguration.BlockingOptions.BlockScoreHalfLife, simAttempt.TimeOfAttemptUtc) ?? 0d,
                                                    string.Join("\t", scores.Select(s => s.ToString(CultureInfo.InvariantCulture)).ToArray())
                                                    );


                _Attempts.WriteLine(outputString);
                _logger.WriteStatus(outputString);
                Thread.Sleep(1300);
            });
            foreach (
                ConcurrentStreamWriter writer in
                new[]
                { _Attempts })
            {
                writer.Close();
            }
        }