public void PerformSMBTest_Port445_Exists()
{
TcpListener tcpListener = SMBServiceFakeHelper.CreateSMBService(SMBDirectHostPort);
try
{
SMBServiceFakeHelper.PerformSingleSMBServiceListen(tcpListener);
SpoofDetectionResult result = SMBTester.PerformSMBTest(IPAddress.Parse(RemoteServerAddress), LocalServerAddress);
Assert.IsTrue(result.Detected);
Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence);
Assert.AreEqual(Protocol.SMB, result.Protocol);
Assert.IsNull(result.ErrorMessage);
Assert.AreEqual("Open", result.Response);
Assert.AreEqual(RemoteServerAddress, result.Endpoint.Address.ToString());
Assert.AreEqual(SMBDirectHostPort, result.Endpoint.Port);
}
catch (SocketException ex)
{
//If there is already a service, we can't run this test. Just pass the test.
if (ex.Message == "Only one usage of each socket address (protocol/network address/port) is normally permitted")
{
return;
}
throw;
}
finally
{
tcpListener.Stop();
}
}
public void PerformWPADTest_AuthPermutations()
{
HttpListener httpListener = WPADServiceFakeHelper.CreateWPADService(String.Format("http://{0}:{1}/", ServerAddress, ServerPort));
try
{
WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, "");
SpoofDetectionResult result =
WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, null, null, null);
Assert.IsTrue(result.Detected);
Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence);
Assert.AreEqual("HTTP Code OK", result.Response);
WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, "");
result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "Guest", null, null);
Assert.IsTrue(result.Detected);
Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence);
Assert.AreEqual("HTTP Code OK", result.Response);
WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, "");
result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "Guest", "test", null);
Assert.IsTrue(result.Detected);
Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence);
Assert.AreEqual("HTTP Code OK", result.Response);
WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, "");
result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "Guest", "test",
"test");
Assert.IsTrue(result.Detected);
Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence);
Assert.AreEqual("HTTP Code OK", result.Response);
WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, "");
result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "Guest", null, "test");
Assert.IsTrue(result.Detected);
Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence);
Assert.AreEqual("HTTP Code OK", result.Response);
WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, "");
result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, null, "test", "test");
Assert.IsTrue(result.Detected);
Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence);
Assert.AreEqual("HTTP Code OK", result.Response);
WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, "");
result = WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, null, null, "test");
Assert.IsTrue(result.Detected);
Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence);
Assert.AreEqual("HTTP Code OK", result.Response);
}
finally
{
httpListener.Close();
}
}
public void PerformSMBTest_NoService()
{
//This test is pointless if we're already running an SMB server, so establish that first
//There's obvious race conditions here, but you shouldn't really be messing with an SMB service while in middle of running SMB tests...
TcpListener tcpListener = SMBServiceFakeHelper.CreateSMBService(NBOverTCPPort);
try
{
SMBServiceFakeHelper.PerformSingleSMBServiceListen(tcpListener);
}
catch (SocketException ex)
{
if (ex.Message == "Only one usage of each socket address (protocol/network address/port) is normally permitted")
{
return;
}
throw;
}
finally
{
tcpListener.Stop();
}
tcpListener = SMBServiceFakeHelper.CreateSMBService(SMBDirectHostPort);
try
{
SMBServiceFakeHelper.PerformSingleSMBServiceListen(tcpListener);
}
catch (SocketException ex)
{
if (ex.Message == "Only one usage of each socket address (protocol/network address/port) is normally permitted")
{
return;
}
throw;
}
finally
{
tcpListener.Stop();
}
//Now attempt to connect to service that doesn't exist
SpoofDetectionResult result = SMBTester.PerformSMBTest(IPAddress.Parse(RemoteServerAddress), LocalServerAddress);
Assert.IsFalse(result.Detected);
Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence);
Assert.AreEqual(Protocol.SMB, result.Protocol);
Assert.AreEqual(String.Format("No connection could be made because the target machine actively refused it {0}:{1}", RemoteServerAddress, SMBDirectHostPort), result.ErrorMessage);
Assert.IsNull(result.Response);
Assert.AreEqual(RemoteServerAddress, result.Endpoint.Address.ToString());
Assert.AreEqual(SMBDirectHostPort, result.Endpoint.Port);
}
public void PerformWPADTest_NoServer()
{
SpoofDetectionResult result =
WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "test", "test", "test");
Assert.IsFalse(result.Detected);
Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence);
Assert.AreEqual(Protocol.WPAD, result.Protocol);
Assert.AreEqual("Unknown HTTP error (Unable to connect to the remote server)", result.ErrorMessage);
Assert.IsNull(result.Response);
Assert.AreEqual(ServerAddress, result.Endpoint.Address.ToString());
Assert.AreEqual(ServerPort, result.Endpoint.Port);
}
public void PerformWPADTest_ResponseSinkhole()
{
using (Socket socket = WPADServiceFakeHelper.CreateHTTPSinkholeTcpSocket(ServerAddress, ServerPort))
{
SpoofDetectionResult result =
WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "test", "test", "test");
Assert.IsFalse(result.Detected);
Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence);
Assert.AreEqual(Protocol.WPAD, result.Protocol);
Assert.IsNull(result.Response);
Assert.AreEqual("Unknown HTTP error (The operation has timed out.)", result.ErrorMessage);
Assert.AreEqual(ServerAddress, result.Endpoint.Address.ToString());
Assert.AreEqual(ServerPort, result.Endpoint.Port);
}
}
public void PerformWPADTest_TotalJunk()
{
using (Socket socket = WPADServiceFakeHelper.CreateJunkTcpSocket(ServerAddress, ServerPort))
{
SpoofDetectionResult result =
WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "test", "test", "test");
Assert.IsFalse(result.Detected);
Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence);
Assert.AreEqual(Protocol.WPAD, result.Protocol);
Assert.IsNull(result.Response);
Assert.AreEqual(
"Unknown HTTP error (The server committed a protocol violation. Section=ResponseStatusLine)",
result.ErrorMessage);
Assert.AreEqual(ServerAddress, result.Endpoint.Address.ToString());
Assert.AreEqual(ServerPort, result.Endpoint.Port);
}
}
public void PerformWPADTest()
{
HttpListener httpListener = WPADServiceFakeHelper.CreateWPADService(String.Format("http://{0}:{1}/", ServerAddress, ServerPort));
try
{
WPADServiceFakeHelper.PerformSingleWPADServiceListen(httpListener, HttpStatusCode.OK, "");
SpoofDetectionResult result =
WPADTester.PerformWPADTest(IPAddress.Parse(ServerAddress), ServerPort, "test", "test", "test");
Assert.IsTrue(result.Detected);
Assert.AreEqual(ConfidenceLevel.Medium, result.Confidence);
Assert.AreEqual(Protocol.WPAD, result.Protocol);
Assert.IsNull(result.ErrorMessage);
Assert.AreEqual("HTTP Code OK", result.Response);
Assert.AreEqual(ServerAddress, result.Endpoint.Address.ToString());
Assert.AreEqual(ServerPort, result.Endpoint.Port);
}
finally
{
httpListener.Close();
}
}
