public async Task <IActionResult> ClearAllBlocks()
{
await Hacker.ClearAllHitsAsync();
await Hacker.ClearBlacklistsAsync();
return(await LogOff());
}
public void Cleanup()
{
Hacker.ClearAllHitsAsync();
Hacker.ClearBlacklistsAsync();
if (_server != null)
{
_server.Dispose();
}
}
public void Init()
{
Hacker.Config.MaxHitsPerKey = 15;
Hacker.Config.MaxHitsPerOrigin = 20;
Hacker.Config.MaxHitsPerKeyPerOrigin = 15;
Hacker.Config.MaxHitsPerKeyInterval = TimeSpan.FromMinutes(1);
Hacker.Config.MaxHitsPerOriginInterval = TimeSpan.FromMinutes(1);
Hacker.Config.MaxHitsPerKeyPerOriginInterval = TimeSpan.FromMinutes(1);
Hacker.Store = new RedisDefenceStore(HackerSprayConfig.Settings.Redis,
HackerSprayConfig.Settings.Prefix,
Hacker.Config);
Hacker.ClearAllHitsAsync();
Hacker.ClearBlacklistsAsync();
}
public async Task TestAccountLogOn()
{
await Hacker.ClearAllHitsAsync();
await Hacker.ClearBlacklistsAsync();
var response = await _server.CreateClient().PostAsync("/Account/Login",
new StringContent("[email protected]&Password=Password1!"));
response.EnsureSuccessStatusCode();
var responseString = await response.Content.ReadAsStringAsync();
// Assert
Assert.AreEqual("Hello World!",
responseString);
}
public async Task TestBruteForceOnAccountLogOn()
{
await Hacker.ClearAllHitsAsync();
await Hacker.ClearBlacklistsAsync();
var startTime = DateTime.Now;
// Perform brute force login
var forResult = Parallel.For(0, 99, async p =>
{
string responseString = await HitLoginPage(HttpStatusCode.OK,
"Hit must be allowed from IP until limit is reached");
// Assert
Assert.AreEqual("Hello World!", responseString);
});
forResult.Wait();
await HitLoginPage(HttpStatusCode.OK, "Hit must be allowed from IP until limit is reached");
// Ensure any extra hit is now blocked
await HitLoginPage(HttpStatusCode.NotAcceptable, "Hit should be blocked after maximum number of hits made.");
// Hits from different IP must be allowed
var diffClient = _server.CreateClient();
diffClient.DefaultRequestHeaders.Add("X-Forwarded-For", "127.0.0.2");
var allowedResponse = await diffClient.PostAsync("/Account/Login", new StringContent("body"));
await allowedResponse.Content.ReadAsStringAsync();
Assert.AreEqual(HttpStatusCode.OK, allowedResponse.StatusCode,
"Hit must be allowed from other IP");
// wait for unblock period
WaitForIntervalToElapse(TimeSpan.FromMinutes(1), startTime);
await HitLoginPage(HttpStatusCode.OK, "Hit must be allowed from IP until limit is reached");
}
public void Cleanup()
{
Hacker.ClearAllHitsAsync();
Hacker.ClearBlacklistsAsync();
}
public void Cleanup()
{
Hacker.ClearAllHitsAsync().Run();
Hacker.ClearBlacklistsAsync().Run();
Hacker.Store.Dispose();
}
public void TestOriginRangeBlocking()
{
Hacker.ClearBlacklistsAsync().Run();
Hacker.ClearAllHitsAsync().Run();
var ipsInRange = new[] {
IPAddress.Parse("10.10.10.10"),
IPAddress.Parse("10.10.10.11"),
IPAddress.Parse("10.10.254.254"),
IPAddress.Parse("10.11.10.9"),
IPAddress.Parse("10.11.10.10"),
IPAddress.Parse("9.1.1.1"),
IPAddress.Parse("9.1.1.10"),
IPAddress.Parse("9.10.10.9"),
IPAddress.Parse("10.11.10.12"),
IPAddress.Parse("127.254.254.254"),
IPAddress.Parse("100.100.100.100"),
IPAddress.Parse("128.10.10.12"),
IPAddress.Parse("128.10.10.254"),
IPAddress.Parse("128.10.10.128"),
};
var ipsOutofRange = new[] {
IPAddress.Parse("10.10.10.9"),
IPAddress.Parse("9.10.10.10"),
IPAddress.Parse("10.11.10.11"),
IPAddress.Parse("128.10.10.11"),
IPAddress.Parse("200.200.200.200"),
IPAddress.Parse("1.1.1.1"),
IPAddress.Parse("10.0.0.0")
};
Hacker.BlacklistOriginAsync(IPAddress.Parse("10.10.10.10"), IPAddress.Parse("10.11.10.10")).Run();
Hacker.BlacklistOriginAsync(IPAddress.Parse("9.1.1.1"), IPAddress.Parse("9.10.10.9")).Run();
Hacker.BlacklistOriginAsync(IPAddress.Parse("10.11.10.12"), IPAddress.Parse("127.254.254.254")).Run();
Hacker.BlacklistOriginAsync(IPAddress.Parse("128.10.10.12"), IPAddress.Parse("128.10.10.254")).Run();
Array.ForEach(ipsInRange, ip =>
Assert.AreEqual(Hacker.Result.OriginBlocked,
Hacker.DefendAsync("TestOriginRangeBlocking", ip).Run(),
ip.ToString() + " must be blocked."));
Hacker.ClearAllHitsAsync().Run();
Array.ForEach(ipsOutofRange, ip =>
Assert.AreEqual(Hacker.Result.Allowed,
Hacker.DefendAsync("TestOriginRangeBlocking", ip).Run(),
ip.ToString() + " must be allowed"));
Hacker.WhitelistOriginAsync(IPAddress.Parse("9.1.1.1"), IPAddress.Parse("9.10.10.9")).Run();
Array.ForEach(new[]
{
IPAddress.Parse("9.1.1.1"),
IPAddress.Parse("9.1.1.10"),
IPAddress.Parse("9.10.10.9")
},
ip =>
Assert.AreEqual(Hacker.Result.Allowed,
Hacker.DefendAsync("TestOriginRangeBlocking", ip).Run(),
ip.ToString() + " must be allowed"));
Hacker.ClearBlacklistsAsync().Run();
Hacker.ClearAllHitsAsync().Run();
Array.ForEach(ipsInRange, ip =>
Assert.AreEqual(Hacker.Result.Allowed,
Hacker.DefendAsync("TestOriginRangeBlocking", ip).Run(),
ip.ToString() + " must be allowed when there's no blacklisting."));
Hacker.ClearAllHitsAsync().Run();
Array.ForEach(ipsOutofRange, ip =>
Assert.AreEqual(Hacker.Result.Allowed,
Hacker.DefendAsync("TestOriginRangeBlocking", ip).Run(),
ip.ToString() + " must be allowed when there's no blacklisting"));
}
