public void ReceiveAndHandleReply_NBNS_InvalidFlags_NotInNetwork() { var clientActioner = new ClientMockActioner { ReceiveBuffer = new Byte[] { 0x81, 0xc6, 0x85, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x20, 0x46, 0x48, 0x46, 0x41, 0x45, 0x42, 0x45, 0x45, 0x43, 0x4e, 0x46, 0x41, 0x46, 0x43, 0x45, 0x50, 0x46, 0x49, 0x46, 0x4a, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x00, 0x00, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0xa5, 0x00, 0x06, 0x00, 0x00, 0xc0, 0xa8, 0x01, 0x18 }, ReceiveEndPoint = new IPEndPoint(IPAddress.Parse(RemoteAddress), RemoteNBNSPort) }; using (var client = new Socket(SocketType.Dgram, ProtocolType.Udp)) { SpoofDetectionResult result = new NameServiceClientImpl().ReceiveAndHandleReply(client, Protocol.NBNS, new Byte[] { 0x00, 0x00 }, clientActioner); Assert.AreEqual("NBNS target not in network", result.ErrorMessage); Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence); Assert.AreEqual(false, result.Detected); Assert.AreEqual(RemoteAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(RemoteNBNSPort, result.Endpoint.Port); Assert.IsNull(result.Response); Assert.AreEqual(Protocol.Unknown, result.Protocol); } }
public void ReceiveAndHandleReply_mDNS_InvalidFlags_RequestCase() { var clientActioner = new ClientMockActioner { //apple-tv.local Responder Response ReceiveBuffer = new Byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2d, 0x74, 0x76, 0x05, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x78, 0x00, 0x04, 0xc0, 0xa8, 0x01, 0x18 }, ReceiveEndPoint = new IPEndPoint(IPAddress.Parse(RemoteAddress), RemotemDNSPort) }; using (var client = new Socket(SocketType.Dgram, ProtocolType.Udp)) { SpoofDetectionResult result = new NameServiceClientImpl().ReceiveAndHandleReply(client, Protocol.mDNS, new Byte[] { 0x00, 0x00 }, clientActioner); Assert.AreEqual("Received mDNS query but expected response", result.ErrorMessage); Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence); Assert.AreEqual(false, result.Detected); Assert.AreEqual(RemoteAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(RemotemDNSPort, result.Endpoint.Port); Assert.IsNull(result.Response); Assert.AreEqual(Protocol.Unknown, result.Protocol); } }
public void ReceiveAndHandleReply_NBNS_Detected() { var clientActioner = new ClientMockActioner { //WPAD-PROXY Responder Response ReceiveBuffer = new Byte[] { 0x81, 0xc6, 0x85, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x20, 0x46, 0x48, 0x46, 0x41, 0x45, 0x42, 0x45, 0x45, 0x43, 0x4e, 0x46, 0x41, 0x46, 0x43, 0x45, 0x50, 0x46, 0x49, 0x46, 0x4a, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x00, 0x00, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0xa5, 0x00, 0x06, 0x00, 0x00, 0xc0, 0xa8, 0x01, 0x18 }, ReceiveEndPoint = new IPEndPoint(IPAddress.Parse(RemoteAddress), RemoteNBNSPort) }; using (var client = new Socket(SocketType.Dgram, ProtocolType.Udp)) { SpoofDetectionResult result = new NameServiceClientImpl().ReceiveAndHandleReply(client, Protocol.NBNS, new Byte[] { 0x00, 0x00 }, clientActioner); Assert.AreEqual(RemoteAddress, result.Response); Assert.AreEqual(ConfidenceLevel.Low, result.Confidence); Assert.AreEqual(true, result.Detected); Assert.AreEqual(RemoteAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(RemoteNBNSPort, result.Endpoint.Port); Assert.IsNull(result.ErrorMessage); Assert.AreEqual(Protocol.NBNS, result.Protocol); } }
public void ReceiveAndHandleReply_LLMNR_InvalidFlags() { var clientActioner = new ClientMockActioner { ReceiveBuffer = new Byte[] { 0x8e, 0x32, 0xDE, 0xAD, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x76, 0x63, 0x00, 0x00, 0x01, 0x00, 0x01, 0x08, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x76, 0x63, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x04, 0xc0, 0xa8, 0x01, 0x18 }, ReceiveEndPoint = new IPEndPoint(IPAddress.Parse(RemoteAddress), RemoteLLMNRPort) }; using (var client = new Socket(SocketType.Dgram, ProtocolType.Udp)) { SpoofDetectionResult result = new NameServiceClientImpl().ReceiveAndHandleReply(client, Protocol.LLMNR, new Byte[] { 0x00, 0x00 }, clientActioner); Assert.AreEqual("Did not expect LLMNR flags other than 0x8000", result.ErrorMessage); Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence); Assert.AreEqual(false, result.Detected); Assert.AreEqual(RemoteAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(RemoteLLMNRPort, result.Endpoint.Port); Assert.IsNull(result.Response); Assert.AreEqual(Protocol.Unknown, result.Protocol); } }
public void ReceiveAndHandleReply_DeterministicFuzz() { Parallel.For(0, 10000, (i) => { using (var client = new Socket(SocketType.Dgram, ProtocolType.Udp)) { var clientActioner = new ClientMockActioner { ReceiveBuffer = DeterministicFuzzer.GenerateByteArray(i), ReceiveEndPoint = new IPEndPoint(IPAddress.Parse(RemoteAddress), RemoteLLMNRPort) }; SpoofDetectionResult result = new NameServiceClientImpl().ReceiveAndHandleReply(client, Protocol.LLMNR, new Byte[] { 0x00, 0x00 }, clientActioner); if (result == null) { return; } Assert.IsNull(result.Response); Assert.AreEqual(ConfidenceLevel.FalsePositive, result.Confidence); Assert.AreEqual(false, result.Detected); Assert.AreEqual(RemoteAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(RemoteLLMNRPort, result.Endpoint.Port); Assert.IsNotNull(result.ErrorMessage); Assert.AreEqual(Protocol.Unknown, result.Protocol); } }); }
public void ReceiveAndHandleReply_LLMNR_Detected() { var clientActioner = new ClientMockActioner { //ProxySvc Responder Response ReceiveBuffer = new Byte[] { 0x8e, 0x32, 0x80, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x76, 0x63, 0x00, 0x00, 0x01, 0x00, 0x01, 0x08, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x76, 0x63, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x04, 0xc0, 0xa8, 0x01, 0x18 }, ReceiveEndPoint = new IPEndPoint(IPAddress.Parse(RemoteAddress), RemoteLLMNRPort) }; using (var client = new Socket(SocketType.Dgram, ProtocolType.Udp)) { SpoofDetectionResult result = new NameServiceClientImpl().ReceiveAndHandleReply(client, Protocol.LLMNR, new Byte[] { 0x00, 0x00 }, clientActioner); Assert.AreEqual(RemoteAddress, result.Response); Assert.AreEqual(ConfidenceLevel.Low, result.Confidence); Assert.AreEqual(true, result.Detected); Assert.AreEqual(RemoteAddress, result.Endpoint.Address.ToString()); Assert.AreEqual(RemoteLLMNRPort, result.Endpoint.Port); Assert.IsNull(result.ErrorMessage); Assert.AreEqual(Protocol.LLMNR, result.Protocol); } }
public void ReceiveAndHandleReply_EmptyResponse() { var clientActioner = new ClientMockActioner { ReceiveBuffer = new Byte[] { }, ReceiveEndPoint = new IPEndPoint(IPAddress.Parse(RemoteAddress), RemoteLLMNRPort) }; using (var client = new Socket(SocketType.Dgram, ProtocolType.Udp)) { SpoofDetectionResult result = new NameServiceClientImpl().ReceiveAndHandleReply(client, Protocol.LLMNR, new Byte[] { 0x00, 0x00 }, clientActioner); Assert.IsNull(result); } }
public void SendRequestTest_mDNS_appletv() { var clientActioner = new ClientMockActioner(); using (var client = new Socket(SocketType.Dgram, ProtocolType.Udp)) { Byte[] transactionId = new NameServiceClientImpl().SendRequest(client, Protocol.mDNS, "appletv", "192.168.1.255", clientActioner); Byte[] expectedDatagram = transactionId.Concat( new Byte[] { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x61, 0x70, 0x70, 0x6C, 0x65 , 0x74, 0x76, 0x05, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x00, 0x00, 0x01, 0x00, 0x01 } ).ToArray(); CollectionAssert.AreEqual(new Byte[] { 0x00, 0x00 }, transactionId); CollectionAssert.AreEqual(expectedDatagram, clientActioner.LastSendDatagram); Assert.AreEqual("224.0.0.251", clientActioner.LastSendHostname); Assert.AreEqual(RemotemDNSPort, clientActioner.LastSendPort); } }
public void SendRequestTest_NBNS_WPAD() { var clientActioner = new ClientMockActioner(); using (var client = new Socket(SocketType.Dgram, ProtocolType.Udp)) { Byte[] transactionId = new NameServiceClientImpl().SendRequest(client, Protocol.NBNS, "WPAD", "192.168.1.255", clientActioner); Byte[] expectedDatagram = transactionId.Concat( new Byte[] { 0x01, 0x10, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x46, 0x48, 0x46, 0x41, 0x45 , 0x42, 0x45, 0x45, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43 , 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x00, 0x00, 0x20, 0x00, 0x01 } ).ToArray(); CollectionAssert.AreEqual(expectedDatagram, clientActioner.LastSendDatagram); Assert.AreEqual("192.168.1.255", clientActioner.LastSendHostname); Assert.AreEqual(RemoteNBNSPort, clientActioner.LastSendPort); } }
public void SendRequestTest_LLMNR_WPAD() { var clientActioner = new ClientMockActioner(); using (var client = new Socket(SocketType.Dgram, ProtocolType.Udp)) { Byte[] transactionId = new NameServiceClientImpl().SendRequest(client, Protocol.LLMNR, "WPAD", "192.168.1.255", clientActioner); Byte[] expectedDatagram = transactionId.Concat( new Byte[] { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x57, 0x50, 0x41, 0x44, 0x00, 0x00, 0x01, 0x00, 0x01 } ).ToArray(); //Console.WriteLine(BitConverter.ToString(expectedDatagram)); //Console.WriteLine(BitConverter.ToString(udpClientActioner.LastSendDatagram)); CollectionAssert.AreEqual(expectedDatagram, clientActioner.LastSendDatagram); Assert.AreEqual("192.168.1.255", clientActioner.LastSendHostname); Assert.AreEqual(RemoteLLMNRPort, clientActioner.LastSendPort); } }