#========================================================================= # A simple fuzzing test for H.248.1 (MEGACO protocol version 1, ASN.1 BER encoding). # # With slight code modifications this script can be adopted for _every_ protocol # supported by Linkbit. Contact us at sales@linkbit.com to see the live demo. # #========================================================================= # # If you have a single IP address configured on the host system, you may leave the next # line as is. If the host has multiple IP addresses assigned, specify one of them in # the code line below. # srcIPAddress = "0.0.0.0" # # # Specify the IP of the SUT (System Under Test). # dstIPAddress = "127.0.0.1" # # # How many random H.248.1 packets to send # randomMsgCount = 3 # # # Restarting random generator. You can change the argument (the seed) to get a new # repeatable sequence, or you can comment out the below line to generate a new packet # sequence on every run. # sk.seedrandom(3) # #========================================================================= def main(): # this function is called at the very end of the script # # Preparations # varUDP = Build_UDP_Frame() # create a UDP frame (auto-generated, see the function body below) varIP = Build_IP_Frame() # create an IP frame (auto-generated, see the function body below) sk.settings.reception.random_mode = True # turn on the "random" mode for receive(). # in this mode receive() call works as a random packet generator. sk.settings.reception.simulate_errors = False # turn off error generation for i in range(randomMsgCount): # repeat 'randomMsgCount' times # # Generating random packet using specialized 'random_mode' for receive() # varH248Random = sk.create() # create variable to hold a random H.248.1 PDU API structure # The magic of Linkbit Simulation Kernel (LSK) is demonstrated by the next line of code. # # 'varH248Random' variable is getting initialized to a valid H.248.1 packet, # with all mandatory fields included. Presence of optional H.248.1 fields # is randomized, and all the fields are initialized to random valid values. # # Each time receive() API call is made, the LSK returns an LSK API data structure # describing the packet. The mandatory packet fields are always included, while for # each optional field the kernel "flips a coin". On each call a valid packet with # a random set of optional fields is generated. # # What about the fields' values? Each generated field is initialized to a random value # from its valid data set. # For example, if a field is of a type INT, with the valid range from 1 to 5, it'll # be initialized randomly to a proper type (INT) value in 1 to 5 range and nothing else. # The design of LSK also allows to easily generate packets with invalid sets of fields, # initialize the fields to invalid values etc. # # The API call below allows a script writer to cover a full dataset space defined in H.248. # sk.receive(varH248Random, None, sk.H_248_1_v1_BER) # NO actual packet is received here! # # Sending the generated packet to SUT in a standard way. The arguments are API structures for # H.248, UDP and IP layers. # sk.send(varH248Random, varUDP, varIP) #=============================================================== # Functions building IP and UDP layers -- the code auto-generated # by Linkbit Packet Wizard GUI builder. #=============================================================== def Build_UDP_Frame(): #----------------------------------------------------- #BEGIN code auto-generated with Linkbit Packet Wizard #----------------------------------------------------- # You can edit this code block (marked by 'BEGIN' and 'END' lines) by positioning the pointer # anywhere in the block and selecting 'Edit Message...' from the context menu. #-------------------------------------------------------------------------------------------- #create variable "varUDP" of type "UDP.Frame" varUDP = sk.create(sk.UDP.Frame) #----------------------------- #initialize "varUDP" variable varUDP.Source_Port = 2944 varUDP.Destination_Port = 2944 varUDP.Length = 8 varUDP.Checksum = 0 varUDP.Data = "" #--------------------------------------------------- #END code auto-generated with Linkbit Packet Wizard #--------------------------------------------------- return varUDP def Build_IP_Frame(): #----------------------------------------------------- #BEGIN code auto-generated with Linkbit Packet Wizard #----------------------------------------------------- # You can edit this code block (marked by 'BEGIN' and 'END' lines) by positioning the pointer # anywhere in the block and selecting 'Edit Message...' from the context menu. #-------------------------------------------------------------------------------------------- #create variable "varIP" of type "IPv4.Frame" varIP = sk.create(sk.IPv4.Frame) #---------------------------- #initialize "varIP" variable varIP.Version = 4 # Version 4 varIP.IHL = 5 varIP.Type_Of_Service.Precedence = 0 # Routine varIP.Type_Of_Service.Delay = 0 # Normal Delay varIP.Type_Of_Service.Throughput = 0 # Normal Throughput varIP.Type_Of_Service.Reliability = 0 # Normal Reliability varIP.Type_Of_Service.Reserved = 0 varIP.Total_Length = 20 varIP.Identification = 0 varIP.Flags.Reserved = 0 varIP.Flags.Fragmentation = 0 # May Fragment varIP.Flags.Fragment = 0 # Last Fragment varIP.Fragment_Offset = 0 varIP.TTL = 0 varIP.Protocol = 0 # Reserved varIP.Header_Checksum = 48360 varIP.Source_Address = "127.0.0.1" varIP.Destination_Address = "127.0.0.1" #set number of elements in the array varIP.Options.setsize(0) varIP.Padding = "" varIP.Data = "" #--------------------------------------------------- #END code auto-generated with Linkbit Packet Wizard #--------------------------------------------------- global srcIPAddress, dstIPAddress varIP.Source_Address = srcIPAddress varIP.Destination_Address = dstIPAddress return varIP main()