Tools for Pentesters. Compilation. Toxy. HTTP proxy. failure scenarios. It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency capabilities of a system, especially in. Mit. M proxy among services. HTTP flow as you need, performing multiple evil actions in the middle of that process, such as limiting the bandwidth, delaying TCP packets, injecting network jitter latency or replying with a custom error or status code. It operates only at L7 (application level). It was built on top of. HTTP proxy, and it's also. Requires node. js +0. Full- featured HTTP/S proxy (backed by. ![]() Hackable and elegant programmatic API (inspired on connect/express). Admin HTTP API for external management and dynamic configuration. Featured built- in router with nested configuration. Hierarchical and composable poisoning with rule based filtering. Hierarchical middleware layer (both global and route scopes). Easily augmentable via middleware (based on connect/express middleware). Supports both incoming and outgoing traffic poisoning. Built- in poisons (bandwidth, error, abort, latency, slow read..). Mesh Profile Specification allows for many-to-many communication over Bluetooth radio. It supports data encryption, message authentication and is meant for building. TCP Ports TCP 0 Reserved TCP 1 Port Service Multiplexer TCP 2 Management Utility TCP 3 Compression Process TCP 4 Unassigned TCP 5 Remote Job Entry TCP 6. Well known port numbers, a list of know port number and references. Rule- based poisoning (probabilistic, HTTP method, headers, body..). Supports third- party poisons and rules.Built- in balancer and traffic interceptor via middleware.Inherits API and features from.Compatible with connect/express (and most of their middleware). Able to run as standalone HTTP proxy. There're some other similar solutions like. Furthermore, the majority of the those solutions only operates at TCP L3 level stack instead of providing high- level abstractions to cover common requirements in the specific domain and nature of the HTTP L7 protocol, like toxy tries to provide. HTTP protocol primitives easily. Via its built- in hierarchical domain specific middleware layer you can easily augment toxy features to your own needs. HTTP transaction (e. One HTTP transaction can be poisoned by one or multiple poisons, and those poisons can be also configured to infect both global or route level traffic. HTTP request/response in order to determine, given a certain rules, if the HTTP transaction should be poisioned or not (e. Rules can be reused and applied to both incoming and outgoing traffic flows, including different scopes: global, route or poison level. Incoming request ) ↓. Toxy Router | ↓ - > Match the incoming request. Incoming phase | ↓ - > The proxy receives the request from the client. Exec Rules | | ↓ - > Apply configured rules for the incoming request. Exec Poisons | | ↓ - > If all rules passed, then poison the HTTP flow. HTTP dispatcher | ↓ - > Forward the HTTP traffic to the target server, either poisoned or not. Outgoing phase | ↓ - > Receives response from target server. Exec Rules | | ↓ - > Apply configured rules for the outgoing request. Exec Poisons | | ↓ - > If all rules passed, then poison the HTTP flow before send it to the client. Send to the client ) ↓ - > Finally, send the request to the client, either poisoned or not. Create a new toxy proxy. Default server to forward incoming traffic. Register global poisons and rules. Register multiple routes. Rule(rules. headers({'Authorization': /^Bearer (.*)$/i })). Infect outgoing traffic only (after the server replied properly). Poison(poisons. bandwidth({ bps: 5. Rule(rules. method('GET')). Rule(rules. time. Threshold({ duration: 1. Rule(rules. response. Status({ range: [ 2. Limit({ limit: 1. Rule(rules. method(['POST', 'PUT', 'DELETE'])). And use a different more permissive poison for GET requests. Limit({ limit: 5. Rule(rules. method('GET')). Handle the rest of the traffic. Close({ delay: 1. Read({ bps: 1. 28 })). Rule(rules. probability(5. Server listening on port: ', 3. Test it: ', 'http: //localhost: 3. Poisons host specific logic which intercepts and mutates, wraps, modify and/or cancel an HTTP transaction in the proxy server. Poisons can be applied to incoming or outgoing, or even both traffic flows. Poisons can be composed and reused for different HTTP scenarios. They are executed in FIFO order and asynchronously. Poisoning scopes. HTTP traffic received by the proxy server, regardless of the HTTP method or path. HTTP verb and URI path. Poisons can be plugged to both scopes, meaning you can operate with better accuracy and restrict the scope of the poisoning. Poisoning phases. Poisons can be plugged to incoming or outgoing traffic flows, or even both. This means, essentially, that you can plug in your poisons to infect the HTTP traffic. HTTP server or sent to the client. This allows you apply a better and more accurated poisoning based on the request or server response. For instance, given the nature of some poisons, like. Built- in poisons. Poisoning Phase. incoming / outgoing. Reaches the server. Infects the HTTP flow injecting a latency jitter in the response. Jitter value in miliseconds. Random jitter maximum value. Random jitter minimum value. Or alternatively using a random value. Inject response. Poisoning Phase. Reaches the server. Injects a custom response, intercepting the request before sending it to the target server. Useful to inject errors originated in the server. Response HTTP status code. Default. - Optional headers to send. Optional body data to send. It can be a. - Body encoding. Default to. toxy. Content- Type': 'application/json'}. Poisoning Phase. incoming / outgoing. Reaches the server. Limits the amount of bytes sent over the network in outgoing HTTP traffic for a specific time frame. This poison is basically an alias to. Amount of chunk of bytes to send. Default. - Packets time frame in miliseconds. Default. toxy. poison(toxy. Poisoning Phase. incoming / outgoing. Reaches the server. Limits the amount of requests received by the proxy in a specific threshold time frame. Designed to test API limits. Exposes typical. X- Rate. Limit- *. Note that this is very simple rate limit implementation, indeed limits are stored in- memory, therefore are completely volalite. There're a bunch of featured and consistent rate limiter implementations in. You might be also interested in. Total amount of requests. Default to. - Limit time frame in miliseconds. Default to. - Optional error message when limit is reached. HTTP status code when limit is reached. Default to. toxy. Limit({ limit: 5, threshold: 1. Poisoning Phase. Reaches the server. Reads incoming payload data packets slowly. Only valid for non- GET request. Packet chunk size in bytes. Default to. - Limit threshold time frame in miliseconds. Default to. toxy. Read({ chunk: 2. 04. Poisoning Phase. Reaches the server. Delays the HTTP connection ready state. Delay connection in miliseconds. Default to. toxy. Open({ delay: 2. 00. Poisoning Phase. incoming / outgoing. Reaches the server. Delays the HTTP connection close signal (EOF). Delay time in miliseconds. Default to. toxy. Close({ delay: 2. Poisoning Phase. incoming / outgoing. Reaches the server. Restricts the amount of packets sent over the network in a specific threshold time frame. Packet chunk size in bytes. Default to. - Data chunk delay time frame in miliseconds. Default to. toxy. Abort connection. Poisoning Phase. incoming / outgoing. Reaches the server. Aborts the TCP connection. From the low- level perspective, this will destroy the socket on the server, operating only at TCP level without sending any specific HTTP application level data. Aborts TCP connection after waiting the given miliseconds. Default to. , the connection will be aborted if the target server takes more than the. Default to. - Custom internal node. Default to. // Basic connection abort. Abort after a delay. In this case, the socket will be closed if. Poisoning Phase. incoming / outgoing. Reaches the server. Defines a response timeout. Useful when forward to potentially slow servers. Timeout limit in miliseconds. How to write poisons. Poisons are implemented as standalone middleware (like in connect/express). Here's a simple example of a server latency poison. Latency(delay) {. We name the function since toxy uses it as identifier to get/disable/remove it in the future. Latency(req, res, next) {. Timeout(clean, delay). Close). function on. Close() {. clear. Timeout(timeout). Listener('close', on. Close). var proxy = toxy(). Register and enable the poison. Latency(2. 00. 0)). You can optionally extend the build- in poisons with your own poisons. Poison(custom. Latency). Then you can use it as a built- in poison. Latency). For featured real example, take a look to the. Teledyne Le. Croy - Protocol Analyzer. Teledyne Le. Croy has developed six generations of its industry leading USB protocol verification system since the introduction of USB in 1. Each successive generation of the Teledyne Le. Croy USB analyzer family has built upon the previous knowledge and expertise. Today, Teledyne Le. Croy offers a broad range of USB test systems with unprecedented functionality, accuracy and user friendliness. The enormous cost of discovering problems after a product is released far outweighs the investment in Teledyne Le. Croy's de- facto standard USB analysis tools. Their use improves the speed and efficiency of the debug, test and verification for USB semiconductor, device, and software vendors. Analyzers or bus "sniffers" also play an essential role in avoiding costly interoperability problems by allowing developers to verify compliance with the USB specification. Consistent with the growing popularity of digital media, the USB- IF announced USB 3. X the current USB bandwidth by utilizing two additional high- speed differential pairs for "Super. Speed" transfer mode. The USB 3. 0 specification was released in late 2. Teledyne Le. Croy has pioneered the development of verifications systems for this new technology. The only company that offers a complete line of USB 3. Teledyne Le. Croy helps developers achieve their goals of performance, quality, reliability and time- to- market for Super. Speed technology. USB Technology Overview: USB, or Universal Serial Bus, is a connectivity standard that enables computer peripherals and consumer electronics to be connected to a computer without reconfiguring the system or opening the computer box to install interface cards. The USB 1. 0 specification was introduced in January 1. The original USB 1. Mbit/s The first widely used version of USB was 1. September 1. 99. 8. It provided 1. 2 Mbps data rate for higher- speed devices such as disk drives, and a lower 1. Mbps rate for low bandwidth devices such as joysticks. USB 2. 0 specification was released in April 2. USB- IF at the end of 2. Mbit/s. USB today provides a fast, bi- directional, low- cost, serial interface that offers easy connectivity to PCs. A hallmark for USB operation has been the ability for the host to automatically recognize devices as they are attached and install the appropriate drivers. With features such as backward compatibility with previous devices and hot "plug- ability", USB has become the de- facto standard interface for various consumer and PC peripheral devices. The USB standard allows up to 1. Host System. USB designates low, full, high- speed connectivity between devices compatible with the 2. Most full speed devices include lower bandwidth mice, keyboards, printers, and joysticks. The use of high speed USB has exploded with the rapid growth in digital media in the consumer electronics market including media players, digital cameras, external storage and smart phones. Super. Speed USB is designator for links operating at the 5 GHz frequency and compatible with the USB 3. Super. Speed USB provides a high performance connection topology for applications that utilize larger files or require higher bandwidth. Super. Speed USB is backward compatible with USB 2. Super. Speed USB offers a compelling opportunity for digital imaging and media device vendors to migrate their designs to higher performance USB 3. NEC/Renesas was the first chip vendor to introduce host controllers for USB 3. The first motherboards featuring USB 3. Asus and Gigabyte followed in late 2. In the first half of 2. Super. Speed devices began shipping as vendors rushed to deliver solutions using the 5. Gbps signaling speed of USB 3. Expect mass adoption into high- bandwidth applications in late 2. Why USB? From its emergence in 1. USB has steadily expanded its presence in computing and consumer electronics to become the most popular peripheral interconnect in history. USB continues to be dominant for the following reasons: Mature, proven technology Backward- compatible and low cost. Easy plug and play operation. Data transfer speeds suitable for a variety of applications. As evidenced by USB popularity, several extensions of the technology have been introduced to try and capitalize on its installed base/ popularity. An example of this extension, which is supported and approved by the USB Implementers Forum (USB- IF), is USB On- The- Go (OTG). Designed to allow portable computing devices, such as cell phones and digital cameras, the ability to connect to other USB devices as either a host or peripheral, OTG promises improved interoperability for an enormous number of USB enabled devices. In addition, there are now dozens of USB device classes addressing everything from health care systems to isochronous video applications. Mass storage remains one of the most popular USB applications as consumers have embraced all types of digital media. The T1. 0 committee has now finalized USB Attached SCSI (UAS) protocol which enables several significant improvements over legacy mass storage protocols including command queuing and streamed IO. Of particular interest is the new battery charging specification which provides a standard mechanism allowing devices to draw current in excess of the USB specification when connected to wall chargers or fast charging host controllers. In addition to the traditional data interchange application, the battery charging specification has solidified USB's dominant role as the interface of choice in the portable electronics market. USB Architecture. USB was initially introduced as a host to peripheral interconnect with the goal of putting most of the intelligence on the host- side. The OTG specification added an optional peer- to- peer capability to devices but had limited adoption to date. So the vast majority of USB devices typically fall into 2 categories: Hosts. Peripherals. All devices designed to attach to a host (examples)The role of the host controller (plus software) is to provide a uniform view of IO systems for all applications software. For the USB IO subsystem in particular, the host manages the dynamic attach and detach of peripherals. It automatically performs the enumeration stage of device initialization which involves communicating with the peripheral to discover the identity of a device driver that it should load, if not already loaded. It also provides device descriptor information that drivers can use enable specific features on the device. Peripherals add functionality to the host system or may be standalone embedded operation. When operating as a USB device, peripherals act are slaves that obey a defined protocol. They must react to requests sent from the host. It's largely the role of PC software to manage device power without user interaction to minimize overall power consumption. The USB 3. 0 specification redefines power management to occur at the hardware level with multiple power states designed to reduce power usage across the IO system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2017
Categories |