Advanced Builder and Results -Builder Tutorial (2013.10).pdf
MuSL Builder
description
Transcript of MuSL Builder
![Page 1: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/1.jpg)
MuSL Builder
Handcrafting customMu Scenarios
![Page 2: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/2.jpg)
MuSL in the Mu Scenario Editor
![Page 3: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/3.jpg)
MuSL Builder Overview
• MuSL_Builder is a Ruby project that creates scenarios in the Mu Scenario Language (MuSL)
• Each MuSL_Builder component class creates a single protocol message from a text template
• Classes are chained together to create a complete scenario
![Page 4: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/4.jpg)
High Level: The Builder UI
![Page 5: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/5.jpg)
Builder UI
• The Builder UI puts together properties from the parameters and scenario steps dynamically created by the user
• The Builder UI then builds the MuSL file using the MuslBuilder class
![Page 6: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/6.jpg)
The Power of MuSL_Builder
• From a few message classes, it is easy to create a wide variety of scenarios
• For example, to create a simple ‘ping’ flood, one would only need to use a single ICMP message class and a one-line statement in a MuSL_Builder properties file: messages=ICMPPing(100)
![Page 7: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/7.jpg)
A SIP Example
• Given the sample SIP message templates, you could easily create a wacky scenario from properties files entries such as:
sequence=wacky:SIPInvite(17),SIPPrack(3),SIPBye,SIPRegister(2),SIPAck,SIPBye,SIPTrying(12)
messages=wacky(114)
• A scenario created from this definition would contain 4,218 messages
![Page 8: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/8.jpg)
MuSL Builder Source Code
• The project is located in mu-labs:– http://code.google.com/p/mu-labs/source/brows
e/trunk/analyzer/automation/MuSL_Builder
• The project contains sample code for a variety of protocols, including SIP, IMAP, FTP, BGP and ICMP
![Page 9: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/9.jpg)
MuSL Builder Pieces
• A complete set of MuSL Builder components includes:– The MuslBuilder class• the executable run from the command-line
– A Base class• defines custom headers, options and variables
– A Properties File• defines the scenario
– Protocol Message Classes• composes the scenario steps
![Page 10: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/10.jpg)
Base Classes
• Each component implements its own Base class in order to customize the header with:– transports– options– variables
• Base classes derive from a common base class which shares global fields among messages of the same component
![Page 11: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/11.jpg)
FTPBase with transport and options
![Page 12: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/12.jpg)
Message Classes
• There are two types of messages:– Client messages are sent to a Server– Server messages are sent to a Client
• Each message class creates a complete protocol message in MuSL
• Message classes are always enclosed in module MuslMessage
![Page 13: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/13.jpg)
A Sample Message
• Each message class consists of:– a constructor (def initialize)– a configure() method, which produces a protocol
message in text from a template object, and increments a step counter
• Templates often contain some embedded ruby code, which is replaced at runtime by option or variable values
![Page 14: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/14.jpg)
A Sample Message Class
![Page 15: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/15.jpg)
Sample Message: Counter
• The counter is a unique identifier for each message pair, and is tracked globally
• In the example template, the following line in the template:– SIP_Client_Send_<%= @base.counter %> =
• Is transformed at runtime, replacing <%= @base.counter %> with the value of the base class’s ‘counter’ field.
• The resulting line might look like this:– SIP_Client_Send_2 =
![Page 16: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/16.jpg)
Sample Message: Transport
• Each message class has a default transport in its constructor
• The default transport can be overridden by specification in the properties file:– messages=FTPMkdir[ALT_FTP_TRANSPORT]
<%= @transport %>.client_send
becomes ALT_FTP_TRANSPORT.client_send
![Page 17: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/17.jpg)
The MuslBuilder Class
• muslbuilder.rb is the executable class– reads in a properties file or array– output a complete scenario in the Mu Scenario
Language• The builder class creates a Hash (called
‘params’) from the properties which is passed into the Component base class constructor
![Page 18: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/18.jpg)
Properties
• Properties can be in a text file or passed in to muslbuilder as an array, containing– options– sequences – messages– components– scenario_name
• The properties are read by the muslbuilder (executable) and contain the blueprint for constructing the scenario
• Properties files can have any name
![Page 19: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/19.jpg)
Properties: Parameters
• Parameters are passed along to base class constructors, and typically contain global Scenario option or variable names and default values:– domain=mydomain.com– sender=joe_sender– recipient=joanna-recipient
• The only required properties are “messages” and “components”, which defines the name of the protocol(s) to be used– components=FTP,HTTP
![Page 20: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/20.jpg)
Properties Files: Sequences
• Sequences– Sequences are comma-separated lists of component
message class names, in the format– sequence=sequence_name:Class1,Class2,Class3…
• sequence=bye:SIPBye,SIPOk• A properties file can contain any number of user defined
sequences– Sequences also provide a repeat syntax, which causes
the specified message to be repeated as many times in a row as indicated• sequence=flood:SIPInvite(1000),SIPBye(12),SIPOk
![Page 21: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/21.jpg)
Properties Files: Messages
• Messages are a comma-separated list containing any combination of message class and/or sequence names
• There can be only one messages line per properties file messages=bye,SIPAck(12),flood,SIPRinging,SIPAck(2)
• Using messages and sequences, all sorts of message patterns can be arbitrarily constructed
![Page 22: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/22.jpg)
Building a Scenario
• From the command-line in the root directory, invoke ruby specifying and a properties file name. ruby muslbuilder.rb properties/sip.properties
• The resulting text is a complete scenario in the Mu Scenario Language
![Page 23: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/23.jpg)
Load the scenario into the MuSL Editor
• Open the Mu Scenario Editor in pcapr.net• Copy and Paste your MuSL Builder scenario
into the left pane• Any syntax errors will be caught and indicated
by the editor• The right pane will show the actual hex or text
output of the scenario
![Page 24: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/24.jpg)
Importing into Studio
• In order to import your scenario into Studio from the Mu Scenario Editor, you must have first opened pcapr from the Mu
• Click the ‘studio’ link above the right pane• The scenario will be imported into the Mu and
opened in a new browser window
![Page 25: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/25.jpg)
Executing the Scenario
• In Mu Studio, set your testbed appropriately and run the scenario as usual– Scenario -> Verify
![Page 26: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/26.jpg)
Customizing the Scenario
• Assertions are placed in Component Server classes
• Global options and variables are placed in Component Base classes
• Captured variables are placed in Component Server classes
![Page 27: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/27.jpg)
Sample Assertions and Variables
SIP_Client_Receive=SIP_Server_Send.client_receive{ assertions { /SIP\\/2.0 (\\d+)/:1 == "200" } variables { @to_tag = /To:.*?tag=(\\w+)/:1 } }
![Page 28: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/28.jpg)
Sample Global Options
template = 'scenario(name: "SIP") { options { $domain="<%= @domain %>” $sender="<%= @sender %>" $recipient="<%= @recipient %>" } steps { SIP = udp(src_port: 5060, dst_port: 5060) }}'
![Page 29: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/29.jpg)
Sample Global Variables
template ='scenario(name: "ICMP") { variables { @data = random_bytes(56) @id = random_integer(4096) } steps { ICMP = ip(protocol: 1) }}'
![Page 30: MuSL Builder](https://reader035.fdocuments.us/reader035/viewer/2022062315/56816598550346895dd871dd/html5/thumbnails/30.jpg)
MuslParser: From Pcap To MuslBuilder
• MuslBuilder message classes can be built readily from existing pcaps– 1. import pcap into the MuSL Editor– 2. save the left-pane as a text file (e.g. “a.msl”)– 3. ruby musl_parser.rb a.msl output_
• MuslParser splits the .msl file into individual message step text files– Use these as the template strings in your message class files
• ** You will still need to edit the strings to• a) create unique message and struct names with <%= @base.counter
%>• b) insert your global options and variables