louis.dufour
/
Detection_d_intrusion
3
2
Fork 0
Code Issues 6 Pull Requests Packages Projects 1 Releases Wiki Activity

Les decoder sont terminés, celui à utiliser est decoderMain.py
continuous-integration/drone/push Build is failing Details

Browse Source
master
Paul SQUIZZATO 2 years ago
parent 59efb94b27
commit 790a5a344c
6 changed files with 26 additions and 113 deletions
Show Stats Download Patch File Download Diff File

0
src/decoderBase.py → src/decoderExample.py
Unescape View File

24
src/decoder_propre.py → src/decoderMain.py
Unescape View File

@ -71,12 +71,12 @@ def decode(pkt):
#Fill the list of the values/address that have been read
LPackets = []
for j in range(len(status)):
LPackets.append([miniL[0][1],miniL[2]+j,status[j]])
LPackets.append([str.lower(miniL[0][1]),miniL[2]+j,status[j]])
#Add the read's status into the `connect` database
triPacket(LPackets,connec)
#Reset the globalization's list
miniL = [0,0,0]
####miniL = [0,0,0]
#First request for a read packet's : Get the starting address and globalize it before getting the response
else:
@ -99,16 +99,20 @@ def decode(pkt):
value = modpkt.payload.getfieldval("outputsValue")
status = []
#Multiple write coils request (register's values are already on the good format)
LPackets = []
#Get the number of bytes to be write in order to not reset to 0, address on the same bytes of the written one's
if "C" in type_call:
#Transform the byte's values into a list of bits values for each byte
status = BytesToBits(value)
LPackets = []
#Get the number of bytes to be write in order to not reset to 0, address on the same bytes of the written one's
byte_count = modpkt.payload.getfieldval("quantityOutput")
#Fill the list of the values/address that while be write
byte_count = modpkt.payload.getfieldval("quantityOutput")
#Fill the list of the values/address that while be write
else:
byte_count = modpkt.payload.getfieldval("quantityRegisters")
status=value
for j in range(byte_count):
LPackets.append([miniL[0][1],addr+j,status[j]])
if miniL[0][1]=='C' and status[j]==65280:
status[j]=1
LPackets.append([str.lower(miniL[0][1]),addr+j,status[j]])
#Add and check the write's status into the `connect` database
triPacket(LPackets,connec)
@ -118,12 +122,14 @@ def decode(pkt):
if "C" in type_call:
addr = modpkt.payload.getfieldval("outputAddr")
value = modpkt.payload.getfieldval("outputValue")
if value==65280:
value=1
#Single write register request
else:
addr = modpkt.payload.getfieldval("registerAddr")
value = modpkt.payload.getfieldval("registerValue")
#Add the write's status into the `connect` database
triPacket([miniL[0][1],addr,output_value],connec)
triPacket([str.lower(miniL[0][1]),addr,value],connec)

0
src/decoderBrut.py → src/decoderOutdated.py
Unescape View File

96
src/decoderPropre.py
Unescape View File

@ -1,96 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#https://scapy.readthedocs.io/en/latest/api/scapy.packet.html#scapy.packet.Packet
#https://scapy.readthedocs.io/en/latest/api/scapy.contrib.modbus.html
import getpass
import scapy.all as scapy
import scapy.contrib.modbus as mb
from triPacket import triPacket
def decode(pkt):
if "ModbusADU" in pkt:
global miniL
modpkt = pkt["ModbusADU"]
type_call = ""
if "Multiple" in modpkt.payload.name:
type_call += "m"
else:
type_call += "s"
if "Coil" in modpkt.payload.name:
type_call += "C"
else:
type_call += "R"
miniL[0] = type_call
if "Read" in modpkt.payload.name:
type_call += "r"
if "Response" in modpkt.payload.name:
byte_count = modpkt.payload.getfieldval("byteCount")
status = []
if "C" in type_call:
Value = modpkt.payload.getfieldval("coilStatus")
for j in range(byte_count):
val=str(bin(Value[j]))[2:].rjust(8,'0')[::-1]
status.extend(k for k in [*val])
else:
status = modpkt.payload.getfieldval("registerVal")
for j in range(len(status)):
#bigL.append([miniL[0],status[j],miniL[2]+j])
triPacket([miniL[0][1],miniL[2]+j,status[j]],connec)
miniL = [0,0,0]
else:
addr = modpkt.payload.getfieldval("startAddr")
miniL[2] = addr
else:
type_call += "w"
if "Response" in modpkt.payload.name:
pass
else:
if "m" in type_call:
addr = modpkt.payload.getfieldval("startAddr")
#byte_count = modpkt.payload.getfieldval("quantityOutput")
output_value = modpkt.payload.getfieldval("outputsValue")
status = []
if "C" in type_call:
for j in range(len(output_value)):
val=str(bin(output_value[j]))[2:].rjust(8,'0')[::-1]
status.extend(k for k in [*val])
for j in range(len(status)):
#bigL.append([miniL[0],status[j],addr+j]) # changer 5 pour mettre l'adresse
triPacket([miniL[0][1],addr+j,status[j]],connec)
#print(bigL)
else:
if "C" in type_call:
addr = modpkt.payload.getfieldval("outputAddr")
output_value = modpkt.payload.getfieldval("outputValue")
else:
addr = modpkt.payload.getfieldval("registerAddr")
output_value = modpkt.payload.getfieldval("registerValue")
triPacket([miniL[0][1],addr,output_value],connec)
#bigL.append([miniL[0],output_value,addr])
#print(bigL)
bigL = []
print("In order for data sniffed to be stored inside the database, please register the following :")
DB_HOST = input('host of the database server : ')
if not DB_HOST:
DB_HOST = '192.168.128.141'
DB_NAME = input('name of the database : ')
if not DB_NAME:
DB_NAME = 'dblodufour1'
DB_USER = input('login of the user : ')
if not DB_USER:
DB_USER = 'lodufour1'
DB_PASSWORD = getpass.getpass('user password : ')
connec=[DB_HOST,DB_NAME,DB_USER,DB_PASSWORD]
miniL = [0,0,0]
scapy.sniff(iface="lo", prn=decode)

2
src/ecritureBDD.py
Unescape View File

@ -35,7 +35,7 @@ def ecritureBDD(lStatus,connec):
if verifRegle(co):
co.commit()
else:
print("A rule has been violated. The system is endangered. The database")
print("A rule has been violated. The system is endangered. The database hasn't been updated.")
co.rollback()
cur.close()
except(Exception,psy.DatabaseError) as error:

17
src/regles.py
Unescape View File

@ -1,14 +1,17 @@
regles=[]
## FORMAT DES REGLES :
## How to write rules :
# La regle est composée d'une liste de deux éléments:
# A rule is an array of two values :
# Le premier est une liste de conditions
# The first one is another array of conditions
# The second one is the forbidden value
# Le deuxième est la conséquence
regle1=[[('r',5,55),('c',3,1),('c',12,0)],('r',8,72)]
# Dans l'exemple regle1, si le coil d'addresse 3 a pour valeur 1, le coil d'addresse 12 a pour valeur 0 et le registre d'addresse 5 a pour valeur 55, alors la requete visant à ce que le registre d'addresse 8 ait comme valeur 72 soit bloqué
# regle1 is read as follows :
# If the register at the address 5 has a value of 55, and the values of the coils at the addresses 3 and 12 are 1 and 0 respectively
# Then any request trying to set the value of the register at the address 8 to 72 is blocked.
regle2=[[('r',5,55),('c',3,1),('c',12,0)],('c',9,1)]
@ -18,6 +21,6 @@ regles.append(regle2)
# getRegles()'s only purpose is to not have the regles variable called in other scripts, so that it isn't overwritten by accident
def getRegles():
return regles
return regles

Write Preview
Loading…
Cancel
Save