nfqueue to hyperscan and stream match, removed proxyregex
This commit is contained in:
Domingo Dirutigliano
@@ -1,60 +1,95 @@
|
||||
#!/usr/bin/env python3
|
||||
from utils.colors import *
|
||||
from utils.firegexapi import *
|
||||
import argparse, secrets
|
||||
from utils.colors import colors, puts, sep
|
||||
from utils.firegexapi import FiregexAPI
|
||||
import argparse
|
||||
import secrets
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("--address", "-a", type=str , required=False, help='Address of firegex backend', default="http://127.0.0.1:4444/")
|
||||
parser.add_argument("--password", "-p", type=str, required=True, help='Firegex password')
|
||||
args = parser.parse_args()
|
||||
sep()
|
||||
puts(f"Testing will start on ", color=colors.cyan, end="")
|
||||
puts("Testing will start on ", color=colors.cyan, end="")
|
||||
puts(f"{args.address}", color=colors.yellow)
|
||||
|
||||
firegex = FiregexAPI(args.address)
|
||||
|
||||
#Connect to Firegex
|
||||
if firegex.status()["status"] =="init":
|
||||
if (firegex.set_password(args.password)): puts(f"Sucessfully set password to {args.password} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or password already put ✗", color=colors.red); exit(1)
|
||||
if (firegex.set_password(args.password)):
|
||||
puts(f"Sucessfully set password to {args.password} ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Unknown response or password already put ✗", color=colors.red)
|
||||
exit(1)
|
||||
else:
|
||||
if (firegex.login(args.password)): puts(f"Sucessfully logged in ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or wrong passowrd ✗", color=colors.red); exit(1)
|
||||
if (firegex.login(args.password)):
|
||||
puts("Sucessfully logged in ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Unknown response or wrong passowrd ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
if(firegex.status()["loggined"]): puts(f"Correctly received status ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or not logged in✗", color=colors.red); exit(1)
|
||||
if(firegex.status()["loggined"]):
|
||||
puts("Correctly received status ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Unknown response or not logged in✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
#Prepare second instance
|
||||
firegex2 = FiregexAPI(args.address)
|
||||
if (firegex2.login(args.password)): puts(f"Sucessfully logged in on second instance ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or wrong passowrd on second instance ✗", color=colors.red); exit(1)
|
||||
if (firegex2.login(args.password)):
|
||||
puts("Sucessfully logged in on second instance ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Unknown response or wrong passowrd on second instance ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
if(firegex2.status()["loggined"]): puts(f"Correctly received status on second instance✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or not logged in on second instance✗", color=colors.red); exit(1)
|
||||
if(firegex2.status()["loggined"]):
|
||||
puts("Correctly received status on second instance✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Unknown response or not logged in on second instance✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
#Change password
|
||||
new_password = secrets.token_hex(10)
|
||||
if (firegex.change_password(new_password,expire=True)): puts(f"Sucessfully changed password to {new_password} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coundl't change the password ✗", color=colors.red); exit(1)
|
||||
if (firegex.change_password(new_password,expire=True)):
|
||||
puts(f"Sucessfully changed password to {new_password} ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coundl't change the password ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
#Check if we are still logged in
|
||||
if(firegex.status()["loggined"]): puts(f"Correctly received status after password change ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or not logged after password change ✗", color=colors.red); exit(1)
|
||||
if(firegex.status()["loggined"]):
|
||||
puts("Correctly received status after password change ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Unknown response or not logged after password change ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
#Check if second session expired and relog
|
||||
|
||||
if(not firegex2.status()["loggined"]): puts(f"Second instance was expired currectly ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Still logged in on second instance, expire expected ✗", color=colors.red); exit(1)
|
||||
if (firegex2.login(new_password)): puts(f"Sucessfully logged in on second instance ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or wrong passowrd on second instance ✗", color=colors.red); exit(1)
|
||||
if(not firegex2.status()["loggined"]):
|
||||
puts("Second instance was expired currectly ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Still logged in on second instance, expire expected ✗", color=colors.red)
|
||||
exit(1)
|
||||
if (firegex2.login(new_password)):
|
||||
puts("Sucessfully logged in on second instance ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Unknown response or wrong passowrd on second instance ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
#Change it back
|
||||
if (firegex.change_password(args.password,expire=False)): puts(f"Sucessfully restored the password ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coundl't change the password ✗", color=colors.red); exit(1)
|
||||
if (firegex.change_password(args.password,expire=False)):
|
||||
puts("Sucessfully restored the password ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coundl't change the password ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
#Check if we are still logged in
|
||||
if(firegex2.status()["loggined"]): puts(f"Correctly received status after password change ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or not logged after password change ✗", color=colors.red); exit(1)
|
||||
if(firegex2.status()["loggined"]):
|
||||
puts("Correctly received status after password change ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Unknown response or not logged after password change ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
puts("List of available interfaces:", color=colors.yellow)
|
||||
for interface in firegex.get_interfaces(): puts("name: {}, address: {}".format(interface["name"], interface["addr"]), color=colors.yellow)
|
||||
for interface in firegex.get_interfaces():
|
||||
puts("name: {}, address: {}".format(interface["name"], interface["addr"]), color=colors.yellow)
|
||||
@@ -1,24 +1,25 @@
|
||||
#!/usr/bin/env python3
|
||||
from utils.colors import *
|
||||
from utils.firegexapi import *
|
||||
from utils.tcpserver import *
|
||||
from utils.colors import colors, puts, sep
|
||||
from utils.firegexapi import FiregexAPI
|
||||
from multiprocessing import Process
|
||||
from time import sleep
|
||||
import iperf3, csv, argparse, base64, secrets
|
||||
import iperf3
|
||||
import csv
|
||||
import argparse
|
||||
import base64
|
||||
import secrets
|
||||
|
||||
|
||||
#TODO: make it work with Proxy and not only netfilter
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("--address", "-a", type=str , required=False, help='Address of firegex backend', default="http://127.0.0.1:4444/")
|
||||
parser.add_argument("--port", "-P", type=int , required=False, help='Port of the Benchmark service', default=1337)
|
||||
parser.add_argument("--internal-port", "-I", type=int , required=False, help='Internal port of the Benchmark service', default=1338)
|
||||
parser.add_argument("--service-name", "-n", type=str , required=False, help='Name of the Benchmark service', default="Benchmark Service")
|
||||
parser.add_argument("--password", "-p", type=str, required=True, help='Firegex password')
|
||||
parser.add_argument("--num-of-regexes", "-r", type=int, required=True, help='Number of regexes to benchmark with')
|
||||
parser.add_argument("--duration", "-d", type=int, required=False, help='Duration of the Benchmark in seconds', default=5)
|
||||
parser.add_argument("--output-file", "-o", type=str, required=False, help='Output results csv file', default="benchmark.csv")
|
||||
parser.add_argument("--num-of-streams", "-s", type=int, required=False, help='Output results csv file', default=1)
|
||||
parser.add_argument("--mode", "-m" , type=str, required=True, choices=["netfilter","proxy"], help='Type of filtering')
|
||||
|
||||
args = parser.parse_args()
|
||||
sep()
|
||||
@@ -28,22 +29,36 @@ puts(f"{args.address}", color=colors.yellow)
|
||||
firegex = FiregexAPI(args.address)
|
||||
|
||||
#Connect to Firegex
|
||||
if (firegex.login(args.password)): puts(f"Sucessfully logged in ✔", color=colors.green)
|
||||
else: puts(f"Benchmark Failed: Unknown response or wrong passowrd ✗", color=colors.red); exit(1)
|
||||
if (firegex.login(args.password)):
|
||||
puts("Sucessfully logged in ✔", color=colors.green)
|
||||
else:
|
||||
puts("Benchmark Failed: Unknown response or wrong passowrd ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
def exit_test(code):
|
||||
if service_id:
|
||||
server.stop()
|
||||
if(firegex.nf_delete_service(service_id)):
|
||||
puts("Sucessfully deleted service ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't delete serivce ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
exit(code)
|
||||
|
||||
#Create new Service
|
||||
if args.mode == "netfilter":
|
||||
service_id = firegex.nf_add_service(args.service_name, args.port, "tcp", "127.0.0.1/24")
|
||||
|
||||
service_id = firegex.nf_add_service(args.service_name, args.port, "tcp", "127.0.0.1/24")
|
||||
if service_id:
|
||||
puts(f"Sucessfully created service {service_id} ✔", color=colors.green)
|
||||
else:
|
||||
service_id = firegex.px_add_service(args.service_name, args.port, internalPort=args.internal_port)
|
||||
if service_id: puts(f"Sucessfully created service {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Failed to create service ✗", color=colors.red); exit(1)
|
||||
puts("Test Failed: Failed to create service ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
#Start iperf3
|
||||
def startServer():
|
||||
server = iperf3.Server()
|
||||
server.bind_address = '127.0.0.1'
|
||||
server.port = args.port if args.mode == "netfilter" else args.internal_port
|
||||
server.port = args.port
|
||||
server.verbose = False
|
||||
while True:
|
||||
server.run()
|
||||
@@ -63,27 +78,29 @@ sleep(1)
|
||||
|
||||
|
||||
#Get baseline reading
|
||||
puts(f"Baseline without proxy: ", color=colors.blue, end='')
|
||||
print(f"{getReading(args.port if args.mode == 'netfilter' else args.internal_port)} MB/s")
|
||||
puts("Baseline without proxy: ", color=colors.blue, end='')
|
||||
print(f"{getReading(args.port)} MB/s")
|
||||
|
||||
#Start firewall
|
||||
|
||||
if(firegex.nf_start_service(service_id) if args.mode == "netfilter" else firegex.px_start_service(service_id)):
|
||||
puts(f"Sucessfully started service with id {service_id} ✔", color=colors.green)
|
||||
if firegex.nf_start_service(service_id):
|
||||
puts(f"Sucessfully started service with id {service_id} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Benchmark Failed: Coulnd't start the service ✗", color=colors.red); exit_test(1)
|
||||
puts("Benchmark Failed: Coulnd't start the service ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
#Get no regexs reading
|
||||
results = []
|
||||
puts(f"Performance with no regexes: ", color=colors.yellow , end='')
|
||||
puts("Performance with no regexes: ", color=colors.yellow , end='')
|
||||
results.append(getReading(args.port))
|
||||
print(f"{results[0]} MB/s")
|
||||
|
||||
#Add all the regexs
|
||||
for i in range(1,args.num_of_regexes+1):
|
||||
regex = base64.b64encode(bytes(secrets.token_hex(16).encode())).decode()
|
||||
if(not (firegex.nf_add_regex if args.mode == "netfilter" else firegex.px_add_regex)(service_id,regex,"B",active=True,is_blacklist=True,is_case_sensitive=False) ):
|
||||
puts(f"Benchmark Failed: Coulnd't add the regex ✗", color=colors.red); exit_test(1)
|
||||
if not firegex.nf_add_regex(service_id,regex,"B",active=True,is_blacklist=True,is_case_sensitive=False):
|
||||
puts("Benchmark Failed: Coulnd't add the regex ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
puts(f"Performance with {i} regex(s): ", color=colors.red, end='')
|
||||
results.append(getReading(args.port))
|
||||
print(f"{results[i]} MB/s")
|
||||
@@ -96,9 +113,10 @@ with open(args.output_file,'w') as f:
|
||||
puts(f"Sucessfully written results to {args.output_file} ✔", color=colors.magenta)
|
||||
|
||||
#Delete the Service
|
||||
if(firegex.nf_delete_service(service_id) if args.mode == "netfilter" else firegex.px_delete_service(service_id)):
|
||||
if firegex.nf_delete_service(service_id):
|
||||
puts(f"Sucessfully delete service with id {service_id} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Couldn't delete service ✗", color=colors.red); exit(1)
|
||||
puts("Test Failed: Couldn't delete service ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
server.terminate()
|
||||
127
tests/nf_test.py
127
tests/nf_test.py
@@ -1,9 +1,12 @@
|
||||
#!/usr/bin/env python3
|
||||
from utils.colors import *
|
||||
from utils.firegexapi import *
|
||||
from utils.colors import colors, puts, sep
|
||||
from utils.firegexapi import FiregexAPI
|
||||
from utils.tcpserver import TcpServer
|
||||
from utils.udpserver import UdpServer
|
||||
import argparse, secrets, base64,time
|
||||
import argparse
|
||||
import secrets
|
||||
import base64
|
||||
import time
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("--address", "-a", type=str , required=False, help='Address of firegex backend', default="http://127.0.0.1:4444/")
|
||||
@@ -15,14 +18,17 @@ parser.add_argument("--proto", "-m" , type=str, required=False, choices=["tcp","
|
||||
|
||||
args = parser.parse_args()
|
||||
sep()
|
||||
puts(f"Testing will start on ", color=colors.cyan, end="")
|
||||
puts("Testing will start on ", color=colors.cyan, end="")
|
||||
puts(f"{args.address}", color=colors.yellow)
|
||||
|
||||
firegex = FiregexAPI(args.address)
|
||||
|
||||
#Login
|
||||
if (firegex.login(args.password)): puts(f"Sucessfully logged in ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or wrong passowrd ✗", color=colors.red); exit(1)
|
||||
if (firegex.login(args.password)):
|
||||
puts("Sucessfully logged in ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Unknown response or wrong passowrd ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
#Create server
|
||||
server = (TcpServer if args.proto == "tcp" else UdpServer)(args.port,ipv6=args.ipv6)
|
||||
@@ -30,30 +36,42 @@ server = (TcpServer if args.proto == "tcp" else UdpServer)(args.port,ipv6=args.i
|
||||
def exit_test(code):
|
||||
if service_id:
|
||||
server.stop()
|
||||
if(firegex.nf_delete_service(service_id)): puts(f"Sucessfully deleted service ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't delete serivce ✗", color=colors.red); exit_test(1)
|
||||
if(firegex.nf_delete_service(service_id)):
|
||||
puts("Sucessfully deleted service ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't delete serivce ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
exit(code)
|
||||
|
||||
service_id = firegex.nf_add_service(args.service_name, args.port, args.proto , "::1" if args.ipv6 else "127.0.0.1" )
|
||||
if service_id: puts(f"Sucessfully created service {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Failed to create service ✗", color=colors.red); exit(1)
|
||||
if service_id:
|
||||
puts("Sucessfully created service {service_id} ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Failed to create service ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
if(firegex.nf_start_service(service_id)): puts(f"Sucessfully started service ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Failed to start service ✗", color=colors.red); exit_test(1)
|
||||
if(firegex.nf_start_service(service_id)):
|
||||
puts("Sucessfully started service ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Failed to start service ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
server.start()
|
||||
time.sleep(0.5)
|
||||
if server.sendCheckData(secrets.token_bytes(432)):
|
||||
puts(f"Successfully tested first proxy with no regex ✔", color=colors.green)
|
||||
puts("Successfully tested first proxy with no regex ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Data was corrupted ", color=colors.red); exit_test(1)
|
||||
puts("Test Failed: Data was corrupted ", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
#Add new regex
|
||||
secret = bytes(secrets.token_hex(16).encode())
|
||||
regex = base64.b64encode(secret).decode()
|
||||
if(firegex.nf_add_regex(service_id,regex,"B",active=True,is_blacklist=True,is_case_sensitive=True)):
|
||||
if firegex.nf_add_regex(service_id,regex,"B",active=True,is_blacklist=True,is_case_sensitive=True):
|
||||
puts(f"Sucessfully added regex {str(secret)} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't add the regex {str(secret)} ✗", color=colors.red); exit_test(1)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't add the regex {str(secret)} ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
#Check if regex is present in the service
|
||||
n_blocked = 0
|
||||
@@ -66,35 +84,45 @@ def checkRegex(regex, should_work=True, upper=False):
|
||||
#Test the regex
|
||||
s = base64.b64decode(regex).upper() if upper else base64.b64decode(regex)
|
||||
if not server.sendCheckData(secrets.token_bytes(200) + s + secrets.token_bytes(200)):
|
||||
puts(f"The malicious request was successfully blocked ✔", color=colors.green)
|
||||
puts("The malicious request was successfully blocked ✔", color=colors.green)
|
||||
n_blocked += 1
|
||||
time.sleep(1)
|
||||
if firegex.nf_get_regex(r["id"])["n_packets"] == n_blocked:
|
||||
puts(f"The packed was reported as blocked ✔", color=colors.green)
|
||||
puts("The packed was reported as blocked ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: The packed wasn't reported as blocked ✗", color=colors.red); exit_test(1)
|
||||
puts("Test Failed: The packed wasn't reported as blocked ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
else:
|
||||
puts(f"Test Failed: The request wasn't blocked ✗", color=colors.red);exit_test(1)
|
||||
puts("Test Failed: The request wasn't blocked ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
return
|
||||
puts(f"Test Failed: The regex wasn't found ✗", color=colors.red); exit_test(1)
|
||||
puts("Test Failed: The regex wasn't found ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
else:
|
||||
if server.sendCheckData(secrets.token_bytes(200) + base64.b64decode(regex) + secrets.token_bytes(200)):
|
||||
puts(f"The request wasn't blocked ✔", color=colors.green)
|
||||
puts("The request wasn't blocked ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: The request was blocked when it shouldn't have", color=colors.red); exit_test(1)
|
||||
puts("Test Failed: The request was blocked when it shouldn't have", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
checkRegex(regex)
|
||||
|
||||
#Pause the proxy
|
||||
if(firegex.nf_stop_service(service_id)): puts(f"Sucessfully paused service with id {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't pause the service ✗", color=colors.red); exit_test(1)
|
||||
if(firegex.nf_stop_service(service_id)):
|
||||
puts(f"Sucessfully paused service with id {service_id} ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't pause the service ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
#Check if it's actually paused
|
||||
checkRegex(regex,should_work=False)
|
||||
|
||||
#Start firewall
|
||||
if(firegex.nf_start_service(service_id)): puts(f"Sucessfully started service with id {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't start the service ✗", color=colors.red); exit_test(1)
|
||||
if(firegex.nf_start_service(service_id)):
|
||||
puts(f"Sucessfully started service with id {service_id} ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't start the service ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
checkRegex(regex)
|
||||
|
||||
@@ -104,7 +132,8 @@ for r in firegex.nf_get_service_regexes(service_id):
|
||||
if(firegex.nf_disable_regex(r["id"])):
|
||||
puts(f"Sucessfully disabled regex with id {r['id']} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't disable the regex ✗", color=colors.red); exit_test(1)
|
||||
puts("Test Failed: Coulnd't disable the regex ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
break
|
||||
|
||||
#Check if it's actually disabled
|
||||
@@ -116,7 +145,8 @@ for r in firegex.nf_get_service_regexes(service_id):
|
||||
if(firegex.nf_enable_regex(r["id"])):
|
||||
puts(f"Sucessfully enabled regex with id {r['id']} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't enable the regex ✗", color=colors.red); exit_test(1)
|
||||
puts("Test Failed: Coulnd't enable the regex ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
break
|
||||
|
||||
checkRegex(regex)
|
||||
@@ -128,7 +158,8 @@ for r in firegex.nf_get_service_regexes(service_id):
|
||||
if(firegex.nf_delete_regex(r["id"])):
|
||||
puts(f"Sucessfully deleted regex with id {r['id']} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't delete the regex ✗", color=colors.red); exit_test(1)
|
||||
puts("Test Failed: Coulnd't delete the regex ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
break
|
||||
|
||||
#Check if it's actually deleted
|
||||
@@ -137,7 +168,9 @@ checkRegex(regex,should_work=False)
|
||||
#Add case insensitive regex
|
||||
if(firegex.nf_add_regex(service_id,regex,"B",active=True,is_blacklist=True,is_case_sensitive=False)):
|
||||
puts(f"Sucessfully added case insensitive regex {str(secret)} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't add the case insensitive regex {str(secret)} ✗", color=colors.red); exit_test(1)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't add the case insensitive regex {str(secret)} ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
checkRegex(regex,upper=True)
|
||||
checkRegex(regex)
|
||||
@@ -149,36 +182,22 @@ for r in firegex.nf_get_service_regexes(service_id):
|
||||
if(firegex.nf_delete_regex(r["id"])):
|
||||
puts(f"Sucessfully deleted regex with id {r['id']} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't delete the regex ✗", color=colors.red); exit_test(1)
|
||||
break
|
||||
|
||||
#Add whitelist regex
|
||||
if(firegex.nf_add_regex(service_id,regex,"B",active=True,is_blacklist=False,is_case_sensitive=True)):
|
||||
puts(f"Sucessfully added case whitelist regex {str(secret)} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't add the case whiteblist regex {str(secret)} ✗", color=colors.red); exit_test(1)
|
||||
|
||||
checkRegex(regex,should_work=False)
|
||||
checkRegex(regex,upper=True) #Dirty way to test the whitelist :p
|
||||
|
||||
#Delete regex
|
||||
n_blocked = 0
|
||||
for r in firegex.nf_get_service_regexes(service_id):
|
||||
if r["regex"] == regex:
|
||||
if(firegex.nf_delete_regex(r["id"])):
|
||||
puts(f"Sucessfully deleted regex with id {r['id']} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't delete the regex ✗", color=colors.red); exit_test(1)
|
||||
puts("Test Failed: Coulnd't delete the regex ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
break
|
||||
|
||||
#Rename service
|
||||
if(firegex.nf_rename_service(service_id,f"{args.service_name}2")): puts(f"Sucessfully renamed service to {args.service_name}2 ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't rename service ✗", color=colors.red); exit_test(1)
|
||||
if(firegex.nf_rename_service(service_id,f"{args.service_name}2")):
|
||||
puts(f"Sucessfully renamed service to {args.service_name}2 ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't rename service ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
#Check if service was renamed correctly
|
||||
for services in firegex.nf_get_services():
|
||||
if services["name"] == f"{args.service_name}2":
|
||||
puts(f"Checked that service was renamed correctly ✔", color=colors.green)
|
||||
puts("Checked that service was renamed correctly ✔", color=colors.green)
|
||||
exit_test(0)
|
||||
|
||||
puts(f"Test Failed: Service wasn't renamed correctly ✗", color=colors.red); exit_test(1)
|
||||
puts("Test Failed: Service wasn't renamed correctly ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
@@ -1,9 +1,11 @@
|
||||
#!/usr/bin/env python3
|
||||
from utils.colors import *
|
||||
from utils.firegexapi import *
|
||||
from utils.colors import colors, puts, sep
|
||||
from utils.firegexapi import FiregexAPI
|
||||
from utils.tcpserver import TcpServer
|
||||
from utils.udpserver import UdpServer
|
||||
import argparse, secrets, base64,time
|
||||
import argparse
|
||||
import secrets
|
||||
import time
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("--address", "-a", type=str , required=False, help='Address of firegex backend', default="http://127.0.0.1:4444/")
|
||||
@@ -15,14 +17,17 @@ parser.add_argument("--proto", "-m" , type=str, required=False, choices=["tcp","
|
||||
|
||||
args = parser.parse_args()
|
||||
sep()
|
||||
puts(f"Testing will start on ", color=colors.cyan, end="")
|
||||
puts("Testing will start on ", color=colors.cyan, end="")
|
||||
puts(f"{args.address}", color=colors.yellow)
|
||||
|
||||
firegex = FiregexAPI(args.address)
|
||||
|
||||
#Login
|
||||
if (firegex.login(args.password)): puts(f"Sucessfully logged in ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or wrong passowrd ✗", color=colors.red); exit(1)
|
||||
if (firegex.login(args.password)):
|
||||
puts("Sucessfully logged in ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Unknown response or wrong passowrd ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
#Create server
|
||||
server = (TcpServer if args.proto == "tcp" else UdpServer)(args.port+1,ipv6=args.ipv6,proxy_port=args.port)
|
||||
@@ -30,17 +35,26 @@ server = (TcpServer if args.proto == "tcp" else UdpServer)(args.port+1,ipv6=args
|
||||
def exit_test(code):
|
||||
if service_id:
|
||||
server.stop()
|
||||
if(firegex.ph_delete_service(service_id)): puts(f"Sucessfully deleted service ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't delete serivce ✗", color=colors.red); exit_test(1)
|
||||
if(firegex.ph_delete_service(service_id)):
|
||||
puts("Sucessfully deleted service ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't delete serivce ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
exit(code)
|
||||
|
||||
#Create and start serivce
|
||||
service_id = firegex.ph_add_service(args.service_name, args.port, args.port+1, args.proto , "::1" if args.ipv6 else "127.0.0.1", "::1" if args.ipv6 else "127.0.0.1")
|
||||
if service_id: puts(f"Sucessfully created service {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Failed to create service ✗", color=colors.red); exit(1)
|
||||
if service_id:
|
||||
puts("Sucessfully created service {service_id} ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Failed to create service ✗", color=colors.red)
|
||||
exit(1)
|
||||
|
||||
if(firegex.ph_start_service(service_id)): puts(f"Sucessfully started service ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Failed to start service ✗", color=colors.red); exit_test(1)
|
||||
if(firegex.ph_start_service(service_id)):
|
||||
puts("Sucessfully started service ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Failed to start service ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
server.start()
|
||||
time.sleep(0.5)
|
||||
@@ -48,33 +62,49 @@ time.sleep(0.5)
|
||||
#Check if it started
|
||||
def checkData(should_work):
|
||||
res = None
|
||||
try: res = server.sendCheckData(secrets.token_bytes(432))
|
||||
except (ConnectionRefusedError, TimeoutError): res = None
|
||||
try:
|
||||
res = server.sendCheckData(secrets.token_bytes(432))
|
||||
except (ConnectionRefusedError, TimeoutError):
|
||||
res = None
|
||||
if res:
|
||||
if should_work: puts(f"Successfully received data ✔", color=colors.green)
|
||||
else: puts("Test Failed: Connection wasn't blocked ✗", color=colors.red); exit_test(1)
|
||||
if should_work:
|
||||
puts("Successfully received data ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Connection wasn't blocked ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
else:
|
||||
if should_work: puts(f"Test Failed: Data wans't received ✗", color=colors.red); exit_test(1)
|
||||
else: puts(f"Successfully blocked connection ✔", color=colors.green)
|
||||
if should_work:
|
||||
puts("Test Failed: Data wans't received ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
else:
|
||||
puts("Successfully blocked connection ✔", color=colors.green)
|
||||
|
||||
checkData(True)
|
||||
|
||||
#Pause the proxy
|
||||
if(firegex.ph_stop_service(service_id)): puts(f"Sucessfully paused service with id {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't pause the service ✗", color=colors.red); exit_test(1)
|
||||
if(firegex.ph_stop_service(service_id)):
|
||||
puts(f"Sucessfully paused service with id {service_id} ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't pause the service ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
checkData(False)
|
||||
|
||||
#Start firewall
|
||||
if(firegex.ph_start_service(service_id)): puts(f"Sucessfully started service with id {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't start the service ✗", color=colors.red); exit_test(1)
|
||||
if(firegex.ph_start_service(service_id)):
|
||||
puts(f"Sucessfully started service with id {service_id} ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't start the service ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
checkData(True)
|
||||
|
||||
#Change port
|
||||
if(firegex.ph_change_destination(service_id, "::1" if args.ipv6 else "127.0.0.1", args.port+2)):
|
||||
puts(f"Sucessfully changed port ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't change destination ✗", color=colors.red); exit_test(1)
|
||||
puts("Sucessfully changed port ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't change destination ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
checkData(False)
|
||||
|
||||
@@ -86,14 +116,17 @@ time.sleep(0.5)
|
||||
checkData(True)
|
||||
|
||||
#Rename service
|
||||
if(firegex.ph_rename_service(service_id,f"{args.service_name}2")): puts(f"Sucessfully renamed service to {args.service_name}2 ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't rename service ✗", color=colors.red); exit_test(1)
|
||||
if(firegex.ph_rename_service(service_id,f"{args.service_name}2")):
|
||||
puts(f"Sucessfully renamed service to {args.service_name}2 ✔", color=colors.green)
|
||||
else:
|
||||
puts("Test Failed: Coulnd't rename service ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
#Check if service was renamed correctly
|
||||
for services in firegex.ph_get_services():
|
||||
if services["name"] == f"{args.service_name}2":
|
||||
puts(f"Checked that service was renamed correctly ✔", color=colors.green)
|
||||
puts("Checked that service was renamed correctly ✔", color=colors.green)
|
||||
exit_test(0)
|
||||
|
||||
puts(f"Test Failed: Service wasn't renamed correctly ✗", color=colors.red); exit_test(1)
|
||||
puts("Test Failed: Service wasn't renamed correctly ✗", color=colors.red)
|
||||
exit_test(1)
|
||||
|
||||
249
tests/px_test.py
249
tests/px_test.py
@@ -1,249 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
from utils.colors import *
|
||||
from utils.firegexapi import *
|
||||
from utils.tcpserver import TcpServer
|
||||
import argparse, secrets, base64,time,random
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("--address", "-a", type=str , required=False, help='Address of firegex backend', default="http://127.0.0.1:4444/")
|
||||
parser.add_argument("--password", "-p", type=str, required=True, help='Firegex password')
|
||||
parser.add_argument("--service_name", "-n", type=str , required=False, help='Name of the test service', default="Test Service")
|
||||
parser.add_argument("--port", "-P", type=int , required=False, help='Port of the test service', default=1337)
|
||||
args = parser.parse_args()
|
||||
sep()
|
||||
puts(f"Testing will start on ", color=colors.cyan, end="")
|
||||
puts(f"{args.address}", color=colors.yellow)
|
||||
|
||||
#Create and start server
|
||||
server = TcpServer(args.port,ipv6=False)
|
||||
server.start()
|
||||
time.sleep(0.5)
|
||||
|
||||
firegex = FiregexAPI(args.address)
|
||||
|
||||
#Login
|
||||
if (firegex.login(args.password)): puts(f"Sucessfully logged in ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Unknown response or wrong passowrd ✗", color=colors.red); exit(1)
|
||||
|
||||
def exit_test(code):
|
||||
if service_id:
|
||||
server.stop()
|
||||
if(firegex.px_delete_service(service_id)): puts(f"Sucessfully deleted service ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't deleted serivce ✗", color=colors.red); exit_test(1)
|
||||
exit(code)
|
||||
|
||||
#Create service
|
||||
service_id = firegex.px_add_service(args.service_name, args.port, 6140)
|
||||
if service_id: puts(f"Sucessfully created service {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Failed to create service ✗", color=colors.red); exit(1)
|
||||
|
||||
if(firegex.px_start_service(service_id)): puts(f"Sucessfully started service ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Failed to start service ✗", color=colors.red); exit_test(1)
|
||||
|
||||
#Check if service is in wait mode
|
||||
if(firegex.px_get_service(service_id)["status"] == "wait"): puts(f"Sucessfully started service in WAIT mode ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Service not in WAIT mode ✗", color=colors.red); exit_test(1)
|
||||
|
||||
#Get inernal_port
|
||||
internal_port = firegex.px_get_service(service_id)["internal_port"]
|
||||
if (internal_port): puts(f"Sucessfully got internal port {internal_port} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coundn't get internal_port ✗", color=colors.red); exit_test(1)
|
||||
|
||||
server.stop()
|
||||
server = TcpServer(internal_port,ipv6=False, proxy_port=args.port)
|
||||
server.start()
|
||||
time.sleep(1)
|
||||
|
||||
if(firegex.px_get_service(service_id)["status"] == "active"): puts(f"Service went in ACTIVE mode ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Service not in ACTIVE mode ✗", color=colors.red); exit_test(1)
|
||||
|
||||
if server.sendCheckData(secrets.token_bytes(432)):
|
||||
puts(f"Successfully tested first proxy with no regex ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Data was corrupted ", color=colors.red); exit_test(1)
|
||||
|
||||
#Add new regex
|
||||
secret = bytes(secrets.token_hex(16).encode())
|
||||
regex = base64.b64encode(secret).decode()
|
||||
if(firegex.px_add_regex(service_id,regex,"B",active=True,is_blacklist=True,is_case_sensitive=True)):
|
||||
puts(f"Sucessfully added regex {str(secret)} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't add the regex {str(secret)} ✗", color=colors.red); exit_test(1)
|
||||
|
||||
#Check if regex is present in the service
|
||||
n_blocked = 0
|
||||
|
||||
def checkRegex(regex, should_work=True, upper=False):
|
||||
if should_work:
|
||||
global n_blocked
|
||||
for r in firegex.px_get_service_regexes(service_id):
|
||||
if r["regex"] == regex:
|
||||
#Test the regex
|
||||
s = base64.b64decode(regex).upper() if upper else base64.b64decode(regex)
|
||||
if not server.sendCheckData(secrets.token_bytes(200) + s + secrets.token_bytes(200)):
|
||||
puts(f"The malicious request was successfully blocked ✔", color=colors.green)
|
||||
n_blocked += 1
|
||||
time.sleep(0.5)
|
||||
if firegex.px_get_regex(r["id"])["n_packets"] == n_blocked:
|
||||
puts(f"The packed was reported as blocked ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: The packed wasn't reported as blocked ✗", color=colors.red); exit_test(1)
|
||||
else:
|
||||
puts(f"Test Failed: The request wasn't blocked ✗", color=colors.red);exit_test(1)
|
||||
return
|
||||
puts(f"Test Failed: The regex wasn't found ✗", color=colors.red); exit_test(1)
|
||||
else:
|
||||
if server.sendCheckData(secrets.token_bytes(200) + base64.b64decode(regex) + secrets.token_bytes(200)):
|
||||
puts(f"The request wasn't blocked ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: The request was blocked when it shouldn't have", color=colors.red); exit_test(1)
|
||||
|
||||
checkRegex(regex)
|
||||
|
||||
#Pause the proxy
|
||||
if(firegex.px_pause_service(service_id)): puts(f"Sucessfully paused service with id {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't pause the service ✗", color=colors.red); exit_test(1)
|
||||
|
||||
#Check if it's actually paused
|
||||
checkRegex(regex,should_work=False)
|
||||
|
||||
#Start firewall
|
||||
if(firegex.px_start_service(service_id)): puts(f"Sucessfully started service with id {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't start the service ✗", color=colors.red); exit_test(1)
|
||||
|
||||
checkRegex(regex)
|
||||
|
||||
#Stop firewall
|
||||
if(firegex.px_stop_service(service_id)): puts(f"Sucessfully stopped service with id {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't stop the service ✗", color=colors.red); exit_test(1)
|
||||
|
||||
try:
|
||||
checkRegex(regex)
|
||||
puts(f"Test Failed: The service was still active ✗", color=colors.red); exit_test(1)
|
||||
except Exception:
|
||||
puts(f"Service was correctly stopped ✔", color=colors.green)
|
||||
|
||||
#Start firewall in pause
|
||||
if(firegex.px_pause_service(service_id)): puts(f"Sucessfully started service in pause mode with id {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't start the service ✗", color=colors.red); exit_test(1)
|
||||
|
||||
time.sleep(0.5)
|
||||
#Check if it's actually paused
|
||||
checkRegex(regex,should_work=False)
|
||||
|
||||
#Start firewall
|
||||
if(firegex.px_start_service(service_id)): puts(f"Sucessfully started service with id {service_id} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't start the service ✗", color=colors.red); exit_test(1)
|
||||
|
||||
checkRegex(regex)
|
||||
|
||||
#Disable regex
|
||||
for r in firegex.px_get_service_regexes(service_id):
|
||||
if r["regex"] == regex:
|
||||
if(firegex.px_disable_regex(r["id"])):
|
||||
puts(f"Sucessfully disabled regex with id {r['id']} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't disable the regex ✗", color=colors.red); exit_test(1)
|
||||
break
|
||||
|
||||
#Check if it's actually disabled
|
||||
checkRegex(regex,should_work=False)
|
||||
|
||||
#Enable regex
|
||||
for r in firegex.px_get_service_regexes(service_id):
|
||||
if r["regex"] == regex:
|
||||
if(firegex.px_enable_regex(r["id"])):
|
||||
puts(f"Sucessfully enabled regex with id {r['id']} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't enable the regex ✗", color=colors.red); exit_test(1)
|
||||
break
|
||||
|
||||
checkRegex(regex)
|
||||
|
||||
#Delete regex
|
||||
n_blocked = 0
|
||||
for r in firegex.px_get_service_regexes(service_id):
|
||||
if r["regex"] == regex:
|
||||
if(firegex.px_delete_regex(r["id"])):
|
||||
puts(f"Sucessfully deleted regex with id {r['id']} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't delete the regex ✗", color=colors.red); exit_test(1)
|
||||
break
|
||||
|
||||
#Check if it's actually deleted
|
||||
checkRegex(regex,should_work=False)
|
||||
|
||||
#Add case insensitive regex
|
||||
if(firegex.px_add_regex(service_id,regex,"B",active=True,is_blacklist=True,is_case_sensitive=False)):
|
||||
puts(f"Sucessfully added case insensitive regex {str(secret)} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't add the case insensitive regex {str(secret)} ✗", color=colors.red); exit_test(1)
|
||||
|
||||
checkRegex(regex,upper=True)
|
||||
checkRegex(regex)
|
||||
|
||||
#Delete regex
|
||||
n_blocked = 0
|
||||
for r in firegex.px_get_service_regexes(service_id):
|
||||
if r["regex"] == regex:
|
||||
if(firegex.px_delete_regex(r["id"])):
|
||||
puts(f"Sucessfully deleted regex with id {r['id']} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't delete the regex ✗", color=colors.red); exit_test(1)
|
||||
break
|
||||
|
||||
#Add whitelist regex
|
||||
if(firegex.px_add_regex(service_id,regex,"B",active=True,is_blacklist=False,is_case_sensitive=True)):
|
||||
puts(f"Sucessfully added case whitelist regex {str(secret)} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't add the case whiteblist regex {str(secret)} ✗", color=colors.red); exit_test(1)
|
||||
|
||||
checkRegex(regex,should_work=False)
|
||||
checkRegex(regex,upper=True) #Dirty way to test the whitelist :p
|
||||
|
||||
#Delete regex
|
||||
n_blocked = 0
|
||||
for r in firegex.px_get_service_regexes(service_id):
|
||||
if r["regex"] == regex:
|
||||
if(firegex.px_delete_regex(r["id"])):
|
||||
puts(f"Sucessfully deleted regex with id {r['id']} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't delete the regex ✗", color=colors.red); exit_test(1)
|
||||
break
|
||||
|
||||
#Rename service
|
||||
if(firegex.px_rename_service(service_id,f"{args.service_name}2")): puts(f"Sucessfully renamed service to {args.service_name}2 ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coulnd't rename service ✗", color=colors.red); exit_test(1)
|
||||
|
||||
#Check if service was renamed correctly
|
||||
found = False
|
||||
for services in firegex.px_get_services():
|
||||
if services["name"] == f"{args.service_name}2":
|
||||
puts(f"Checked that service was renamed correctly ✔", color=colors.green)
|
||||
found = True
|
||||
break
|
||||
|
||||
if not found:
|
||||
puts(f"Test Failed: Service wasn't renamed correctly ✗", color=colors.red); exit_test(1)
|
||||
exit(1)
|
||||
|
||||
#Change service port
|
||||
new_internal_port = random.randrange(6000,9000)
|
||||
if(firegex.px_change_service_port(service_id,internalPort=new_internal_port)):
|
||||
puts(f"Sucessfully changed internal_port to {new_internal_port} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't change intenral port ✗", color=colors.red); exit_test(1)
|
||||
|
||||
#Get inernal_port
|
||||
internal_port = firegex.px_get_service(service_id)["internal_port"]
|
||||
if (internal_port == new_internal_port): puts(f"Sucessfully got internal port {internal_port} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coundn't get internal_port or port changed incorrectly ✗", color=colors.red); exit_test(1)
|
||||
|
||||
if(firegex.px_regen_service_port(service_id)):
|
||||
puts(f"Sucessfully changed internal_port to {new_internal_port} ✔", color=colors.green)
|
||||
else:
|
||||
puts(f"Test Failed: Coulnd't change internal port ✗", color=colors.red); exit_test(1)
|
||||
|
||||
#Get regenerated inernal_port
|
||||
new_internal_port = firegex.px_get_service(service_id)["internal_port"]
|
||||
if (internal_port != new_internal_port): puts(f"Sucessfully got regenerated port {new_internal_port} ✔", color=colors.green)
|
||||
else: puts(f"Test Failed: Coundn't get internal port, or it was the same as previous ✗", color=colors.red); exit_test(1)
|
||||
|
||||
exit_test(0)
|
||||
@@ -18,8 +18,6 @@ echo "Running Netfilter Regex UDP ipv4"
|
||||
python3 nf_test.py -p $PASSWORD -m udp || ERROR=1
|
||||
echo "Running Netfilter Regex UDP ipv6"
|
||||
python3 nf_test.py -p $PASSWORD -m udp -6 || ERROR=1
|
||||
echo "Running Proxy Regex"
|
||||
python3 px_test.py -p $PASSWORD || ERROR=1
|
||||
echo "Running Port Hijack TCP ipv4"
|
||||
python3 ph_test.py -p $PASSWORD -m tcp || ERROR=1
|
||||
echo "Running Port Hijack TCP ipv6"
|
||||
|
||||
0
tests/utils/__init__.py
Normal file
0
tests/utils/__init__.py
Normal file
@@ -70,7 +70,7 @@ class FiregexAPI:
|
||||
return req.json()
|
||||
|
||||
def reset(self, delete: bool):
|
||||
req = self.s.post(f"{self.address}api/reset", json={"delete":delete})
|
||||
self.s.post(f"{self.address}api/reset", json={"delete":delete})
|
||||
|
||||
#Netfilter regex
|
||||
def nf_get_stats(self):
|
||||
@@ -131,84 +131,6 @@ class FiregexAPI:
|
||||
json={"name":name,"port":port, "proto": proto, "ip_int": ip_int})
|
||||
return req.json()["service_id"] if verify(req) else False
|
||||
|
||||
#Proxy regex
|
||||
def px_get_stats(self):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/stats")
|
||||
return req.json()
|
||||
|
||||
def px_get_services(self):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/services")
|
||||
return req.json()
|
||||
|
||||
def px_get_service(self,service_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/service/{service_id}")
|
||||
return req.json()
|
||||
|
||||
def px_stop_service(self,service_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/service/{service_id}/stop")
|
||||
return verify(req)
|
||||
|
||||
def px_pause_service(self,service_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/service/{service_id}/pause")
|
||||
return verify(req)
|
||||
|
||||
def px_start_service(self,service_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/service/{service_id}/start")
|
||||
return verify(req)
|
||||
|
||||
def px_delete_service(self,service_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/service/{service_id}/delete")
|
||||
return verify(req)
|
||||
|
||||
def px_regen_service_port(self,service_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/service/{service_id}/regen-port")
|
||||
return verify(req)
|
||||
|
||||
def px_change_service_port(self,service_id: str, port:int =None, internalPort:int =None):
|
||||
payload = {}
|
||||
if port: payload["port"] = port
|
||||
if internalPort: payload["internalPort"] = internalPort
|
||||
req = self.s.post(f"{self.address}api/regexproxy/service/{service_id}/change-ports", json=payload)
|
||||
return req.json() if verify(req) else False
|
||||
|
||||
def px_get_service_regexes(self,service_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/service/{service_id}/regexes")
|
||||
return req.json()
|
||||
|
||||
def px_get_regex(self,regex_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/regex/{regex_id}")
|
||||
return req.json()
|
||||
|
||||
def px_delete_regex(self,regex_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/regex/{regex_id}/delete")
|
||||
return verify(req)
|
||||
|
||||
def px_enable_regex(self,regex_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/regex/{regex_id}/enable")
|
||||
return verify(req)
|
||||
|
||||
def px_disable_regex(self,regex_id: str):
|
||||
req = self.s.get(f"{self.address}api/regexproxy/regex/{regex_id}/disable")
|
||||
return verify(req)
|
||||
|
||||
def px_add_regex(self, service_id: str, regex: str, mode: str, active: bool, is_blacklist: bool, is_case_sensitive: bool):
|
||||
req = self.s.post(f"{self.address}api/regexproxy/regexes/add",
|
||||
json={"service_id": service_id, "regex": regex, "mode": mode, "active": active, "is_blacklist": is_blacklist, "is_case_sensitive": is_case_sensitive})
|
||||
return verify(req)
|
||||
|
||||
def px_rename_service(self,service_id: str, newname: str):
|
||||
req = self.s.post(f"{self.address}api/regexproxy/service/{service_id}/rename" , json={"name":newname})
|
||||
return verify(req)
|
||||
|
||||
def px_add_service(self, name: str, port: int, internalPort:int = None):
|
||||
payload = {}
|
||||
payload["name"] = name
|
||||
payload["port"] = port
|
||||
if internalPort:
|
||||
payload["internalPort"] = internalPort
|
||||
req = self.s.post(f"{self.address}api/regexproxy/services/add" , json=payload)
|
||||
return req.json()["id"] if verify(req) else False
|
||||
|
||||
#PortHijack
|
||||
def ph_get_services(self):
|
||||
req = self.s.get(f"{self.address}api/porthijack/services")
|
||||
|
||||
Reference in New Issue
Block a user