tiiuae · leivos-unikie · Jan 8, 2025 · Dec 30, 2024
diff --git a/Robot-Framework/resources/ssh_keywords.resource b/Robot-Framework/resources/ssh_keywords.resource
@@ -397,6 +397,21 @@ Get wifi IP
     END
     IF   ${status} == False    FAIL    NetVM hasn't gotten an IP
 
+Get Virtual Network Interface IP
+    [Documentation]     Parse ifconfig output and look for ethint0 IP
+    ${if_name}=    Set Variable   ethint0
+    FOR    ${i}    IN RANGE    20
+        ${output}     Execute Command      ifconfig
+        Log           ${output}
+        ${ip}         Get ip from ifconfig    ${output}   ${if_name}
+        IF  $ip != '${EMPTY}'
+            Log       ${ip}
+            RETURN    ${ip}
+        END
+        Sleep    1
+    END
+    FAIL    IP address not found.
+
 Check if ssh is ready on device
     [Arguments]    ${timeout}=30
     ${is_ready}    Set Variable    False

diff --git a/Robot-Framework/test-suites/security-tests/__init__.robot b/Robot-Framework/test-suites/security-tests/__init__.robot
@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2022-2024 Technology Innovation Institute (TII)
+# SPDX-License-Identifier: Apache-2.0
+
+*** Settings ***
+Documentation       Security tests
+Resource            ../../resources/ssh_keywords.resource
+Resource            ../../resources/connection_keywords.resource
+Suite Setup         Initialize Variables And Connect
+Suite Teardown      Close All Connections
diff --git a/Robot-Framework/test-suites/security-tests/ip_spoofing_test.robot b/Robot-Framework/test-suites/security-tests/ip_spoofing_test.robot
@@ -0,0 +1,89 @@
+# SPDX-FileCopyrightText: 2022-2024 Technology Innovation Institute (TII)
+# SPDX-License-Identifier: Apache-2.0
+
+*** Settings ***
+Resource            ../../config/variables.robot
+Resource            ../../resources/ssh_keywords.resource
+Resource            ../../resources/common_keywords.resource
+
+*** Variables ***
+${connection}
+${ip_server}
+
+*** Test Cases ***
+
+Test IP spoofing
+    [Documentation]   Test if it's possible to steal packets via ip spoofing
+    [Tags]            SP-T128   lenovo-x1   ipspoofing
+    Set Suite Variable                ${server_vm}   ${GALA_VM}
+    Set Suite Variable                ${client_vm}   ${COMMS_VM}
+    Set Suite Variable                ${stealer_vm}  ${CHROME_VM}
+    Prepare netcat server script
+    Prepare netcat client script
+    Prepare netcat stealer script
+    Launch netcat test script         ${server_vm}   nc_server
+    Launch netcat test script         ${client_vm}   nc_client
+    Launch netcat test script         ${stealer_vm}  nc_stealer
+    Log To Console                    Waiting 40 sec for the test to finish
+    Sleep                             40
+    Close All Connections
+    Check the result files
+
+
+*** Keywords ***
+
+Prepare netcat server script
+    Connect to netvm
+    Check if ssh is ready on vm       ${server_vm}
+    Connect to VM                     ${server_vm}
+    ${ip_server}                      Get Virtual Network Interface IP
+    Set Suite Variable                ${ip_server}  ${ip_server}
+    Put File                          security-tests/nc_server   /tmp
+    Execute Command                   chmod 777 /tmp/nc_server
+
+Prepare netcat client script
+    Connect to netvm
+    Check if ssh is ready on vm       ${client_vm}
+    Connect to VM                     ${client_vm}
+    Put File                          security-tests/nc_client   /tmp
+    Execute Command                   echo 'ip_server=${ip_server}' > /tmp/tmp_file
+    Execute Command                   cat /tmp/nc_client >> /tmp/tmp_file
+    Execute Command                   cp /tmp/tmp_file /tmp/nc_client
+    Execute Command                   chmod 777 /tmp/nc_client
+
+Prepare netcat stealer script
+    Connect to netvm
+    Check if ssh is ready on vm       ${stealer_vm}
+    Connect to VM                     ${stealer_vm}
+    ${ip_stealer}                     Get Virtual Network Interface IP
+    Put File                          security-tests/nc_stealer   /tmp
+    Execute Command                   echo 'ip_server=${ip_server}\nip_stealer=${ip_stealer}' > /tmp/tmp_file
+    Execute Command                   cat /tmp/nc_stealer >> /tmp/tmp_file
+    Execute Command                   cp /tmp/tmp_file /tmp/nc_stealer
+    Execute Command                   chmod 777 /tmp/nc_stealer
+
+Launch netcat test script
+    [Arguments]                       ${vm}  ${script_name}
+    Connect to VM                     ${vm}
+    Run Keyword And Ignore Error      Execute Command  -b /tmp/${script_name}  sudo=True  sudo_password=${PASSWORD}  timeout=3
+
+Check the result files
+    Connect
+    Connect to netvm
+    Check if ssh is ready on vm       ${stealer_vm}
+    Connect to VM                     ${stealer_vm}
+    ${stolen}                         Execute Command    cat /tmp/stolen.txt | grep packet
+    Log                               ${stolen}
+    ${stealer_log}                    Execute Command    cat /tmp/stolen.txt
+    Log                               ${stealer_log}
+    Connect to VM                     ${server_vm}
+    ${server_received}                Execute Command    cat /tmp/server_received.txt | grep packet
+    Log                               ${server_received}
+    ${server_log}                     Execute Command    cat /tmp/server_received.txt
+    Log                               ${server_log}
+    IF  $stolen != '${EMPTY}'
+        FAIL    Stealer VM managed to receive packets via ip spoofing
+    END
+    IF  $server == '${EMPTY}' and $stolen == '${EMPTY}'
+        FAIL    No packets received by server or stealer VM
+    END
diff --git a/Robot-Framework/test-suites/security-tests/nc_client b/Robot-Framework/test-suites/security-tests/nc_client
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2022-2024 Technology Innovation Institute (TII)
+# SPDX-License-Identifier: Apache-2.0
+
+# This will be automatically written to the file when running the test
+# ip_server=
+
+for i in {1..35}
+do
+  echo " ---- packet $i " | nc -w 1 ${ip_server} 5201
+  sleep 1.5
+done
diff --git a/Robot-Framework/test-suites/security-tests/nc_server b/Robot-Framework/test-suites/security-tests/nc_server
@@ -0,0 +1,14 @@
+# SPDX-FileCopyrightText: 2022-2024 Technology Innovation Institute (TII)
+# SPDX-License-Identifier: Apache-2.0
+
+sudo iptables -F
+
+echo "" > /tmp/server_received.txt
+
+for i in {1..30}
+do
+  echo "" >> /tmp/server_received.txt
+  echo "iteration $i - $(date)" >> /tmp/server_received.txt
+  timeout 1.7 nc -l 5201 >> /tmp/server_received.txt 2>&1
+  sleep 0.5
+done
diff --git a/Robot-Framework/test-suites/security-tests/nc_stealer b/Robot-Framework/test-suites/security-tests/nc_stealer
@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2022-2024 Technology Innovation Institute (TII)
+# SPDX-License-Identifier: Apache-2.0
+
+# These will be automatically written to the file when running the test
+# ip_server=
+# ip_stealer=
+
+sudo iptables -F
+
+echo "" > /tmp/stolen.txt
+
+for i in {1..30}
+do
+  echo "" >> /tmp/stolen.txt
+  echo "iteration $i - $(date)" >> /tmp/stolen.txt
+  sudo ifconfig ethint0 ${ip_server} netmask 255.255.255.0 up
+  sleep 0.3
+  sudo ifconfig ethint0 ${ip_server} netmask 255.255.255.0 up
+  sleep 0.3
+  timeout 1 nc -l 5201 >> /tmp/stolen.txt 2>&1
+  sudo ifconfig ethint0 ${ip_stealer} netmask 255.255.255.0 up
+  sleep 0.3
+done