Comments (2)
Hi, I just tried the dissection of the OPC UA protocol with polymorph. I have generated my test environment with the following project: https://github.com/FreeOpcUa/python-opcua
I can confirm that Polymorph is capable of dissecting it:
As in this case Polymorph will use the Tshark dissectors to dissect this protocol, what happens to you means that Tshark/Wireshark has not been able to dissect it either (you can use the wireshark command from the interface where all the captured templates are found to open them with Wireshark)
Based on my experience with other protocols, this may be due to several factors. The most obvious is that the protocol presents some type of security measure, such as encryption, that prevents the dissectors from interpreting it. The other possibility is a little less obvious, for some protocols the Wireshark dissectors need to capture the beginning of the communication to be able to correctly interpret and dissect the packets, in this way, if Wireshark is capturing when the connection starts, it will correctly interpret the protocol. However, if you put it to capture in the middle of a session, it will not be able to interpret and dissect the packets, this happens, for example, with the windows remote registry protocol. I do not know what your particular casuistry is, but I recommend that you try to put Polymorph to capture before starting the session between the client and the server to check if, in this way, the tool is able to interpret the packets correctly.
PD: If the packets do not present any kind of integrity or confidentiality measure, and, even so, tshark is not able to interpret them, and, therefore, neither polymorph. Another option is to generate the template from a test environment (like the one I used) and then use that template to intercept and modify the protocol packets in real time, since once the template is generated, Polymorph does not need the tshark dissectors to modify the packages in real time, because it performs an internal representation of this template.
from polymorph.
Thank you very much for your answer. I was able to dissect the OPC UA protocol. The simulation server i used first seemes to do some encrpytion or signing even when i choosed the endpoint without security. I programmed my own server with the open62541 framework and it works.
Now i encountered another challenge. i created a template for a write response packet. Moreover i have added a precondition and an execution rule.
The packets are intercepted and modified with respect to my rules. But the server is not accepting the packets. i just change the value of the write request (changing string value for example).
I looked into the manipulated packets with wireshark everything looks fine. The OPC UA Server is responding "write failed - Bad_Timeout". Do you maybe have an idea why this isnt working?
Here are some screens:
WriteRequest packet:
Precondition
Execution
The Wireshark packets with the "BAD" string:
In Packet 127 which is the write request i have a Byte in the WriteRequest packet i dont understand. It is called:
"VSS-Monitoring ethernet trailer, Source Port: 0"
I tried the postcondition from the whitepaper too.
Iยดm just started with the topic of packet manipulation. Would be greate if you can help.
Thanks
from polymorph.
Related Issues (20)
- [Errno 100] Network is down HOT 2
- Trying to delete a existing function returns "function is not in the list" HOT 1
- KeyboardInterrupt when exit from capturing packets HOT 5
- Remove spaces at the end to avoid mistakes HOT 2
- Functions with autocomplete HOT 3
- [ERROR] Parsing field: ipv6.addr HOT 12
- Add version argument HOT 1
- iptables dependency? and ip6tables returned 3 HOT 2
- Issues with mac address values HOT 4
- Problems with the packet Dissector HOT 2
- Known working distro/version?
- RTMPT packet error decode/slice/capture HOT 1
- python importing modules into functions HOT 1
- GOOSE messages not being parsed by function HOT 2
- DNP3 decoding incorrect HOT 1
- FileNotFoundError: [Errno 2] No such file or directory: b'liblibc.a' HOT 2
- Packets are not being modified
- errors while using BPF in filters HOT 1
- problem when trying to intercept traffic in localhost
- No packets have been captured.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from polymorph.