-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathinstructions-en.txt
46 lines (34 loc) · 2.77 KB
/
instructions-en.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Prerequisities:
1. Python 2.7.3 installed
2. modbus-tk-0.4.2 installed
a) Unzip modbus-tk-0.4.2.zip
b) python setup.py install
3. Install scapy 2.2.0 library
4. From /root/mtf, run script mtf.py with the following parameters:
python mtf.py -i <host> -s <search_mode> -z <fuzz_mode> -f <csvFile=search.csv> -p <pcap_file=packets.pcap> -r <fuzz_reguest>'
host - the IP of the remote machine (under test)
csvFile - stores search information
pcap_file - trace pcap file
fuzz_reguest - number of requests for every FC found during the identification phase (default=200)
I. python mtf.py -i 192.168.Χ.Χ -s -f, identification process, where 192.168.Χ.Χ is the IP address of the device or software with open port 502
Output:
a) generation of a file with name "search.csv". The file contains the list of supported FC and addressed of the device or software
under test.
b) generation of a file with name "dump_memory.csv", storing information for the dump memory attack (retrieve information regarding
the memory locations of the remote machine (SUT) (Address 0x Value READ_COILS", "Address 3x Value READ_INPUT_REGISTERS" etc.
c) generation of log files with name format "info_Y_m_d_H_M_S.log" (Year_Month_Day_Hour_Minute_Second.log) and
"error_Y_m_d_H_M_S.log" containing information about the executed transactions during the identification phase.
II. python mtf.py -i 192.168.Χ.Χ -s -z -f, identification process (phase 1) and then fuzzing (phase 2).
Output:
a) generation of log files with name format "info_Y_m_d_H_M_S.log" (Year_Month_Day_Hour_Minute_Second.log) and
"error_Y_m_d_H_M_S.log" containing information about the executed transactions (requests-responses) and errors.
b) generated files as I.a and I.b above.
III. python mtf.py -i 192.168.Χ.Χ -z -f fuzzing process (phase 2), assumes that the file "search.csv" already exists
(generated by phase 1 of I above).
IV. python mtf.py -i 192.168.Χ.Χ -s -f -p, identification phase based on pcap files. A "search.csv" file is generated as in I.
The file contains the list of supported FC and addresses based on the traffic read from the pcap file
(if option -z is given, then mtf.py starts automatically the fuzzing process as well).
####################################################################################################################################
prob_lis: The following list defines the probabilities of applying each fuzzing categoy (it is not dynamic, must be configured manually).
prob_list = [('payload', 0.4), ('field_ADU', 0.1), ('field pdu', 0.3),('two fields in message', 0.1),('Not_fuzz',0.1]
####################################################################################################################################