commit 6f7e91543e9b11a47efa6ca03a0f2df4fcd438d9 Author: aagbsn aagbsn@extc.org Date: Thu Dec 6 15:25:46 2012 +0000

Add documentation for the DNSSpoof test --- docs/source/tests/dnsspoof.rst | 111 ++++++++++++++++++++++++++++++++++++++++ 1 files changed, 111 insertions(+), 0 deletions(-)

diff --git a/docs/source/tests/dnsspoof.rst b/docs/source/tests/dnsspoof.rst new file mode 100644 index 0000000..abb08e4 --- /dev/null +++ b/docs/source/tests/dnsspoof.rst @@ -0,0 +1,111 @@ +Details +======= + +*Test Name*: DNS Spoof + +*Current version*: 0.1 + +*NetTest*: DNSSpoof (https://gitweb.torproject.org/ooni-probe.git/blob/HEAD:/nettests/manipulatio...) + +*Test Helper*: DNS Test Helper (https://gitweb.torproject.org/ooni-probe.git/blob/HEAD:/oonib/testhelpers/dn...) + +*Test Type*: Traffic Manipulation + +*Requires Root*: Yes + +Description +=========== + +This test performs A queries to a test resolver and a known good control resolver. The query is considered tampered with if the two responses match. + +How to run the test +=================== + +`./bin/ooniprobe nettests/manipulation/dnsspoof.py [-s] [-k] [-i] -r <test resolver> -h <hostname> -b IP:PORT` + +*test resolver* is a single test resolver (IP address). +*hostname* is the hostname to query. +*IP:PORT* is the address of the known good "control" resolver. +*-s, --ipsrc* Do *not* check if IP src and ICMP IP citation match +*-k, --seqack* Check if TCP sequence number and ACK match in the ICMP citation +*-i, --ipid* Check if the IPID matches when processing answers + + +Sample report +============= + +From running: +`./bin/ooniprobe nettests/manipulation/dnsspoof.py -h torproject.org -r 4.2.2.2:53` + +:: + + ########################################### + # OONI Probe Report for DNS Spoof test + # Thu Dec 6 11:10:38 2012 + ########################################### + --- + options: + collector: null + help: 0 + logfile: null + pcapfile: null + reportfile: null + resume: 0 + subargs: [-h, torproject.org, -r, '4.2.2.2:53'] + test: nettests/manipulation/dnsspoof.py + probe_asn: null + probe_cc: null + probe_ip: 127.0.0.1 + software_name: ooniprobe + software_version: 0.0.7.1-alpha + start_time: 1354828238.0 + test_name: DNS Spoof + test_version: 0.10000000000000001 + ... + --- + input: null + report: + answer_flags: [ipsrc] + answered_packets: + - - raw_packet: !!binary | + RQAAfDj1AAA4EZJIBAICAn8AAAEANQA1AGjH/wAAgYAAAQAEAAAAAAp0b3Jwcm9qZWN0A29yZwAA + AQABCnRvcnByb2plY3QDb3JnAAABAAEAAADnAAQm5UgQCnRvcnByb2plY3QDb3JnAAABAAEAAADn + AARSw0tlCnRvcnByb2plY3QDb3JnAAABAAEAAADnAARWOx4oCnRvcnByb2plY3QDb3JnAAABAAEA + AADnAAQm5UgO + summary: 'IP / UDP / DNS Ans "38.229.72.16" ' + sent_packets: + - - raw_packet: !!binary | + RQAAPAABAABAEfWrfwAAAQQCAgIANQA1AChvjwAAAQAAAQAAAAAAAAp0b3Jwcm9qZWN0A29yZwAA + AQAB + summary: 'IP / UDP / DNS Qry "torproject.org" ' + test_name: test_a_lookup + test_runtime: 0.23476505279541016 + test_started: 1354810238.400979 + ... + --- + input: null + report: + answer_flags: [ipsrc] + answered_packets: + - - raw_packet: !!binary | + RQAAfGQmAAAvEWYLCAgICH8AAAEANQA1AGizfwAAgYAAAQAEAAAAAAp0b3Jwcm9qZWN0A29yZwAA + AQABCnRvcnByb2plY3QDb3JnAAABAAEAAAOEAAQm5UgQCnRvcnByb2plY3QDb3JnAAABAAEAAAOE + AARSw0tlCnRvcnByb2plY3QDb3JnAAABAAEAAAOEAARWOx4oCnRvcnByb2plY3QDb3JnAAABAAEA + AAOEAAQm5UgO + summary: 'IP / UDP / DNS Ans "38.229.72.16" ' + sent_packets: + - - raw_packet: !!binary | + RQAAPAABAABAEeuffwAAAQgICAgANQA1AChlgwAAAQAAAQAAAAAAAAp0b3Jwcm9qZWN0A29yZwAA + AQAB + summary: 'IP / UDP / DNS Qry "torproject.org" ' + test_name: test_control_a_lookup + test_runtime: 0.23965692520141602 + test_started: 1354810238.625988 + ... + --- + input: null + report: {spoofing: false} + test_name: summary + test_runtime: 0.00017499923706054688 + test_started: 1354810238.8703561 + ...