// marshal 1.4 #include #include #include "MessageGenerator.h" #include MessageGenerator::MessageGenerator() { srand(time(0)); } std::string MessageGenerator::generateMessage(SessionInfo* info, MESSAGE_TYPE messageType, FIELD field, FUZZTYPE type, int arg1, std::string arg2) { info->incrementRequest(messageType); //stick debug int msgType = 0; /* 1 == invite 2 == bye 3 == cancel 4 == ack 5 == options 6 == register */ std::string message; switch (messageType) { case INVITE:msgType = 1; message = "INVITE"; break; case BYE:msgType = 2; message = "BYE"; break; case CANCEL:msgType = 3; message = "CANCEL"; break; case ACK:msgType = 4; message = "ACK"; break; case OPTIONS:msgType = 5; message = "OPTIONS"; break; case REGISTER:msgType = 6; message = "REGISTER"; break; } message += " sip:" + info->getDestinationName() + "@" + info->getDestinationDomain(); if (messageType != INVITE && info->getProtocol() == UDP) { message += ";transport=udp"; } message += " SIP/2.0\nVIA: SIP/2.0/"; switch (info->getProtocol()) { case TCP: message += "TCP"; break; case UDP: message += "UDP"; break; } // XXX: fixed this message += " " + /*info->getIP()*/ info->getFromDomain() + ";branch=" + info->getBranch() + "\n"; std::string _TO = info->getDestinationName() + " getDestinationName() + "@" + info->getDestinationDomain() + ">"; _TO = fuzz(_TO, TO, field, type, arg1, arg2); message += "TO: " + _TO; if (info->getToTag() != "") message += ";tag=" + info->getToTag() + "\n"; else message += "\n"; std::string _FROM = "\"" + info->getFromName() + "\" getFromName() + "@" + info->getFromDomain() + //stick 7000 ":7000>;tag=" + info->getFromTag(); _FROM = fuzz(_FROM, FROM, field, type, arg1, arg2); message += "FROM: " + _FROM + "\n"; std::string _CALLID = info->getCallID(); _CALLID = fuzz(_CALLID, CALLID, field, type, arg1, arg2); message += "CALL-ID: " + _CALLID + "\n"; message += "CSEQ: "; std::string _CSEQ = info->getSequence(); _CSEQ += " " + info->getLastRequest(); _CSEQ = fuzz(_CSEQ, CSEQ, field, type, arg1, arg2); message += _CSEQ; message += "\nMAX-FORWARDS: 70\n"; if (messageType == INVITE) { message += "CONTACT: \"" + info->getFromName() + "\" getFromName() + "@" + info->getFromDomain(); if (info->getProtocol() == UDP) message += ":7000;transport=udp>\n"; //stick 7000 else message += ">\n"; } if(true /*msgType == 2*/) { message += "Content-Length: 0\n\n"; } // adding message body if(true /*msgType == 1*/) // invite { message += "Content-Type: application/sdp\n"; //orig: /*message += "Content-Length: 347\n\n"; message += "v=0\n"; message += "o=- 3379047271 3379047271 IN IP4 192.168.1.2\n"; message += "s=SIPPER for 3CX Phone\n"; message += "c=IN IP4 192.168.1.2\n"; message += "t=0 0\n"; message += "m=audio 5062 RTP/AVP 8 0 2 3 97 110 101\n"; message += "a=rtpmap:8 PCMA/8000\n"; message += "a=rtpmap:0 PCMU/8000\n"; message += "a=rtpmap:2 G726-32/8000\n"; message += "a=rtpmap:3 GSM/8000\n"; message += "a=rtpmap:97 iLBC/8000\n"; message += "a=rtpmap:110 speex/8000\n"; message += "a=rtpmap:101 telephone-event/8000\n"; message += "a=fmtp:101 0-15\n"; message += "a=ptime:20";*/ // edited ip: /*message += "Content-Length: 349\n\n"; message += "v=0\n"; message += "o=- 3379047271 3379047271 IN IP4 192.168.1.69\n"; message += "s=SIPPER for 3CX Phone\n"; message += "c=IN IP4 192.168.1.69\n"; message += "t=0 0\n"; message += "m=audio 5060 RTP/AVP 8 0 2 3 97 110 101\n"; message += "a=rtpmap:8 PCMA/8000\n"; message += "a=rtpmap:0 PCMU/8000\n"; message += "a=rtpmap:2 G726-32/8000\n"; message += "a=rtpmap:3 GSM/8000\n"; message += "a=rtpmap:97 iLBC/8000\n"; message += "a=rtpmap:110 speex/8000\n"; message += "a=rtpmap:101 telephone-event/8000\n"; message += "a=fmtp:101 0-15\n"; message += "a=ptime:20";*/ //sivus: message += "Content-Length: 119\n\n"; message += "v=0\n"; message += "o=user 29739 7272939 IN IP4 192.168.1.5\n"; message += "s=\n"; message += "c=IN IP4 192.168.1.5\n"; message += "m=audio 49210 RTP/AVP 0 12\n"; message += "a=rtpmap:31 LPC/8000\n"; /* * Content-Length: 142 v=0 o=user 29739 7272939 IN IP4 192.168.1.5 s= c=IN IP4 192.168.1.5 m=audio 49210 RTP/AVP 0 12 m=video 3227 RTP/AVP 31 a=rtpmap:31 LPC/8000 * */ } else message += "\n0"; return message; } std::string MessageGenerator::generateTag() { std::string message; for (int i = 0; i < 8; i++) { switch (rand() % 3) { case 0: message += ('A' + rand() % 26); break; case 1: message += ('a' + rand() % 26); break; case 2: message += ('0' + rand() % 10); break; } } return message; } std::string MessageGenerator::fuzz(std::string toFuzz, FIELD fieldCalling, FIELD fieldFuzz, FUZZTYPE method, int param1, std::string param2) { if (fieldCalling == fieldFuzz) { std::string temp = ""; char* dest; int position; if (method == CONTROLINJECTION) param2 = "\n"; switch (method) { case NA: return toFuzz; break; case SHELLINJECTION: case CONTROLINJECTION: dest = new char[strlen(toFuzz.c_str()) + strlen(param2.c_str())]; dest[0] = 0; position = param1 % (strlen(toFuzz.c_str()) + 1); strncpy(dest, toFuzz.c_str(), position); dest[position] = 0; strcat(dest, param2.c_str()); strcat(dest, toFuzz.c_str() + position); temp = dest; delete dest; return temp; case REPEAT: dest = new char[param1 + 1]; dest[0] = 0; std::cout << strlen(toFuzz.c_str()) << " " << param1 + 1; while (strlen(dest) + strlen(toFuzz.c_str()) < param1) { strcat(dest, toFuzz.c_str()); } strncat(dest, toFuzz.c_str(), param1 - strlen(dest)); dest[param1] = 0; temp = dest; delete dest; return temp; } } else return toFuzz; }