Testing Clients with Rogue Servers

Testing Clients with Rogue Servers

So far, the focus has been on building test cases to attack servers. You should also consider creating rogue servers to stress-test client applications. The first way to do this is to make a special test version of the service you use and have it instrumented in such a way that it sends invalid data to the client. Just make sure you don't ship this version to your clients! Another way is to build custom server applications that respond in ingenious and malicious ways to your client. In its simplest form, a server could accept requests from the client and send garbage back. The following example accepts any data from any client communicating with port 80 but sends junk back to the client. With some work, you could make this server code send slightly malformed data. This sample code is also available with the book's sample files in the folder Secureco2\Chapter19.

# TCPJunkServer.pl use IO::Socket; my $port = 80; my $server = IO::Socket::INET->new(LocalPort => $port, Type => SOCK_STREAM, Reuse => 1, Listen => 100) or die "Unable to open port $port: $@\n"; while ($client = $server->accept()) { my $peerip = $client->peerhost(); my $peerport = $client->peerport(); my $size = int rand 16384; my @chars = ('A'..'Z', 'a'..'z', 0..9, qw( ! @ # $ % ^ & * - + = )); my $junk = join ("", @chars[ map{rand @chars } (1 . . $size)]); print "Connection from $peerip:$peerport, "; print "sending $size bytes of junk.\n"; $client->send($junk); } close($server);



Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net