在IoT安全测试之设备通信测试方法一文测试环境部分,简单介绍了测试环境应该具有的功能及搭建方法。
其中也谈到了在持续接入设备进行测试时,应尽可能的自动化脚本化,下面介绍下自己的实践经验。
为了满足随时接入不同设备进行测试的需求,我们需要考虑实现以下内容:
能够实时查看设备状态(是否在线、IP地址、MAC、用户等信息)、规则启用状态;
随时添加新设备进行测试,多台设备测试时,能排除干扰;
随时删除某测试设备、某过滤规则;
以下是为了满足要求,所写的简单的脚本,后面详细介绍。
一、获取设备信息
DeviceInfo:需存储设备的MAC地址、设备名、绑定的用户信息,如下所示:
device.sh:脚本内容如下
workdir=/opt/seclabiot/
echo ""
echo "show device info"
echo "======================================================================"
arp -a|grep wlan0|grep -v incomplete|awk '{print $2"\t"$4}'>$workdir/ArpList
awk 'NR==FNR{a[$2]=$0;next}{print a[$1]"\t"$2"\t"$3}' $workdir/ArpList $workdir/DeviceInfo
echo "======================================================================"
echo ""脚本执行:生成ArpList,存储连接设备的MAC地址和IP信息;显示当前连接的设备类型、IP地址、账号等信息。
二、获取NAT规则信息
nat.sh:获取当前NAT PREROUTING规则
echo ""
echo "show iptables NAT PREROUTING rules"
echo "======================================================================"
iptables -t nat -nvL PREROUTING --line-numbers
echo "======================================================================"
echo ""脚本
执行结果:
三、查看当前状态
device.sh:获取当前设备状态、规则状态
root@Seclabiot:/opt/seclabiot# more status.sh
./device.sh
./nat.sh
四、添加过滤规则
add.sh:添加要过滤的设备IP、代理的端口;在代理端口这里增加了判断,可自行启动代理工具;执行过程会显示当前设备状态以及规则状态;
#!/bin/bash
iInf=eth0
wInf=wlan0
./status.sh
echo ""
echo "Config Proxy Rule"
echo "====================================================================="
echo "Source IP address need to be proxyed: "
read srcIP
echo ""
echo "Destination Ports Redirect to: "
echo "Use Burpsuite:9999,Use Chales:8888,Phone:7777"
read redirectPort
iptables -t nat -A PREROUTING -i $wInf -s $srcIP -p tcp --dport 80 -j REDIRECT --to-ports $redirectPort
iptables -t nat -A PREROUTING -i $wInf -s $srcIP -p tcp --dport 8080 -j REDIRECT --to-ports $redirectPort
iptables -t nat -A PREROUTING -i $wInf -s $srcIP -p tcp --dport 443 -j REDIRECT --to-port $redirectPort
iptables -t nat -A PREROUTING -i $wInf -s $srcIP -p tcp --dport 8088 -j REDIRECT --to-port $redirectPort
iptables -t nat -A PREROUTING -i $wInf -s $srcIP -p tcp --dport 3414 -j REDIRECT --to-port $redirectPort
case $redirectPort in
9999 )
Burp9999=`netstat -antp|grep 9999|grep -i listen|wc -l`;
if [ "$Burp9999"x = "0"x ];then
sh -c "java -jar /opt/burpsuite_pro_v1-2/BurpUnlimited.jar";
echo "Please config Listen Port:9999";
fi
;&
7777 )
Burp7777=`netstat -antp|grep 7777|grep -i listen|wc -l`;
if [ "$Burp7777"x = "0"x ];then
sh -c "java -jar /opt/burpsuite_pro_v1-2/BurpUnlimited.jar";
echo "Please config Listen Port:7777";
fi
;&
* )
;&
esac
echo "====================================================================="
./nat.sh执行过程:输入要代理的设备IP、代理端口
五、删除规则
clear.sh:显示当前规则内容;输入规则序号删除规则;输入all清空规则;输入end结束;
./nat.sh
echo "input rule number need to be cleared,input end to exit,input all to clear all rules"
read ruleNo
while [[ $ruleNo != "end" ]];do
case $ruleNo in
all )
iptables -t nat -F PREROUTING
./nat.sh
break
;;
end )
exit
;;
* )
iptables -t nat -D PREROUTING $ruleNo
./nat.sh
echo "input rule number need to be cleared,input end to exit,input all to clear all rules"
read ruleNo
;;
esac
done脚本执行过程:
上述脚本初步满足IoT设备通信测试的要求,完全可以继续完善,比如打通测试流程,纳入完整的安全测试内容、测试结果的统一展示等,做成一个完整的IoT测试平台及产品安全分析展示平台。