geneva.actions.tamper

TamperAction

One of the four packet-level primitives supported by Geneva. Responsible for any packet-level modifications (particularly header modifications). It supports the following primitives: - no operation: it returns the packet given - replace: it changes a packet field to a fixed value - corrupt: it changes a packet field to a randomly generated value each time it is run - add: adds a given value to the value in a field - compress: performs DNS decompression on the packet (if applicable)

class tamper.TamperAction(environment_id=None, field=None, tamper_type=None, tamper_value=None, tamper_proto='TCP')

Bases: actions.action.Action

Defines the TamperAction for Geneva.

__init__(environment_id=None, field=None, tamper_type=None, tamper_value=None, tamper_proto='TCP')

Creates a tamper object.

Parameters:
  • environment_id (str, optional) – environment_id of a previously run strategy, used to find packet captures
  • field (str, optional) – field that the object will tamper. If not set, all the parameters are chosen randomly
  • tamper_type (str, optional) – primitive this tamper will use (“corrupt”)
  • tamper_value (str, optional) – value to tamper to
  • tamper_proto (str, optional) – protocol we are tampering
mutate(environment_id=None)

Mutate can switch between the tamper type, field.

parse(string, logger)

Parse out a given string representation of this action and initialize this action to those parameters.

Note that the given logger is a DIFFERENT logger than the logger passed to the other functions, and they cannot be used interchangeably. This logger is attached to the main GA driver, and is run outside the evaluator. When the action is actually run, it’s run within the evaluator, which by necessity must pass in a different logger.

run(packet, logger)

The tamper action runs its tamper procedure on the given packet, and returns the edited packet down the left branch.

Nothing is returned to the right branch.

tamper(packet, logger)

Edits a given packet according to the action settings.

frequency = 5