Background
When testing and analyzing network security and network anomaly, it is often necessary to construct some data packets containing specific content in the data packet payload, and there may be requirements on the location, format, etc. of these features. Because the content in the actual data packet has many unprintable binary systems, errors are easy to make when the data are constructed manually, and the efficiency is not high.
Therefore, it is necessary to provide a solution that allows a computer to automatically complete packet construction by some simple configuration.
Disclosure of Invention
In order to solve the above problems, the present invention provides an automatic construction method for a data packet load, comprising the following steps:
the method comprises the following steps: the method comprises the steps of determining the characteristic content, the deviation value and the depth of each characteristic configuration to be included in the same data packet load in advance, and determining the initial coverage range of each characteristic configuration in the data packet load according to the deviation value and the depth.
Step two: and detecting whether the initial coverage ranges of the feature configurations are overlapped, and if so, modifying the respective coverage ranges according to the respective feature content lengths so as not to be overlapped. If the modification fails, the feature configurations are not compatible, and the process is skipped. And after monitoring, executing the third step.
Step three: and D, arranging the characteristic configurations in an ascending order according to the deviation value of the coverage area adjusted in the step two.
Step four: and sequentially covering the feature contents and the offset values of each feature configuration from the first bit of the data packet load to the initial coverage area of the last feature configuration, and filling the bits which are not covered before the last feature configuration.
Further, the modified coverage areas of the feature configurations where the two initial coverage areas overlap should just not overlap.
Further, in the second step, the length of the coverage area after the modification of each feature configuration is just the length of the feature content.
Further, the filling is performed manually or by machine.
The invention has the beneficial effects that:
1. the method has high flexibility, can support the generation of various types of data packets, and can also conveniently support specific protocols such as HTTP and the like after being expanded.
2. Compared with the manual one-by-one data packet construction, the method has higher efficiency and is not easy to make mistakes.
Detailed Description
As shown in fig. 1, the present invention comprises the steps of:
the method comprises the following steps: the method comprises the steps of determining the characteristic content, the offset and the depth of each characteristic configuration to be included in the same data packet load in advance, and determining the initial coverage range of each characteristic configuration to be included in the data packet load according to the offset and the depth.
The characteristic configuration of the data packet load comprises 3 aspects of content, namely characteristic content, offset value and depth.
The feature content is typically a string or binary that occupies a fixed length of the packet.
The offset value refers to the offset of the start position of the feature content overlay of the feature configuration from the start of the packet payload (byte 0). The offset value is minimum 0 and default value is 0. If the offset value is 1, the characteristic content coverage starting position of the characteristic configuration is the 1 st byte of the data packet load.
Depth refers to the length of bytes that a feature configuration occupies in the packet payload, calculated from the offset value. If the depth is 5, the feature configuration occupies 5 bytes. The depth value is 65535 maximum and 65535 default.
The initial coverage may be represented in intervals as (offset value, offset value + depth value), i.e. starting from (including) the offset value and ending with (not including) the offset value + depth value. The offset value for byte 0 of the data packet is 0, the offset value for byte 1 is 1, the offset value for byte 2 is 2. For example, the initial coverage of the feature configuration is (1, 5), the length of the feature content is 3, the initial coverage is from the 1 st byte to the 4 th byte of the packet, and the feature content can be configured in two ways in the packet payload, i.e., from the 1 st byte to the 3 rd byte of the packet payload and from the 2 nd byte to the 4 th byte of the packet payload.
Step two: detecting whether the initial coverage ranges of the feature configurations are overlapped, and if so, modifying the respective coverage ranges according to the respective feature content lengths to ensure that the coverage ranges are not overlapped; if the modification is failed, indicating that the feature configurations are incompatible, and jumping out of the process; after the monitoring is finished, executing a third step;
preferably, the modified coverage areas of the feature configurations with the two initial coverage areas overlapping should just not overlap. The length of the coverage range of each modified feature configuration is just the length of the feature content, so that the size of the data packet is reduced as much as possible while the feature content is ensured to be identifiable, and the subsequent expansion is more convenient.
Step three: arranging the feature configurations in ascending order according to the deviation value of the coverage area adjusted in the second step;
step four: and sequentially covering the feature contents and the offset values of each feature configuration from the first bit of the data packet load to the initial coverage area of the last feature configuration, and filling the bits which are not covered before the last feature configuration.
The way of filling is to let the machine fill the required filling values manually or by configuration. For example, the padding is directly used, and the data is directly set to 0.
The above method is described in detail below with specific examples.
Assume that each bit of the loaded packet is the 0 th byte, the 1 st byte, the 2 nd byte, the 3 rd byte, the 4 th byte, the 5 th byte, the 6 th byte, the 7 th byte, the 8 th byte, the 9 th byte, the 10 th byte, and the 11 th byte in sequence.
For example, there are A, B, C three feature values:
assume a that the initial coverage is (0, 2), i.e. the initial coverage is 0 th byte to 1 st byte, and the characteristic content length is 2.
Assume B has an initial coverage of (4, 10), i.e., an initial coverage of 4 th byte to 9 th byte, and a characteristic content length of 3.
Assume that C has an initial coverage of (5, 11), i.e., an initial coverage of 5 th byte to 10 th byte, and a characteristic content length of 3.
A, B, C the total initial coverage range is from byte 0 of the packet payload to byte 11, within which A, B, C needs to be reasonably configured. A. B has no overlap, no adjustment is needed for a, and there are padding areas between A, B. B. The initial coverage of C overlaps from the 5 th byte to the 9 th byte, and the respective initial coverage needs to be adjusted according to the characteristic content length, so that the two just do not overlap.
A is adjusted to be (0, 2), and the padding blocks between A, B are bytes 2 to 3;
b is adjusted to (4, 7), i.e. the coverage is from byte 4 to byte 6. C is adjusted to (7, 10), no padding block between B, C is empty, and the padding blocks after C are bytes 10 to 11.
Of course, if the first feature configuration a has an offset greater than 0, then the bytes before a need to be padded from the 0 th byte as well. If A is (1, 3), the length is 2, and the initial coverage range is from 1 st byte to 2 nd byte; this indicates that the 0 th byte needs to be padded.