在IoT安全测试之设备通信测试方法一文测试环境部分,简单介绍了测试环境应该具有的功能及搭建方法。
其中也谈到了在持续接入设备进行测试时,应尽可能的自动化脚本化,下面介绍下自己的实践经验。
为了满足随时接入不同设备进行测试的需求,我们需要考虑实现以下内容:
能够实时查看设备状态(是否在线、IP地址、MAC、用户等信息)、规则启用状态;
随时添加新设备进行测试,多台设备测试时,能排除干扰;
随时删除某测试设备、某过滤规则;
以下是为了满足要求,所写的简单的脚本,后面详细介绍。
一、获取设备信息
DeviceInfo:需存储设备的MAC地址、设备名、绑定的用户信息,如下所示:
device.sh:脚本内容如下
workdir=/opt/seclabiot/echo ""echo "show device info"echo "======================================================================"arp -a|grep wlan0|grep -v incomplete|awk '{print $2"\t"$4}'>$workdir/ArpListawk 'NR==FNR{a[$2]=$0;next}{print a[$1]"\t"$2"\t"$3}' $workdir/ArpList $workdir/DeviceInfoecho "======================================================================"echo ""脚本执行:生成ArpList,存储连接设备的MAC地址和IP信息;显示当前连接的设备类型、IP地址、账号等信息。
二、获取NAT规则信息
nat.sh:获取当前NAT PREROUTING规则
echo ""echo "show iptables NAT PREROUTING rules"echo "======================================================================"iptables -t nat -nvL PREROUTING --line-numbersecho "======================================================================"echo ""脚本
执行结果:
三、查看当前状态
device.sh:获取当前设备状态、规则状态
root@Seclabiot:/opt/seclabiot# more status.sh ./device.sh./nat.sh
四、添加过滤规则
add.sh:添加要过滤的设备IP、代理的端口;在代理端口这里增加了判断,可自行启动代理工具;执行过程会显示当前设备状态以及规则状态;
#!/bin/bashiInf=eth0wInf=wlan0./status.shecho ""echo "Config Proxy Rule"echo "====================================================================="echo "Source IP address need to be proxyed: "read srcIPecho ""echo "Destination Ports Redirect to: "echo "Use Burpsuite:9999,Use Chales:8888,Phone:7777"read redirectPortiptables -t nat -A PREROUTING -i $wInf -s $srcIP -p tcp --dport 80 -j REDIRECT --to-ports $redirectPortiptables -t nat -A PREROUTING -i $wInf -s $srcIP -p tcp --dport 8080 -j REDIRECT --to-ports $redirectPortiptables -t nat -A PREROUTING -i $wInf -s $srcIP -p tcp --dport 443 -j REDIRECT --to-port $redirectPortiptables -t nat -A PREROUTING -i $wInf -s $srcIP -p tcp --dport 8088 -j REDIRECT --to-port $redirectPortiptables -t nat -A PREROUTING -i $wInf -s $srcIP -p tcp --dport 3414 -j REDIRECT --to-port $redirectPortcase $redirectPort in 9999 ) Burp9999=`netstat -antp|grep 9999|grep -i listen|wc -l`; if [ "$Burp9999"x = "0"x ];then sh -c "java -jar /opt/burpsuite_pro_v1-2/BurpUnlimited.jar"; echo "Please config Listen Port:9999"; fi ;& 7777 ) Burp7777=`netstat -antp|grep 7777|grep -i listen|wc -l`; if [ "$Burp7777"x = "0"x ];then sh -c "java -jar /opt/burpsuite_pro_v1-2/BurpUnlimited.jar"; echo "Please config Listen Port:7777"; fi ;& * ) ;&esacecho "====================================================================="./nat.sh执行过程:输入要代理的设备IP、代理端口
五、删除规则
clear.sh:显示当前规则内容;输入规则序号删除规则;输入all清空规则;输入end结束;
./nat.shecho "input rule number need to be cleared,input end to exit,input all to clear all rules"read ruleNowhile [[ $ruleNo != "end" ]];do case $ruleNo in all ) iptables -t nat -F PREROUTING ./nat.sh break ;; end ) exit ;; * ) iptables -t nat -D PREROUTING $ruleNo ./nat.sh echo "input rule number need to be cleared,input end to exit,input all to clear all rules" read ruleNo ;; esacdone脚本执行过程:
上述脚本初步满足IoT设备通信测试的要求,完全可以继续完善,比如打通测试流程,纳入完整的安全测试内容、测试结果的统一展示等,做成一个完整的IoT测试平台及产品安全分析展示平台。
