Jul 14, 2009

Finding Bigfoot

by Dennis Cox

Recently, one of our folks on the International team had a request for web mail protocols for use in testing; Gmail, Yahoo, etc. Pretty standard stuff, so Mike Hamilton, Director of Product Marketing, made the applications via our Custom Application Toolkit for the customer. When we discovered what the customer was planning on doing with the application protocols we decided to take it to the next level.

This customer wants to search for keywords in e-mails across webmail protocols. The ability to generate traffic with and without certain content is something we have been able to do with our product since day one. You simply create two (or more) Super Flows, assign them to an application protocol and use the weights to vary how much of any one Super Flow shows up. However, we thought it would be great to give the users a few more options than the standard user supplied parameters or random data.

Tod Beardsley, BreakingPoint Labs security researcher, decided to rewrite Mike's original webmail protocol with a slightly different angle. Check out the screenshots below.

[Click Image for Expanded View]

As you can see you get the standard e-mail controls (to, from, subject, etc.). But you also get the ability to select a language dictionary from which to generate the random words. You can specify the minimum and maximum number of words to generate along with a list of keywords. The Super Flow also supports random generation of file attachments or user specified file attachments. You can even control the size of the attachments.

In this case you create two Super Flows, one with the keywords enabled and one with them disabled. Put both of the Super Flows in an Application Profile and assign that to an Application Simulator component and off you go. Remember to use the weights to assign how often you want to see one traffic over another.

My favorite part is that all this functionality was added via a Strike Pack. No software release. All of our customers get this new functionality along with the latest applications and security strikes that come out in the Strike Packs.