CCgen.v2 (Covert Channel generator)
- ... 2020, FM
- Nov 2021, FIV
- Sep 2022, KM
CCgen.v2 is the refactorized version of CCgen.v1 refined and developed by Kaspar Meusburger.
Citation
If you use CCgen for your research, plese refer to our paper in:
Félix Iglesias, Fares Meghdouri, Robert Annessi, Tanja Zseby, "CCgen: Injecting Covert Channels into Network Traffic", Security and Communication Networks, vol. 2022, Article ID 2254959, 11 pages, 2022. https://doi.org/10.1155/2022/2254959
Introduction
CCgen.v2 is a tool for creating, transmitting, and retrieving covert channels into TCP/IP features and packets.
CCgen.v2 has two operation modi: (a) online, in which covert channels are generated on-the-fly and transmitted to an aimed destination address, and (b) offline, in which covert channels are injected into existing flows of pcap captures. It also shows two operation roles: (1) injector, which creates and/or injects a covert channel, and (2) extractor, which receives and/or discloses a covert channel.
CCgen.v2 is a new version of CCgen.v1 (Link: https://github.com/CN-TU/py_CCgen) and comes with following improvements and features:
-
Improvements:
- No use of mapping files anymore -> replaced by mathematic formula.
- No use of text-based configurations -> replaced by GUI with strong validation model.
- Multiple configurations of covert channel generations are possible due to queueing logic. This replaces
ccgen_wrapper_*.py
.
-
Features:
- Implementation of database to switch between different techniques and modes.
- Implementation of wrapper to inject and extract covert channels automatically
- Direct control for Spammer VM without opening any additional terminal or software.
- Strong Validation model stabilizes the software
- Easy and user-friendly GUI.
Requirements
To run this application following software and programs are needed:
- Linux debian-based operating system (Ubuntu/Debian)
- Virtualbox (Version 6.1)
Installation
For installation, run the linux bash script install.sh with the command inside a terminal:
-> sh install.sh
Run
Open Linux-terminal in the main directory of CCgen.v2. Then do following:
- Execute run script with
sh run.sh
command - Go to browser and open:
localhost:5000
CCgen.v2
(1) Dashboard
The CCgen.v2 Dashboard has three main functions:
- Queue table:
Queues generating tasks. After configuring a task, it will land here. - History table:
Already finished/done tasks are displayed here. - Control of Spammer Virtual Machine:
For online injection, a second device is needed. In this section, one can controll the second machine as well as configure it for spamming IP-packets.
(2) Configurator
The CCgen.v2 Configurator can be used to configure all four different modes: (a1) online injector, (a2) online extractor, (b1) offline injector, (b2) offline extractor.
In general, one configuration can be separated in three sub-categories:
-
General
In this section general data of one configuration are saved. It consists the name (for saving in db), input/output file paths and message (which will be injected). -
Filters
In this section the connection/conversation is defined. Therefore, filters for source/destination IP (ipv4 & ipv6), source/destination port (tcp/udp) and the ip protocol number can be configured. Depending on network mode (online/offline), the filteres are append to a pre-captured .pcap file (offline) or to the network interface (online). -
Channel & Mapping
In this section the technique to implement the covert channel is defined. The CCgen.v2 is built, that every technique has a own script. This script is referenced in this part of the configuration. Additionally it is mandatory to configure the number of bits, the layer as well as parameters and value mappings.
Parameters are used to customizeably define parameters, which are referenced in the given technique file (python script).
Value mappings are specified, if one bit value is not converted directly. (E.g. Normally "b'01" -> 1, but with specified value mapping: "b'01" -> 24) -
Config wrapper The main purpose of the CCgen-wrapper is to allow the automatic injection of multiple covert channels in the same pcap. It has three different parts:
- Searching for matching flows and creating corresponding ccGen configurations.
- Injecting the covert channels.
- Extracting the covert channels to evaluate the previous injection
This mode can be used by creating a new configuration for offline injection by clicking the Add to wrapper button after successful validation. To validate the wrapper config, click Validate button in top right corner.
For more information, read the README.md file in
~/CCgen.v2/ccgen/wrapper/README.md
.
(3) Settings
The CCgen.v2 Settings is intended to pre-configure input fields of the CCgen.v2 Configurator. This should ease the use of the configurator.
Each mode (a1,a2,b1,b2) of the configurator can have its own presets. They are saved to database after validation. If "create new config" is selected in the CCgen.v2 Configurator, the preset matching the network and direction select, is preloaded and the input fields are set with its values.
Examples
(a1) Online injection
- Go to Dashboard
localhost:5000/
- Start Spammer Virtual Machine by clicking
Start
button - Check if
Listener
isrunning
- Check if
Spammer
isrunning
- Go to Configurator
localhost:5000/configurator
- Select configuration
ipfalgs_v2s
- Select network
online
- Select direction
inject
- Adjust source ip address to your pc ip address -> find with terminal command
ifconfig
- Adjust destination ip address to ip address of SpammerVM -> find on CCgen.v2 Dashboard
- Set
IP tables queue
(default=0) - Click button
Validate
- Click button
Save config & queue simulation
(optional)
- Start
wireshark
- Capture traffic during generation
- Save capture as .pcap file
- Check injection with
offline extractor
(b2)
(a2) Online extraction
This mode was not tested with experiments.
(b1) Offline injection
- Go to Configurator
localhost:5000/configurator
- Select configuration
ipfalgs_v2s
- Select network
offline
- Select direction
inject
- Adjust input to
~/CCgen.v2/pcaps/empty.pcap
- Adjust output, preferred to
~/CCgen.v2/pcaps/ipflags_v2s.pcap
- Adjust source ip address to
200.60.153.149
- Adjust destination ip address to
15.161.162.34
- Validate
- Save config & queue simulation
(b2) Offline extraction
Follow these steps after injecting config ipflags_v2s
as described in (b1).
- Go to Configurator
localhost:5000/configurator
- Select configuration
ipfalgs_v2s
- Select network
offline
- Select direction
extract
- Adjust input to
~/CCgen.v2/pcaps/ipflags_v2s.pcap
- Adjust output, preferably to
~/CCgen.v2/out/ipflags_v2s.txt
- Adjust source ip address to
200.60.153.149
- Adjust destination ip address to
15.161.162.34
- Click button
Validate
- Click button
Save config & queue simulation