A6-MITM is a program which mutates packets using ENIP (Ethernet/IP) and CIP (Common Industrial Protocol) protocols.
This project has been created to help analyzing the behavior of SWaT, a water treatment testbed built at SUTD (Singapore University of Technology and Design).
Hardware
- Ubuntu OS
- Laptop with at least two network interfaces
Software
- Python 2.7
- Bridge Control (https://help.ubuntu.com/community/NetworkConnectionBridge)
- NetfilterQueue (https://github.com/kti/python-netfilterqueue)
- Scapy (http://www.secdev.org/projects/scapy/)
- Ethernet/IP dissectors for Scapy (https://github.com/scy-phy/scapy-cip-enip)
- Ensure the device is physically connected in the middle of two PLCs.
- Edit start.sh to bridge the two network adaptors.
- Edit mutate.py Line 202 with the incoming Ethernet interface.
Mutation Name | Code | Description |
---|---|---|
Add static 𝛿 | ASD(𝛿) | Adds/subtracts an absolute, unchanging 𝛿 to state measurements |
Add Limits 𝛿 | ALD(𝛿) | Adds/subtracts random value between -𝛿 and +𝛿 to state measurements |
Add Random 𝛿 | ARD(𝛿1,𝛿2) | Adds/subtracts a random value between 𝛿1and 𝛿2to state measurements |
Set to Zero | STZ | Sets state measurement to zero |
Set to One | STO | Sets state measurement to one" |
Set to Static | STS(𝛿) | Sets state measurement to static value |
Set to Random | STR(𝛿1,𝛿2) | Set state measurement to a random value between 𝛿1and 𝛿2 |
Bit Shift Left | BSL(𝛿) | Sets state measurement is bit-shifted to left by 𝛿 bits |
Bit Shift Right | BSR(𝛿) | Sets state measurement is bit-shifted to right by 𝛿 bits |