[socal-piggies] Mocking sockets

Jathan McCollum jathan at gmail.com
Thu Aug 23 15:56:11 PDT 2012 

So... To close this loop. I decided it was too much work to mock almost the
entire socket library just for this thing.

One of the features I liked about FakeNet was the DNS mocking, where it
resolves every hostname to the same address, so I found a simple way to do
that in Python on ActiveState (
http://code.activestate.com/recipes/491264-mini-fake-dns-server/).

I decided to go with sshim (http://packages.python.org/sshim/) to create a
scriptable SSH server to have it behave like network devices. The project
is not complete, but the design is! :)

Much, much simpler, and can all be done within a VM. Stay tuned for code...
Someday.

Thanks for all the input!

jathan.

On Wed, Aug 1, 2012 at 12:15 PM, Howard B. Golden <howard_b_golden at yahoo.com
> wrote:

> FWIW, it seems to me that in a dynamic language, any dependency can be
> interpolated somehow. This is an existence argument only, not a
> constructive one.
>
> Howard
>
>   ------------------------------
> *From:* Steve Wedig <stevewedig at gmail.com>
> *To:* SoCal Python Interest Group <socal-piggies at lists.idyll.org>
> *Sent:* Wednesday, August 1, 2012 10:36 AM
> *Subject:* Re: [socal-piggies] Mocking sockets
>
> I see, Paramiko's socket dependency isn't inverted, so you are unable to
> provide an alternate implementation of that interface.
>
> I don't know if this will work, but you could try overriding the socket
> module's import, replacing it with your own implementation of the same
> interface.
>
> Here are some discussions that suggest it may work, as long as you
> override the import before Paramiko gets imported:
> http://stackoverflow.com/questions/1096216/override-namespace-in-python
>
> http://stackoverflow.com/questions/3012473/how-do-i-override-a-python-import
>
> On Tue, Jul 31, 2012 at 4:17 PM, Jathan McCollum <jathan at gmail.com> wrote:
>
> Ok, a little background...
>
> On the heels of BlackHat and DefCon I discovered a new tool called FakeNet
> (http://practicalmalwareanalysis.com/fakenet/) that is intended to run on
> Windows XP. It allows you to hijack all socket connections received by the
> system, and has an embedded Python 2.7.3 interpreter. I want to try using
> this for a single-system dummy test network.
>
> The catch is, because of the custom socket I/O, the _socket.so module was
> intentionally excluded. In order to do socket calls you must import
> FakeNet. Here is a simple example:
>
> def FN_NewConnection(context):
>     """Simple echo server that prints Python version upon connection"""
>     import sys
>     FakeNet.sendData(context, sys.version)
>     while True:
>         bytes = FakeNet.recvData(context, 4096)
>         if bytes == "":
>             break
>         else:
>             FakeNet.sendData(context, bytes)
>
> It's a greatly simplified interface. It handles the buildup/teardown of
> the session, and all you have to do is worry about send/recv.
>
> The device allows for custom modules. I am trying to mock an SSH server
> and actually negotiate with the client. I want to use this for... You
> guessed it... testing interaction with SSH endpoints without actually
> having to connect to anything.
>
> For this I want to use Paramiko, but the problem is that Paramiko imports
> the socket module all over the place, so I wanted to see if I could force
> it (somehow) to use FakeNet's send/recv calls, and just mock the rest.
>
> Steve, thanks for the reminder of dependency inversion. :)
>
> On Mon, Jul 30, 2012 at 6:18 PM, Andrew Kou <andrew.kou at gmail.com> wrote:
>
> Jathan,
>
> What requirements do you have of the mocked object?
>
> - Andrew
>
>
>
> On Mon, Jul 30, 2012 at 4:38 PM, Jathan McCollum <jathan at gmail.com> wrote:
>
> I have a need to mock the socket module, but without actually importing it
> first. I know some pretty sophisticated mocking can be done with Mox, but
> it requires that you import the real module into the namespace first.
>
> I am doing some work on an embedded system that doesn't have _socket.so,
> which means I can't actually import the socket module, but I need to do
> some mocking of connections.
>
> Anyone have any pointers? Thanks in advance!
>
> --
> Jathan.
> --
>
> _______________________________________________
> socal-piggies mailing list
> socal-piggies at lists.idyll.org
> http://lists.idyll.org/listinfo/socal-piggies
>
>
>
> _______________________________________________
> socal-piggies mailing list
> socal-piggies at lists.idyll.org
> http://lists.idyll.org/listinfo/socal-piggies
>
>
>
>
> --
> Jathan.
> --
>
> _______________________________________________
> socal-piggies mailing list
> socal-piggies at lists.idyll.org
> http://lists.idyll.org/listinfo/socal-piggies
>
>
>
>
> --
> Steve Wedig
> http://www.linkedin.com/in/wedig
>
> _______________________________________________
> socal-piggies mailing list
> socal-piggies at lists.idyll.org
> http://lists.idyll.org/listinfo/socal-piggies
>
>
>
> _______________________________________________
> socal-piggies mailing list
> socal-piggies at lists.idyll.org
> http://lists.idyll.org/listinfo/socal-piggies
>
>


-- 
Jathan.
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.idyll.org/pipermail/socal-piggies/attachments/20120823/b37f70af/attachment.htm>

More information about the socal-piggies mailing list