/*  Copyright (c) 2005, Applied Security, Inc.
    Jared DeMott, jdemott@appliedsec.com, www.appliedsec.com

    This file is part of ikefuzz.

    Ikefuzz is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    Ikefuzz is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with ikefuzz; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/


ikefuzz

Follow the below instructions to compile.

GENERAL:
Ikefuzz works by intercepting data (from libike) and fuzzing it
just before it's encrypted/sent out. That gives us the freedom to modify 
the pkt data as we see fit without much crypto headache.

One advantage of ikefuzz is that the FUZZ routine is called before
each pkt goes out, if the fuzziness of pkt0 didn't bother the server,
pkt2 will go out with fuzziness too.  Thus the tool runs
quicker than fuzzers that force each wave of tests to complete before the next
can begin.  

There is a 2 second delay after each attack, but I found that removing this 
was counter productive against isakmpd. It takes the tool around 3hrs to run all tests.

Ikefuzz can also send an unencyprted copy of each pkt to a different IP
so that the data can be sniffed.  This can be helpful as ethereal knows how
to break the protocol down which yields a nice visual display. Otherwise
the data can be printed to stdout by uncommenting some print lines in 
exchange.c.  

VERSION NOTES:
Version 0.0 Completed on 06/14/05.
Version 0.1 Completed on 06/17/05. - Added a few new tests

BUILD INSTUCTIONS (from the root dir of this pkg):
make -f ./x4.unix/Makefile clean		//if needed
make -f ./x4.unix/Makefile

REQUIREMENTS:
ssl

DIRECTORY STRUCTURE:
There are some docs in the ike directory that explain Libike.
I made modifications to exchange.c and added a few files (FUZZ, 
PRINT, UDPSENTTO).  I also copied the test.psk.c to ikefuzz.c
and used that as my main().

INSTRUCTIONS:
To run, simply type './ikefuzz'. 

Testing a VPN (IKE) really means testing a particular configuartion of IKE.  Be sure
to modify ./x4/test/ikefuzz.c to update the target IP, PORT (default UDP/500 is set),
phase 1 params such as psk or certs, crypto algs, etc, and also phase 2 params.
Comments in the ikefuzz.c will point you toward the correct params.

To change the number of times a test is run, which tests 
are run, or to add a new test - see ./x4/src/FUZZ.c.

To modify the printout see exchange.c.

TODO:
Add a nice UI and/or config file instead of requiring recompile, but
don't currently feel the need.

