SDN Penetration Testing (PART1) : A Step-by-Step Guide for Setting Up DELTA Framework
23rd November 2019 | by hilo21
- Seungsoo Lee (KAIST)
- Jinwoo Kim (KAIST)
- Seungwon Woo (KAIST)
- Changhoon Yoon (KAIST)
- Sandra Scott-Hayward (Queen’s University Belfast)
- Seungwon Shin (KAIST)
PS: The authors have already provided a guide for installing this framework but in this article I will take you through all the steps and problems I faced during this process.
DELTA is a SDN-Aware penetration testing framework that regenerates known attack scenarios for diverse test cases. This framework also provides the capability of discovering unknown security problems in SDN by employing a fuzzing technique.
- Agent-Manger is the control tower. It takes full control over all the agents deployed to the target SDN network.
- Application-Agent is a legitimate SDN application that conducts attack procedures and is controller-dependent. The known malicious functions are implemented as application-agent functions.
- Channel-Agent is deployed between the controller and the OpenFlow-enabled switch. The agent sniffs and modifies the unencrypted control messages. It is controller-independent.
- Host-Agent behaves as if it was a legitimate host participating in the target SDN network. The agent demonstrates an attack in which a host attempts to compromise the control plane.
In order to build and run DELTA, the following tools are required:
- An agent manager based on Ubuntu 14.04 LTS 64 bit
Ant build system
JDK 1.7 and 1.8
- Target Controller (for application agent)
Floodlight: 0.91, 1.2
ONOS: 1.1, 1.6, 1.9
OpenDaylight: Helium-sr3, Carbon
Cbench (for channel agent)
Mininet 2.1+ (for host agent)
In the case of All-In-One Single Machine (which is this article is about), three virtual machines based on Ubuntu 14.04 LTS 64bit.
- VM-1: Target controller + Application agent
- VM-2: Channel agent
- VM-3: Host agent
- Installing Java JDK 8:
Add JDK repositories to your machine to be able to locate JDK 8 dependencies:
$ sudo add-apt-repository ppa:openjdk-r/ppa $ sudo apt-get update
$ sudo apt-get install openjdk-8-jdk
Type the next command in order to list the java packages installed in your machine. As we can see in the next figure we only have installed JDK version 8.
$ sudo update-alternatives --config java
Install Maven 3.3.9:
$ wget http://apache.mirrors.lucidnetworks.net/maven/maven3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
$ sudo mkdir -p /usr/local/apache-maven
$ sudo mv apache-maven-3.3.9-bin.tar.gz /usr/local/apache-maven
$ cd /usr/local/apache-maven
$ sudo tar -xzvf apache-maven-3.3.9-bin.tar.gz
$ nano ~/.bashrc
Add this to the file:
export MAVEN_OPTS="-Xms256m -Xmx512m"
Installing DELTA :
STEP 1: Download the source files
Get the source code of DELTA on the agent manager machine
$ git clone https://github.com/OpenNetworkingFoundation/DELTA.git
Make sur that you’re in root directory.
STEP 2. Install DELTA dependencies
$ cd DELTA/tools/dev/delta-setup/
During the installation of DELTA dependencies, the framework will need to install JDK 7 to support OpenDayLight Helium but It appears Oracle has moved the download link, you can still fetch the tar ball from the oracle website after jumping through some hoops. The WebUpd8 installer is currently broken. The official explanation can be found at http://www.webupd8.org/2017/06/why-oracle-java-7-and-6-installers-no.html
Note: Installing oracle-java7-installer and oracle-java7-set-default is important because DELTA is going to use OpenDayLight Helium Controller which is based on java 7
Download & Intall JDK7
If you want to download jdk-7u80-linux-x64.tar.gz from a script without logging into to oracle it hosted locations include:
Install JDK7 after downloading the tar.gz file
$ sudo add-apt-repository ppa:webupd8team/java
$ sudo apt-get update#put the file in a temporary location:
$ sudo mv jdk-7u80-linux-x64.tar.gz /tmp/ #set local path to /tmp (or any other path)
$ echo oracle-java7-installer oracle-java7-installer/local select /tmp | \ sudo /usr/bin/debconf-set-selections #then install normally:
$ sudo apt-get install oracle-java7-installer
STEP 3. Install DELTA using maven build
$ cd DELTA/
$ source ./tools/dev/delta-setup/bash_profile
$ mvn clean install
the next step you need to install virtualbox 5.0 before running the
script that creates the Vms using Vagrant because the version supported
by the one installed by DELTA supports Virtualbox 5.0 and previous ones.
Go to :
and download the version compatible with Ubuntu 14.04 Trusty. After that go the directory where it was downloaded and install it:
You gonna get an error because the package libsdl1.2debian is not installed:
$ sudo apt-get install libsdl1.2debian
Then install Virtualbox 5.0
$ dpkg -i virtualbox-5.0_5.0.40-115130~Ubuntu~trusty_amd64.deb
STEP 4: Install three virtual machines using vagrant system
$ cd ~/DELTA/tools/dev/delta-setup/
$ cd ../vagrant/
$ vagrant up
Vagrant manages the process of creating a virtual machine based on your definitions, and uses automation tools such as Ansible and Puppet for provisioning the machine customization — installing packages, gathering information, performing tasks, etc. By running a simple vagrant up, a virtual machine will be prepared according to what was setup on the project’s configuration, and in a few minutes the project shall be up and running.
Rerun vagrant up in case of encountering errors
Now all the VMs were downloaded and the setup of vagrant file is done.
STEP 5: Configuring your own experiments.
Execute sudo without the password :
$ sudo visudo
In the bottom of the file, type the follow:
username ALL=(ALL) NOPASSWD: ALL
Configure passwd-less ssh login for the agents
First, we verify that the bashfile is well defined and contains the next code lines after typing
$ nano DELTA/tools/dev/delta-setup/bash_profile
$ source DELTA/tools/dev/delta-setup/bash_profile
$ cd ~
Log in on your host machine (in our case “sun”) as user a and generate a pair of authentication keys. Do not enter a passphrase:
$ ssh-keygen -t rsa # keep pressing enter
Now use SSH to create a directory ~/.ssh as user 10.100.100.11 on vagrant. (The directory may already exist, which is fine):
$ ssh email@example.com mkdir -p .ssh
Now you gonna be asked to give the password of the remote machine, by default its “vagrant”
Finally append your machine’s new public key to firstname.lastname@example.org:.ssh/authorized_keys and enter vagrant’s password one last time:
Repeat the same process for the other two machines and test if it works.
The agent-manager automatically reads a configuration file and sets up the test environment based on the file. DELTA/tools/config/manager_vm.cfg contains the All-In-One Single Machine configuration by default. If you want to test a real SDN environment, you should specify your own configuration file.
Setting up the controllers:
In this section we going to demonstrate how to setup the floodlight 1.2 controller, ONOS 1.9 controller and OpenDayLight Carbon controller in DELTA:
- Floodlight 1.2
$ cd DELTA/tools/dev/app-agent-setup/floodlight
- ONOS 1.6 or 1.9
$ cd DELTA/tools/dev/app-agent-setup/onos
$ ./delta-setup-onos 1.9
- OpenDaylight Carbon
$ cd DELTA/tools/dev/app-agent-setup/opendaylight
After the download of the necessary dependencies you will need to setup the ODL controller in the Controller VM. To do so, log into the email@example.com controller machine usine ssh and type the command:
If it is not executable use chmod +x to make it so.
Or you can run the virtual machine directly by typing “virtualbox &” and login by typing both for the username and the password “vagrant” then run the command ./odl-carbon-setup
The app-agent (on the controller machine) needs ‘agent.cfg’ file to connect to the agent-manager. After setting up the controllers in DELTA, verify that the /DELTA/tools/config/agent.cfg contains the following configuration:
2. Running DELTA
STEP 1: Distribute the executable files to VMs
$ cd DELTA/
$ source ./tools/dev/delta-setup/bash_profile
STEP 2: Modify VMs configurations
Before running DELTA we need to adjust some the parameters of the virtual machines:
- Turn off the VMs
- On the virtual machine add a netcard
3. Change the VM3 (mininet) settings as shown below:
these VMs came preconfigured in a vagrant file (8GB of RAM for the
Controller VM, 2GB of RAM for the Channel Agent VM and 2GB of RAM for
the Host Agent VM) you might need to change the RAM Memory parameters to
suite you computer capabilities.
STEP 3: Execute Agent-Manager first
Rerun the Vms then run DELTA by typing:
$ cd DELTA/
$ bin/run-delta tools/config/manager_vm.cfg
Go to your browser and go to http://0.0.0.0:7070 to login to the WebGUI of DELTA:
One last problem you might face!
lets try and launch an attack on Floodlight 1.2
1. Set up the configuration settings :
Target controller: Floodlight
Target Version: 1.2
OpenFlow port: 6633
Openflow version : 1.3
2. Chose the attack : Packet_IN Flooding.
3. Click: Run Selected Entries.
4. Click “Ok”
There is a chance that this problem might appear:
This means that the Host Agent can’t find the openvswitch. I solved this problem by simply login into the Mininet VM using SSH and type the password “vagrant”:
$ ssh firstname.lastname@example.org
Inside the terminal of the vagrant machine 10.100.100.13 install openvswitch dependencies:
$ sudo apt-get install openvswitch-*
Then the problem will be solved and you can start your SDN security pen-testing experience.