# coding: utf-8

from sulley import *
import random
import time

cseq=0
callid=""

def new_request(sock):
    global callid
    callid = ""
    for i in range(10):
        callid += random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')

def terminate_request(sock):
    time.sleep(0)
        
def callback_invite(node, edge, last_recv, sock):
    global cseq
    cseq = 20
    
def callback_cancel(node, edge, last_recv, sock):
    global cseq
    cseq = 20
    
def callback_ack(node, edge, last_recv, sock):
    global cseq
    cseq = 20
    
def callback_bye(node, edge, last_recv, sock):
    global cseq
    cseq = 21
    
def cseq_value(val):
    global cseq
    if int(val) == 0:
        return str(cseq)
    return val

def callid_value(val):
    global callid
    if val == "":
        return callid
    return val
    
###############################################################################
# the invite message in a SIP session
s_initialize("SIP INVITE")

# starts with a method line
s_string("INVITE",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("SIP/2.0",fuzzable=False)
s_string("\r\n",fuzzable=True)

# "Via" header
s_string("Via",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("SIP/2.0/UDP",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("192.168.1.135:5060",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("rport",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("branch",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("z9hG4bK",fuzzable=False)
s_string("fffff",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Max forwards" header
s_string("Max-Forwards",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("70",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "From" header
s_string("From",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("tag",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("1234",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "To" header (RFC3261 specify an invite MUST NOT contain a To header...)
s_string("To",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Call-ID" header
s_string("Call-ID",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
if s_block_start("invite_callid_value",encoder=callid_value):
    s_string(callid,size=10,fuzzable=False)
s_block_end()
s_delim("\r\n",fuzzable=False)

# "CSeq" header
s_string("CSeq",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
if s_block_start("invite_cseq_value",encoder=cseq_value):
    s_int(cseq,format="ascii",fuzzable=False)
s_block_end()
s_delim(" ",fuzzable=False)
s_string("INVITE",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Contact" header
s_string("Contact",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_delim("<",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("transport",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("udp",fuzzable=False)
s_delim(">",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Content Type" header
s_string("Content-Type",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("application/sdp",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Content Length" header
s_string("Content-Length",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_size("invite body",format="ascii",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# Empty line required by RFC
s_delim("\r\n",fuzzable=False)

# Message Body (optional)
if s_block_start("invite body"):
    s_string("v=0\r\no=uac 123456 654321 IN IP4 192.168.1.135\r\ns=A conversation\r\nc=IN IP4 192.168.1.135\r\nt=0 0\r\nm=audio 7078 RTP/AVP 112\r\na=rtpmap:112 speex/32000/1\r\na=fmtp:112 vbr=on\r\n",fuzzable=False)
s_block_end()

###############################################################################
# the cancel message in a SIP session
s_initialize("SIP CANCEL")

# starts with a method line
s_static("CANCEL")
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("SIP/2.0",fuzzable=False)
s_string("\r\n",fuzzable=False)

# "Via" header
s_string("Via",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("SIP/2.0/UDP",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden:5060",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("branch",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("z9hG4bK",fuzzable=False)
s_string("fffff",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Max forwards" header
s_string("Max-Forwards",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("70",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "From" header
s_string("From",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("tag",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("1234",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "To" header (RFC3261 specify an invite MUST NOT contain a To header...)
s_string("To",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Call-ID" header
s_string("Call-ID",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
if s_block_start("invite_callid_value",encoder=callid_value):
    s_string(callid,size=10,fuzzable=False)
s_block_end()
s_delim("\r\n",fuzzable=False)

# "CSeq" header
s_string("CSeq",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
if s_block_start("invite_cseq_value",encoder=cseq_value):
    s_int(cseq,format="ascii",fuzzable=False)
s_block_end()
s_delim(" ",fuzzable=False)
s_string("CANCEL",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# Empty line required by RFC
s_delim("\r\n",fuzzable=False)


###############################################################################
# the bye message in a SIP session
s_initialize("SIP BYE")

# starts with a method line
s_static("BYE")
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("SIP/2.0",fuzzable=False)
s_string("\r\n",fuzzable=False)

# "Via" header
s_string("Via",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("SIP/2.0/UDP",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("192.168.1.135:5060",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("rport",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("branch",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("z9hG4bK",fuzzable=False)
s_string("fffff",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Max forwards" header
s_string("Max-Forwards",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("70",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "From" header
s_string("From",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("tag",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("1234",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "To" header (RFC3261 specify an invite MUST NOT contain a To header...)
s_string("To",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Call-ID" header
s_string("Call-ID",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
if s_block_start("invite_callid_value",encoder=callid_value):
    s_string(callid,size=10,fuzzable=False)
s_block_end()
s_delim("\r\n",fuzzable=False)

# "CSeq" header
s_string("CSeq",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
if s_block_start("invite_cseq_value",encoder=cseq_value):
    s_int(cseq,format="ascii",fuzzable=False)
s_block_end()
s_delim(" ",fuzzable=False)
s_string("BYE",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Contact" header
s_string("Contact",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_delim("<",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("transport",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("udp",fuzzable=False)
s_delim(">",fuzzable=False)
s_delim("\r\n",fuzzable=False)


# Empty line required by RFC
s_delim("\r\n",fuzzable=False)

###############################################################################
# the ack message in a SIP session
s_initialize("SIP ACK")

# starts with a method line
s_static("ACK")
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("SIP/2.0",fuzzable=False)
s_string("\r\n",fuzzable=False)

# "Via" header
s_string("Via",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("SIP/2.0/UDP",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("192.168.1.135:5060",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("rport",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("branch",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("z9hG4bK",fuzzable=False)
s_string("fffff",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Max forwards" header
s_string("Max-Forwards",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("70",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "From" header
s_string("From",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("tag",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("1234",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "To" header (RFC3261 specify an invite MUST NOT contain a To header...)
s_string("To",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Call-ID" header
s_string("Call-ID",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
if s_block_start("invite_callid_value",encoder=callid_value):
    s_string(callid,size=10,fuzzable=False)
s_block_end()
s_delim("\r\n",fuzzable=False)

# "CSeq" header
s_string("CSeq",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
if s_block_start("invite_cseq_value",encoder=cseq_value):
    s_int(cseq,format="ascii",fuzzable=False)
s_block_end()
s_delim(" ",fuzzable=False)
s_string("ACK",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# "Contact" header
s_string("Contact",fuzzable=False)
s_delim(":",fuzzable=False)
s_delim(" ",fuzzable=False)
s_delim("<",fuzzable=False)
s_string("sip:address@hidden",fuzzable=False)
s_delim(";",fuzzable=False)
s_string("transport",fuzzable=False)
s_delim("=",fuzzable=False)
s_string("udp",fuzzable=False)
s_delim(">",fuzzable=False)
s_delim("\r\n",fuzzable=False)

# Empty line required by RFC
s_delim("\r\n",fuzzable=False)
    
###############################################################################
    
sess = sessions.session(sleep_time=1, proto="udp", timeout=1, bind=("192.168.1.135",5060))

#Setup Target IP
target = sessions.target("192.168.1.118", 5060)
sess.add_target(target)
sess.pre_send=new_request
sess.post_send=terminate_request

#Setup session graph
sess.connect(s_get("SIP INVITE"),callback=callback_invite)
sess.connect(s_get("SIP INVITE"),s_get("SIP CANCEL"),callback=callback_cancel)
sess.connect(s_get("SIP INVITE"),s_get("SIP ACK"),callback=callback_ack)
sess.connect(s_get("SIP ACK"),s_get("SIP BYE"),callback=callback_bye)
sess.fuzz()