Abusing Software Defined Networks (Part Two): Using the SDN-Toolkit to Test Your Software Defined Network presented at Nullcon 2016

by Gregory Pickett,

Summary : I think that we can all agree that Software Defined Networks are awesome. But how do we know that they are safe? More importantly, how do we know that our Software Defined Network is safe? Traditional networks have plenty of tools available for testing and so do applications. But what about Software Defined Networks? What do we do? It's not like there are tools out there than we can use to test our Software Defined Network.
We'll, with the SDN-Toolkit v1.2 and it's new extensibility framework, now we can. Using templates that define the northbound API ports, paths, operations, and data elements, the SDN-Toolkit is able to talk to any SDN controller out there. Out of the box, the SDN-Toolkit v1.2 has templates for Big Switch, Opendaylight, Brocade, Cisco, HP, OpenContrail, and ONOS SDN controllers but you can make a template to talk to any controller that you want. The SDN-Toolkit can even be used with Burp to scan those controllers for vulnerabilities just like you would with SoapUI.
And in this session, I’ll demonstrate how to do that by using the SDN-Toolkit's built-in templates to identify and configure existing controllers, by showing you how to built your own template to talk to a new controller, and by using the toolkit to map the network, locate targets, and control access to the network like before. We'll even go one step further by using the SDN-Toolkit with Burp to scan the controller for vulnerabilities like SQLi, and XXE. It's about time that we have a tool for testing Software Defined Networks, and with the SDN-Toolkit, now we do.