Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
Cherry Bomb Program Cherry Blossom Internal Test Procedures
4.2.30 VPN Proxy All Global Action Test
Description: Tests the VPN Proxy All action.
Setup: Plan/Assign a mission with the global action set to ‘VPN Proxy All’.
Connect two client computers to the flytrap.
Run: Verify the VPN Link is up upon receipt of the Mission. Verify (via ping)
connection to the flytrap. Verify port scan (via netcat) of a service running on the
client computer. Verify network traffic of both client computers is proxied through
the VPN Server (check proxydata directory found at
~cbuser/CherryBlossom/CherryTree/Release/proxydata).
Pass/Fail: The test passes if a valid VPN Link is created when the new Mission
is received, the VPN Server indicates a proxied connection of both Client
Computers), and the Client Computers experience no difference from normal
behavior when surfing the internet.
Note: Additional notes and information about the VPN link can be found in
<Test>/vpnProxy_configuration.txt.
4.2.31 Squid Proxy Beacon Test
Description: Test the Flytrap’s ability to Beacon normally through a squid proxy
server with a (nearly) default configuration.
Setup: Configure a proxy server (per <Test>/squid_configuration.txt) and ensure
it is available on the test network. Configure the flytrap with the designated static
IP address, set the default gateway to the proxy server’s IP address, and
manually configure the DNS servers. Recommended DNS servers are
128.18.30.66 and 216.136.95.2. Have the flytrap Beacon.
Pass/Fail: The test passes if the flytrap is able to Beacon to CherryTree via the
squid proxy. This should be confirmed in two steps: first by confirming in the
squid server log (/var/log/squid/access.log) that a connection has been
attempted; and second, by confirming the receipt of the Beacon via CherryWeb.
The access.log file shows each request that is processed, as well as its
originating IP address and destination.
4.2.32 Squid Proxy Alert Test
Description: Test the Flytrap’s ability to Alert normally through a squid proxy
server with a (nearly) default configuration.
Setup: Squid proxy setup the same as “Squid Proxy Beacon Test”. Have the
flytrap generate an Alert.
UNCLASSIFIED
37