Beispiel #1
0
    def ignoreJavaSSL():
        """
        Creates a dummy socket factory that doesn't verify connections.
            HttpsURLConnection.setDefaultSSLSocketFactory(...)
        This code was taken from multiple sources.
        Only makes since in jython (java).  otherwise, just use verify=False!
        """
        import sys
        if not 'java' in sys.platform:
            raise RuntimeError('only use if platform (sys.platform) is java!')
        else:
            #===================================================================
            # set default SSL socket to ignore verification
            #===================================================================
            import javax.net.ssl.X509TrustManager as X509TrustManager # @UnresolvedImport
            class MyTrustManager(X509TrustManager):
                def getAcceptedIssuers(self,*args,**keys):
                    return None
                def checkServerTrusted(self,*args,**keys):
                    pass
                def checkClientTrusted(self,*args,**keys):
                    pass

            import com.sun.net.ssl.internal.ssl.Provider # @UnresolvedImport
            from java.security import Security # @UnresolvedImport

            Security.addProvider(com.sun.net.ssl.internal.ssl.Provider())
            trustAllCerts = [MyTrustManager()]

            import javax.net.ssl.SSLContext as SSLContext # @UnresolvedImport
            sc = SSLContext.getInstance("SSL");

            import java.security.SecureRandom as SecureRandom # @UnresolvedImport
            sc.init(None, trustAllCerts,SecureRandom())

            import javax.net.ssl.HttpsURLConnection as HttpsURLConnection # @UnresolvedImport
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())
            #===================================================================
            # Do a test!
            #===================================================================
            '''
            # setup proxy
            import java.net.Proxy as Proxy
            import java.net.InetSocketAddress as InetSocketAddress
            p = Proxy(Proxy.Type.HTTP,InetSocketAddress("host",port))

            import java.net.URL as URL
            u = URL("https://www.google.com/")
            conn = u.openConnection(p)
            print 'server response: %r',conn.getResponseCode()
            '''
            #===================================================================
            # ignore requests's error logging - this is for dev
            #===================================================================
            try:
                import requests.packages.urllib3 as urllib3
                urllib3.disable_warnings()
            except: pass

            return 'SSL verification in Java is disabled!'
def _initializeMXPI(serverName, serverPort, protocol,
                    MxpiMain5_1SoapBindingStubClass,
                    VerifyAllHostnameVerifierClass):
    serverPortName = 'MxpiMain5_1'
    namespaceURI = "urn:client.v5_1.soap.mx.hp.com"
    serviceName = "MxpiMainService"
    wsdlURL = "%s://%s:%s/mxsoap/services/%s?wsdl" % (protocol, serverName,
                                                      serverPort,
                                                      serverPortName)

    # Set trust manager
    if protocol == 'https':
        verifyAllHostnameVerifier = VerifyAllHostnameVerifierClass()
        sslContext = SSLContextManager.getAutoAcceptSSLContext()
        HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory())
        HttpsURLConnection.setDefaultHostnameVerifier(verifyAllHostnameVerifier)
        ## Set trust all SSL Socket to accept all certificates
        System.setProperty("ssl.SocketFactory.provider",
                           "TrustAllSSLSocketFactory")
        Security.setProperty("ssl.SocketFactory.provider",
                             "TrustAllSSLSocketFactory")

    # Try and initialize connection
    simBindingStub = MxpiMain5_1SoapBindingStubClass()
    simServiceFactory = ServiceFactory.newInstance()
    simService = simServiceFactory.createService(URL(wsdlURL),
                                                 QName(namespaceURI,
                                                       serviceName))
    theMxpiMain = simService.getPort(QName(namespaceURI, serverPortName),
                                            simBindingStub.getClass())
    return theMxpiMain
Beispiel #3
0
def doService(httpMethod, url, credential, requestBody=None):
    
    Security.addProvider(MySSLProvider())
    Security.setProperty("ssl.TrustManagerFactory.algorithm", "TrustAllCertificates")
    HttpsURLConnection.setDefaultHostnameVerifier(MyHostnameVerifier())
    
    urlObj = URL(url)
    con = urlObj.openConnection()
    con.setRequestProperty("Accept", "application/xml")
    con.setRequestProperty("Content-Type", "application/xml")
    con.setRequestProperty("Authorization", credential)
    con.setDoInput(True);
    
    if httpMethod == 'POST':
        con.setDoOutput(True)
        con.setRequestMethod(httpMethod)
        output = DataOutputStream(con.getOutputStream()); 
        if requestBody:
            output.writeBytes(requestBody); 
        output.close();
        
    responseCode = con.getResponseCode()
    logger.info('response code: ' + str(responseCode))
    responseMessage = con.getResponseMessage()
    logger.info('response message: ' + str(responseMessage))
    contentLength = con.getHeaderField('Content-Length')
    logger.info('content length: ' + str(contentLength))        
    
    stream = None
    if responseCode == 200 or responseCode == 201 or responseCode == 202:
        stream = con.getInputStream()
    elif contentLength:
        stream = con.getErrorStream()
        
    if stream:
        dataString = getStreamData(stream)
        logger.info(httpMethod + ' url: ' + url)
        if not url.endswith('.xsd') and len(dataString) < 4096: 
            xmlStr = Util.prettfyXmlByString(dataString)
            logger.info(httpMethod + ' result: \n\n' + xmlStr)
        else:
            logger.info('response body too big, no print out')
        if responseCode == 200 or responseCode == 201 or responseCode == 202:
            return dataString
        else:
            ''' to mark the case failed if response code is not 200-202 '''
            return None
    else:
        logger.error('')
        logger.error('---------------------------------------------------------------------------------------------------')
        logger.error('-------->>>  Input or Error stream is None, it may be a defect if it is positive test case')
        logger.error('---------------------------------------------------------------------------------------------------')
        logger.error('')
        return None
Beispiel #4
0
    def crawl(self, currentURL):
        #uses the python module urlparse to parse the URL into segments
        scheme, domain, filePath, params, query, fragment = urlparse(
            currentURL)
        ipAddr = socket.getaddrinfo(domain, 443)

        #RETRIEVE SSL CERTIFICATES (IF APPLICABLE)
        try:
            #uses the javax.net.ssl.* and java.security.cert.* libraries to obtain certificate
            factory = HttpsURLConnection.getDefaultSSLSocketFactory()
            tmpSocket = factory.createSocket(domain, 443)
            tmpSocket.startHandshake()
            session = tmpSocket.getSession()
            domainCerts = session.getPeerCertificateChain()
        except SSLHandshakeException:  #except thrown if the domain does not support SSL
            print 'javax.net.ssl.SSLHandshakeException with domain: ' + domain
        except ConnectException:
            print 'java.net.ConnectException with domain: ' + domain

        #RETRIEVE PAGE SOURCE
        pageSource = urllib.urlopen(currentURL).read()

        #PARSE PAGE SOURCE FOR LINKS
        myparser = MyParser(scheme, domain)
        myparser.parse(pageSource)
        myparser.sort_hyperlinks(depth)
        childLinks = myparser.get_hyperlinks()

        return ipAddr, domainCerts, pageSource, childLinks
Beispiel #5
0
    def crawlDomain(self, seed):
        currentURL, depth = seed
        scheme, domain, filePath, params, query, fragment = urlparse(currentURL)
        #######check for regular traffic on port 80
        #######think of a way to grab information on servers that host on non-standard ports.
        ipAddr = socket.getaddrinfo(domain, 443)
        
        #RETRIEVE SSL CERTIFICATES (IF APPLICABLE)
        try:
            #uses the javax.net.ssl.* and java.security.cert.* libraries to obtain certificate
            factory = HttpsURLConnection.getDefaultSSLSocketFactory()
            tmpSocket = factory.createSocket(domain, 443)
            tmpSocket.startHandshake()
            session = tmpSocket.getSession()
            domainCerts = session.getPeerCertificateChain()
        except SSLHandshakeException: #except thrown if the domain does not support SSL
            print 'javax.net.ssl.SSLHandshakeException with domain: ' + domain
            domainCerts = " "
        except ConnectException:
            print 'java.net.ConnectException with domain: ' + domain
            domainCerts = None
        
            
        
        tempdd = DomainDetail()     #create a temporary DomainDetail object
        tempdd.setDomainName(domain) #set the domainName value in the DomainDetail object

        #stores the IP addresses obtain from the crawlDomain() function
        ipAddresses = []
        ipAddrLen = len(ipAddr)
        for i in range (0, ipAddrLen):
            a, b, c, d, e = ipAddr[i]
            a, b = e
            oct1, sep, leftover = a.partition('.')
            oct2, sep, leftover = leftover.partition('.')
            oct3, sep, leftover = leftover.partition('.')
            oct4, sep, leftover = leftover.partition('.')
            ipAddresses.append(IPAddress(int(oct1), int(oct2), int(oct3), int(oct4)))
        tempdd.setIPAddresses(ipAddresses)
        print "IP Addresses for '" + domain + "' stored"

        #parses and stores certificate Information
        certArray = []

        if(domainCerts != None):
            chainLength = len(domainCerts)
            for i in range(0, chainLength):
                certArray.append(Certificate())
                certArray[i].setFullCertificate(pprint.pformat(domainCerts[i]))
                certArray[i].setIssuer(domainCerts[i].getIssuerDN().getName())
                certArray[i].setHierarchy(i)
                certArray[i].setSubject(domainCerts[i].getSubjectDN().getName())
                certArray[i].setValidFrom(domainCerts[i].getNotBefore())
                certArray[i].setValidTill(domainCerts[i].getNotAfter())  
                certArray[i].setBasicConstraint(0) ###DONT HOW HOW TO DO###

        tempdd.setCertificates(certArray)
        print "certs for '" + domain + "' stored"     
        
        return tempdd
Beispiel #6
0
    def testPage(self, page):
        class MyTrustManager(X509TrustManager):
            def getAcceptedIssuers(self):
                return None

            def checkClientTrusted(self, certs, auth):
                pass

            def checkServerTrusted(self, certs, auth):
                pass

        trustAllCerts = [MyTrustManager()]

        sc = SSLContext.getInstance("SSL")
        sc.init(None, trustAllCerts, SecureRandom())
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())

        class MyHostnameVerifier(HostnameVerifier):
            def verify(self, host, sess):
                return True

        HttpsURLConnection.setDefaultHostnameVerifier(MyHostnameVerifier())

        try:
            httpsURL = 'https://%s:%s/%s' % (self._host, self._port, page)
            url = URL(httpsURL)
            conn = url.openConnection()
            conn.setConnectTimeout(5000)
            conn.setRequestProperty("Accept-encoding", 'gzip,deflate,compress')
            conn.setRequestProperty(
                "User-agent",
                'https://google.com/' if 'google' not in self._host else
                'https://yandex.ru/')  # Use foreign referer

            #ist = conn.getInputStream()
            #isr = InputStreamReader(ist)
            #br = BufferedReader(isr)
            print("[BREACH] Received response: %d" % conn.getResponseCode())
            if conn.getContentEncoding() != None:
                print("[BREACH] Received Content-encoding: %s" %
                      (conn.getContentEncoding()))
                return True
        except:
            print("[BREACH] Socket timeout or an error occurred")
        return False
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
    '''Define a custom TrustManager which will blindly accept all certificates'''
 
    def checkClientTrusted(self, chain, auth):
            pass
 
    def checkServerTrusted(self, chain, auth):
            pass
 
    def getAcceptedIssuers(self):
                return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)

from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
    
from javax.net.ssl import HostnameVerifier, HttpsURLConnection
class AllHostsVerifier(HostnameVerifier):
    def verify(self, urlHostname, session):
        return True
        
HttpsURLConnection.setDefaultHostnameVerifier(AllHostsVerifier())