Ejemplo n.º 1
0
def response(flow: mitmproxy.http.HTTPFlow):
    """
        The full HTTP response has been read.
    """
    host = checker.check_host(flow)

    # check 307 vulnerability
    global log_file
    if host:
        if checker.check_307(flow):
            logger.write(log_file, \
                "[307] " + flow.request.pretty_url)

    # check state parameters in traffic
    global cur_state
    # if the testing website change, reset c
    if host != cur_state.current_web and host:
        cur_state.set_current_web(host)
        logger.write_info(log_file, "current_web: " + cur_state.current_web)

    cur_state.renew_state(flow, log_file)

    # check if state parameters shown at after state 2
    if cur_state.state > 0 and cur_state.state < 4 and checker.contain_state(
            flow):
        # if cur_state.renew_state(flow, log_file) != 2 and cur_state.state == 2:
        #     pass
        # else:
        cur_state.confirm_state_para()
        logger.write_info(log_file,
                          "found state= at state " + str(cur_state.state))

    # check if state parameters shown at after state 2
    if cur_state.state > 2 and cur_state.timeout(
            log_file) and not cur_state.state_para_checked:
        if not cur_state.check_state_para():
            logger.write(log_file, \
                "[STA] NO! " + cur_state.current_web)
        else:
            logger.write(log_file, \
                "[STA] OK! " + cur_state.current_web)

    # check if user info is shown, if so, login successfully
    if cur_state.state == 3:
        content = flow.response.text
        keywords = checker.contain_user_info(content)
        if keywords:
            logger.write_info(
                log_file, "found user info: " + str(keywords.keys()) +
                "\n       URL: " + flow.request.pretty_url)
            cur_state.set_state(4, log_file)
        else:
            cur_state.timeout(log_file)
    logger.info(host)
Ejemplo n.º 2
0
def request(flow: mitmproxy.http.HTTPFlow):
    """
        The full HTTP request has been read.
    """
    global log_file
    host = checker.check_host(flow)
    if host:
        if checker.check_TLS(flow):
            logger.write(log_file, \
                "[TLS] " + flow.request.pretty_url)

    if "test.xxx" in flow.request.host:
        flow.kill()

    # csrf
    global access_token
    target = "fb_access_token="
    if target in flow.request.pretty_url:
        if "longming" in flow.request.headers.keys():
            # access_token = csrf.extract_code(flow, target)
            access_token = flow.request.pretty_url
            logger.write_info(log_file, "[TOKEN] " + access_token)
            assert access_token
            logger.write_file("RAM/access_token", access_token)
            flow.kill()
        else:
            l = os.listdir('RAM')
            while not l:
                time.sleep(1)
                l = os.listdir('RAM')
            logger.write_info(
                log_file, "[ORIGIN TOKEN] " + csrf.extract_code(flow, target))
            with open('RAM/' + l[0], 'r+') as f:
                access_token = f.readlines()[0]
            logger.write_info(log_file, "[CHANGE TOKEN] " + access_token)
            assert access_token
            # assert csrf.csrf_request(flow, target, access_token)
            flow.request.url = access_token
Ejemplo n.º 3
0
    def open_connection(self, port):
        """Creates a listener to {port} 
           which will recieve the logs
           and will save them in Logs directory
        
        Arguments:
            port {string} -- The port which will bind the log listener
        """
        while True:

            #force thread to stop
            if self.stop_log_threads: break

            host = ''
            log_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            log_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
            log_socket.bind((host, port))
            log_socket.listen(5)

            try:
                log_socket, addr = log_socket.accept()
            except (OSError) as e:
                self.print_lost_connection()
                continue

            while (True):

                try:
                    data = log_socket.recv(self.BUFFER_SIZE).decode('utf-8')
                except (ConnectionAbortedError, ConnectionResetError) as e:
                    self.print_lost_connection()
                    log_socket.close()
                    break

                if not data:
                    self.info_logger.write_error(
                        'Lost connection unexpectedly from {addr} when reading filename'
                        .format(addr=addr))
                    break

                file_name = data
                logger = self.info_ground_logger if file_name == 'info.log' else self.data_ground_logger

                try:
                    data = log_socket.recv(self.BUFFER_SIZE).decode('utf-8')
                except (ConnectionAbortedError, ConnectionResetError) as e:
                    self.print_lost_connection()
                    log_socket.close()
                    break

                try:
                    total_rows = int(data)
                except:
                    self.info_logger.write_error(
                        'Exception on type casting for total rows. Data : {data}'
                        .format(data=data))
                    continue

                time.sleep(0.2)

                for _ in range(total_rows):
                    try:
                        data = log_socket.recv(
                            self.BUFFER_SIZE).decode('utf-8')
                        log_socket.sendall("Received".encode('utf-8'))
                        logger.write_info(data)
                        time.sleep(0.2)
                    except:
                        self.info_logger.write_error(
                            'Lost connection when reading log: {log}'.format(
                                log=data))
                        self.print_lost_connection()
                        break
        log_socket.close()
Ejemplo n.º 4
0
 def set_state(self, new_state, logfile=None):
     self.state = new_state
     self.state_time = time.time()
     if logfile:
         logger.write_info(logfile, "set_state " + str(new_state))