"""
import cherryproxy
from pyclamd import pyclamd
# you may need to change this
CLAMD_SOCKET = '/var/run/clamav/clamd.ctl'
class CherryProxyAV(cherryproxy.CherryProxy):
def __init__(self, *args, **kwargs):
super(CherryProxyAV, self).__init__(*args, **kwargs)
try:
self.av = pyclamd.ClamdUnixSocket(CLAMD_SOCKET)
self.av.ping()
except pyclamd.ConnectionError:
raise ValueError('Could not connect to clamd server is %s' % CLAMD_SOCKET)
def filter_response(self):
result = self.av.scan_stream(self.resp.data)
if result:
msg = 'Response blocked due to potential threat'
body = '%s\n\n%r' % (msg, result)
self.req.log.warning("%r" % msg)
self.set_response_forbidden(reason=msg, data=body)
if __name__ == "__main__":
cherryproxy.main(CherryProxyAV)
count_get = a[0]
status_get = a[1]
pcap_name = a[2]
content_length = int(a[3])
wait_time = int(ceil(content_length / float(10000)))
list_item = int(pcap_enum[pcap_name])
#print ">>>>", pcap_enum, type(list_item)
#print a[0]
data_get = responses_list[list_item][a[0] - 1]
#print responses_list[list_item][39]
resp_header = responses_list[list_item]
#print len(responses_list[list_item])
type_get = responses_headers_list[list_item][a[0] -
1]['content-type']
#print type_get
#print data_get
self.set_response(int(status_get),
"Response",
data=data_get,
content_type=type_get)
time.sleep(wait_time)
else:
self.set_response(404,
"Response",
data="madmax",
content_type='text/plain')
cherryproxy.main(CherryProxy_tcpreplay)
def filter_response_headers(self):
pass
def filter_response(self):
global request_uri
global req_method
global req_uri
global conunt_index
global req_path
global req_host
#print "**********"
#print ">>>" + request_uri
#print "##########"
sys.stdout.flush()
con = sqlite3.connect('newdb.db')
cur = con.cursor()
cur.execute('''SELECT Count, Response FROM http WHERE Request = ?''', (request_uri, ))
a = cur.fetchone()
con.close()
if a != None:
count_get = a[0]
status_get = a[1]
data_get = fry.responses[a[0]-1]
type_get = fry.responses_headers[a[0]-1]['content-type']
self.set_response(int(status_get), "Response", data = data_get, content_type = type_get)
else:
self.set_response(200, "Response", data = "madmax", content_type='text/plain')
cherryproxy.main(CherryProxy_tcpreplay)
Sample CherryProxy class demonstrating how to adapt a response.
This demo simply blocks EXE files and allows everything else.
"""
def filter_request_headers(self):
# extract filename extension from URL:
ext = os.path.splitext(self.req.path)[1]
self.log.debug('extension: %s' % ext)
if str(ext).lower() == '.exe':
msg = 'Request blocked due to filename with executable extension in URL'
self.log.warning(msg)
self.set_response_forbidden(reason=msg)
def filter_response_headers(self):
# check content-type
if self.resp.content_type == 'application/octet-stream':
# it's an exe file, return a 403 Forbidden response:
msg = 'Response blocked due to executable content-type'
self.log.warning(msg)
self.set_response_forbidden(reason=msg)
def filter_response(self):
# check if data starts with "MZ":
if isinstance(self.resp.data, str) and self.resp.data.startswith('MZ'):
# it's an exe file, return a 403 Forbidden response:
msg = 'Response blocked due to potentially executable content'
self.log.warning(msg)
self.set_response_forbidden(reason=msg)
cherryproxy.main(CherryProxy_blockexe)
referer = query['referer'][0]
response = self.makeRequest(requested_url, referer)
if response.status_code == 304:
self.set_response(304)
return
self.set_response(response.status_code,
data=response.raw.read(),
content_type=response.headers['content-type'])
self.resp.headers = []
for header in response.headers.keys():
self.resp.headers.append((header, response.headers[header]))
def makeRequest(self, url, referer):
headers = {}
for header in self.req.headers.keys():
if header == "host":
continue
headers[header] = self.req.headers[header]
if not referer is None:
headers['Referer'] = referer
return requests.get(url, headers=headers, stream=True)
cherryproxy.main(ProxyReferer)
if not ('user-agent' in headers):
print "User-Agent vide ou incorrect !"
accepted = False
if not re.match('.*(\:[80|443])?', self.req.netloc):
print "Je suis un proxy web ! Tu m'entends ? WEB !"
accepted = False
if is_SSH_req(self.req.query):
print "Ai-je bien lu 'SSH' ?"
accepted = False
if not accepted:
self.denie()
def filter_response(self):
headers = dict(self.resp.headers)
if 'content-encoding' in headers.keys():
if not headers['content-encoding'] in self.req.headers['accept-encoding'].split(','):
print "Tu sais quoi ? Ton serveur t'as repondu de la merde !"
self.denie()
if __name__ == '__main__':
global __proxy__
for i in range(0, len(sys.argv)):
if sys.argv[i] == '-f':
__proxy__ = sys.argv[i+1]
elif re.match('--forward=.*', sys.argv[i]):
__proxy__ = sys.argv[i].split("=")[1]
else:
__proxy__ = ""
cherryproxy.main(Proxy)
def filter_request_headers(self):
logging.debug("Filtering the headers.")
for f in self.__filter_header:
if f(self):
self.set_response_forbidden(reason="I don't want to.")
break
def filter_request(self):
logging.debug("Filtering the request.")
for f in self.__filter_request:
if f(self):
self.set_response_forbidden(status=403, reason="I don't want to.")
break
logging.debug("Forwarding the request.")
def filter_response(self):
logging.debug("New reponse received")
for f in self.__filter_response:
if f(self):
self.set_response_forbidden(status=403, reason="I don't want to.")
break
logging.debug("Forwarding the request.")
if __name__ == "__main__":
#logging.basicConfig(format='%(levelname)8s:%(asctime)s:%(funcName)20s():%(message)s',
# filename='proxy.log', level=logging.DEBUG)
cherryproxy.main(FilteringProxy)
referer = None
if 'referer' in query.keys():
referer = query['referer'][0]
response = self.makeRequest(requested_url, referer)
if response.status_code == 304:
self.set_response(304)
return
self.set_response(response.status_code, data=response.raw.read(), content_type=response.headers['content-type'])
self.resp.headers = []
for header in response.headers.keys():
self.resp.headers.append((header, response.headers[header]))
def makeRequest(self, url, referer):
headers = {}
for header in self.req.headers.keys():
if header == "host":
continue
headers[header] = self.req.headers[header]
if not referer is None:
headers['Referer'] = referer
return requests.get(url, headers=headers, stream=True)
cherryproxy.main(ProxyReferer)
str(ext))
rows3 = cur.fetchall()
#rows3[0] = rows3[0][0]
print rows3[0][1]
self.req.netloc = rows3[0][1] + ':5000'
self.req.source = rows3[0][0]
elif str(ext) not in rows1:
self.req.netloc = '192.168.1.25:5000'
self.req.source = '192.168.1.24'
#if str(ext) in rows2:
# cur.execute("SELECT ip_src FROM matching WHERE cache='2';")
# rows4 = cur.fetchall()
# rows4[0] = rows4[0][0]
#print rows4
#self.req.netloc = '192.168.1.27:5000'
# self.req.source = rows4[0]
#elif str(ext) not in rows1 and str(ext) not in rows2:
# cur.execute("SELECT ip_src FROM matching WHERE cache='0';")
# rows3 = cur.fetchall()
#rows3[0] = rows3[0][0]
#print rows3[0]
#self.req.netloc = '192.168.1.25:5000'
#self.req.source = rows3[0]
cherryproxy.main(CherryProxy_redirect)
if str(ext) in rows1:
print ' in rows1'
cur.execute("SELECT ip_src, host FROM matching WHERE name ='%s' ;"% str(ext))
rows3 = cur.fetchall()
#rows3[0] = rows3[0][0]
print rows3[0][1]
self.req.netloc = rows3[0][1]+':5000'
self.req.source = rows3[0][0]
elif str(ext) not in rows1:
self.req.netloc = '192.168.1.25:5000'
self.req.source = '192.168.1.24'
#if str(ext) in rows2:
# cur.execute("SELECT ip_src FROM matching WHERE cache='2';")
# rows4 = cur.fetchall()
# rows4[0] = rows4[0][0]
#print rows4
#self.req.netloc = '192.168.1.27:5000'
# self.req.source = rows4[0]
#elif str(ext) not in rows1 and str(ext) not in rows2:
# cur.execute("SELECT ip_src FROM matching WHERE cache='0';")
# rows3 = cur.fetchall()
#rows3[0] = rows3[0][0]
#print rows3[0]
#self.req.netloc = '192.168.1.25:5000'
#self.req.source = rows3[0]
cherryproxy.main(CherryProxy_redirect)
