Exemple #1
0
 def send_verify(self, cert, cbhostname, cvr):
     conn = SingleTrustHTTPS(cert, cbhostname, 443)
     conn.request("POST", "/verifyCert.jsp",
                  MessageList.getBytesForMessage(cvr))
     response = conn.getresponse()
     if response.status != 200:
         print(
             "Failed to verify certificate. Received HTTP error code: %d" %
             (response.status))
         return
     content = response.read()
     ml = MessageList(content)
     if not MessageUtils.verify(ml, cert):
         print("Error:  Returned MessageList failed to verify.")
         return None
     # Return CertVerifyRes.  TODO: Use PIP, timestamp message and
     # other stuff. This requeres some restructuring of the PyHunter code.
     ret = None
     for msg in ml.allMessages():
         if msg.getType() == messageTypes["CERT_VERIFY_RESULT"]:
             ret = msg
     if ret == None:
         print(
             "Error: CertificateVerifyRequest response did not contain a CertificateVerifyResponse!"
         )
     return ret
Exemple #2
0
 def send_result(self, ht):
     """sends the results to the CB server"""
     conn = SingleTrustHTTPS(self.cbServerCert, self.cbServerHostName, 443)
     conn.request("POST", "/reportHTResults.jsp",
                  MessageList.getBytesForMessage(ht))
     response = conn.getresponse()
     if response.status != 200:
         print "Error submitting hunting task results. Error code: %s, %s" % (response.status, response.reason)
     conn.close()
Exemple #3
0
 def send_result(self, ht):
     """sends the results to the CB server"""
     conn = SingleTrustHTTPS(self.cbServerCert, self.cbServerHostName, 443)
     conn.request("POST", "/reportHTResults.jsp",
                  MessageList.getBytesForMessage(ht))
     response = conn.getresponse()
     if response.status != 200:
         print "Error submitting hunting task results. Error code: %s, %s" % (
             response.status, response.reason)
     conn.close()
Exemple #4
0
 def get_hosts(self):
     conn = SingleTrustHTTPS(self.cert, self.cbhostname, 443)
     url = self.protector_url + "?" + urllib.urlencode({"country": self.protector_country})
     conn.request("GET", url)
     response = conn.getresponse()
     if response.status != 200:
         print("Error retrieving list of observation URLs from %s/%s: Error %d, %s" % (self.cbhostname, url, response.status, response.reason))
         return
     content = response.read()
     return [x.strip() for x in re.split(" |\n", content.strip())]
Exemple #5
0
 def get_hosts(self):
     conn = SingleTrustHTTPS(self.cert, self.cbhostname, 443)
     url = self.protector_url + "?" + urllib.urlencode(
         {"country": self.protector_country})
     conn.request("GET", url)
     response = conn.getresponse()
     if response.status != 200:
         print(
             "Error retrieving list of observation URLs from %s/%s: Error %d, %s"
             % (self.cbhostname, url, response.status, response.reason))
         return
     content = response.read()
     return [x.strip() for x in re.split(" |\n", content.strip())]
Exemple #6
0
    def fetch(self):
        """
        Fetch the current list of Hunting Tasks from the Crossbear
        server. To this end, connect via TLS and verify if the
        received server certificate is the one we have stored for
        Crossbear.
        """
        # Open HTTPs connection to Crossbear server
        conn = SingleTrustHTTPS(self.servCert, self.servHost, self.servPort)

        # Now request the current hunting task list
        conn.request("GET", "/getHuntingTaskList.jsp")
        resp = conn.getresponse()
        ml = MessageList(resp.read())
        if (MessageUtils.verify(ml, self.servCert)):
            return ml
        else:
            print "Message verification failed."
            return None
Exemple #7
0
 def fetch(self):
     """
     Fetch the current list of Hunting Tasks from the Crossbear
     server. To this end, connect via TLS and verify if the
     received server certificate is the one we have stored for
     Crossbear.
     """
     # Open HTTPs connection to Crossbear server
     conn = SingleTrustHTTPS(self.servCert, self.servHost,  self.servPort)
     
     # Now request the current hunting task list
     conn.request("GET", "/getHuntingTaskList.jsp")
     resp = conn.getresponse()
     ml = MessageList(resp.read())
     if (MessageUtils.verify(ml, self.servCert)):
         return ml
     else:
         print "Message verification failed."
         return None
Exemple #8
0
 def send_verify(self, cert, cbhostname, cvr):
     conn = SingleTrustHTTPS(cert, cbhostname, 443)
     conn.request("POST", "/verifyCert.jsp",
                  MessageList.getBytesForMessage(cvr))
     response = conn.getresponse()
     if response.status != 200:
         print("Failed to verify certificate. Received HTTP error code: %d" % (response.status))
         return
     content = response.read()
     ml = MessageList(content)
     if not MessageUtils.verify(ml, cert):
         print("Error:  Returned MessageList failed to verify.")
         return None
     # Return CertVerifyRes.  TODO: Use PIP, timestamp message and
     # other stuff. This requeres some restructuring of the PyHunter code.
     ret = None
     for msg in ml.allMessages():
         if msg.getType() == messageTypes["CERT_VERIFY_RESULT"]:
             ret = msg
     if ret == None:
         print("Error: CertificateVerifyRequest response did not contain a CertificateVerifyResponse!")
     return ret
Exemple #9
0
        self.hostname = hostname
        self.ip = ip
        self.port = port

    def getBytes(self):
        certstring = "".join(self.certchain)
        hoststring = "%s|%s|%s" % (self.hostname, self.ip, self.port)
        formatstring = ">BB%ds%ds" % (len(certstring), len(hoststring))
        return pack(formatstring, self.options, len(self.certchain),
                    certstring, hoststring)


if __name__ == "__main__":
    import cbutils.CertUtils
    import cbmessaging.MessageList
    from cbutils.SingleTrustHTTPS import SingleTrustHTTPS
    c = cbutils.CertUtils.get_chain("www.google.de", 443)
    req = CertVerifyReq()
    req.createFromValues(0, c, "www.google.de", "173.194.44.56", 443)
    print(len(c))
    b = cbmessaging.MessageList.MessageList.getBytesForMessage(req)
    with open("message.bin", "w") as f:
        f.write(b)
    conn = SingleTrustHTTPS("../cbserver.crt", "crossbear.net.in.tum.de", 443)
    conn.request("POST", "/verifyCert.jsp", b)
    response = conn.getresponse()
    content = response.read()
    ml = cbmessaging.MessageList.MessageList(content)
    for msg in ml.allMessages():
        print msg.type_name
Exemple #10
0
        Message.createFromValues(self, messageTypes['CERT_VERIFY_REQUEST'], 4 + chainlength + len(hostname) + len(ip) + len(str(port)))
        self.options = options
        self.hostname = hostname
        self.ip = ip
        self.port = port
        
    def getBytes(self):
        certstring = "".join(self.certchain)
        hoststring = "%s|%s|%s" % (self.hostname, self.ip, self.port)
        formatstring = ">BB%ds%ds" % (len(certstring), len(hoststring))
        return pack(formatstring, self.options, len(self.certchain), certstring, hoststring)

if __name__ == "__main__":
    import cbutils.CertUtils
    import cbmessaging.MessageList
    from cbutils.SingleTrustHTTPS import SingleTrustHTTPS
    c = cbutils.CertUtils.get_chain("www.google.de", 443)
    req = CertVerifyReq()
    req.createFromValues(0, c, "www.google.de", "173.194.44.56", 443)
    print(len(c))
    b = cbmessaging.MessageList.MessageList.getBytesForMessage(req)
    with open("message.bin", "w") as f:
        f.write(b)
    conn = SingleTrustHTTPS("../cbserver.crt", "crossbear.net.in.tum.de", 443)
    conn.request("POST", "/verifyCert.jsp", b)
    response = conn.getresponse()
    content = response.read()
    ml = cbmessaging.MessageList.MessageList(content)
    for msg in ml.allMessages():
        print msg.type_name