def render_GET(self, request): try: flows = HoneyProxy.getProxyMaster().getFlowCollection().getFlowsSerialized() return json.dumps(flows,separators=(',',':'),encoding='latin1') except Exception as e: print e return "<html><body>Invalid request.</body></html>"
def read(data): f = HoneyProxy.getProxyMaster().getFlowCollection() if "id" in data and data["id"] != "all": self.factory.msg("read",{"id":data.get("id"), "data": f.getFlowsSerialized()[data.get("id")]},client=self) else: flows = f.getFlowsSerialized() self.factory.msg("read",{"id":"all","data": flows},client=self)
def render_GET(self, request): try: flows = HoneyProxy.getProxyMaster().getFlowCollection( ).getFlowsSerialized() return json.dumps(flows, separators=(',', ':'), encoding='latin1') except Exception as e: return ServerErrorResource(e).render(request)
def auth_func(self, request, *args, **kwargs): token = "invalid" if "token" in request.args: token = request.args["token"] elif request.requestHeaders.hasHeader("X-Request-Token"): token = request.requestHeaders.getRawHeaders("X-Request-Token",[None])[0] if token == HoneyProxy.getApiAuthToken(): return f(self, request, *args, **kwargs) else: return ForbiddenResource(message="Invalid response Token").render(request)
def auth_func(self, request, *args, **kwargs): token = "invalid" if "token" in request.args: token = request.args["token"] elif request.requestHeaders.hasHeader("X-Request-Token"): token = request.requestHeaders.getRawHeaders( "X-Request-Token", [None])[0] if token == HoneyProxy.getApiAuthToken(): return f(self, request, *args, **kwargs) else: return ForbiddenResource( message="Invalid response Token").render(request)
def dataReceived(self, data): try: data = json.loads(data) except ValueError: self.factory.msg("Cannot decode WebSocket request.") return if not "action" in data: return #Handle Authentication if data.get("action") == "auth" and data.get( "key") == HoneyProxy.getAuthKey() and not self.authenticated: self.authenticated = True self.factory.clients.add(self) self.factory.msg("Authenticated.") return #Forbid unauthenticated requests if not self.authenticated: self.factory.msg("Unauthorized request to WebSocket API.") return def notImplemented(): self.factory.msg("Unimplemented function call") raise NotImplementedError() def read(data): f = HoneyProxy.getProxyMaster().getFlowCollection() if "id" in data and data["id"] != "all": self.factory.msg("read", { "id": data.get("id"), "data": f.getFlowsSerialized()[data.get("id")] }, client=self) else: flows = f.getFlowsSerialized() self.factory.msg("read", { "id": "all", "data": flows }, client=self) try: { #'create': notImplemented, 'read': read, #'update': notImplemented, #'delete': notImplemented, }[data.get("action")](data) except KeyError: notImplemented()
def read(data): f = HoneyProxy.getProxyMaster().getFlowCollection() if "id" in data and data["id"] != "all": self.factory.msg("read", { "id": data.get("id"), "data": f.getFlowsSerialized()[data.get("id")] }, client=self) else: flows = f.getFlowsSerialized() self.factory.msg("read", { "id": "all", "data": flows }, client=self)
def onMessage(self, data, binary): try: data = json.loads(data) except ValueError: self.factory.msg("Cannot decode WebSocket request.") return if not "action" in data: return #Handle Authentication if data.get("action") == "auth" and data.get("key") == HoneyProxy.getAuthKey() and not self.authenticated: self.authenticated = True self.factory.clients.add(self) self.factory.msg("Authenticated.") return #Forbid unauthenticated requests if not self.authenticated: self.factory.msg("Unauthorized request to WebSocket API.") return def notImplemented(): self.factory.msg("Unimplemented function call") raise NotImplementedError() def read(data): f = HoneyProxy.getProxyMaster().getFlowCollection() if "id" in data and data["id"] != "all": self.factory.msg("read",{"id":data.get("id"), "data": f.getFlowsSerialized()[data.get("id")]},client=self) else: flows = f.getFlowsSerialized() self.factory.msg("read",{"id":"all","data": flows},client=self) try: { #'create': notImplemented, 'read' : read, #'update': notImplemented, #'delete': notImplemented, }[data.get("action")](data) except KeyError: notImplemented()
def render_GET(self, request): try: if(len(request.postpath) != 3): raise Exception("invalid parameter length") flow = HoneyProxy.getProxyMaster().getFlowCollection().getFlow(int(request.postpath[0])) isResponse = request.postpath[1] == "response" obj = getattr(flow,request.postpath[1]) isView = request.postpath[2] == "inline" if (isResponse): #add important headers from original request headers = ["Content-Type","Content-Encoding"] for h in headers: if(h in obj.headers): request.setHeader(h,obj.headers.get(h)[0]) #this would fail on 301 redirects #fix responsecode #request.setResponseCode(obj.code) #fix content disposition for attachment download cdisp = obj.headers.get("Content-Disposition") if(cdisp == None): #do minimal file name guessing cdisp = 'inline; filename="'+flow.request.path.split("?")[0].split("/")[-1]+'"' else: cdisp = cdisp[0] if isView: request.setHeader("Content-Disposition",cdisp.replace("attachment", "inline")) else: request.setHeader("Content-Disposition",cdisp.replace("inline", "attachment")) return obj.content except Exception as e: print e return "<html><body>Invalid request.</body></html>"
def __enter__(self): for flow in self.flows: for i in ["request", "response"]: flow[i]["content"] = HoneyProxy.getProxyMaster( ).getFlowCollection().getDecodedContents()[flow.get("id")][i]
def render_GET(self, request): try: return json.dumps(HoneyProxy.getConfig()) except Exception as e: return ServerErrorResource(e).render(request)
def render_GET(self, request): try: allFlows = HoneyProxy.getProxyMaster().getFlowCollection().getFlowsSerialized() #take care of the "in" parameter, only search through specified flows (or all if not specified) flows = [] if("in" in request.args): for flowId in json.loads(request.args["in"][0]): flows.append(allFlows[flowId]) else: flows = list(allFlows) #prepare conditions conditions = json.loads(request.args["filter"][0]) for cond in conditions: cond["field"] = cond["field"].split(".") cond["not"] = cond["not"] if "not" in cond else False if(cond["type"] == "regexp"): prog = re.compile(cond["value"],re.DOTALL) cond["match"] = lambda s: prog.search(s) elif(cond["type"] == "containsStrict"): cond["match"] = lambda s: cond["value"] in s elif(cond["type"] == "similarTo"): cond["field"] = [] flow, level = cond["value"].split(",") flow = allFlows[int(flow)] level = int(level) cond["match"] = lambda s: similarTo(flow,s,level) else: #if(cond["type"] == "contains"): value = cond["value"].lower() cond["match"] = lambda s: value in s.lower() def similarTo(this,other,level): if(this == other): return True #Include own flow. diff = ((this.get("request").get("host") != other.get("request").get("host")) * 4 + (this.get("request").get("method") != other.get("request").get("method")) * 4 + (this.get("request").get("path") != other.get("request").get("path")) * 4 + (this.get("request").get("contentLength") != other.get("request").get("contentLength")) + (this.get("response").get("code") != other.get("response").get("code")) + (this.get("response").get("contentLength") != other.get("response").get("contentLength"))) if(diff <= level): return True else: return False #helper function get an attribute recursively def rec_getattr(obj,attr): if(len(attr) == 0): return obj else: if type(obj) is dict: obj = obj.get(attr[0]) else: obj = getattr(obj,str(attr[0])) return rec_getattr(obj,attr[1:]) #helper function to determine whether the given condition matches any attribute def matchesAny(obj,cond): if type(obj) is list or type(obj) is tuple: return any(matchesAny(v,cond) for v in obj) elif type(obj) is dict: return any(matchesAny(v,cond) for v in obj.keys()+obj.values()) else: try: if not type(obj) is str: obj = str(obj) return cond["match"](obj) except: import traceback print traceback.format_exc() return False #filter a specific flows for all conditions def filterFunc(flow): for cond in conditions: try: if(cond["field"] == ["any"]): if not matchesAny(flow,cond) ^ cond["not"]: return False else: attr = rec_getattr(flow,cond["field"]) if not cond["match"](attr) ^ cond["not"]: return False except: return False return True if("includeContent" in request.args and request.args["includeContent"][0].lower() == "true"): with includeDecodedContent(flows): filteredFlows = filter(filterFunc,flows) else: filteredFlows = filter(filterFunc,flows) if(not("idsOnly" in request.args) or request.args["idsOnly"][0].lower() != "false"): filteredFlows = map(lambda flow: flow.get("id"), filteredFlows) return json.dumps(filteredFlows,separators=(',',':'),encoding='latin1') except Exception as e: return ServerErrorResource(e).render(request)
def render_GET(self, request): try: flows = HoneyProxy.getProxyMaster().getFlowCollection().getFlowsSerialized() return json.dumps(flows,separators=(',',':'),encoding='latin1') except Exception as e: return ServerErrorResource(e).render(request)
def render_GET(self, request): return json.dumps({"token": HoneyProxy.getApiAuthToken()})
def __enter__(self): for flow in self.flows: for i in ["request","response"]: flow[i]["content"] = HoneyProxy.getProxyMaster().getFlowCollection().getDecodedContents()[flow.get("id")][i]
def render_GET(self, request): try: return json.dumps(HoneyProxy.getConfig()) except Exception as e: print e return "<html><body>Invalid request.</body></html>"
def render_GET(self, request): try: allFlows = HoneyProxy.getProxyMaster().getFlowCollection( ).getFlowsSerialized() #take care of the "in" parameter, only search through specified flows (or all if not specified) flows = [] if ("in" in request.args): for flowId in json.loads(request.args["in"][0]): flows.append(allFlows[flowId]) else: flows = list(allFlows) #prepare conditions conditions = json.loads(request.args["filter"][0]) for cond in conditions: cond["field"] = cond["field"].split(".") cond["not"] = cond["not"] if "not" in cond else False if (cond["type"] == "regexp"): prog = re.compile(cond["value"], re.DOTALL) cond["match"] = lambda s: prog.search(s) elif (cond["type"] == "containsStrict"): cond["match"] = lambda s: cond["value"] in s elif (cond["type"] == "similarTo"): cond["field"] = [] flow, level = cond["value"].split(",") flow = allFlows[int(flow)] level = int(level) cond["match"] = lambda s: similarTo(flow, s, level) else: #if(cond["type"] == "contains"): value = cond["value"].lower() cond["match"] = lambda s: value in s.lower() def similarTo(this, other, level): if (this == other): return True #Include own flow. diff = ((this.get("request").get("host") != other.get("request").get("host")) * 4 + (this.get("request").get("method") != other.get("request").get("method")) * 4 + (this.get("request").get("path") != other.get("request").get("path")) * 4 + (this.get("request").get("contentLength") != other.get("request").get("contentLength")) + (this.get("response").get("code") != other.get("response").get("code")) + (this.get("response").get("contentLength") != other.get("response").get("contentLength"))) if (diff <= level): return True else: return False #helper function get an attribute recursively def rec_getattr(obj, attr): if (len(attr) == 0): return obj else: if type(obj) is dict: obj = obj.get(attr[0]) else: obj = getattr(obj, str(attr[0])) return rec_getattr(obj, attr[1:]) #helper function to determine whether the given condition matches any attribute def matchesAny(obj, cond): if type(obj) is list or type(obj) is tuple: return any(matchesAny(v, cond) for v in obj) elif type(obj) is dict: return any( matchesAny(v, cond) for v in obj.keys() + obj.values()) else: try: if not type(obj) is str: obj = str(obj) return cond["match"](obj) except: import traceback print traceback.format_exc() return False #filter a specific flows for all conditions def filterFunc(flow): for cond in conditions: try: if (cond["field"] == ["any"]): if not matchesAny(flow, cond) ^ cond["not"]: return False else: attr = rec_getattr(flow, cond["field"]) if not cond["match"](attr) ^ cond["not"]: return False except: return False return True if ("includeContent" in request.args and request.args["includeContent"][0].lower() == "true"): with includeDecodedContent(flows): filteredFlows = filter(filterFunc, flows) else: filteredFlows = filter(filterFunc, flows) if (not ("idsOnly" in request.args) or request.args["idsOnly"][0].lower() != "false"): filteredFlows = map(lambda flow: flow.get("id"), filteredFlows) return json.dumps(filteredFlows, separators=(',', ':'), encoding='latin1') except Exception as e: return ServerErrorResource(e).render(request)
dumpoptions = dump.Options(dumpdir=options.dumpdir,**mcmdline.get_common_options(options)) #set up proxy server proxyconfig = mproxy.process_proxy_options(parser, options) if options.no_server: server = mproxy.DummyServer(proxyconfig) else: try: server = mproxy.ProxyServer(proxyconfig, options.port, options.addr) except mproxy.ProxyServerError, v: print >> sys.stderr, "%(name)s: %(args)s" % {"name": version.NAME, "args": v.args[0]} sys.exit(1) HoneyProxy.setAuthKey(options.apiauth) if options.readonly: HoneyProxy.apiAuthToken = None #set up HoneyProxy GUI guiSessionFactory = session.GuiSessionFactory("ws://*****:*****@localhost:"+str(options.guiport)+"/" guiURL = httpGui +"app/" HoneyProxy.setConfig({
dumpoptions = dump.Options(dumpdir=options.dumpdir,**mcmdline.get_common_options(options)) #set up proxy server proxyconfig = mproxy.process_proxy_options(parser, options) if options.no_server: server = mproxy.DummyServer(proxyconfig) else: try: server = mproxy.ProxyServer(proxyconfig, options.port, options.addr) except mproxy.ProxyServerError, v: print >> sys.stderr, "%(name)s: %(args)s" % {"name": version.NAME, "args": v.args[0]} sys.exit(1) HoneyProxy.setAuthKey(options.apiauth) if options.readonly: HoneyProxy.apiAuthToken = None #set up HoneyProxy GUI guiSessionFactory = session.GuiSessionFactory() #WebSocket websocketRes = WebSocketsResource(guiSessionFactory) reactor.listenTCP(options.apiport, Site(websocketRes)) #Config wsPort = str(options.apiport) urlauth = "honey:"+HoneyProxy.getAuthKey()+"@" if HoneyProxy.getAuthKey() != "NO_AUTH" else "" httpGui = "http://"+urlauth+"localhost:"+str(options.guiport)+"/" guiURL = httpGui +"app/" HoneyProxy.setConfig({