def handle_deaddrop_visit(self, query): self.send_response(200) self.end_headers() data = self.get_query('token') if not data: self.logger.warning( 'dead drop request received with no \'token\' parameter') return try: data = base64.b64decode(data) except (binascii.Error, TypeError): self.logger.error( 'dead drop request received with invalid \'token\' data') return data = xor.xor_decode(data) try: data = json.loads(data) except ValueError: self.logger.error( 'dead drop request received with invalid \'token\' data') return session = db_manager.Session() deployment = db_manager.get_row_by_id(session, db_models.DeaddropDeployment, data.get('deaddrop_id')) if not deployment: session.close() self.logger.error( 'dead drop request received for an unknown campaign') return if deployment.campaign.has_expired: session.close() self.logger.info( 'dead drop request received for an expired campaign') return local_username = data.get('local_username') local_hostname = data.get('local_hostname') if local_username is None or local_hostname is None: session.close() self.logger.error('dead drop request received with missing data') return local_ip_addresses = data.get('local_ip_addresses') if isinstance(local_ip_addresses, (list, tuple)): local_ip_addresses = ' '.join(local_ip_addresses) query = session.query(db_models.DeaddropConnection) query = query.filter_by(deployment_id=deployment.id, local_username=local_username, local_hostname=local_hostname) connection = query.first() if connection: connection.visit_count += 1 new_connection = False else: connection = db_models.DeaddropConnection( campaign_id=deployment.campaign_id, deployment_id=deployment.id) connection.visitor_ip = self.get_client_ip() connection.local_username = local_username connection.local_hostname = local_hostname connection.local_ip_addresses = local_ip_addresses session.add(connection) new_connection = True session.commit() query = session.query(db_models.DeaddropConnection) query = query.filter_by(campaign_id=deployment.campaign_id) visit_count = query.count() session.close() if new_connection and visit_count > 0 and ( (visit_count in [1, 3, 5]) or ((visit_count % 10) == 0)): alert_text = "{0} deaddrop connections reached for campaign: {{campaign_name}}".format( visit_count) self.server.job_manager.job_run( self.issue_alert, (alert_text, deployment.campaign_id)) return
def handle_deaddrop_visit(self, query): self.send_response(200) self.end_headers() data = self.get_query('token') if not data: self.logger.warning('dead drop request received with no \'token\' parameter') return try: data = base64.b64decode(data) except (binascii.Error, TypeError): self.logger.error('dead drop request received with invalid \'token\' data') return data = xor.xor_decode(data) try: data = json.loads(data) except ValueError: self.logger.error('dead drop request received with invalid \'token\' data') return deaddrop_id = data.get('deaddrop_id') if deaddrop_id is None: self.logger.error('dead drop request received with no \'deaddrop_id\' key') return elif deaddrop_id == self.config.get('server.secret_id'): # this allows us to test the logic to this point at least self.logger.debug('dead drop request received with the test id') return self.semaphore_acquire() deployment = db_manager.get_row_by_id(self._session, db_models.DeaddropDeployment, deaddrop_id) if not deployment: self.semaphore_release() self.logger.error('dead drop request received for an unknown campaign') return if deployment.campaign.has_expired: self.semaphore_release() self.logger.info('dead drop request received for an expired campaign') return local_username = data.get('local_username') local_hostname = data.get('local_hostname') if local_username is None or local_hostname is None: self.semaphore_release() self.logger.error('dead drop request received with missing data') return local_ip_addresses = data.get('local_ip_addresses') if isinstance(local_ip_addresses, (list, tuple)): local_ip_addresses = ' '.join(local_ip_addresses) query = self._session.query(db_models.DeaddropConnection) query = query.filter_by(deployment_id=deployment.id, local_username=local_username, local_hostname=local_hostname) connection = query.first() if connection: connection.count += 1 connection.last_seen = db_models.current_timestamp() new_connection = False else: connection = db_models.DeaddropConnection(campaign_id=deployment.campaign_id, deployment_id=deployment.id) connection.ip = self.get_client_ip() connection.local_username = local_username connection.local_hostname = local_hostname connection.local_ip_addresses = local_ip_addresses self._session.add(connection) new_connection = True self._session.commit() query = self._session.query(db_models.DeaddropConnection) query = query.filter_by(campaign_id=deployment.campaign_id) visit_count = query.count() self.semaphore_release() if new_connection and visit_count > 0 and ((visit_count in [1, 3, 5]) or ((visit_count % 10) == 0)): self.server.job_manager.job_run(self.issue_alert, (deployment.campaign_id, 'deaddrop_connections', visit_count)) return