forked from thinkst/canarytokens
/
channel_http.py
76 lines (64 loc) · 3.11 KB
/
channel_http.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import simplejson
from twisted.web import server, resource
from twisted.application import internet
from twisted.web.server import Site, GzipEncoderFactory
from twisted.web.resource import Resource, EncodingResourceWrapper, ForbiddenResource
from twisted.web.util import Redirect
from twisted.python import log
from tokens import Canarytoken
from canarydrop import Canarydrop
from channel import InputChannel
from queries import get_canarydrop
from constants import INPUT_CHANNEL_HTTP
class CanarytokenPage(resource.Resource, InputChannel):
CHANNEL = INPUT_CHANNEL_HTTP
isLeaf = True
GIF = '\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\xff\xff\xff'+\
'\xff\xff\xff\x21\xf9\x04\x01\x0a\x00\x01\x00\x2c\x00\x00\x00\x00'+\
'\x01\x00\x01\x00\x00\x02\x02\x4c\x01\x00\x3b' #1x1 GIF
def getChild(self, name, request):
if name == '':
return self
return Resource.getChild(self, name, request)
def render_GET(self, request):
try:
token = Canarytoken(value=request.path)
canarydrop = Canarydrop(**get_canarydrop(canarytoken=token.value()))
useragent = request.getHeader('User-Agent')
src_ip = request.getHeader('x-forwarded-for')
#location and refere are for cloned sites
location = request.args.get('l', [None])[0]
referer = request.args.get('r', [None])[0]
self.dispatch(canarydrop=canarydrop, src_ip=src_ip,
useragent=useragent, location=location,
referer=referer)
except:
log.err('No canarytoken seen in: {path}'.format(path=request.path))
request.setHeader("Content-Type", "image/gif")
request.setHeader("Server", "Apache")
return self.GIF
def render_POST(self, request):
return self.render_GET(request)
def format_additional_data(self, **kwargs):
log.msg('%r' % kwargs)
additional_report = ''
if kwargs.has_key('src_ip') and kwargs['src_ip']:
additional_report += 'Source IP: {ip}'.format(ip=kwargs['src_ip'])
if kwargs.has_key('useragent') and kwargs['useragent']:
additional_report += '\nUser-agent: {useragent}'.format(useragent=kwargs['useragent'])
if kwargs.has_key('location') and kwargs['location']:
additional_report += '\nCloned site is at: {location}'.format(location=kwargs['location'])
if kwargs.has_key('referer') and kwargs['referer']:
additional_report += '\nReferring site: {referer}'.format(referer=kwargs['referer'])
return additional_report
def init(self, switchboard=None):
InputChannel.__init__(self, switchboard=switchboard, name=self.CHANNEL)
class ChannelHTTP():
def __init__(self, port=80, switchboard=None):
self.port = port
canarytoken_page = CanarytokenPage()
canarytoken_page.init(switchboard=switchboard)
wrapped = EncodingResourceWrapper(canarytoken_page, [GzipEncoderFactory()])
site = server.Site(wrapped)
self.service = internet.TCPServer(self.port, site)
return None