def ignoreJavaSSL():
"""
Creates a dummy socket factory that doesn't verify connections.
HttpsURLConnection.setDefaultSSLSocketFactory(...)
This code was taken from multiple sources.
Only makes since in jython (java). otherwise, just use verify=False!
"""
import sys
if not 'java' in sys.platform:
raise RuntimeError('only use if platform (sys.platform) is java!')
else:
#===================================================================
# set default SSL socket to ignore verification
#===================================================================
import javax.net.ssl.X509TrustManager as X509TrustManager # @UnresolvedImport
class MyTrustManager(X509TrustManager):
def getAcceptedIssuers(self,*args,**keys):
return None
def checkServerTrusted(self,*args,**keys):
pass
def checkClientTrusted(self,*args,**keys):
pass
import com.sun.net.ssl.internal.ssl.Provider # @UnresolvedImport
from java.security import Security # @UnresolvedImport
Security.addProvider(com.sun.net.ssl.internal.ssl.Provider())
trustAllCerts = [MyTrustManager()]
import javax.net.ssl.SSLContext as SSLContext # @UnresolvedImport
sc = SSLContext.getInstance("SSL");
import java.security.SecureRandom as SecureRandom # @UnresolvedImport
sc.init(None, trustAllCerts,SecureRandom())
import javax.net.ssl.HttpsURLConnection as HttpsURLConnection # @UnresolvedImport
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())
#===================================================================
# Do a test!
#===================================================================
'''
# setup proxy
import java.net.Proxy as Proxy
import java.net.InetSocketAddress as InetSocketAddress
p = Proxy(Proxy.Type.HTTP,InetSocketAddress("host",port))
import java.net.URL as URL
u = URL("https://www.google.com/")
conn = u.openConnection(p)
print 'server response: %r',conn.getResponseCode()
'''
#===================================================================
# ignore requests's error logging - this is for dev
#===================================================================
try:
import requests.packages.urllib3 as urllib3
urllib3.disable_warnings()
except: pass
return 'SSL verification in Java is disabled!'
def _initializeMXPI(serverName, serverPort, protocol,
MxpiMain5_1SoapBindingStubClass,
VerifyAllHostnameVerifierClass):
serverPortName = 'MxpiMain5_1'
namespaceURI = "urn:client.v5_1.soap.mx.hp.com"
serviceName = "MxpiMainService"
wsdlURL = "%s://%s:%s/mxsoap/services/%s?wsdl" % (protocol, serverName,
serverPort,
serverPortName)
# Set trust manager
if protocol == 'https':
verifyAllHostnameVerifier = VerifyAllHostnameVerifierClass()
sslContext = SSLContextManager.getAutoAcceptSSLContext()
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory())
HttpsURLConnection.setDefaultHostnameVerifier(verifyAllHostnameVerifier)
## Set trust all SSL Socket to accept all certificates
System.setProperty("ssl.SocketFactory.provider",
"TrustAllSSLSocketFactory")
Security.setProperty("ssl.SocketFactory.provider",
"TrustAllSSLSocketFactory")
# Try and initialize connection
simBindingStub = MxpiMain5_1SoapBindingStubClass()
simServiceFactory = ServiceFactory.newInstance()
simService = simServiceFactory.createService(URL(wsdlURL),
QName(namespaceURI,
serviceName))
theMxpiMain = simService.getPort(QName(namespaceURI, serverPortName),
simBindingStub.getClass())
return theMxpiMain
def doService(httpMethod, url, credential, requestBody=None):
Security.addProvider(MySSLProvider())
Security.setProperty("ssl.TrustManagerFactory.algorithm", "TrustAllCertificates")
HttpsURLConnection.setDefaultHostnameVerifier(MyHostnameVerifier())
urlObj = URL(url)
con = urlObj.openConnection()
con.setRequestProperty("Accept", "application/xml")
con.setRequestProperty("Content-Type", "application/xml")
con.setRequestProperty("Authorization", credential)
con.setDoInput(True);
if httpMethod == 'POST':
con.setDoOutput(True)
con.setRequestMethod(httpMethod)
output = DataOutputStream(con.getOutputStream());
if requestBody:
output.writeBytes(requestBody);
output.close();
responseCode = con.getResponseCode()
logger.info('response code: ' + str(responseCode))
responseMessage = con.getResponseMessage()
logger.info('response message: ' + str(responseMessage))
contentLength = con.getHeaderField('Content-Length')
logger.info('content length: ' + str(contentLength))
stream = None
if responseCode == 200 or responseCode == 201 or responseCode == 202:
stream = con.getInputStream()
elif contentLength:
stream = con.getErrorStream()
if stream:
dataString = getStreamData(stream)
logger.info(httpMethod + ' url: ' + url)
if not url.endswith('.xsd') and len(dataString) < 4096:
xmlStr = Util.prettfyXmlByString(dataString)
logger.info(httpMethod + ' result: \n\n' + xmlStr)
else:
logger.info('response body too big, no print out')
if responseCode == 200 or responseCode == 201 or responseCode == 202:
return dataString
else:
''' to mark the case failed if response code is not 200-202 '''
return None
else:
logger.error('')
logger.error('---------------------------------------------------------------------------------------------------')
logger.error('-------->>> Input or Error stream is None, it may be a defect if it is positive test case')
logger.error('---------------------------------------------------------------------------------------------------')
logger.error('')
return None
def crawl(self, currentURL):
#uses the python module urlparse to parse the URL into segments
scheme, domain, filePath, params, query, fragment = urlparse(
currentURL)
ipAddr = socket.getaddrinfo(domain, 443)
#RETRIEVE SSL CERTIFICATES (IF APPLICABLE)
try:
#uses the javax.net.ssl.* and java.security.cert.* libraries to obtain certificate
factory = HttpsURLConnection.getDefaultSSLSocketFactory()
tmpSocket = factory.createSocket(domain, 443)
tmpSocket.startHandshake()
session = tmpSocket.getSession()
domainCerts = session.getPeerCertificateChain()
except SSLHandshakeException: #except thrown if the domain does not support SSL
print 'javax.net.ssl.SSLHandshakeException with domain: ' + domain
except ConnectException:
print 'java.net.ConnectException with domain: ' + domain
#RETRIEVE PAGE SOURCE
pageSource = urllib.urlopen(currentURL).read()
#PARSE PAGE SOURCE FOR LINKS
myparser = MyParser(scheme, domain)
myparser.parse(pageSource)
myparser.sort_hyperlinks(depth)
childLinks = myparser.get_hyperlinks()
return ipAddr, domainCerts, pageSource, childLinks
def crawlDomain(self, seed):
currentURL, depth = seed
scheme, domain, filePath, params, query, fragment = urlparse(currentURL)
#######check for regular traffic on port 80
#######think of a way to grab information on servers that host on non-standard ports.
ipAddr = socket.getaddrinfo(domain, 443)
#RETRIEVE SSL CERTIFICATES (IF APPLICABLE)
try:
#uses the javax.net.ssl.* and java.security.cert.* libraries to obtain certificate
factory = HttpsURLConnection.getDefaultSSLSocketFactory()
tmpSocket = factory.createSocket(domain, 443)
tmpSocket.startHandshake()
session = tmpSocket.getSession()
domainCerts = session.getPeerCertificateChain()
except SSLHandshakeException: #except thrown if the domain does not support SSL
print 'javax.net.ssl.SSLHandshakeException with domain: ' + domain
domainCerts = " "
except ConnectException:
print 'java.net.ConnectException with domain: ' + domain
domainCerts = None
tempdd = DomainDetail() #create a temporary DomainDetail object
tempdd.setDomainName(domain) #set the domainName value in the DomainDetail object
#stores the IP addresses obtain from the crawlDomain() function
ipAddresses = []
ipAddrLen = len(ipAddr)
for i in range (0, ipAddrLen):
a, b, c, d, e = ipAddr[i]
a, b = e
oct1, sep, leftover = a.partition('.')
oct2, sep, leftover = leftover.partition('.')
oct3, sep, leftover = leftover.partition('.')
oct4, sep, leftover = leftover.partition('.')
ipAddresses.append(IPAddress(int(oct1), int(oct2), int(oct3), int(oct4)))
tempdd.setIPAddresses(ipAddresses)
print "IP Addresses for '" + domain + "' stored"
#parses and stores certificate Information
certArray = []
if(domainCerts != None):
chainLength = len(domainCerts)
for i in range(0, chainLength):
certArray.append(Certificate())
certArray[i].setFullCertificate(pprint.pformat(domainCerts[i]))
certArray[i].setIssuer(domainCerts[i].getIssuerDN().getName())
certArray[i].setHierarchy(i)
certArray[i].setSubject(domainCerts[i].getSubjectDN().getName())
certArray[i].setValidFrom(domainCerts[i].getNotBefore())
certArray[i].setValidTill(domainCerts[i].getNotAfter())
certArray[i].setBasicConstraint(0) ###DONT HOW HOW TO DO###
tempdd.setCertificates(certArray)
print "certs for '" + domain + "' stored"
return tempdd
def testPage(self, page):
class MyTrustManager(X509TrustManager):
def getAcceptedIssuers(self):
return None
def checkClientTrusted(self, certs, auth):
pass
def checkServerTrusted(self, certs, auth):
pass
trustAllCerts = [MyTrustManager()]
sc = SSLContext.getInstance("SSL")
sc.init(None, trustAllCerts, SecureRandom())
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())
class MyHostnameVerifier(HostnameVerifier):
def verify(self, host, sess):
return True
HttpsURLConnection.setDefaultHostnameVerifier(MyHostnameVerifier())
try:
httpsURL = 'https://%s:%s/%s' % (self._host, self._port, page)
url = URL(httpsURL)
conn = url.openConnection()
conn.setConnectTimeout(5000)
conn.setRequestProperty("Accept-encoding", 'gzip,deflate,compress')
conn.setRequestProperty(
"User-agent",
'https://google.com/' if 'google' not in self._host else
'https://yandex.ru/') # Use foreign referer
#ist = conn.getInputStream()
#isr = InputStreamReader(ist)
#br = BufferedReader(isr)
print("[BREACH] Received response: %d" % conn.getResponseCode())
if conn.getContentEncoding() != None:
print("[BREACH] Received Content-encoding: %s" %
(conn.getContentEncoding()))
return True
except:
print("[BREACH] Socket timeout or an error occurred")
return False
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
'''Define a custom TrustManager which will blindly accept all certificates'''
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
from javax.net.ssl import HostnameVerifier, HttpsURLConnection
class AllHostsVerifier(HostnameVerifier):
def verify(self, urlHostname, session):
return True
HttpsURLConnection.setDefaultHostnameVerifier(AllHostsVerifier())
