def color_string(data, color): # Setup a TerminalController for formatted output term = TerminalController() result = term.render("${" + color.upper() + "}" + data + "${NORMAL}") return result
def main(): import optparse parser = optparse.OptionParser() # Shall we fuzz the request, response, or both? # Set via optparse in main global sr_request # search/replace tuple for requests - (True, [search, replace]) where true means to use regex global sr_response # search/replace tuple for responses - (True, [search, replace]) where true means to use regex global fuzz_request global fuzz_response # Other module-wide variables global debug global term global logger global fwdr parser.add_option("-l", "--local-addr", dest="local_addr", default="127.0.0.1", help="Local address to bind to") parser.add_option("-p", "--local-port", type="int", dest="local_port", default=1234, help="Local port to bind to") parser.add_option("-r", "--remote-addr", dest="remote_addr", help="Remote address to bind to") parser.add_option("-P", "--remote-port", type="int", dest="remote_port", default=80, help="Remote port to bind to") parser.add_option( "--search-request", dest="search_request", default="", help="String that if found will be replaced by --replace-request's value", ) parser.add_option( "--replace-request", dest="replace_request", default="", help="String to replace the value of --search-request" ) parser.add_option( "--search-response", dest="search_response", default="", help="String that if found will be replaced by --replace-request's value", ) parser.add_option( "--replace-response", dest="replace_response", default="", help="String to replace the value of --search-request", ) parser.add_option( "--regex-request", action="store_true", dest="request_use_regex", help="Requests: Use regular expressions for search and replace instead of string constants", ) parser.add_option( "--regex-response", action="store_true", dest="response_use_regex", help="Responses: Use regular expressions for search and replace instead of string constants", ) parser.add_option( "--fuzz-request", action="store_true", dest="fuzz_request", help="Fuzz the request which the proxy gets from the connecting client \ prior to sending it to the remote host", ) parser.add_option( "--fuzz-response", action="store_true", dest="fuzz_response", help="Fuzz the response which the proxy gets from the remote host prior \ to sending it to the conecting client", ) parser.add_option( "-i", "--run-info", dest="run_info", default="", help="Additional information string to add to database run_info entry", ) parser.add_option( "-d", "--debug", type="int", dest="debug", default=0, help="Debug level (0-5, 0: No debugging; 1: Simple conneciton \ information; 2: Simple data information; 3: Listener data display; 4: \ Sender data display; 5: All data display)", ) (options, args) = parser.parse_args() if not options.remote_addr or not options.remote_port: parser.print_help() exit(1) # Validate options for search/replace if (options.search_request and not options.replace_request) or ( options.replace_request and not options.search_request ): print >> sys.stderr, "Both --search-request and --replace-request must be provided together" exit(1) if (options.search_response and not options.replace_response) or ( options.replace_response and not options.search_response ): print >> sys.stderr, "Both --search-response and --replace-response must be provided together" exit(1) # Setup a TerminalController for formatted output term = TerminalController() # Print the current run information print ( term.render( """\nSetting up asynch. TCP proxy with the following settings: ${GREEN}Local binding Address: %s Local binding Port: %s${NORMAL} ${RED}Remote host address: %s Remote host port: %s${NORMAL} """ ) % (options.local_addr, options.local_port, options.remote_addr, options.remote_port) ) # Set the debug value debug = options.debug # If run info was passed in on the command line, use that for the run_info table # additional info field (It will have what's being fuzzed prepended to it as well) run_additional_info = options.run_info # Print the selected debug value if debug > 0: if debug == 1: print (" Debug: Level 1 (Show simple connection information)") elif debug == 2: print (" Debug: Level 2 (Show simple data information, such as the size of sent/received messages)") elif debug == 3: print (" Debug: Level 3 (Show listener data and size of sent/received messages)") elif debug == 4: print (" Debug: Level 4 (Show sender data and size of sent/received messages)") elif debug == 5: print ( " Debug: Level 5 (Show all possible information, including the size of sent/received messages, and their data for listener and sender)" ) print ("") # Display and setup search/replace things if options.search_request and options.replace_request: sr_request = [ None, options.search_request.decode("string-escape"), options.replace_request.decode("string-escape"), ] # Check if we want to use regex instead of string constants if options.request_use_regex: # Use regex instead of string replace print ( term.render( "Running regex search/replace on ${BOLD}REQUESTS${NORMAL} with regex: 's/%s/%s'" % (sr_request[1], sr_request[2]) ) ) sr_request[0] = True else: print ( term.render( "Running string search/replace on ${BOLD}REQUESTS${NORMAL} with search/replace: 's/%s/%s'" % (sr_request[1], sr_request[2]) ) ) sr_request[0] = False else: sr_request = None if options.search_response and options.replace_response: sr_response = [ None, options.search_response.decode("string-escape"), options.replace_response.decode("string-escape"), ] # Check if we want to use regex instead of string constants if options.response_use_regex: print ( term.render( "Running regex search/replace on ${BOLD}RESPONSES${NORMAL} with regex: 's/%s/%s'" % (sr_response[1], sr_response[2]) ) ) sr_response[0] = True else: print ( term.render( "Running string search/replace on ${BOLD}RESPONSES${NORMAL} with search/replace: 's/%s/%s'" % (sr_response[1], sr_response[2]) ) ) sr_response[0] = False else: sr_response = None # Setup which to fuzz - request, response, neither, both? if options.fuzz_request: fuzz_request = options.fuzz_request run_additional_info = "Fuzzing REQUESTS; " + run_additional_info print (term.render("Fuzzing ${BOLD}REQUESTS${NORMAL}")) else: fuzz_request = False if options.fuzz_response: fuzz_response = options.fuzz_response run_additional_info = "Fuzzing RESPONSES; " + run_additional_info print (term.render("Fuzzing ${BOLD}RESPONSES${NORMAL}")) else: fuzz_response = False if not (options.fuzz_response or options.fuzz_request): run_additional_info = "Fuzzing NONE; " + run_additional_info print ( term.render( "Fuzzing ${BOLD}<NOTHING>${NORMAL} (Maybe you wanted ${BOLD}--fuzz-request or --fuzz-response${NORMAL}?)" ) ) if fuzz_request and fuzz_response: print ( term.render( "${YELLOW}\nWARNING! WARNING!\n${BOLD}Fuzzing BOTH the request and response is probably a bad idea, ensure this is what you want to do!${NORMAL}${YELLOW}\nWARNING! WARNING!\n${NORMAL}" ) ) # host, db, username, passwd if logging_enabled: logger = postgresLogger("postgreshost", "dbname", "dbuser", "dbpass") logger.log_run_info("CompanyName", "ProjectName-v1.2.3", run_additional_info) # create object that spawns reciever/sender pairs upon connection fwdr = forwarder(options.local_addr, options.local_port, options.remote_addr, options.remote_port) print ("Listener running...") # asyncore.loop() # A quick hack to be able to control fuzz on/off while running # separate asyncore.loop into its own thread so we can have terminal control asyncThread = Thread(target=asyncore.loop) asyncThread.start() # start a console (ipython) from IPython.terminal.interactiveshell import TerminalInteractiveShell shell = TerminalInteractiveShell(user_ns=globals()) shell.mainloop() # cleanup otherwise thread wont die and program hangs fwdr.close() # asyncore.close_all() asyncThread._Thread__stop()
def color_string(data, color): # Setup a TerminalController for formatted output term = TerminalController() result = term.render("${" + color.upper() + "}" + data + "${NORMAL}") return (result)
def main(): import optparse parser = optparse.OptionParser() # Shall we fuzz the request, response, or both? # Set via optparse in main global sr_request # search/replace tuple for requests - (True, [search, replace]) where true means to use regex global sr_response # search/replace tuple for responses - (True, [search, replace]) where true means to use regex global fuzz_request global fuzz_response # Other module-wide variables global debug global term global logger global fwdr parser.add_option( '-l','--local-addr', dest='local_addr',default='127.0.0.1', help='Local address to bind to') parser.add_option( '-p','--local-port', type='int',dest='local_port',default=1234, help='Local port to bind to') parser.add_option( '-r','--remote-addr',dest='remote_addr', help='Remote address to bind to') parser.add_option( '-P','--remote-port', type='int',dest='remote_port',default=80, help='Remote port to bind to') parser.add_option( '--search-request', dest='search_request',default='', help='String that if found will be replaced by --replace-request\'s value') parser.add_option( '--replace-request', dest='replace_request',default='', help='String to replace the value of --search-request') parser.add_option( '--search-response', dest='search_response',default='', help='String that if found will be replaced by --replace-request\'s value') parser.add_option( '--replace-response', dest='replace_response',default='', help='String to replace the value of --search-request') parser.add_option( '--regex-request', action='store_true' ,dest='request_use_regex', help='Requests: Use regular expressions for search and replace instead of string constants') parser.add_option( '--regex-response', action='store_true' ,dest='response_use_regex', help='Responses: Use regular expressions for search and replace instead of string constants') parser.add_option( '--fuzz-request', action='store_true' ,dest='fuzz_request', help='Fuzz the request which the proxy gets from the connecting client \ prior to sending it to the remote host') parser.add_option( '--fuzz-response', action='store_true' ,dest='fuzz_response', help='Fuzz the response which the proxy gets from the remote host prior \ to sending it to the conecting client') parser.add_option( '-i','--run-info', dest='run_info',default='', help='Additional information string to add to database run_info entry') parser.add_option( '-d','--debug', type='int',dest='debug',default=0, help='Debug level (0-5, 0: No debugging; 1: Simple conneciton \ information; 2: Simple data information; 3: Listener data display; 4: \ Sender data display; 5: All data display)') (options, args) = parser.parse_args() if not options.remote_addr or not options.remote_port: parser.print_help() exit(1) # Validate options for search/replace if (options.search_request and not options.replace_request) or (options.replace_request and not options.search_request): print >>sys.stderr, "Both --search-request and --replace-request must be provided together" exit(1) if (options.search_response and not options.replace_response) or (options.replace_response and not options.search_response): print >>sys.stderr, "Both --search-response and --replace-response must be provided together" exit(1) # Setup a TerminalController for formatted output term = TerminalController() # Print the current run information print(term.render("""\nSetting up asynch. TCP proxy with the following settings: ${GREEN}Local binding Address: %s Local binding Port: %s${NORMAL} ${RED}Remote host address: %s Remote host port: %s${NORMAL} """) % (options.local_addr, options.local_port, options.remote_addr, options.remote_port)) # Set the debug value debug = options.debug # If run info was passed in on the command line, use that for the run_info table # additional info field (It will have what's being fuzzed prepended to it as well) run_additional_info = options.run_info # Print the selected debug value if(debug > 0): if(debug == 1): print(" Debug: Level 1 (Show simple connection information)") elif(debug == 2): print(" Debug: Level 2 (Show simple data information, such as the size of sent/received messages)") elif(debug == 3): print(" Debug: Level 3 (Show listener data and size of sent/received messages)") elif(debug == 4): print(" Debug: Level 4 (Show sender data and size of sent/received messages)") elif(debug == 5): print(" Debug: Level 5 (Show all possible information, including the size of sent/received messages, and their data for listener and sender)") print("") # Display and setup search/replace things if options.search_request and options.replace_request: sr_request = [None, options.search_request.decode('string-escape'), options.replace_request.decode('string-escape')] # Check if we want to use regex instead of string constants if options.request_use_regex: # Use regex instead of string replace print(term.render("Running regex search/replace on ${BOLD}REQUESTS${NORMAL} with regex: 's/%s/%s'" % (sr_request[1], sr_request[2]))) sr_request[0] = True else: print(term.render("Running string search/replace on ${BOLD}REQUESTS${NORMAL} with search/replace: 's/%s/%s'" % (sr_request[1], sr_request[2]))) sr_request[0] = False else: sr_request = None if options.search_response and options.replace_response: sr_response = [None, options.search_response.decode('string-escape'), options.replace_response.decode('string-escape')] # Check if we want to use regex instead of string constants if options.response_use_regex: print(term.render("Running regex search/replace on ${BOLD}RESPONSES${NORMAL} with regex: 's/%s/%s'" % (sr_response[1], sr_response[2]))) sr_response[0] = True else: print(term.render("Running string search/replace on ${BOLD}RESPONSES${NORMAL} with search/replace: 's/%s/%s'" % (sr_response[1], sr_response[2]))) sr_response[0] = False else: sr_response = None # Setup which to fuzz - request, response, neither, both? if(options.fuzz_request): fuzz_request = options.fuzz_request run_additional_info = "Fuzzing REQUESTS; " + run_additional_info print(term.render("Fuzzing ${BOLD}REQUESTS${NORMAL}")) else: fuzz_request = False if(options.fuzz_response): fuzz_response = options.fuzz_response run_additional_info = "Fuzzing RESPONSES; " + run_additional_info print(term.render("Fuzzing ${BOLD}RESPONSES${NORMAL}")) else: fuzz_response = False if(not(options.fuzz_response or options.fuzz_request)): run_additional_info = "Fuzzing NONE; " + run_additional_info print(term.render("Fuzzing ${BOLD}<NOTHING>${NORMAL} (Maybe you wanted ${BOLD}--fuzz-request or --fuzz-response${NORMAL}?)")) if(fuzz_request and fuzz_response): print(term.render("${YELLOW}\nWARNING! WARNING!\n${BOLD}Fuzzing BOTH the request and response is probably a bad idea, ensure this is what you want to do!${NORMAL}${YELLOW}\nWARNING! WARNING!\n${NORMAL}")) # host, db, username, passwd if logging_enabled: logger = postgresLogger("postgreshost", "dbname", "dbuser", "dbpass") logger.log_run_info("CompanyName", "ProjectName-v1.2.3", run_additional_info) # create object that spawns reciever/sender pairs upon connection fwdr = forwarder(options.local_addr,options.local_port,options.remote_addr,options.remote_port) print("Listener running...") #asyncore.loop() # A quick hack to be able to control fuzz on/off while running # separate asyncore.loop into its own thread so we can have terminal control asyncThread = Thread(target=asyncore.loop) asyncThread.start() # start a console (ipython) from IPython.terminal.interactiveshell import TerminalInteractiveShell shell = TerminalInteractiveShell(user_ns=globals()) shell.mainloop() # cleanup otherwise thread wont die and program hangs fwdr.close() #asyncore.close_all() asyncThread._Thread__stop()