Browse Source

first commit

Peter Siegrist 5 years ago
commit
5c2e2156ae
2 changed files with 334 additions and 0 deletions
  1. 0 0
      README.md
  2. 334 0
      WebProxy46.py

+ 0 - 0
README.md


+ 334 - 0
WebProxy46.py

@@ -0,0 +1,334 @@
+#!/usr/bin/python
+ 
+# Copyright (c) 2013 by Peter_Siegrist(SystemLoesungen)  (PSS @ ZweierNet.ch)
+# www.IPv6Tech.ch
+#
+# All Rights reserved.
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+#
+# This is a simple IPv4-IPv6 non-caching HTTP/HTTPS Proxy/Gateway. 
+# The Server can make both IPv6, primarily, or IPv4 requestst on behalf of the pure IPv4 clients.
+# 
+# WebProxy46 does not filter any messages apart from chanching HTTP/1.1 to HTTP/1.0
+# because we do not want to filter out subrequests in persistent connections.
+# 
+# All standard methodes are supported: GET, HEAD, POST, PUT, OPTIONS, TRACE and DELETE.
+# The CONNECT method is used for SSL connections. Only port 443 is allowed with this method (HTTP CONNECT Vulnerability)
+#
+# For using this proxy configure your browser to use proxy service.
+# The servers standard binding is port 9090 on address 0.0.0.0
+#
+# Accepted schemes are HTTP HTTPS and FTP.
+# Hostnames in URL's may be given as FQDN, IPv4 dotted address or IPv6 address in square brackets form [xx:xx:xx::x]
+#
+ 
+ 
+import socket
+import getopt
+import sys
+from select import select
+import logging
+import thread
+import struct
+import string
+ 
+#-- Vars
+ 
+version = 'WebProxy46/v0.7'
+buflen = 8192
+listen_host = '0.0.0.0'
+listen_port = 9090
+debug = False
+lfnr = 0
+ 
+ 
+#-- Threaded Main Object
+ 
+class ProxyHandler:
+    def __init__(self, local_conn, local_address):
+        global lfnr
+        lfnr += 1
+        self.lfnr = lfnr
+        log(self.lfnr,'NEW Connect ...')
+        self.local_client = local_conn
+        self.local_client_address = local_address
+        self.local_client_buffer = ''
+        self.timeout = 60
+        self.handle()
+        self.local_client.close()
+ 
+    def _set_target_sockopts_ssl(self):
+        self.target.setsockopt(socket.SOL_SOCKET,socket.MSG_DONTWAIT,1)
+        self.target.setblocking(1)
+ 
+    def handle(self):
+        try:
+            self.local_client.setblocking(1)
+            self.local_client.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 20))
+            #self.local_client.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 0)
+ 
+            clt_count = 0
+            while 1:
+                clt_count += 1
+                (client_data, _, client_error) = select([self.local_client], [], [], 1)
+                if client_data:
+                    data = self.local_client.recv(buflen)
+                    if len(data) == 0:
+                        break
+                    self.local_client_buffer += data
+                    log2(self.lfnr,"data:%s"%data)
+                if client_error:
+                    err = select.error
+                    log(self.lfnr,"%s - Client_Error select: %s on %s " % (self.af, err, self.local_client_address))
+                if clt_count == 1:
+                    break
+ 
+ 
+            if self.local_client_buffer:
+                end_head = self.local_client_buffer.find('\n')
+                log(self.lfnr,'%s'%self.local_client_buffer[:end_head])
+                self.method, self.path, self.protocol = (self.local_client_buffer[:end_head+1]).split()
+                self.local_client_buffer = self.local_client_buffer[end_head+1:]
+                # we can't handle 1.1 persistent connections in proxys, thanks mozilla :(
+                self.protocol = string.replace(self.protocol, 'HTTP/1.1', 'HTTP/1.0')                
+ 
+                if self.method=='CONNECT':
+                    self.method_ssl()
+                elif self.method in ('OPTIONS', 'GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'TRACE'):
+                    self.method_get()
+                else:
+                    self.method_invalid()           
+                try:
+                    self.target.close()
+                except:
+                    pass
+        except Exception as uerr:
+            log(self.lfnr,'__Unexpected Error__: %s'%uerr)
+ 
+ 
+    def method_invalid(self):
+        log(self.lfnr,'Invalid HTTP Method: %s'%self.method)
+        self.local_client.send('HTTP/1.1 501 Not Implemented\r\n'+'Unknown method: %s\r\n\r\n'%self.method)
+        self.local_client_buffer = ''
+        self.local_client.close()
+ 
+    def method_ssl(self):
+        if not self.connect_target(self.path):
+            self.local_client.send('HTTP/1.1 500\r\n\r\n')
+            self.local_client.send('HTTP/1.1 500 %s\r\nProxy: %s\r\n\r\n'%(self.conn_error,version))
+            return False
+        #self.local_client.send('HTTP/1.1 200 OK\r\n\r\n')
+        self.local_client.send('HTTP/1.1 200 Connection established\r\n'+'Proxy: %s\r\n\r\n'%version)
+        self.local_client_buffer = ''
+        self.handle_select()        
+ 
+ 
+    def method_get(self):
+        j = self.path.find('://')
+        self.scheme = self.path[:j]
+        self.path = self.path[j+3:]        
+        i = self.path.find('/')
+        host = self.path[:i]        
+        path = self.path[i:]
+        if not self.connect_target(host):
+            self.local_client.send('HTTP/1.1 500\r\n\r\n')
+            self.local_client.send('HTTP/1.1 500 %s\r\nProxy: %s\r\n\r\n'%(self.conn_error,version))
+            return False
+        s1 = self.target.send('%s %s %s\r\n'%(self.method, path, self.protocol)+self.local_client_buffer)
+        log2(self.lfnr,'SEND_RAW(to %s):%s %s %s\n'%(self.target_addr[0:2],self.method, path, self.protocol)+self.local_client_buffer)
+        log(self.lfnr,'SEND_REQUEST(to %s): %s %s %s\n'%(self.target_addr[0:2], self.method, path, self.protocol))
+        self.local_client_buffer = ''
+        self.handle_select()
+ 
+ 
+    def connect_target(self, host):
+        if host.find('[') != -1:
+            j = host.find(']:')
+            if j!=-1:
+                port = int(host[j+2:])
+                host = host[1:j]
+            else:
+                host = host[1:-1]
+                if self.scheme.lower() == 'ftp':
+                    port = 21
+                else:
+                    port = 80
+        else:
+            i = host.find(':')
+            if i!=-1:
+                port = int(host[i+1:])
+                host = host[:i]
+            else:
+                if self.scheme.lower() == 'ftp':
+                    port = 21
+                else:
+                    port = 80
+ 
+        if self.method=='CONNECT':
+            if port != 443:
+                self.conn_error = 'Connection refused. Port %d not allowed in CONNECT method'%port
+                return False
+        try:
+            addrinfo = socket.getaddrinfo(host, port)
+        except socket.error as msg:
+            log(self.lfnr,"Error resolving %s:%d: %s" % (host, port, msg))
+            self.conn_error = 'Error resolving %s:%d: %s'%(host, port,msg[1])
+            return False
+        for (afm, _, _, _, address) in addrinfo:
+            if afm == socket.AF_INET6:
+                self.target = socket.socket(socket.AF_INET6)
+                self.target_addr = address
+                self.af = 'IPv6'
+                break
+            elif afm == socket.AF_INET:
+                self.target = socket.socket(socket.AF_INET)
+                self.target_addr = address
+                self.af = 'IPv4'
+            else:
+                log(self.lfnr,"EEERRRRRRRRRRRRRRRRRRRR\n")
+        self.target.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 0)
+        self.target.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 10))      
+        try:
+            self.target.connect(self.target_addr)
+        except socket.error as msg:
+            log(self.lfnr,"%s - Error connecting %s:%d (Addr: %s): %s" % (self.af, host, port, self.target_addr, msg))
+            self.conn_error = 'Connection failed: %s'%msg[1]
+            return False
+        else:
+            log(self.lfnr,"%s - connect to %s:%d (%s)" % (self.af, host, port, self.target_addr[0:2]))
+ 
+        return True
+ 
+    def handle_select(self):
+        self.soc_pair = [self.local_client, self.target]
+        count = 0
+        rf = 'undefined'
+        while 1:
+            count += 1
+            (recv_data, _, error) = select(self.soc_pair, [], self.soc_pair, 2)
+            if recv_data:
+                cnt = 0
+                for i in recv_data:
+                    cnt +=1
+                    if i is self.local_client:
+                        rf = self.local_client_address
+                    else:
+                        rf = self.target_addr
+                    try:             
+                        data = i.recv(buflen)
+                    except socket.error as err:
+                        log(self.lfnr,'recv error (%s):%s' % (rf, err))
+                        if err[0] == 104:   # connection reset by peer
+                            continue
+                    log2(self.lfnr,'%d %d select handle from: %s LEN: %d' % (count,cnt,rf,len(data)))
+                    if len(data) == 0:
+                        continue
+                    if i is self.local_client:
+                        #self.view_sockopts(self.local_client)
+                        if 'HTTP/1.' in data:
+                            bs = data.find('\n')
+                            log(self.lfnr,'%s - Request from %s: %s'%(self.af,self.local_client_address[0:2],data[:bs-1]))
+                        rf = self.local_client_address
+                        log2(self.lfnr,'DATA(to %s from %s):%s'% (self.target_addr,rf,data[:260]))
+                        out = self.target
+                    elif i is self.target:
+                        if 'HTTP/1.' in data[0:8]:
+                            bs = data[0:256].find('\n')
+                            log(self.lfnr,'%s - Answer from %s: %s'%(self.af,self.target_addr[0:2],data[:bs-1]))
+ 
+                        rf = self.target_addr
+                        log2(self.lfnr,'DATA(to %s from %s):%s'% (self.local_client_address,rf,data[:260]))
+                        out = self.local_client
+                    else:
+                        log(self.lfnr,"EEEEEERRRRRROOOORRRRRRRRR: %s"% i)
+ 
+                    if data:
+                        try:
+                            sent_byte = out.send(data)
+                        except socket.error as err:
+                            log(self.lfnr,'send error (%s):%s' % (rf, err))
+                        else:
+                            log2(self.lfnr,'Sent %d Bytes Data to %s' % (sent_byte,out.getpeername()[0:2]))
+                        count = 0
+            if error:
+                err = select.error
+                log(self.lfnr,"%s - Error select: %s on %s:%s " % (self.af, err, self.local_client_address, self.target_addr))
+            if count == 10:
+                break
+ 
+    def view_sockopts(self,s):
+        socket_options = [ (getattr(socket, opt), opt) for opt in dir(socket) if opt.startswith('SO_') ]
+        socket_options.sort()
+        for num, opt in socket_options:
+            try:
+                val = s.getsockopt(socket.SOL_SOCKET, num)
+                log2(self.lfnr,'%s(%d) defaults to %d' % (opt, num, val))
+            except (socket.error) as e:
+                log2(self.lfnr,'%s(%d) can\'t help you out there: %s' % (opt, num, str(e)))
+ 
+ 
+ 
+# -- Main functions
+ 
+def log(lfnr,msg):
+    logging.warn('[%s] %s'%(lfnr,msg))
+ 
+def log2(lfnr,msg):
+    if debug:
+        logging.warn('[%s] %s'%(lfnr,msg))
+ 
+def usage():
+    print(sys.argv[0]),
+    print(" [-p port] [-s host] [-l logfile] [-d] [-h]")
+    print('')
+    print("   -p       - Port to listen on")
+    print("   -s       - Host to listen on. If not specified, 0.0.0.0 is used")
+    print("   -l       - Path to logfile. If not specified, STDOUT is used")
+    print("   -d       - debug messages")
+    print('')
+ 
+def main(host, port):
+    logfile = None
+    try: 
+        opts, args = getopt.getopt(sys.argv[1:], "l:hdp:s:", [])
+    except getopt.GetoptError:
+        usage()
+        return 1 
+    for opt, value in opts:
+        if opt == "-p": port = int(value)
+        if opt == "-s": host = value
+        if opt == "-l": logfile = value
+        if opt == "-d": 
+            global debug
+            debug = True
+        if opt == "-h":
+            usage()
+            return 0
+    if not socket.has_ipv6:
+        print("This machine is not IPv6 capable. Exiting.\n")
+        exit(1)
+ 
+    logging.basicConfig(format='%(asctime)s %(thread)s: %(message)s',
+                        filename=logfile)
+ 
+    server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    server_socket.bind((host, port))
+    log(lfnr,"Start Server")
+    log(lfnr,"Listen on %s:%d"%(host, port))
+    server_socket.listen(10)
+    while 1:
+        thread.start_new_thread(ProxyHandler, server_socket.accept())
+ 
+ 
+if __name__ == '__main__':  
+    main(listen_host, listen_port)
+