Merge pull request #281 from pwned-17/master

rejahrehim · web-flow · commit 08ee7f5164e7 · 2021-06-18T18:58:00.000+05:30
Proxy Listener
diff --git a/SecureTea.py b/SecureTea.py
@@ -20,7 +20,7 @@
             os_name = distro.linux_distribution()[0]
             os_major_version = distro.linux_distribution()[1].split('.')[0]
 
-            if os_name == 'Ubunntu' and int(os_major_version) >= 16:
+            if os_name == 'Ubuntu' and int(os_major_version) >= 16:
                 command = 'systemctl suspend'
             os.system(command)
         if platfom == 'Darwin':
diff --git a/doc/en-US/dev_guide.md b/doc/en-US/dev_guide.md
@@ -483,6 +483,7 @@ Currently, the server log monitor supports the following log file types:
   - Denial of Service (DoS) attacks
   - Cross site scripting (XSS) injection
   - SQL injection (SQLi)
+  - Server Side Request Forgery (SSRF)
   - Local file inclusion (LFI)
   - Web shell injection
   - Reconnaissance attacks
diff --git a/securetea/lib/waf/__init__.py b/securetea/lib/waf/__init__.py
diff --git a/securetea/lib/waf/proxy/__init__.py b/securetea/lib/waf/proxy/__init__.py
diff --git a/securetea/lib/waf/proxy/intercept.py b/securetea/lib/waf/proxy/intercept.py
@@ -0,0 +1,74 @@
+u"""WAF Proxy module for SecureTea WAF.
+
+Project:
+    ╔═╗┌─┐┌─┐┬ ┬┬─┐┌─┐╔╦╗┌─┐┌─┐
+    ╚═╗├┤ │  │ │├┬┘├┤  ║ ├┤ ├─┤
+    ╚═╝└─┘└─┘└─┘┴└─└─┘ ╩ └─┘┴ ┴
+    Author: Shaik Ajmal R <shaikajmal.r2000@gmail.com>
+    Version:
+    Module: SecureTea
+
+"""
+
+
+import asyncio
+
+from requester import Requester
+
+
+class Http(asyncio.Protocol):
+    """
+       A class that handles incoming HTTP request
+       Parses the request and sends back the response to the client.
+
+
+
+    """
+
+
+    def connection_made(self, transport):
+        """
+          asyncio default method that gets called on every request.
+
+          Args:
+          transport(object): Instance of the current connection.
+
+        """
+        self.transport = transport
+
+
+    def data_received(self, data):
+        """
+         Clients data ie Http/Https
+         Args:
+             data(bytes):Has the request headers and body
+
+
+        """
+
+        requester=Requester(data)
+
+        try:
+            requester.connect()
+            requester.send_data()
+            response=requester.receive_data()
+            self.transport.write(response)
+            requester.close()
+            self.close_transport()
+
+        except Exception as e:
+
+            print("Error",e)
+
+    def close_transport(self):
+       """
+          Close the current instance of the transport for every successful session.
+       """
+       self.transport.close();
+
+
+
+
+
+class Https(asyncio.Protocol):
+    pass
diff --git a/securetea/lib/waf/proxy/proxy.py b/securetea/lib/waf/proxy/proxy.py
@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+u"""WAF Proxy module for SecureTea WAF.
+
+Project:
+    ╔═╗┌─┐┌─┐┬ ┬┬─┐┌─┐╔╦╗┌─┐┌─┐
+    ╚═╗├┤ │  │ │├┬┘├┤  ║ ├┤ ├─┤
+    ╚═╝└─┘└─┘└─┘┴└─└─┘ ╩ └─┘┴ ┴
+    Author: Shaik Ajmal R <shaikajmal.r2000@gmail.com>
+    Version:
+    Module: SecureTea
+
+"""
+
+import asyncio
+from intercept import Http
+
+class RunProxy:
+    """
+     A class that starts the proxy server
+
+
+    """
+    def __init__(self):
+        """
+         Initialize host and port for listening
+        """
+        self.host="127.0.0.1"
+        self.port=2345
+
+
+    def run_server(self):
+
+        asyncio.run(self.start())
+
+    async def start(self):
+
+        self.loop=asyncio.get_event_loop()
+        self.server = await self.loop.create_server(
+            lambda:Http(),host=self.host, port=self.port
+        )
+        ip, port = self.server.sockets[0].getsockname()
+        print("Listening on {}:{}".format(ip, port))
+
+        await self.server.serve_forever()
+
+
+
+c=RunProxy();
+c.run_server();
diff --git a/securetea/lib/waf/proxy/requester.py b/securetea/lib/waf/proxy/requester.py
@@ -0,0 +1,74 @@
+u"""WAF Proxy module for SecureTea WAF.
+
+Project:
+    ╔═╗┌─┐┌─┐┬ ┬┬─┐┌─┐╔╦╗┌─┐┌─┐
+    ╚═╗├┤ │  │ │├┬┘├┤  ║ ├┤ ├─┤
+    ╚═╝└─┘└─┘└─┘┴└─└─┘ ╩ └─┘┴ ┴
+    Author: Shaik Ajmal R <shaikajmal.r2000@gmail.com>
+    Version:
+    Module: SecureTea
+
+"""
+
+import socket
+from utils import RequestParser
+
+class Requester:
+    """
+    This class is responsible for sending the intercepted data to the requested server
+    and sends back the response to the client.
+    """
+    def __init__(self,data,timeout=5):
+        """
+        Args:
+            data(bytes): Consists of the raw request.
+        """
+        print("inside requester")
+        socket.setdefaulttimeout(timeout)
+        self.socket=socket.socket(socket.AF_INET,socket.SOCK_STREAM);
+        self.data=data
+
+    def connect(self):
+
+        """
+        Extracts the host name and connects the socket to the host on port 80
+        """
+
+        self.host=(RequestParser(self.data).headers["HOST"])
+        print(self.host)
+        try :
+            {
+                self.socket.connect((self.host,80))
+            }
+        except Exception as e:
+            print(e)
+    def send_data(self):
+        """
+        Sends the data through the socket to the server
+        """
+        self.socket.send(self.data)
+
+    def receive_data(self):
+
+        """
+        Data from the server (response) is returned to the interceptor.
+        """
+
+
+        response = b""
+
+        while True:
+            try:
+                buf = self.socket.recv(64000)
+                if not buf:
+                    break
+                else:
+                    response += buf
+            except Exception as e:
+                break
+
+        return response
+
+    def close(self):
+
+        self.socket.close();
diff --git a/securetea/lib/waf/proxy/utils.py b/securetea/lib/waf/proxy/utils.py
@@ -0,0 +1,48 @@
+u"""WAF Proxy module for SecureTea WAF.
+
+Project:
+    ╔═╗┌─┐┌─┐┬ ┬┬─┐┌─┐╔╦╗┌─┐┌─┐
+    ╚═╗├┤ │  │ │├┬┘├┤  ║ ├┤ ├─┤
+    ╚═╝└─┘└─┘└─┘┴└─└─┘ ╩ └─┘┴ ┴
+    Author: Shaik Ajmal R <shaikajmal.r2000@gmail.com>
+    Version:
+    Module: SecureTea
+
+"""
+
+
+from http.server import BaseHTTPRequestHandler
+import io
+
+
+
+class RequestParser(BaseHTTPRequestHandler):
+    """
+       Handler to parse the request data from client
+
+    """
+    def __init__(self,data):
+        """
+        Args:
+            data(bytes):Data containing the Request From the Client
+
+        """
+        self.rfile=io.BytesIO(data)
+        self.raw_requestline=self.rfile.readline()
+        self.parse_request()
+
+
+    def send_header(self, keyword,value):
+        print(keyword,value)
+
+
+    def send_error(self, code, message):
+        """
+         Called by the BasseHTTPRequestHandler when there is an error
+
+         Args:
+             code(int): The error code
+             message(string): The error Messages that should be displayed
+        """
+        self.ecode=code;
+        self.error_message=message;
