From 0e3e6f97455b8b09b1c297ed502af8275acdab9f Mon Sep 17 00:00:00 2001 From: skelsec Date: Mon, 6 Feb 2017 09:21:44 -0800 Subject: [PATCH 1/3] making HTTP great again --- servers/HTTP.py | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/servers/HTTP.py b/servers/HTTP.py index 6f170fc..7823c75 100644 --- a/servers/HTTP.py +++ b/servers/HTTP.py @@ -266,21 +266,47 @@ class HTTP(BaseRequestHandler): def handle(self): try: - Challenge = RandomChallenge() - for x in range(2): + Challenge = RandomChallenge() + + while True: self.request.settimeout(3) - data = self.request.recv(8092) + remaining = 10*1024*1024 #setting max recieve size + data = '' + while True: + buff = '' + buff = self.request.recv(8092) + if buff == '': + break + data += buff + remaining -= len(buff) + if remaining <= 0: + break + #check if we recieved the full header + if data.find('\r\n\r\n') != -1: + #we did, now to check if there was anything else in the request besides the header + if data.find('Content-Length') == -1: + #request contains only header + break + else: + #searching for that content-length field in the header + for line in data.split('\r\n'): + if line.find('Content-Length') != -1: + line = line.strip() + remaining = int(line.split(':')[1].strip()) - len(data) + + #now the data variable has the full request Buffer = WpadCustom(data, self.client_address[0]) if Buffer and settings.Config.Force_WPAD_Auth == False: self.request.send(Buffer) - self.request.close() + self.request.close() if settings.Config.Verbose: print text("[HTTP] WPAD (no auth) file sent to %s" % self.client_address[0]) else: Buffer = PacketSequence(data,self.client_address[0], Challenge) self.request.send(Buffer) + except socket.error: pass From 2c32704b851530aecff064d3f918c886e72ca546 Mon Sep 17 00:00:00 2001 From: skelsec Date: Mon, 6 Feb 2017 09:42:35 -0800 Subject: [PATCH 2/3] SimpleSSL --- Responder.py | 2 +- servers/HTTP.py | 18 ++++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/Responder.py b/Responder.py index ed238d5..aaba9dd 100755 --- a/Responder.py +++ b/Responder.py @@ -239,7 +239,7 @@ def main(): if settings.Config.SSL_On_Off: from servers.HTTP import HTTPS - threads.append(Thread(target=serve_thread_SSL, args=('', 443, HTTPS,))) + threads.append(Thread(target=serve_thread_SSL, args=('', 443, HTTP,))) if settings.Config.WPAD_On_Off: from servers.HTTP_Proxy import HTTP_Proxy diff --git a/servers/HTTP.py b/servers/HTTP.py index 7823c75..3eb7858 100644 --- a/servers/HTTP.py +++ b/servers/HTTP.py @@ -310,16 +310,17 @@ class HTTP(BaseRequestHandler): except socket.error: pass +""" # HTTPS Server class -class HTTPS(StreamRequestHandler): - def setup(self): - self.exchange = self.request - self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) - self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) +class HTTPS(BaseRequestHandler): + #def setup(self): + # self.exchange = self.request + # self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) + # self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) - def handle(self): - try: - Challenge = RandomChallenge() + #def handle(self): + # try: + # Challenge = RandomChallenge() data = self.exchange.recv(8092) self.exchange.settimeout(0.5) Buffer = WpadCustom(data,self.client_address[0]) @@ -335,3 +336,4 @@ class HTTPS(StreamRequestHandler): except: pass +""" \ No newline at end of file From 225857b6ed4dacab6b762765891570fc79b9653a Mon Sep 17 00:00:00 2001 From: skelsec Date: Mon, 6 Feb 2017 10:48:23 -0800 Subject: [PATCH 3/3] cleaning up comments --- servers/HTTP.py | 29 +---------------------------- 1 file changed, 1 insertion(+), 28 deletions(-) diff --git a/servers/HTTP.py b/servers/HTTP.py index 3eb7858..2b75ba7 100644 --- a/servers/HTTP.py +++ b/servers/HTTP.py @@ -309,31 +309,4 @@ class HTTP(BaseRequestHandler): except socket.error: pass - -""" -# HTTPS Server class -class HTTPS(BaseRequestHandler): - #def setup(self): - # self.exchange = self.request - # self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) - # self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) - - #def handle(self): - # try: - # Challenge = RandomChallenge() - data = self.exchange.recv(8092) - self.exchange.settimeout(0.5) - Buffer = WpadCustom(data,self.client_address[0]) - - if Buffer and settings.Config.Force_WPAD_Auth == False: - self.exchange.send(Buffer) - if settings.Config.Verbose: - print text("[HTTPS] WPAD (no auth) file sent to %s" % self.client_address[0]) - - else: - Buffer = PacketSequence(data,self.client_address[0], Challenge) - self.exchange.send(Buffer) - except: - pass - -""" \ No newline at end of file + \ No newline at end of file