Context Navigation

password-reset.py

Last change on this file was 135, checked in by tim, 7 years ago
.
Property svn:executable set to ``*
File size: 4.0 KB

Line
1	#!/usr/bin/env python3
2
3	'''
4	Sample password reset process which is vulnerable to padding oracle attacks
5
6	Copyright (C) 2016-2017 Blindspot Security LLC
7	Author: Timothy D. Morgan
8
9	This program is free software: you can redistribute it and/or modify
10	it under the terms of the GNU Lesser General Public License, version 3,
11	as published by the Free Software Foundation.
12
13	This program is distributed in the hope that it will be useful,
14	but WITHOUT ANY WARRANTY; without even the implied warranty of
15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	GNU General Public License for more details.
17
18	You should have received a copy of the GNU General Public License
19	along with this program. If not, see <http://www.gnu.org/licenses/>.
20	'''
21
22	import http.server
23	import tokenutils
24
25	listen_ip = '127.0.0.1'
26	listen_port = 8888
27
28
29	class MyHandler(http.server.BaseHTTPRequestHandler):
30	def do_HEAD(s):
31	s.send_response(200)
32	s.send_header("Content-type", "text/html")
33	s.end_headers()
34
35	def do_GET(s):
36	if s.path.startswith('/generate-reset-token'):
37	s.send_response(200)
38	s.send_header("Content-Type", "text/html; charset=utf-8")
39	s.end_headers()
40
41	s.wfile.write(b"<html><head><title>Reset Your Password</title></head>")
42	s.wfile.write(b"<body>")
43	user = s.path.split('user=')[1]
44	url = 'http://%s:%d/reset-password?token=%s' % (listen_ip,listen_port,tokenutils.generateResetToken(user))
45	s.wfile.write(('<h4>If this were a real application, we would have emailed the user "%s" the following URL so they could reset their password:</h4>' % user).encode('utf-8'))
46	s.wfile.write(('<code><a href="%s">%s</a></code>' % (url,url)).encode('utf-8'))
47	s.wfile.write(b"</body></html>")
48
49	elif s.path.startswith('/reset-password'):
50	token = s.path.split('token=')[1]
51	result,info = tokenutils.validateResetToken(token)
52	if result:
53	s.send_response(200)
54	s.send_header("Content-type", "text/html; charset=utf-8")
55	s.end_headers()
56
57	s.wfile.write(b"<html><head><title>Reset Your Password</title></head>")
58	s.wfile.write(("<body><p>Hello <b>%s</b>, you may now reset your password:</p>" % info['user']).encode('utf-8'))
59	s.wfile.write(b"<p>New password: <input type='password' /></p>")
60	s.wfile.write(b"<p>Verify password: <input type='password' /></p>")
61	s.wfile.write(b"<p><input type='button' value='Save' /></p>")
62	s.wfile.write(b"</body></html>")
63	else:
64	s.send_response(200)
65	s.send_header("Content-type", "text/html; charset=utf-8")
66	s.end_headers()
67
68	s.wfile.write(b"<html><head><title>Reset Your Password</title></head>")
69	s.wfile.write(b"<body><p>Oops! There was a problem with your reset token</p>")
70	s.wfile.write(b"<p>ERROR: <b>%s</b></p>" % info.encode('utf-8'))
71	s.wfile.write(("<p>Please <a href='http://%s:%d/generate-reset-token?user=bob'>return here</a> to try again.</p>" % (listen_ip,listen_port)).encode('utf-8'))
72	s.wfile.write(b"</body></html>")
73
74	else:
75	s.send_response(404)
76	s.send_header("Content-type", "text/html; charset=utf-8")
77	s.end_headers()
78
79	s.wfile.write(b"<html><head><title>Not Found</title></head>")
80	s.wfile.write(b"<body><p>Greetings traveler. We think you want to start at ")
81	s.wfile.write(("<a href='http://%s:%d/generate-reset-token?user=bob'>this page</a>.</p>" % (listen_ip,listen_port)).encode('utf-8'))
82	s.wfile.write(b"</body></html>")
83
84
85	if __name__ == '__main__':
86	httpd = http.server.HTTPServer((listen_ip, listen_port), MyHandler)
87	try:
88	httpd.serve_forever()
89	except KeyboardInterrupt:
90	pass
91	httpd.server_close()

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: test/samples/password-reset/password-reset.py

Download in other formats: