source: test/samples/password-reset/password-reset.py

Last change on this file was 135, checked in by tim, 7 years ago

.

  • Property svn:executable set to *
File size: 4.0 KB
Line 
1#!/usr/bin/env python3
2
3'''
4Sample password reset process which is vulnerable to padding oracle attacks
5
6Copyright (C) 2016-2017 Blindspot Security LLC
7Author: Timothy D. Morgan
8
9 This program is free software: you can redistribute it and/or modify
10 it under the terms of the GNU Lesser General Public License, version 3,
11 as published by the Free Software Foundation.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program.  If not, see <http://www.gnu.org/licenses/>.
20'''
21
22import http.server
23import tokenutils
24
25listen_ip = '127.0.0.1'
26listen_port = 8888
27
28
29class MyHandler(http.server.BaseHTTPRequestHandler):
30    def do_HEAD(s):
31        s.send_response(200)
32        s.send_header("Content-type", "text/html")
33        s.end_headers()
34       
35    def do_GET(s):
36        if s.path.startswith('/generate-reset-token'):
37            s.send_response(200)
38            s.send_header("Content-Type", "text/html; charset=utf-8")
39            s.end_headers()
40           
41            s.wfile.write(b"<html><head><title>Reset Your Password</title></head>")
42            s.wfile.write(b"<body>")
43            user = s.path.split('user=')[1]
44            url = 'http://%s:%d/reset-password?token=%s' % (listen_ip,listen_port,tokenutils.generateResetToken(user))
45            s.wfile.write(('<h4>If this were a real application, we would have emailed the user "%s" the following URL so they could reset their password:</h4>' % user).encode('utf-8'))
46            s.wfile.write(('<code><a href="%s">%s</a></code>' % (url,url)).encode('utf-8'))
47            s.wfile.write(b"</body></html>")
48
49        elif s.path.startswith('/reset-password'):
50            token = s.path.split('token=')[1]
51            result,info = tokenutils.validateResetToken(token)
52            if result:
53                s.send_response(200)
54                s.send_header("Content-type", "text/html; charset=utf-8")
55                s.end_headers()
56               
57                s.wfile.write(b"<html><head><title>Reset Your Password</title></head>")
58                s.wfile.write(("<body><p>Hello <b>%s</b>, you may now reset your password:</p>" % info['user']).encode('utf-8'))
59                s.wfile.write(b"<p>New password: <input type='password' /></p>")
60                s.wfile.write(b"<p>Verify password: <input type='password' /></p>")
61                s.wfile.write(b"<p><input type='button' value='Save' /></p>")
62                s.wfile.write(b"</body></html>")
63            else:
64                s.send_response(200)
65                s.send_header("Content-type", "text/html; charset=utf-8")
66                s.end_headers()
67
68                s.wfile.write(b"<html><head><title>Reset Your Password</title></head>")
69                s.wfile.write(b"<body><p>Oops! There was a problem with your reset token</p>")
70                s.wfile.write(b"<p>ERROR: <b>%s</b></p>" % info.encode('utf-8'))
71                s.wfile.write(("<p>Please <a href='http://%s:%d/generate-reset-token?user=bob'>return here</a> to try again.</p>" % (listen_ip,listen_port)).encode('utf-8'))
72                s.wfile.write(b"</body></html>")
73
74        else:
75            s.send_response(404)
76            s.send_header("Content-type", "text/html; charset=utf-8")
77            s.end_headers()
78           
79            s.wfile.write(b"<html><head><title>Not Found</title></head>")
80            s.wfile.write(b"<body><p>Greetings traveler.  We think you want to start at ")
81            s.wfile.write(("<a href='http://%s:%d/generate-reset-token?user=bob'>this page</a>.</p>" % (listen_ip,listen_port)).encode('utf-8'))
82            s.wfile.write(b"</body></html>")
83
84
85if __name__ == '__main__':
86    httpd = http.server.HTTPServer((listen_ip, listen_port), MyHandler)
87    try:
88        httpd.serve_forever()
89    except KeyboardInterrupt:
90        pass
91    httpd.server_close()
Note: See TracBrowser for help on using the repository browser.