Changeset 116


Ignore:
Timestamp:
10/11/16 14:12:00 (8 years ago)
Author:
tim
Message:

made requests library the default
improved documentation in output script
fixed a bug in protocol detection

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bin/bletchley-http2py

    r82 r116  
    77This script reads a raw HTTP request and writes to stdout a Python
    88script.  The generated script sends the same (or a very similar)
    9 request using the standard httplib/http.client library, or optionally
    10 using the more user friendly python-requests library.
     9request using the Requests library, or optionally, the built-in
     10http.client library.
    1111
    1212Certainly if you have a raw request, you could simply send it via TCP
     
    1515or any number of other annoying things, then using an HTTP library is a
    1616lot more convenient.  This script attempts to make the conversion from a
    17 raw HTTP request to HTTP library calls easy.
     17raw HTTP request to HTTP library calls easy for pentesting automation.
    1818
    1919
    2020Copyright (C) 2011-2013 Virtual Security Research, LLC
    21 Copyright (C) 2014-2015 Blindspot Security LLC
     21Copyright (C) 2014-2016 Blindspot Security LLC
    2222Author: Timothy D. Morgan
    2323
     
    5151    'requestfile', type=bopen, nargs='?', default=sys.stdin.buffer,
    5252    help='A file containing an HTTP request.  Defaults to stdin if omitted.')
    53 parser.add_argument(
    54     '--requests', action='store_true', help='Generate a script that uses the'
    55     ' python-requests module rather than http.client (this will likely become'
    56     ' the default in the future).')
     53group = parser.add_mutually_exclusive_group()
     54group.add_argument('--requests', action='store_true',
     55                   help='Generate a script that uses the Requests module'
     56                        ' rather than http.client (default).')
     57group.add_argument('--native', action='store_false', dest='requests',
     58                   help='Generate a script that uses Pythons built-in http.client'
     59                        ' rather than the Requests module.')
     60parser.set_defaults(requests=True)
    5761
    5862args = parser.parse_args()
     
    9397    value = value.lstrip(' ').rstrip('\r')
    9498
    95     # Skip headers that have to do with transfer encodings and connection longevity
     99    # Skip headers that have to do with transfer encodings, connection longevity, and caching
     100    # XXX: maybe add these back as commented-out headers to the output?
    96101    if name.lower() not in ['accept','accept-language',
    97102                            'accept-encoding','accept-charset',
    98103                            'connection', 'keep-alive', 'host',
    99                             'content-length', 'proxy-connection']:
     104                            'content-length', 'proxy-connection',
     105                            'if-none-match']:
    100106        headers.append((name,[value]))
    101107
     
    121127
    122128if protocol == None:
    123     protocol == 'http'       
     129    protocol = 'http'
    124130if port == None:
    125131    if protocol == 'https':
     
    169175    sys.stderr.write('ERROR: Could not import requests module.  Ensure it is installed.\\n')
    170176    sys.stderr.write('       Under Debian, the package name is "python3-requests"\\n.')
     177    sys.stderr.write('       Alternatively, re-generate this script using the --native option.\\n.')
    171178    sys.exit(1)
    172179''')
     
    183190def sendRequest(session, data=None):
    184191    data = data.decode('utf-8')
    185     # TODO: use "data" below, wherever your token normally appears
     192    # TODO: Replace the token you wish to target in this request with the "data" variable.
     193    #       Then specify the starting value for that token at the end of this script.
    186194    method = %s
    187195    path = %s
     
    192200    # Set verify=True if you want to validate the server cert
    193201    return session.request(method, url, headers=headers, data=body, allow_redirects=False, verify=False)
    194     ''' % (repr(method), repr(path), pprint.pformat(headers, indent=14), formatted_body))
     202    ''' % (repr(method), repr(path),
     203           pprint.pformat(headers, width=80-14).replace('\n','\n'+' '*14),
     204           formatted_body))
    195205
    196206    print('''   
    197207
    198 def fetch(data, other=None):
     208def processResponse(data, other=None):
    199209    global session
    200210    ret_val = None
     
    253263
    254264
    255 def fetch(data, other=None):
     265def processResponse(data, other=None):
    256266    ret_val = False
    257267    connection = newConnection()
     
    274284
    275285print('''
    276 token = b'TODO: paste your encoded ciphertext here'
     286token = b'TODO: paste your encoded ciphertext here (typically moved from the sendRequest function)'
    277287ciphertext = decode(token)
    278288
    279289# TODO: Use this to verify you get the response you expect. 
    280290#       Once everything is working, use the commented code below to conduct specific attacks.
    281 fetch(ciphertext)
     291processResponse(ciphertext)
    282292
    283293
    284294# Padding Oracle Attacks
    285 # poa = POA(fetch, {block size}, ciphertext, threads=1, log_file=sys.stderr)
     295# poa = POA(processResponse, {block size}, ciphertext, threads=1, log_file=sys.stderr)
    286296# print(poa.probe_padding()) # sanity check
    287297# print(poa.decrypt())
     
    290300# Byte-by-byte probing of ciphertext
    291301#   Maybe start with this as a fast but gentle probe:
    292 # result = chosenct.probe_bytes(fetch, ciphertext, [1,128], max_threads=2)
     302# result = chosenct.probe_bytes(processResponse, ciphertext, [1,128], max_threads=2)
    293303#   This is more in-depth (every bit of each byte) and more threads
    294 # result = chosenct.probe_bytes(fetch, ciphertext, [1,2,4,8,16,32,64,128], max_threads=5)
     304# result = chosenct.probe_bytes(processResponse, ciphertext, [1,2,4,8,16,32,64,128], max_threads=5)
    295305#   Yet more intensive (every byte value against every byte):
    296 # result = chosenct.probe_bytes(fetch, ciphertext, list(range(1,256)), max_threads=8)
     306# result = chosenct.probe_bytes(processResponse, ciphertext, list(range(1,256)), max_threads=8)
    297307#
    298308# print(result.toHTML())
Note: See TracChangeset for help on using the changeset viewer.