|
@@ -40,6 +40,9 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
|
|
if contentLength and int(contentLength) > 0:
|
|
if contentLength and int(contentLength) > 0:
|
|
data = self.rfile.read(int(contentLength))
|
|
data = self.rfile.read(int(contentLength))
|
|
|
|
|
|
|
|
+ if "Host" in self.headers:
|
|
|
|
+ del self.headers["Host"]
|
|
|
|
+
|
|
method = self.command
|
|
method = self.command
|
|
print(target, "=>", method, target_rewrite)
|
|
print(target, "=>", method, target_rewrite)
|
|
res = requests.request(method, target_rewrite, headers=self.headers, data=data)
|
|
res = requests.request(method, target_rewrite, headers=self.headers, data=data)
|
|
@@ -65,6 +68,11 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
|
|
|
|
|
|
def do_GET(self):
|
|
def do_GET(self):
|
|
|
|
|
|
|
|
+ if not self.server.is_running:
|
|
|
|
+ self.send_response(200)
|
|
|
|
+ self.end_headers()
|
|
|
|
+ return
|
|
|
|
+
|
|
path = self.server.cleanPath(self.path)
|
|
path = self.server.cleanPath(self.path)
|
|
route = self.find_route(path)
|
|
route = self.find_route(path)
|
|
result = route(self)
|
|
result = route(self)
|
|
@@ -74,29 +82,32 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
|
|
data = b"" if len(result) < 2 else result[1]
|
|
data = b"" if len(result) < 2 else result[1]
|
|
headers = { } if len(result) < 3 else result[2]
|
|
headers = { } if len(result) < 3 else result[2]
|
|
|
|
|
|
- self.log_request(status_code)
|
|
|
|
- self.send_response_only(status_code)
|
|
|
|
|
|
+ if len(headers) == 0:
|
|
|
|
+ self.send_response(status_code)
|
|
|
|
+ else:
|
|
|
|
+ self.log_request(status_code)
|
|
|
|
+ self.send_response_only(status_code)
|
|
|
|
|
|
- for key, value in headers.items():
|
|
|
|
- if key.lower() not in blacklist_headers:
|
|
|
|
- self.send_header(key, value)
|
|
|
|
|
|
+ for key, value in headers.items():
|
|
|
|
+ if key.lower() not in blacklist_headers:
|
|
|
|
+ self.send_header(key, value)
|
|
|
|
|
|
- if self.command.upper() == "OPTIONS":
|
|
|
|
- self.send_header("Allow", "OPTIONS, GET, HEAD, POST")
|
|
|
|
|
|
+ if self.command.upper() == "OPTIONS":
|
|
|
|
+ self.send_header("Allow", "OPTIONS, GET, HEAD, POST")
|
|
|
|
|
|
self.end_headers()
|
|
self.end_headers()
|
|
|
|
|
|
if data and self.command.upper() not in ["HEAD","OPTIONS"]:
|
|
if data and self.command.upper() not in ["HEAD","OPTIONS"]:
|
|
self.wfile.write(data)
|
|
self.wfile.write(data)
|
|
|
|
|
|
- if path in self.server.dumpRequests:
|
|
|
|
|
|
+ if path in self.server.dumpRequests or "/" in self.server.dumpRequests:
|
|
contentLength = self.headers.get('Content-Length')
|
|
contentLength = self.headers.get('Content-Length')
|
|
body = None
|
|
body = None
|
|
|
|
|
|
if contentLength and int(contentLength) > 0:
|
|
if contentLength and int(contentLength) > 0:
|
|
body = self.rfile.read(int(contentLength))
|
|
body = self.rfile.read(int(contentLength))
|
|
|
|
|
|
- print("==========")
|
|
|
|
|
|
+ print("===== Connection from:",self.client_address[0])
|
|
print("%s %s %s" % (self.command, self.path, self.request_version))
|
|
print("%s %s %s" % (self.command, self.path, self.request_version))
|
|
print(str(self.headers).strip())
|
|
print(str(self.headers).strip())
|
|
if body:
|
|
if body:
|
|
@@ -127,12 +138,15 @@ class HttpFileServer(HTTPServer):
|
|
|
|
|
|
return path.strip()
|
|
return path.strip()
|
|
|
|
|
|
- def addFile(self, name, data):
|
|
|
|
|
|
+ def addFile(self, name, data, mimeType=None):
|
|
if isinstance(data, str):
|
|
if isinstance(data, str):
|
|
data = data.encode("UTF-8")
|
|
data = data.encode("UTF-8")
|
|
|
|
|
|
# return 200 - OK and data
|
|
# return 200 - OK and data
|
|
- self.addRoute(name, lambda req: (200, data))
|
|
|
|
|
|
+ if mimeType:
|
|
|
|
+ self.addRoute(name, lambda req: (200, data, { "Content-Type": mimeType }))
|
|
|
|
+ else:
|
|
|
|
+ self.addRoute(name, lambda req: (200, data))
|
|
|
|
|
|
def dumpRequest(self, name):
|
|
def dumpRequest(self, name):
|
|
self.dumpRequests.append(self.cleanPath(name))
|
|
self.dumpRequests.append(self.cleanPath(name))
|
|
@@ -179,6 +193,8 @@ class HttpFileServer(HTTPServer):
|
|
|
|
|
|
def stop(self):
|
|
def stop(self):
|
|
self.is_running = False
|
|
self.is_running = False
|
|
|
|
+ # dummy request
|
|
|
|
+ requests.get(f"http://{self.server_name}:{self.server_port}/dummy")
|
|
|
|
|
|
def serve_forever(self):
|
|
def serve_forever(self):
|
|
while self.is_running:
|
|
while self.is_running:
|
|
@@ -200,9 +216,8 @@ if __name__ == "__main__":
|
|
fileServer.addFile("shell.sh", rev_shell)
|
|
fileServer.addFile("shell.sh", rev_shell)
|
|
print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
|
|
print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
|
|
elif sys.argv[1] == "dump":
|
|
elif sys.argv[1] == "dump":
|
|
- fileServer.dumpRequest("/exfiltrate")
|
|
|
|
fileServer.dumpRequest("/")
|
|
fileServer.dumpRequest("/")
|
|
- print("Exfiltrate data using: http://%s/exfiltrate" % ipAddress)
|
|
|
|
|
|
+ print("Exfiltrate data using: http://%s/" % ipAddress)
|
|
elif sys.argv[1] == "proxy":
|
|
elif sys.argv[1] == "proxy":
|
|
url = "https://google.com" if len(sys.argv) < 3 else sys.argv[2]
|
|
url = "https://google.com" if len(sys.argv) < 3 else sys.argv[2]
|
|
fileServer.forwardRequest("/proxy", url)
|
|
fileServer.forwardRequest("/proxy", url)
|