sn bn u? post request barih gesen neg aldaa vvsed bna
37 views
Skip to first unread message
turuu munkhtur
May 11, 2015, 8:32:31 AM5/11/15
to pyc...@googlegroups.com
Bi web application firewall hj bga yuma. Get bolon POST hvselt barih gej bga yuma. Get hvselt barij bga. POST hvselt barih gej bga yuma. GET bolon POST shalgah gesen global huwisagch todorhoilogdoogvi bna gesen aldaa zaaj bna. tuslaach nzudaa
#!/usr/bin/python
import os,sys,thread,socket
#********* CONSTANT VARIABLES *********
BACKLOG = 500 # zereg hvleen awah user too
MAX_DATA_RECV = 999999 # hvleen awah max utga
DEBUG = True #
BLOCKED = ["*","-","%","--","!","'","OR","AND","script"]
#**************************************
#********* MAIN PROGRAM ***************
#**************************************
def main():
# check the length of command running
if (len(sys.argv)<2):
print "No port given, using :8080 (http-alt)"
port = 8080
else:
port = int(sys.argv[1]) # port from argument
# host and port info.
host = 'localhost' # blank for localhost
print "WAF firewall Running on ",host,":",port
try:
# create a socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# associate the socket to host and port
s.bind((host, port))
# listenning
s.listen(BACKLOG)
except socket.error, (value, message):
if s:
s.close()
print "Could not open socket:", message
sys.exit(1)
# get the connection from client
while 1:
conn, client_addr = s.accept()
# create a thread to handle request
thread.start_new_thread(proxy_thread, (conn, client_addr))
s.close()
#************** END MAIN PROGRAM ***************
def printout(type,request,address):
if "Block" in type or "Blacklist" in type:
colornum = 91
elif "Request" in type:
colornum = 92
elif "Reset" in type:
colornum = 93
print "\033[",colornum,"m",address[0],"\t",type,"\t",request," \033[0m"
#*******************************************
#********* PROXY_THREAD FUNC ***************
# A thread to handle request from browser
#*******************************************
def proxy_thread(conn, client_addr):
fo = open("log.txt", "wb")
# get the request from browser
request = conn.recv(MAX_DATA_RECV)
#print "bvh request....",request
# parse the first line
first_line = request.split('\n')[0]
# get url
#url = first_line.split(' ')[1]
#method
method = first_line.split(' ')[0]
print "method:",method
if method == GET:
# get url
check = first_line.split(' ')[1]
if method == POST:
data = request.split('&')
# get url
check = data.split('=')
for i in range(0,len(BLOCKED)):
if BLOCKED[i] in check:
printout("Blacklisted",first_line,client_addr)
fo.write( "Blacklisted",first_line,client_addr)
fo.close()
conn.close()
sys.exit(1)
printout("Request",first_line,client_addr)
print "URL:",url
#print "Request:",request
# find the webserver and port
http_pos = url.find("://") # find pos of ://
if (http_pos==-1):
temp = url
else:
temp = url[(http_pos+3):] # get the rest of url
port_pos = temp.find(":") # find the port pos (if any)
# find end of web server
webserver_pos = temp.find("/")
if webserver_pos == -1:
webserver_pos = len(temp)
webserver = ""
port = -1
if (port_pos==-1 or webserver_pos < port_pos): # default port
port = 80
webserver = temp[:webserver_pos]
else: # specific port
port = int((temp[(port_pos+1):])[:webserver_pos-port_pos-1])
webserver = temp[:port_pos]
try:
# create a socket to connect to the web server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((webserver, port))
s.send(request) # send request to webserver
while 1:
# receive data from web server
data = s.recv(MAX_DATA_RECV)
if (len(data) > 0):
# send to browser
conn.send(data)
else:
break
s.close()
conn.close()
except socket.error, (value, message):
if s:
s.close()
if conn:
conn.close()
printout("Peer Reset",first_line,client_addr)
sys.exit(1)
#********** END PROXY_THREAD ***********
if __name__ == '__main__':
main()
Reply all
Reply to author
Forward
0 new messages