pxyscand/src/PXMHttpGet.cc

// Copyright (C) 2003-2005 Stephane Thiell
//
// This file is part of pxyscand (from pxys)
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
//
#define RCSID "$Id: PXMHttpGet.cc,v 1.2 2006/09/10 22:17:24 spale Exp $"

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#define HTTPGET_SHORTNAME "HttpGet"

#define HTTPGET_DESCR     "Vulnerable http (GET) proxy"


#define MAX_LINES_TRY 10
#define CRLF "\r\n"

#include "PXMHttpGet.h"

#include <iostream>
#include <cassert>
#include <cerrno>
#include <cstring>
#include <arpa/inet.h>

#include "PXSecret.h"

using std::clog;
using std::endl;

map<uint16_t, uint32_t*> PXMHttpGet::sConnCountMap;
map<uint16_t, uint32_t*> PXMHttpGet::sProxyCountMap;

PXMHttpGet::PXMHttpGet(PXScan *inScan, int inPort)
  : PXScanModule(inScan), mLinesTry(0), mPort(inPort), mIsProxy(false)
  {
  if (sConnCountMap.find(mPort) == sConnCountMap.end())
    {
    sConnCountMap[mPort] = new uint32_t;
    *sConnCountMap[mPort] = 0;
    sProxyCountMap[mPort] = new uint32_t;
    *sProxyCountMap[mPort] = 0;
    }
  }

PXMHttpGet::~PXMHttpGet()
  {
  }

void
PXMHttpGet::InitModule()
  {
  RegisterPXM(HTTPGET_SHORTNAME, mPort, sConnCountMap[mPort], sProxyCountMap[mPort]);
  }

bool
PXMHttpGet::StartScan()
  {
  peak_task task = peak_task_self();
  
  struct sockaddr_in sin;
  memset(&sin, 0, sizeof(struct sockaddr_in));
  sin.sin_family = AF_INET;
  sin.sin_addr = this->GetAddress();
  sin.sin_port = htons((uint16_t)mPort);
  
  mStream = peak_stream_socket_create((struct sockaddr *)&sin, sizeof(sin),
                                      PEAK_STREAM_OPT_LINEMODE,
                                      EventCallback,
                                      this);
  
  if (!mStream)
    return false;
  
  if (this->IsLocalAddressSet())
    {
    sockaddr_in local_sin;
    memset(&local_sin, 0, sizeof(local_sin));
    local_sin.sin_family = AF_INET;
    local_sin.sin_addr = this->GetLocalAddress();
    local_sin.sin_port = htons(0);
    
    peak_stream_set_address(mStream, (sockaddr*)&local_sin, sizeof(local_sin));
    }
  
  /* Enable built-in timeout option, this is so useful here. */
  peak_stream_set_timeout(mStream, GetTimeout());
  
  /* Connect (don't block) */
  if (peak_stream_connect(mStream) == -1)
    {
    this->Cleanup();
    this->ProxyNotFound();
    }
  else
    peak_stream_schedule(mStream, task);
  return true;
  }

void
PXMHttpGet::Cleanup()
  {
  assert(mStream != NULL);
  peak_release(mStream);
  mStream = NULL;
  }

void
PXMHttpGet::SendConnectRequest(peak_stream s)
  {
  in_addr targetAddr = GetTargetAddress();
  char uriHostname[16];
  int uriPort = GetTargetPort();
  
  inet_ntop(AF_INET, &targetAddr, uriHostname, sizeof(uriHostname));
  
  peak_stream_set_buffered(s, 1, 64, 64*2, NULL);
  
  peak_stream_msgbuf_make(s, "GET http://%s:%d HTTP/1.0" CRLF,
                          uriHostname, uriPort);
  peak_stream_msgbuf_make(s, "Host: %s" CRLF, uriHostname);
  peak_stream_msgbuf_make(s, "User-Agent: pxyscand/" VERSION CRLF CRLF);
  }

void
PXMHttpGet::CommitFound()
  {
  (*sProxyCountMap[mPort])++;
  this->Cleanup();
  this->ProxyFound(OPAS_PROXY_TYPE_HTTPGET, mPort, HTTPGET_DESCR);
  }

void
PXMHttpGet::ProcessEvent(peak_stream s, int type)
  {
  char *line;
  int err;
  
  switch (type)
    {
    case PEAK_STREAM_EVT_OPEN:
      (*sConnCountMap[mPort])++;
      this->SendConnectRequest(s);
      break;
    case PEAK_STREAM_EVT_READ:
      line = peak_stream_get_line(s);
#if 0
      clog << "PXMHttpGet:: line: " << line << endl;
#endif
      if (ScannerSha256StringCheck(line,strlen(line),GetTargetSecret()))
        mIsProxy = true; // Confirmed
      else if (mLinesTry++ < MAX_LINES_TRY)
        break;
      
      /* fall through */
    case PEAK_STREAM_EVT_ERROR:
    case PEAK_STREAM_EVT_TIMEDOUT:
      if (mIsProxy)
        {
        this->CommitFound();
        return; /* done! */
        }
      this->Cleanup();
      this->ProxyNotFound();
      break;
    case PEAK_STREAM_EVT_END:
      if (mIsProxy)
        {
        this->CommitFound();
        return; /* done! */
        }
      err = peak_stream_get_error(s);
      this->Cleanup();
      if (err == ENETUNREACH)
        this->ScanError(OPAS_ERROR_NETUNREACH); // Can't scan !
      else if (err == ENETDOWN)
        this->ScanError(OPAS_ERROR_NETDOWN);    // Even worst !
      else
        this->ProxyNotFound();
      break;
    default:
      break;
    }
  }

void
PXMHttpGet::EventCallback(peak_stream s, int type, void *context)
  {
  PXMHttpGet *pxm = reinterpret_cast<PXMHttpGet*>(context);
  pxm->ProcessEvent(s, type);
  }
1	// Copyright (C) 2003-2005 Stephane Thiell
2	//
3	// This file is part of pxyscand (from pxys)
4	//
5	// This program is free software; you can redistribute it and/or
6	// modify it under the terms of the GNU General Public License
7	// as published by the Free Software Foundation; either version 2
8	// of the License, or (at your option) any later version.
9	//
10	// This program is distributed in the hope that it will be useful,
11	// but WITHOUT ANY WARRANTY; without even the implied warranty of
12	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13	// GNU General Public License for more details.
14	//
15	// You should have received a copy of the GNU General Public License
16	// along with this program; if not, write to the Free Software
17	// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18	//
19	#define RCSID "$Id: PXMHttpGet.cc,v 1.2 2006/09/10 22:17:24 spale Exp $"
20
21	#ifdef HAVE_CONFIG_H
22	#include "config.h"
23	#endif
24
25	#define HTTPGET_SHORTNAME "HttpGet"
26
27	#define HTTPGET_DESCR "Vulnerable http (GET) proxy"
28
29
30	#define MAX_LINES_TRY 10
31	#define CRLF "\r\n"
32
33	#include "PXMHttpGet.h"
34
35	#include <iostream>
36	#include <cassert>
37	#include <cerrno>
38	#include <cstring>
39	#include <arpa/inet.h>
40
41	#include "PXSecret.h"
42
43	using std::clog;
44	using std::endl;
45
46	map<uint16_t, uint32_t*> PXMHttpGet::sConnCountMap;
47	map<uint16_t, uint32_t*> PXMHttpGet::sProxyCountMap;
48
49	PXMHttpGet::PXMHttpGet(PXScan *inScan, int inPort)
50	: PXScanModule(inScan), mLinesTry(0), mPort(inPort), mIsProxy(false)
51	{
52	if (sConnCountMap.find(mPort) == sConnCountMap.end())
53	{
54	sConnCountMap[mPort] = new uint32_t;
55	*sConnCountMap[mPort] = 0;
56	sProxyCountMap[mPort] = new uint32_t;
57	*sProxyCountMap[mPort] = 0;
58	}
59	}
60
61	PXMHttpGet::~PXMHttpGet()
62	{
63	}
64
65	void
66	PXMHttpGet::InitModule()
67	{
68	RegisterPXM(HTTPGET_SHORTNAME, mPort, sConnCountMap[mPort], sProxyCountMap[mPort]);
69	}
70
71	bool
72	PXMHttpGet::StartScan()
73	{
74	peak_task task = peak_task_self();
75
76	struct sockaddr_in sin;
77	memset(&sin, 0, sizeof(struct sockaddr_in));
78	sin.sin_family = AF_INET;
79	sin.sin_addr = this->GetAddress();
80	sin.sin_port = htons((uint16_t)mPort);
81
82	mStream = peak_stream_socket_create((struct sockaddr *)&sin, sizeof(sin),
83	PEAK_STREAM_OPT_LINEMODE,
84	EventCallback,
85	this);
86
87	if (!mStream)
88	return false;
89
90	if (this->IsLocalAddressSet())
91	{
92	sockaddr_in local_sin;
93	memset(&local_sin, 0, sizeof(local_sin));
94	local_sin.sin_family = AF_INET;
95	local_sin.sin_addr = this->GetLocalAddress();
96	local_sin.sin_port = htons(0);
97
98	peak_stream_set_address(mStream, (sockaddr*)&local_sin, sizeof(local_sin));
99	}
100
101	/* Enable built-in timeout option, this is so useful here. */
102	peak_stream_set_timeout(mStream, GetTimeout());
103
104	/* Connect (don't block) */
105	if (peak_stream_connect(mStream) == -1)
106	{
107	this->Cleanup();
108	this->ProxyNotFound();
109	}
110	else
111	peak_stream_schedule(mStream, task);
112	return true;
113	}
114
115	void
116	PXMHttpGet::Cleanup()
117	{
118	assert(mStream != NULL);
119	peak_release(mStream);
120	mStream = NULL;
121	}
122
123	void
124	PXMHttpGet::SendConnectRequest(peak_stream s)
125	{
126	in_addr targetAddr = GetTargetAddress();
127	char uriHostname[16];
128	int uriPort = GetTargetPort();
129
130	inet_ntop(AF_INET, &targetAddr, uriHostname, sizeof(uriHostname));
131
132	peak_stream_set_buffered(s, 1, 64, 64*2, NULL);
133
134	peak_stream_msgbuf_make(s, "GET http://%s:%d HTTP/1.0" CRLF,
135	uriHostname, uriPort);
136	peak_stream_msgbuf_make(s, "Host: %s" CRLF, uriHostname);
137	peak_stream_msgbuf_make(s, "User-Agent: pxyscand/" VERSION CRLF CRLF);
138	}
139
140	void
141	PXMHttpGet::CommitFound()
142	{
143	(*sProxyCountMap[mPort])++;
144	this->Cleanup();
145	this->ProxyFound(OPAS_PROXY_TYPE_HTTPGET, mPort, HTTPGET_DESCR);
146	}
147
148	void
149	PXMHttpGet::ProcessEvent(peak_stream s, int type)
150	{
151	char *line;
152	int err;
153
154	switch (type)
155	{
156	case PEAK_STREAM_EVT_OPEN:
157	(*sConnCountMap[mPort])++;
158	this->SendConnectRequest(s);
159	break;
160	case PEAK_STREAM_EVT_READ:
161	line = peak_stream_get_line(s);
162	#if 0
163	clog << "PXMHttpGet:: line: " << line << endl;
164	#endif
165	if (ScannerSha256StringCheck(line,strlen(line),GetTargetSecret()))
166	mIsProxy = true; // Confirmed
167	else if (mLinesTry++ < MAX_LINES_TRY)
168	break;
169
170	/* fall through */
171	case PEAK_STREAM_EVT_ERROR:
172	case PEAK_STREAM_EVT_TIMEDOUT:
173	if (mIsProxy)
174	{
175	this->CommitFound();
176	return; /* done! */
177	}
178	this->Cleanup();
179	this->ProxyNotFound();
180	break;
181	case PEAK_STREAM_EVT_END:
182	if (mIsProxy)
183	{
184	this->CommitFound();
185	return; /* done! */
186	}
187	err = peak_stream_get_error(s);
188	this->Cleanup();
189	if (err == ENETUNREACH)
190	this->ScanError(OPAS_ERROR_NETUNREACH); // Can't scan !
191	else if (err == ENETDOWN)
192	this->ScanError(OPAS_ERROR_NETDOWN); // Even worst !
193	else
194	this->ProxyNotFound();
195	break;
196	default:
197	break;
198	}
199	}
200
201	void
202	PXMHttpGet::EventCallback(peak_stream s, int type, void *context)
203	{
204	PXMHttpGet pxm = reinterpret_cast<PXMHttpGet>(context);
205	pxm->ProcessEvent(s, type);
206	}
svnadmin@ircd-hybrid.org	ViewVC Help
Powered by ViewVC 1.1.28