This repository has been archived by the owner on Jul 25, 2022. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Halcy0nic
committed
Jan 27, 2019
1 parent
799b617
commit 3278de0
Showing
4 changed files
with
345 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,6 @@ | ||
| # SUBZero | ||
| This is the main repository for the SUBZero (Secure USB Backup Zero) | ||
| This is the main repository for the SUBZero (Secure USB Backup Zero). Credit for python https server skeleton goes to [Rich Moulton](https://github.com/rhmoult/SecurityTools/blob/master/Platform_Independent/Python/httpsWithUpload/src/httpsWithUpload.py). | ||
|
|
||
| # TODO | ||
| 1. Write a SUBZero tutorial | ||
| 2. Add SUBZero specific file changes (dnsmasq.conf, interfaces, hostapd.conf) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,299 @@ | ||
| #!/usr/bin/env python | ||
|
|
||
| #Link to github: https://github.com/rhmoult/SecurityTools/blob/master/Platform_Independent/Python/httpsWithUpload/src/httpsWithUpload.py | ||
| """Simple HTTP Server With Upload and SSL. | ||
| This module builds on BaseHTTPServer by implementing the standard GET | ||
| and HEAD requests in a fairly straightforward manner. | ||
| Create a certificate using the hostname or IP address as the common name with | ||
| the following command: openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | ||
| Enter that path under /path/to/cert | ||
| """ | ||
|
|
||
| __version__ = "0.2" | ||
| __all__ = ["SimpleHTTPRequestHandler"] | ||
| __author__ = "bones7456" | ||
| __home_page__ = "http://li2z.cn/" | ||
| __ssl_addition__ = 'rhmoult' | ||
|
|
||
| import os | ||
| import posixpath | ||
| import BaseHTTPServer | ||
| import urllib | ||
| import cgi | ||
| import shutil | ||
| import mimetypes | ||
| import re | ||
| import sys # Modification by rmoulton | ||
| import ssl # Modification by rmoulton | ||
|
|
||
| try: | ||
| from cStringIO import StringIO | ||
| except ImportError: | ||
| from StringIO import StringIO | ||
|
|
||
|
|
||
| class SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): | ||
|
|
||
| """Simple HTTP request handler with GET/HEAD/POST commands. | ||
| This serves files from the current directory and any of its | ||
| subdirectories. The MIME type for files is determined by | ||
| calling the .guess_type() method. And can reveive file uploaded | ||
| by client. | ||
| The GET/HEAD/POST requests are identical except that the HEAD | ||
| request omits the actual contents of the file. | ||
| """ | ||
|
|
||
| server_version = "SimpleHTTPWithUpload/" + __version__ | ||
|
|
||
| def do_GET(self): | ||
| """Serve a GET request.""" | ||
| f = self.send_head() | ||
| if f: | ||
| self.copyfile(f, self.wfile) | ||
| f.close() | ||
|
|
||
| def do_HEAD(self): | ||
| """Serve a HEAD request.""" | ||
| f = self.send_head() | ||
| if f: | ||
| f.close() | ||
|
|
||
| def do_POST(self): | ||
| """Serve a POST request.""" | ||
| r, info = self.deal_post_data() | ||
| print r, info, "by: ", self.client_address | ||
| f = StringIO() | ||
| f.write('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">') | ||
| f.write("<html>\n<title>Upload Result Page</title>\n") | ||
| f.write("<body>\n<h2>Upload Result Page</h2>\n") | ||
| f.write("<hr>\n") | ||
| if r: | ||
| f.write("<strong>Success:</strong>") | ||
| else: | ||
| f.write("<strong>Failed:</strong>") | ||
|
|
||
| f.write(info) | ||
| f.write("<br><a href=\"%s\">back</a>" % self.headers['referer']) | ||
| f.write("<hr><small>Powered By: bones7456, check new version at ") | ||
| f.write("<a href=\"http://li2z.cn/?s=SimpleHTTPServerWithUpload\">") | ||
| f.write("here</a>.</small></body>\n</html>\n") | ||
| length = f.tell() | ||
| f.seek(0) | ||
| self.send_response(200) | ||
| self.send_header("Content-type", "text/html") | ||
| self.send_header("Content-Length", str(length)) | ||
| self.end_headers() | ||
| if f: | ||
| self.copyfile(f, self.wfile) | ||
| f.close() | ||
|
|
||
| def deal_post_data(self): | ||
| boundary = self.headers.plisttext.split("=")[1] | ||
| remainbytes = int(self.headers['content-length']) | ||
| line = self.rfile.readline() | ||
| remainbytes -= len(line) | ||
| if boundary not in line: | ||
| return False, "Content NOT begin with boundary" | ||
| line = self.rfile.readline() | ||
| remainbytes -= len(line) | ||
| fn = re.findall(r'Content-Disposition.*name="file"; filename="(.*)"', line) | ||
| if not fn: | ||
| return False, "Can't find out file name..." | ||
| path = self.translate_path(self.path) | ||
| fn = os.path.join(path, fn[0]) | ||
| line = self.rfile.readline() | ||
| remainbytes -= len(line) | ||
| line = self.rfile.readline() | ||
| remainbytes -= len(line) | ||
| try: | ||
| out = open(fn, 'wb') | ||
| except IOError: | ||
| return False, "Can't create file to write, do you have permission to write?" | ||
|
|
||
| preline = self.rfile.readline() | ||
| remainbytes -= len(preline) | ||
| while remainbytes > 0: | ||
| line = self.rfile.readline() | ||
| remainbytes -= len(line) | ||
| if boundary in line: | ||
| preline = preline[0:-1] | ||
| if preline.endswith('\r'): | ||
| preline = preline[0:-1] | ||
| out.write(preline) | ||
| out.close() | ||
| return True, "File '{}' upload success!".format(fn) | ||
| else: | ||
| out.write(preline) | ||
| preline = line | ||
| return False, "Unexpect Ends of data." | ||
|
|
||
| def send_head(self): | ||
| """Common code for GET and HEAD commands. | ||
| This sends the response code and MIME headers. | ||
| Return value is either a file object (which has to be copied | ||
| to the outputfile by the caller unless the command was HEAD, | ||
| and must be closed by the caller under all circumstances), or | ||
| None, in which case the caller has nothing further to do. | ||
| """ | ||
| path = self.translate_path(self.path) | ||
| # f = None | ||
| if os.path.isdir(path): | ||
| if not self.path.endswith('/'): | ||
| # redirect browser - doing basically what apache does | ||
| self.send_response(301) | ||
| self.send_header("Location", self.path + "/") | ||
| self.end_headers() | ||
| return None | ||
| for index in "index.html", "index.htm": | ||
| index = os.path.join(path, index) | ||
| if os.path.exists(index): | ||
| path = index | ||
| break | ||
| else: | ||
| return self.list_directory(path) | ||
| ctype = self.guess_type(path) | ||
| try: | ||
| # Always read in binary mode. Opening files in text mode may cause | ||
| # newline translations, making the actual size of the content | ||
| # transmitted *less* than the content-length! | ||
| f = open(path, 'rb') | ||
| except IOError: | ||
| self.send_error(404, "File not found") | ||
| return None | ||
| self.send_response(200) | ||
| self.send_header("Content-type", ctype) | ||
| fs = os.fstat(f.fileno()) | ||
| self.send_header("Content-Length", str(fs[6])) | ||
| self.send_header("Last-Modified", self.date_time_string(fs.st_mtime)) | ||
| self.end_headers() | ||
| return f | ||
|
|
||
| def list_directory(self, path): | ||
| """Helper to produce a directory listing (absent index.html). | ||
| Return value is either a file object, or None (indicating an | ||
| error). In either case, the headers are sent, making the | ||
| interface the same as for send_head(). | ||
| """ | ||
| try: | ||
| directory_list = os.listdir(path) | ||
| except os.error: | ||
| self.send_error(404, "No permission to list directory") | ||
| return None | ||
| directory_list.sort(key=lambda a: a.lower()) | ||
| f = StringIO() | ||
| #displaypath = cgi.escape(urllib.unquote(self.path)) | ||
| f.write('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">') | ||
| f.write("<html>\n<title>SUBZero Secure File Upload</title>\n") | ||
| f.write("<body background=\"wallpaper.jpg\", style=\'background-size:cover\'>\n<h2 style=\"color:white\">SUBZero Secure File Upload</h2>\n") | ||
| f.write("<hr>\n") | ||
| f.write("<form ENCTYPE=\"multipart/form-data\" method=\"post\">") | ||
| f.write("<input name=\"file\" type=\"file\" style=\"color:white\"/>") | ||
| f.write("<input type=\"submit\" value=\"upload\"/></form>\n") | ||
| f.write("<hr>\n<ul>\n") | ||
| for name in directory_list: | ||
| fullname = os.path.join(path, name) | ||
| displayname = linkname = name | ||
| # Append / for directories or @ for symbolic links | ||
| if os.path.isdir(fullname): | ||
| displayname = name + "/" | ||
| linkname = name + "/" | ||
| if os.path.islink(fullname): | ||
| displayname = name + "@" | ||
| # Note: a link to a directory displays with @ and links with / | ||
| if displayname != "httpsServer.py" and displayname != "wallpaper.jpg": #Do not list httpsServer.py | ||
| f.write('<li><a href="%s" style=\"color:white\">%s</a>\n' % (urllib.quote(linkname), cgi.escape(displayname))) | ||
| f.write("</ul>\n<hr>\n</body>\n</html>\n") | ||
| length = f.tell() | ||
| f.seek(0) | ||
| self.send_response(200) | ||
| self.send_header("Content-type", "text/html") | ||
| self.send_header("Content-Length", str(length)) | ||
| self.end_headers() | ||
| return f | ||
|
|
||
| def translate_path(self, path): | ||
| """Translate a /-separated PATH to the local filename syntax. | ||
| Components that mean special things to the local file system | ||
| (e.g. drive or directory names) are ignored. (XXX They should | ||
| probably be diagnosed.) | ||
| """ | ||
| # abandon query parameters | ||
| path = path.split('?', 1)[0] | ||
| path = path.split('#', 1)[0] | ||
| path = posixpath.normpath(urllib.unquote(path)) | ||
| words = path.split('/') | ||
| words = filter(None, words) | ||
| path = os.getcwd() | ||
| for word in words: | ||
| drive, word = os.path.splitdrive(word) | ||
| head, word = os.path.split(word) | ||
| if word in (os.curdir, os.pardir): | ||
| continue | ||
| path = os.path.join(path, word) | ||
| return path | ||
|
|
||
| def copyfile(self, source, outputfile): | ||
| """Copy all data between two file objects. | ||
| The SOURCE argument is a file object open for reading | ||
| (or anything with a read() method) and the DESTINATION | ||
| argument is a file object open for writing (or | ||
| anything with a write() method). | ||
| The only reason for overriding this would be to change | ||
| the block size or perhaps to replace newlines by CRLF | ||
| -- note however that this the default server uses this | ||
| to copy binary data as well. | ||
| """ | ||
| shutil.copyfileobj(source, outputfile) | ||
|
|
||
| def guess_type(self, path): | ||
| """Guess the type of a file. | ||
| Argument is a PATH (a filename). | ||
| Return value is a string of the form type/subtype, | ||
| usable for a MIME Content-type header. | ||
| The default implementation looks the file's extension | ||
| up in the table self.extensions_map, using application/octet-stream | ||
| as a default; however it would be permissible (if | ||
| slow) to look inside the data to make a better guess. | ||
| """ | ||
|
|
||
| base, ext = posixpath.splitext(path) | ||
| if ext in self.extensions_map: | ||
| return self.extensions_map[ext] | ||
| ext = ext.lower() | ||
| if ext in self.extensions_map: | ||
| return self.extensions_map[ext] | ||
| else: | ||
| return self.extensions_map[''] | ||
|
|
||
| if not mimetypes.inited: | ||
| mimetypes.init() # try to read system mime.types | ||
| extensions_map = mimetypes.types_map.copy() | ||
| extensions_map.update({ | ||
| '': 'application/octet-stream', # Default | ||
| '.py': 'text/plain', | ||
| '.c': 'text/plain', | ||
| '.h': 'text/plain', | ||
| }) | ||
|
|
||
|
|
||
| def run(HandlerClass=SimpleHTTPRequestHandler, ServerClass=BaseHTTPServer.HTTPServer, protocol="HTTP/1.0"): | ||
|
|
||
| if sys.argv[1:]: | ||
| port = int(sys.argv[1]) | ||
| else: | ||
| port = 443 | ||
|
|
||
| server_address = ('', port) | ||
|
|
||
| HandlerClass.protocol_version = protocol | ||
| httpd = ServerClass(server_address, HandlerClass) | ||
|
|
||
| sa = httpd.socket.getsockname() | ||
| print "Serving HTTP on", sa[0], "port", sa[1], "..." | ||
| httpd.socket = ssl.wrap_socket(httpd.socket, certfile='./server.pem', server_side=True) | ||
| httpd.serve_forever() | ||
|
|
||
|
|
||
| if __name__ == '__main__': | ||
| run() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| -----BEGIN PRIVATE KEY----- | ||
| MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDX2h1ys1ZuRZOl | ||
| GuQ1XIDZub3MAGWEeMqHkRN2Xv8AatlbtYWzuq0xOskIykB0Lnm0wCEFkyGFZTzj | ||
| T8qjklz0p077yhbT/CeEOvtf2FR/LvnS18849CIYqrfBSttaDcSmu6KgE+NwJFmX | ||
| TdmrzotsJ4QtoTwI7PYJuk5gVJIuFmWmG2CXDGVatPm+FEydwZDDzD3XBwJ3O0K3 | ||
| /OCtobr0xaoxiBSSSS1e7TrPMl6JoUgQC+YIB5M40ALdqhaexKi7iB+UxHORcfPQ | ||
| KDh5MZZet0ij7tHWvAEiL5VEP07m5H083JCrwDPegpcT4eyKMZ4GB3DNr6SAkMhK | ||
| Z1ML/TXvAgMBAAECggEAd+PVMW0813jbvfvGv4DGrKgHLHUX7dFtpIjHB5tSBbhT | ||
| TCXxwlcwdUSSfshfrmhV/zgr3z3Og5osjJE4G0xjRxxauW2Q6mOGy2I7VwwAOrgr | ||
| 2Jk3pwmqmorQD5N1bHpzPKzBcio5zILUJD8AZPYO6J62QuXoQ4jiS5roh4bRvrh6 | ||
| ZcgJaJ7JTngyZWwutg+xQMPmW9n+wzO5No8xypy0fVti3eSetfCCIKdazNRKwuzb | ||
| ezUon59QkauzD6M2sKJAdN11Bqlvc1impDpsrfQIbAE2xwzL6PPhNB5YsTjaCHwM | ||
| 9gBji92nUt3+Iq56IMPDISIm9JXV6lgxOliByZ+FoQKBgQD4xj6Ax/ZKWk7fXd2O | ||
| huKvJlm1rUlgebiFasCE4szdQndA2xPRtNc9xnDoLBi8dz/pZZ+OlNaRcVY27XYe | ||
| BGm9jsE9Vu4VkXdAkVZAQnL3dBX+D4EIxqQWYzKXbZGFhiyVosOzmCoLe3GvcykM | ||
| z0x1tNaVjmu1D+HJ4vYzheavHwKBgQDeHxPMg271Qwt+ZD8f6duoeHQ0br5sVC3f | ||
| PzWllqxHdkLnfyY+DPiT8YKXxJqGjtz1/UzJZ051d+tM6sAslx0LLiRQnr7pfxwr | ||
| UuX245dTdi1JiX7yFjhvd/QPrwub7DEXHz04G2ChRtWRu1gMTVUT6nJzU1+geZRL | ||
| F7otvHEvMQKBgQCtkbt4JIu9MqcHBzmWwJuWMn6y2DVy31oTk/jAfnELCt2jXXbF | ||
| gJQQYMzT4Dhd/iGUWTfqxgOytE2/wwv/Q3r3K4u9nVI9sCFw5jY0XWhTKCZT/UM8 | ||
| +ULw78MTjfnTHFstB8PdIRRssHMQQ5vneRbSpRp2fEi/qlYRgo3eQtVBZwKBgQC8 | ||
| WPXc8YZhCpzwa+jrEs5kKN/ApjdqfGb5awv+galMX4eT7UlsTGtsZ9oo/1lYyEOt | ||
| g0Bdd/Abw7gO3PBf3zONi27XvgR80n/8bKr7kzl6WDdGqASxGw531utpcTES4lEu | ||
| Hhs3PF/P4dSvYoDizaBa5u5txEDOPsn0cwY4ShZfwQKBgHLP752CNBg9Jp8c4wlY | ||
| epBURCbSEhaMFyCHfaDvZSkcwJygGdsgKLJTbuWnekc53SYs1tf0EnVF96klxA6N | ||
| 0Rd+stmrcjxL+Dy0TH4VPgAvYPmGsEqJXaWPhpxN9yGZI34so+2ReVXy7LyUKH1F | ||
| txHXZrkz+GcQFLUgaPst6Z+r | ||
| -----END PRIVATE KEY----- | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICljCCAX4CCQD7JFtm6wNGhTANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJV | ||
| UzAeFw0xOTAxMjcwMjU0MjZaFw0yMDAxMjcwMjU0MjZaMA0xCzAJBgNVBAYTAlVT | ||
| MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19odcrNWbkWTpRrkNVyA | ||
| 2bm9zABlhHjKh5ETdl7/AGrZW7WFs7qtMTrJCMpAdC55tMAhBZMhhWU840/Ko5Jc | ||
| 9KdO+8oW0/wnhDr7X9hUfy750tfPOPQiGKq3wUrbWg3EpruioBPjcCRZl03Zq86L | ||
| bCeELaE8COz2CbpOYFSSLhZlphtglwxlWrT5vhRMncGQw8w91wcCdztCt/zgraG6 | ||
| 9MWqMYgUkkktXu06zzJeiaFIEAvmCAeTONAC3aoWnsSou4gflMRzkXHz0Cg4eTGW | ||
| XrdIo+7R1rwBIi+VRD9O5uR9PNyQq8Az3oKXE+HsijGeBgdwza+kgJDISmdTC/01 | ||
| 7wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCvDkK4w9WD6fW1khU6EmJco9IWuh64 | ||
| 0/sfHt4G78Qax/90EQTZg56XUX762VYxwWMeAMB3VoFDTj/0r9XxyAmmoKxmjg7y | ||
| PFhPPBp4mXw6+lro4Ts/qJQ82/hqGdoIMCjW7ITPNg5M4m9KIyii0NcYkQ8enqkI | ||
| pZN3m6uZ5MXoqzmCU8lYFUwo/HMdadIFwfYeBOwl64qXcskeLOveIEsYTUTFek1q | ||
| y+qOqHy90zLiL2OfrKhAD+vjEW5eOy0dX56a2vMXwKc4h2wym9N1qMoJlKLEiFy9 | ||
| fPgJYk2kv67YFFKFvjqFNZWQkqSc/kmPQCRQgdxadQSX7SwaXrphdn4d | ||
| -----END CERTIFICATE----- |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.