forked from voilet/waf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
waf2.2.py
57 lines (45 loc) · 1.51 KB
/
waf2.2.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/env python
#-*- coding: utf-8 -*-
#=============================================================================
# FileName: voilet.py
# Desc:
# Author: 苦咖啡
# Email: voilet@qq.com
# HomePage: http://blog.kukafei520.net
# Version: 0.0.1
# LastChange: 2014-09-09
# History:
#=============================================================================
import pcap
import dpkt
import time
#初始化ip库
from check_data import hack_filter, hackerinfo
#导入白名单
from config.whiteurl import *
def callback(jdr, data):
eth = dpkt.ethernet.Ethernet(data)
ip = eth.data
tcp = ip.data
src_ip = '%d.%d.%d.%d' % tuple(map(ord, list(eth.data.src)))
src_time = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime(jdr + 28800))
try:
if tcp.dport == 80:
http = dpkt.http.Request(tcp.data)
#截取url以便白名单验证
get_data_url = http.uri.split("?")[0]
print http.uri, http.headers["host"]
check_data = hack_filter(http)
result = check_data.run()
if result["status"] and get_data_url not in url_list:
hack_data = hackerinfo(http, result["acl"], src_ip, src_time)
hack_status = hack_data.run()
print hack_status
except Exception, e:
# print e
pass
if __name__ == '__main__':
pc = pcap.pcap('eth0')
pc.setfilter('tcp port 80')
pc.loop(0, callback)
print 'All subprocesses done.'