Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Buffer issues fix #2

Merged
merged 5 commits into from over 2 years ago

2 participants

Krzysztof Kotowicz Erlend Oftedal
Krzysztof Kotowicz

I've had some problems with buffering, sometimes the proxy responded with multiple null bytes prepended/appended to output. Seems fixed now, I also added the Content-Length header and a different port argument. I'm not a Java guy, so feel free to improve this.

Erlend Oftedal eoftedal merged commit e033528 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
4 .gitignore
... ... @@ -0,0 +1,4 @@
  1 +*.class
  2 +*.swf
  3 +.classpath
  4 +.project
12 proxy-backend/README.txt
@@ -4,8 +4,10 @@ javac malaria\*.java
4 4
5 5 How to run
6 6 ----------
7   -java malaria.MalariaServer <hostname> <port>
8   - - hostname - hostname on which the flex or silverlight proxy is running
9   - - port - port which the flex or silverlight proxy will connect to
10   -
11   -
  7 +java malaria.MalariaServer <hostname> <port> [http-proxy-port]
  8 + - hostname - hostname on which the flex or silverlight proxy is running
  9 + - port - port which the flex or silverlight proxy will connect to
  10 + (Use 8081 for Flex, 4502 for Silverlight)
  11 + - http-proxy-port - on which port should MalaRIA launch a HTTP proxy
  12 + this is the port you should set attacker's proxy to
  13 + Defaults to 8080.
44 proxy-backend/malaria/MalariaServer.java
@@ -13,25 +13,32 @@
13 13
14 14 public class MalariaServer {
15 15 public static void main(String[] args) {
16   - if (args.length != 2) {
17   - System.out.println("Usage: java malariaserver.MalariaServer <hostname> <port>");
18   - System.out.println(" - hostname - hostname from which the RIA app is served");
19   - System.out.println(" - port - port number the RIA app connects back to");
  16 + if (args.length < 2) {
  17 + System.out.println("Usage: java malariaserver.MalariaServer <hostname> <port> [http-proxy-port]");
  18 + System.out.println(" - hostname - hostname from which the RIA app is served");
  19 + System.out.println(" - port - port number the RIA app connects back to");
  20 + System.out.println(" - http-proxy-port - port number attacker's browser connects back to (8080 by default)");
  21 +
20 22 System.exit(0);
21 23 }
22 24 int port = Integer.parseInt(args[1]);
  25 + int httpProxyPort = 8080;
  26 + if (args.length >= 3) {
  27 + httpProxyPort = Integer.parseInt(args[2]);
  28 + }
23 29 System.out.println("Starting listener on port " + port + " from hostname " + args[0]);
24   - new MalariaServer(args[0], port);
  30 + System.out.println("Starting http proxy on port " + httpProxyPort);
  31 + new MalariaServer(args[0], port, httpProxyPort);
25 32 }
26 33
27   - private MalariaServer(String hostname, int port) {
  34 + private MalariaServer(String hostname, int port, int httpProxyPort) {
28 35 System.out.println(">> Starting MalariaServer");
29 36 try {
30 37 new Thread(new SilverlightPolicyServer(hostname, port)).start();
31 38 new Thread(new FlexPolicyServer(hostname, port)).start();
32 39
33 40 ServerSocket clientSocket = new ServerSocket(port);
34   - ServerSocket proxySocket = new ServerSocket(8080);
  41 + ServerSocket proxySocket = new ServerSocket(httpProxyPort);
35 42 while(true) {
36 43 serveSocket(clientSocket.accept(), proxySocket, hostname, port);
37 44 }
@@ -84,24 +91,35 @@ public void serveSocket(Socket client, ServerSocket proxySocket, String hostname
84 91 continue handleProxyRequests;
85 92 }
86 93 if (dl == -1) {
  94 + // first packet, prepended with total length
87 95 String fl = new String(buffer, "UTF8").toString().split(":", 2)[0];
88 96 dl = Integer.parseInt(fl);
89 97 System.out.println("DL: " + dl);
  98 + int prefixLength = fl.length() + 1;
90 99 read -= fl.length() + 1;
91   - byte[] bytes = new byte[buffer.length - fl.length() - 1];
92   - for(int i = fl.length() + 1; i < buffer.length; i++) {
93   - bytes[i - fl.length() - 1] = buffer[i];
94   - }
  100 + byte[] bytes = new byte[length - prefixLength];
  101 + System.arraycopy(buffer, prefixLength, bytes, 0, length - prefixLength);
95 102 fullBuffer.add(bytes);
96 103 } else {
97   - fullBuffer.add(buffer);
  104 + byte[] tempBuffer = new byte[length];
  105 + System.arraycopy(buffer, 0, tempBuffer, 0, length);
  106 + fullBuffer.add(tempBuffer);
98 107 }
99 108 read += length;
100 109 System.out.println("<- Read " + length + ":" + read + "/" + dl);
101 110 if (read >= dl)
102 111 done = true;
103 112 }
104   - proxyOut.write("HTTP/1.1 200 OK\r\n\r\n".getBytes("UTF8"));
  113 + int totalSize = 0;
  114 + for (int i = 0; i < fullBuffer.size(); i++) {
  115 + totalSize += ((byte[]) fullBuffer.get(i)).length;
  116 + }
  117 +
  118 + System.out.println("<- Sending " + totalSize + " to proxy client");
  119 +
  120 + String header = "HTTP/1.1 200 OK\r\n" + "Content-Length: " + totalSize + "\r\n\r\n";
  121 + proxyOut.write(header.getBytes("UTF8"));
  122 +
105 123 for (int i = 0; i < fullBuffer.size(); i++) {
106 124 proxyOut.write(fullBuffer.get(i));
107 125 }

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.