Navigation Menu

Skip to content

rvrsh3ll/FlaskRedirectorProtector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

files

files

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

FlaskRedirectorProtector.py

FlaskRedirectorProtector.py

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

blacklist.txt

blacklist.txt

 
 

Repository files navigation

FlaskRedirectorProtector

Protect your servers with a secret header

I previously blogged about hardening your azure domain front with a secret header. The same may be accomplished for standard redirectors as well. Reference: https://medium.com/@rvrsh3ll/hardening-your-azure-domain-front-7423b5ab4f64

Examples:

Allow traffic using a secret header

python3 FlaskRedirectorProtector.py --port 80 --redirect_url https://www.google.com --teamserver "http://host:80/" --headerkey "1.5" --header "X-Aspnet-Version"

curl -H "X-Aspnet-Version: 1.5" http://redirector/testing

Allow traffic to a payload based on useragent

python3 FlaskRedirectorProtector.py --port 8080 --serve_payloads --directory "files" --redirect_url https://www.google.com --useragent_whitelist "Chrome" --host "0.0.0.0"

Disallow traffic to a payload based on useragent in blacklist.txt

python3 FlaskRedirectorProtector.py --port 8080 --serve_payloads --directory "files" --redirect_url https://www.google.com --useragent_blacklist --host "0.0.0.0"

About

Protect your servers with a secret header

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

28 stars

Watchers

3 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages