Permalink
Browse files

fixin it all

  • Loading branch information...
1 parent d8263f2 commit f441edcdb9e6e5e1d40cfda1da5910f79ca10815 @contra contra committed Sep 5, 2011
View
@@ -1,6 +1,6 @@
fusker = require '../lib/fusker'
-fusker.config.dir = process.cwd()
+fusker.config.dir = __dirname
fusker.config.banLength = 1
fusker.config.verbose = true
@@ -9,7 +9,7 @@ fusker.http.punish 'blacklist', 'bush'
fusker.socket.detect 'xss', 'sqli', 'lfi'
fusker.socket.punish 'blacklist'
-server = fusker.http.createServer 8080
+server = fusker.http.createServer 8080, 'admin', 'pass123'
io = fusker.socket.listen server
io.sockets.on 'connection', (socket) ->
View
@@ -11,5 +11,4 @@ fusker.express = require './express'
fusker.socket = require './socketio'
fusker.patterns = require './patterns'
-
module.exports = fusker
@@ -1,5 +1,6 @@
var fs = require('fs');
var url = require('url');
+var path = require('path');
var fusker = require('../fusker');
exports.check = function (req, res) {
@@ -13,8 +14,8 @@ exports.check = function (req, res) {
//exit out if its the favicon, no need to 404 it
return;
}
-
- fs.readFile(fusker.config.dir + file, function (err, data) {
+
+ fs.readFile(path.join(fusker.config.dir + file), function (err, data) {
if (err) {
fusker.http.handleAttack('404', req, res);
}
@@ -3,7 +3,8 @@ var fusker = require('../fusker');
exports.check = function (req, res) {
for (var i = fusker.patterns.sql.length - 1; i >= 0; --i) {
if (fusker.patterns.sql[i].test(req.url)) {
- return false;
+ fusker.http.handleAttack('SQLi-' + i, req, res);
+ return;
}
}
};
@@ -1,6 +1,7 @@
var fusker = require('../fusker');
+var log = require('../logger');
exports.run = function (req, res) {
- fusker.http.blacklist.push({ip: req.connection.remoteAddress, date: new Date()});
- console.log('[FUSKER] ' + req.connection.remoteAddress + ' has been banned from HTTP for ' + fusker.config.banLength + ' min');
+ fusker.http.blacklist.push({ip: req.connection.remoteAddress, date: new Date()});
+ log.debug(req.connection.remoteAddress + ' has been banned from HTTP for ' + fusker.config.banLength + ' min');
};
View
@@ -7,97 +7,89 @@ util = require './util'
config = require './config'
log = require './logger'
mime = require 'mime'
-
+
http = {}
http.detectives = []
http.payloads = []
http.blacklist = []
-http.detect = (args...) ->
- if Object.isArray(args)
- http.detectives.merge args
- else
- http.detectives = x for x in args
-
-http.punish = (args...) ->
- if Object.isArray(args)
- http.payloads.merge args
- else
- http.payloads = x for x in args
+http.detect = (args...) -> http.detectives.merge args
+http.punish = (args...) -> http.payloads.merge args
-http.createServer = (port) ->
- log.info '[FUSKER] Creating HTTP server on port ' + port
- log.info '[FUSKER] Detectives: ' + http.detectives
- log.info '[FUSKER] Payloads: ' + http.payloads
+http.createServer = (port, username, password) ->
+ log.info ('Creating HTTP server on port ' + port).green
+ if username? and password?
+ log.info 'Login Credentials: ' + (username + ':' + password).red
+ log.info 'Detectives: ' + http.detectives
+ log.info 'Payloads: ' + http.payloads
- serv = https.createServer (req, res) ->
+ serv = https.createServer (req, res) ->
unless req
return
+
http.processRequest req, res
uri = url.parse(req.url).pathname
- filename = path.join(config.dir, uri)
-
- path.exists filename, (exists) ->
+ filename = path.join(config.dir, uri)
+
+ path.exists filename, (exists) ->
unless exists
- res.writeHead 404, "Content-Type": "text/plain"
- res.write "404 Not Found\n"
+ res.writeHead 404, 'Content-Type': 'text/plain'
res.end()
- return
-
+ return
if fs.statSync(filename).isDirectory()
- filename += "/index.html"
-
- fs.readFile filename, "binary", (err, file) ->
+ filename += '/index.html'
+
+ fs.readFile filename, 'binary', (err, file) ->
if err
- res.writeHead 500, "Content-Type": "text/plain"
- res.write err + "\n"
+ res.writeHead 500, 'Content-Type': 'text/plain'
+ res.write err + '\n'
res.end()
return
- res.writeHead 200, "Content-Type": mime.lookup(filename)
- res.write file, "binary"
+ res.writeHead 200, 'Content-Type': mime.lookup(filename)
+ res.write file, 'binary'
res.end()
- serv.listen port
- return serv
-
+ serv.listen port
+ return serv
+
/* This is split out so it can be used in other places (such as the express middleware) */
http.processRequest = (req, res) ->
- userIP = req.connection.remoteAddress
- log.debug '[FUSKER] HTTP: ' + userIP + ' -> ' + req.url
-
- for entry in http.blacklist
- if entry.ip is userIP
- served = util.getSince entry.date
- if served >= config.banLength
- log.debug '[FUSKER] Lifting HTTP ban on ' + userIP
- http.blacklist.remove entry
- break
- else
- log.debug '[FUSKER] ' + userIP + ' blocked via HTTP. Remaining: ' + Math.round(config.banLength - served) + ' min'
- res.end()
- return
+ userIP = req.connection.remoteAddress
+ log.debug 'HTTP: ' + userIP + ' -> ' + req.url
+
+ for entry in http.blacklist
+ if entry.ip is userIP
+ served = util.getSince entry.date
+ if served >= config.banLength
+ log.debug 'Lifting HTTP ban on ' + userIP
+ http.blacklist.remove entry
+ break
+ else
+ log.debug userIP + ' blocked via HTTP. Remaining: ' + Math.round(config.banLength - served) + ' min'
+ res.end()
+ return
- for detective in http.detectives
- module = require './http-detectives/' + detective
- module.check req, res
+ for detective in http.detectives
+ module = require './http-detectives/' + detective
+ module.check req, res
http.logAttack = (file, module, req) ->
- log = fs.createWriteStream file, flags: 'a'
- log.write '[- ATTACK DETAILS FOR ' + new Date() + ' -]\r\n'
- log.write ' --> Detective: ' + module + '\r\n'
- log.write ' --> Request: ' + req.method + ' ' + req.url + '\r\n'
- log.write ' --> IP: ' + req.connection.remoteAddress + '\r\n'
- log.write '[- END ATTACK DETAILS -]\r\n\r\n'
- log.end()
+ olog = fs.createWriteStream file, flags: 'a'
+ olog.write '[- ATTACK DETAILS FOR ' + new Date() + ' -]\r\n'
+ olog.write ' --> Detective: ' + module + '\r\n'
+ olog.write ' --> Request: ' + req.method + ' ' + req.url + '\r\n'
+ olog.write ' --> IP: ' + req.connection.remoteAddress + '\r\n'
+ olog.write '[- END ATTACK DETAILS -]\r\n\r\n'
+ olog.end()
http.handleAttack = (module, req, res) ->
- log.info '[FUSKER] HTTP attack detected! Module: ' + module + ' IP: ' + req.connection.remoteAddress
- http.logAttack config.httplog, module, req
+ log.warn 'HTTP attack detected! Module: ' + module + ' IP: ' + req.connection.remoteAddress
+ http.logAttack config.httplog, module, req
- for payload in http.payloads
- module = require './http-payloads/' + payload
- module.run req, res
+ for payload in http.payloads
+ module = require './http-payloads/' + payload
+ module.run req, res
module.exports = http
View
@@ -6,7 +6,7 @@ module.exports =
log: (str) ->
if !config.silent
console.log str
-
+
debug: (str) ->
if !config.silent and config.verbose
console.log '[' + pack.name.magenta, '-', 'DEBUG'.upcase().green.inverse + ']', str
@@ -21,4 +21,4 @@ module.exports =
error: (str) ->
if !config.silent
- console.log '[' + pack.name.magenta, '-', 'debug'.upcase().red.inverse + ']', str
+ console.log '[' + pack.name.magenta, '-', 'error'.upcase().red.inverse + ']', str
@@ -1,7 +1,8 @@
var fusker = require('../fusker');
+var log = require('../logger');
exports.run = function (socket, msg) {
fusker.socket.blacklist.push({ip: socket.remoteAddress, date: new Date()});
socket.disconnect();
- console.log('[FUSKER] ' + socket.remoteAddress + ' has been banned from SocketIO for ' + fusker.config.banLength + ' min');
+ log.debug(socket.remoteAddress + ' has been banned from SocketIO for ' + fusker.config.banLength + ' min');
};
View
@@ -11,69 +11,59 @@ socketio.detectives = []
socketio.payloads = []
socketio.blacklist = []
-socketio.detect = (args...) ->
- if Object.isArray(args)
- socketio.detectives.merge args
- else
- socketio.detectives = x for x in args
-
-socketio.punish = (args...) ->
- if Object.isArray(args)
- socketio.payloads.merge args
- else
- socketio.payloads = x for x in args
+socketio.detect = (args...) -> socketio.detectives.merge args
+socketio.punish = (args...) -> socketio.payloads.merge args
socketio.listen = (server) ->
- log.info '[FUSKER] Creating Socket.IO server'
- log.info '[FUSKER] Detectives: ' + socketio.detectives
- log.info '[FUSKER] Payloads: ' + socketio.payloads
- sio = require 'socket.io'
- io = sio.listen server
+ log.info 'Creating Socket.IO server!'.green
+ log.info 'Detectives: ' + socketio.detectives
+ log.info 'Payloads: ' + socketio.payloads
+ sio = require 'socket.io'
+ io = sio.listen server
- io.sockets.on 'connection', (socket) ->
- socket.remoteAddress ?= socket.handshake.address.address
+ io.sockets.on 'connection', (socket) ->
+ socket.remoteAddress ?= socket.handshake.address.address
- for entry in socketio.blacklist
- if entry.ip is socket.remoteAddress
- served = util.getSince entry.date
- if served >= config.banLength
- log.debug '[FUSKER] Lifting SocketIO ban on ' + socket.remoteAddress
- socketio.blacklist.remove entry
- break
- else
- log.debug '[FUSKER] ' + socket.remoteAddress + ' blocked via SocketIO. Remaining: ' + Math.round(config.banLength - served) + ' min'
- socket.disconnect()
- return
+ for entry in socketio.blacklist
+ if entry.ip is socket.remoteAddress
+ served = util.getSince entry.date
+ if served >= config.banLength
+ log.debug 'Lifting SocketIO ban on ' + socket.remoteAddress
+ socketio.blacklist.remove entry
+ break
+ else
+ log.debug socket.remoteAddress + ' blocked via SocketIO. Remaining: ' + Math.round(config.banLength - served) + ' min'
+ socket.disconnect()
+ return
- socket.on 'newListener', (evt, listener) ->
- socket.listeners(evt).push (msg) ->
-
- log.debug '[FUSKER] SocketIO: ' + socket.remoteAddress + ' -> ' + evt
-
- for detective in socketio.detectives
- module = require './socket-detectives/' + detective
- module.check socket, sys.inspect(msg)
- io.enable "browser client minification"
- io.enable "browser client etag"
- io.set "log level", 1
- io.set "transports", [ "websocket", "flashsocket", "htmlfile", "xhr-polling", "jsonp-polling" ]
- return io
+ socket.on 'newListener', (evt, listener) ->
+ socket.listeners(evt).push (msg) ->
+ log.debug 'SocketIO: ' + socket.remoteAddress + ' -> ' + evt
+ for detective in socketio.detectives
+ module = require './socket-detectives/' + detective
+ module.check socket, sys.inspect(msg)
+
+ io.enable 'browser client minification'
+ io.enable 'browser client etag'
+ io.set 'log level', 1
+ io.set 'transports', [ 'websocket', 'flashsocket', 'htmlfile', 'xhr-polling', 'jsonp-polling' ]
+ return io
socketio.logAttack = (file, module, socket, msg) ->
- log = fs.createWriteStream file, flags: 'a'
- log.write '[- ATTACK DETAILS FOR ' + new Date() + ' -]\r\n'
- log.write ' --> Detective: ' + module + '\r\n'
- log.write ' --> Socket Message: ' + msg + '\r\n'
- log.write ' --> IP: ' + socket.remoteAddress + '\r\n'
- log.write '[- END ATTACK DETAILS -]\r\n\r\n'
- log.end()
+ olog = fs.createWriteStream file, flags: 'a'
+ olog.write '[- ATTACK DETAILS FOR ' + new Date() + ' -]\r\n'
+ olog.write ' --> Detective: ' + module + '\r\n'
+ olog.write ' --> Socket Message: ' + msg + '\r\n'
+ olog.write ' --> IP: ' + socket.remoteAddress + '\r\n'
+ olog.write '[- END ATTACK DETAILS -]\r\n\r\n'
+ olog.end()
socketio.handleAttack = (module, socket, msg) ->
- log.info '[FUSKER] Socket attack detected! Module: ' + module + ' IP: ' + socket.remoteAddress
- socketio.logAttack config.socketlog, module, socket, msg
+ log.warn 'Socket attack detected! Module: ' + module + ' IP: ' + socket.remoteAddress
+ socketio.logAttack config.socketlog, module, socket, msg
- for payload in socketio.payloads
- module = require './socket-payloads/' + payload
- module.run socket, msg
+ for payload in socketio.payloads
+ module = require './socket-payloads/' + payload
+ module.run socket, msg
module.exports = socketio
View
@@ -1,7 +1,7 @@
{
"name": "fusker",
"description": "Detect, prevent, and fight back against hackers in the lulziest ways possible",
- "version": "0.1.5",
+ "version": "0.1.6",
"homepage": "http://github.com/wearefractal/fusker",
"keywords": ["fusker", "hack", "protect", "csrf", "lfi", "xss", "sqli", "injection", "attack", "blacklist", "express", "socket", "security", "firewall"],
"author": "Contra <contra@australia.edu> (http://wearefractal.com)",
@@ -22,7 +22,8 @@
"coffee-script": "*",
"colors":"*",
"protege":"*",
- "mime":"*"
+ "mime":"*",
+ "http-digest":"*"
},
"contributors": [{
"name": "Contra",

0 comments on commit f441edc

Please sign in to comment.