Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

changes

  • Loading branch information...
commit 84afa0fe0c854ed4310192be1224544a93357b94 1 parent 361b14f
@contra contra authored
Showing with 34 additions and 741 deletions.
  1. +0 −4 .gitignore
  2. +0 −2  .npmignore
  3. +0 −20 LICENSE
  4. +0 −91 README.md
  5. +20 −0 docs/index.html
  6. +0 −41 examples/express-test.coffee
  7. +0 −32 examples/index.html
  8. +0 −38 examples/test.coffee
  9. +14 −71 index.html
  10. +0 −8 lib/config.coffee
  11. +0 −5 lib/express.coffee
  12. +0 −15 lib/fusker.coffee
  13. +0 −24 lib/http-detectives/404.js
  14. +0 −17 lib/http-detectives/csrf.js
  15. +0 −10 lib/http-detectives/lfi.js
  16. +0 −10 lib/http-detectives/sqli.js
  17. +0 −10 lib/http-detectives/xss.js
  18. +0 −7 lib/http-payloads/blacklist.js
  19. +0 −4 lib/http-payloads/bush.js
  20. +0 −19 lib/http-payloads/crews.js
  21. +0 −4 lib/http-payloads/explosive-impact.js
  22. +0 −11 lib/http-payloads/fake-report.js
  23. +0 −4 lib/http-payloads/goatse.js
  24. +0 −4 lib/http-payloads/lemonparty.js
  25. +0 −4 lib/http-payloads/meatspin.js
  26. +0 −4 lib/http-payloads/nimp.js
  27. +0 −4 lib/http-payloads/nyan.js
  28. +0 −4 lib/http-payloads/raggedyann.js
  29. +0 −4 lib/http-payloads/saxroll.js
  30. +0 −101 lib/http.coffee
  31. +0 −15 lib/patterns.js
  32. +0 −10 lib/socket-detectives/lfi.js
  33. +0 −10 lib/socket-detectives/sqli.js
  34. +0 −10 lib/socket-detectives/xss.js
  35. +0 −8 lib/socket-payloads/blacklist.js
  36. +0 −69 lib/socketio.coffee
  37. +0 −7 lib/util.coffee
  38. +0 −40 package.json
View
4 .gitignore
@@ -1,4 +0,0 @@
-.DS_Store
-*.log
-node_modules
-.nodester.appconfig
View
2  .npmignore
@@ -1,2 +0,0 @@
-*.log
-fusker
View
20 LICENSE
@@ -1,20 +0,0 @@
-Copyright (c) 2011 Fractal <contact@wearefractal.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
View
91 README.md
@@ -1,91 +0,0 @@
-**Fusker is a library to prevent and manage a multitude of attacks in nodejs**
-
-![How it works](http://i.imgur.com/wkJdu.png)
-
-## Installation
-
-To install fusker, use [npm](http://github.com/isaacs/npm):
-
- $ npm install fusker
-
-## Example
-
-Please see [the examples folder](http://github.com/wearefractal/fusker/blob/master/examples/) to get an idea of how to use Fusker properly
-
-## Test Site
-
-You think you're one raw dog? [fusker.nodester.com](http://fusker.nodester.com/) Come at me bro.
-
-## HTTP Configuration
-### List of included HTTP detection modules (detectives)
-```
-csrf - Detects cross-site request forgery in incoming http requests
-xss - Detects common XSS attacks in incoming http requests
-sqli - Detects SQLi attempts in incoming http requests
-lfi - Detects common LFI attacks in incoming http requests
-404 - Punishes people who like to snoop around. Only use with single page applications
-```
-
-### List of included HTTP payload modules
-```
-blacklist - Blacklists IP from HTTP server for specified amount of time (banLength in config)
-fake-report - Alerts attacker that they have been reported to ic3 and displays DOJ logo
-saxroll - Redirects attacker to 1227.com
-nimp - Redirects attacker to fusker.on.nimp.org (WARNING: Harmful to attacker)
-nyan - Redirects attacker to nyan.cat
-goatse - Redirects attacker to goatse.bz (WARNING: Harmful to eyes)
-bush - Redirects attacker to full screen George W. Bush "you just fell for the trap"
-lemonparty - Redirects attacker to lemonparty.org (WARNING: Harmful to eyes)
-meatspin - Redirects attacker to meatspin.com (WARNING: Harmful to eyes)
-explosive-impact - Redirects attacker to fullscreen video of ranting
-raggedyann - Redirects attacker to extreme speaker rape. (WARNING: Harmful to speakers)
-crews - Displays Terry Crews nipple dance rainbow b& page
-```
-
-## Socket.io Configuration
-### List of included SocketIO detection modules (detectives)
-```
-xss - Detects common XSS attacks in incoming socket messages
-sqli - Detects SQLi attempts in incoming socket messages
-lfi - Detects common LFI attacks in incoming socket messages
-```
-
-### List of included SocketIO payload modules
-```
-blacklist - Blacklists IP from SocketIO server for specified amount of time (banLength in config)
-```
-
-## Other Configuration
-### Express Middleware
-Please see [this](http://github.com/wearefractal/fusker/blob/master/examples/express-test.coffee) for a working express example.
-It's as easy as ```app.use(fusker.express.check);```
-Detectives/payloads are the same as they would be for the fusker HTTP server. Make sure fusker is the first piece of middleware added.
-
-### PROTIP BRO
-Setting config.silent to true will turn off all logging
-Setting config.verbose to true will turn on a ton of logging
-
-## LICENSE
-
-(MIT License)
-
-Copyright (c) 2011 Fractal <contact@wearefractal.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
View
20 docs/index.html
@@ -0,0 +1,20 @@
+<html>
+<head>
+<title>Fusker Documentation</title>
+<link rel="stylesheet" href="http://twitter.github.com/bootstrap/1.3.0/bootstrap.min.css">
+<link rel="stylesheet" href="http://google-code-prettify.googlecode.com/svn/trunk/src/prettify.css">
+<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js" type="text/javascript"></script>
+<script src="http://twitter.github.com/bootstrap/1.3.0/bootstrap-dropdown.js" type="text/javascript"></script>
+<script src="http://google-code-prettify.googlecode.com/svn/trunk/src/prettify.js" type="text/javascript"></script>
+<script src="https://raw.github.com/wearefractal/dox/master/lib/dox.js" type="text/javascript"></script>
+<script src="https://raw.github.com/wearefractal/fusker/master/PROJECTFILE.js" type="text/javascript"></script>
+<script type="text/javascript">
+$(document).ready(function () {
+ nova = dox('Fusker');
+ nova.add({}, 'Nothing here yet - Send me a message on GitHub if you absolutely need this and I will do it');
+});
+</script>
+</head>
+<body onload="prettyPrint()">
+</body>
+</html>
View
41 examples/express-test.coffee
@@ -1,41 +0,0 @@
-fusker = require '../lib/fusker'
-express = require 'express'
-
-fusker.config.dir = process.cwd()
-fusker.config.banLength = 1
-fusker.config.verbose = true
-
-fusker.http.detectives.push 'csrf', 'xss', 'sqli', 'lfi', '404'
-fusker.http.payloads.push 'blacklist', 'bush'
-fusker.socket.detectives.push 'xss', 'sqli', 'lfi'
-fusker.socket.payloads.push 'blacklist'
-
-app = express.createServer()
-app.use fusker.express.check
-app.use express.static(fusker.config.dir)
-
-app.listen 8080
-
-io = fusker.socket.listen app
-
-io.sockets.on 'connection', (socket) ->
-
- socket.emit 'HelloClient', 'o hay thar client'
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer1! Contents: ' + msg
-
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer2! Contents: ' + msg
-
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer3! Contents: ' + msg
-
- /* Uncomment the attack senders in index.html to test these */
- socket.on 'TestSQL', (msg) ->
- console.log 'SQL Handled! Contents: ' + msg
-
- socket.on 'TestLFI', (msg) ->
- console.log 'LFI Handled! Contents: ' + msg
-
- socket.on 'TestXSS', (msg) ->
- console.log 'XSS Handled! Contents: ' + msg
View
32 examples/index.html
@@ -1,32 +0,0 @@
-<html>
-<head>
-<title>Fusker - Test Page</title>
-<script type="text/javascript" src="/socket.io/socket.io.js"></script>
-<script>
- var socket = io.connect();
-
- socket.on('connect', function () {
- console.log('Socket.IO connected!');
- });
-
- socket.on('HelloClient', function (msg) {
- console.log('Server: ' + msg);
- socket.emit('TestObject', {username: 'ez-money', message: 'waz gud diz ya boi e-z e'});
-
- //Uncomment this block to send attacks to the server on page load
- /*
- socket.emit('TestXSS', '"><img src=x onerror=alert("XSS")><noscript>');
- socket.emit('TestLFI', '../../etc/passwd/');
- socket.emit('TestSQL', '\' OR \'1\'=\'1');*/
- });
-</script>
-</head>
-<body bgcolor="black" background="http://content.ytmnd.com/content/1/d/b/1db6ede2772ba8f5428dbff9f1f2e3be.gif">
-<br/><br/>
-<center>
-<h1>Fusker Test Page</h1><br/>
-<img src="http://content.ytmnd.com/content/1/7/c/17c9f89183c18613f48450a649e3f64c.gif"/><br/>
-<embed src="http://www.youtube.com/v/pOu1BvuhtRw?autoplay=1" type="application/x-shockwave-flash" wmode="transparent" width="1" height="1"></embed>
-</center>
-</body>
-</html>
View
38 examples/test.coffee
@@ -1,38 +0,0 @@
-fusker = require '../lib/fusker'
-
-fusker.config.dir = __dirname
-fusker.config.banLength = 1
-fusker.config.verbose = true
-
-fusker.http.detect 'csrf', 'xss', 'sqli', 'lfi', '404'
-fusker.http.punish 'blacklist', 'bush'
-fusker.socket.detect 'xss', 'sqli', 'lfi'
-fusker.socket.punish 'blacklist'
-
-server = fusker.http.createServer 8080
-io = fusker.socket.listen server
-
-# This will run an http server on port 8081 identical to the one on 8080 but requiring a username and password to log in
-securedServer = fusker.http.createServer 8081, 'admin', 'pass123'
-
-io.sockets.on 'connection', (socket) ->
-
- socket.emit 'HelloClient', 'o hay thar client'
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer1! Contents: ' + msg
-
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer2! Contents: ' + msg
-
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer3! Contents: ' + msg
-
- /* Uncomment the attack senders in index.html to test these */
- socket.on 'TestSQL', (msg) ->
- console.log 'SQL Handled! Contents: ' + msg
-
- socket.on 'TestLFI', (msg) ->
- console.log 'LFI Handled! Contents: ' + msg
-
- socket.on 'TestXSS', (msg) ->
- console.log 'XSS Handled! Contents: ' + msg
View
85 index.html
@@ -1,77 +1,20 @@
-<!DOCTYPE html>
<html>
<head>
- <meta charset='utf-8'>
-
- <title>wearefractal/fusker @ GitHub</title>
-
- <style type="text/css">
- body {
- margin-top: 1.0em;
- background-color: #a28565;
- font-family: Helvetica, Arial, FreeSans, san-serif;
- color: #000000;
- }
- #container {
- margin: 0 auto;
- width: 700px;
- }
- h1 { font-size: 3.8em; color: #5d7a9a; margin-bottom: 3px; }
- h1 .small { font-size: 0.4em; }
- h1 a { text-decoration: none }
- h2 { font-size: 1.5em; color: #5d7a9a; }
- h3 { text-align: center; color: #5d7a9a; }
- a { color: #5d7a9a; }
- .description { font-size: 1.2em; margin-bottom: 30px; margin-top: 30px; font-style: italic;}
- .download { float: right; }
- pre { background: #000; color: #fff; padding: 15px;}
- hr { border: 0; width: 80%; border-bottom: 1px solid #aaa}
- .footer { text-align:center; padding-top:30px; font-style: italic; }
- </style>
+<title>Fractal - Fusker</title>
+<link rel="stylesheet" href="http://twitter.github.com/bootstrap/1.3.0/bootstrap.min.css">
+<style>
+body
+{
+ background: black;
+}
+</style>
</head>
-
<body>
- <a href="http://github.com/wearefractal/fusker"><img style="position: absolute; top: 0; right: 0; border: 0;" src="http://s3.amazonaws.com/github/ribbons/forkme_right_darkblue_121621.png" alt="Fork me on GitHub" /></a>
-
- <div id="container">
-
- <div class="download">
- <a href="http://github.com/wearefractal/fusker/zipball/master">
- <img border="0" width="90" src="http://github.com/images/modules/download/zip.png"></a>
- <a href="http://github.com/wearefractal/fusker/tarball/master">
- <img border="0" width="90" src="http://github.com/images/modules/download/tar.png"></a>
- </div>
-
- <h1><a href="http://github.com/wearefractal/fusker">fusker</a>
- <span class="small">by <a href="http://github.com/wearefractal">wearefractal</a></span></h1>
-
- <div class="description">
- Fusker is a static HTTP server that provides optional security features for HTTP/Socket.io
- </div>
-
- <h2>Authors</h2>
-<p>Aaron Murray (aaron.thomas.murray@gmail.com)
-<br/>Contra (contra@maricopa.edu)
-<br/>
-<br/> </p>
-<h2>Contact</h2>
-<p>Fractal (contact@wearefractal.com)
-<br/> </p>
-
-
- <h2>Download</h2>
- <p>
- You can download this project in either
- <a href="http://github.com/wearefractal/fusker/zipball/master">zip</a> or
- <a href="http://github.com/wearefractal/fusker/tarball/master">tar</a> formats.
- </p>
- <p>You can also clone the project with <a href="http://git-scm.com">Git</a>
- by running:
- <pre>$ git clone git://github.com/wearefractal/fusker</pre>
- </p>
-
- <div class="footer">
- get the source code on GitHub : <a href="http://github.com/wearefractal/fusker">wearefractal/fusker</a>
- </div>
+<a href="http://github.com/wearefractal/fusker"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://a248.e.akamai.net/assets.github.com/img/abad93f42020b733148435e2cd92ce15c542d320/687474703a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f677265656e5f3030373230302e706e67" alt="Fork me on GitHub"></a>
+<center>
+<img id="logo" src="http://wearefractal.com/img/green_400x400.png"/><br/><br/>
+<a href="http://wearefractal.github.com/fusker/docs" class="btn primary">Documentation</a> <a href="http://www.slideshare.net/wearefractal/fusker-a-nodejs-security-framework-8850586" class="btn primary">Presentation</a>
+</center>
</body>
</html>
+
View
8 lib/config.coffee
@@ -1,8 +0,0 @@
-module.exports =
- dir: process.cwd()
- index: 'index.html'
- banLength: 1440
- httplog: 'http-attacks.log'
- socketlog: 'socket-attacks.log'
- verbose: false
- silent: false
View
5 lib/express.coffee
@@ -1,5 +0,0 @@
-module.exports.check = (req, res, next) ->
- http = require './http'
- http.processRequest req, res
- if next?
- next()
View
15 lib/fusker.coffee
@@ -1,15 +0,0 @@
-require 'protege'
-require('node-log').setName 'fusker'
-
-/* Create global var */
-fusker = {}
-
-/* Merge all of the libraries */
-fusker.util = require './util'
-fusker.config = require './config'
-fusker.http = require './http'
-fusker.express = require './express'
-fusker.socket = require './socketio'
-fusker.patterns = require './patterns'
-
-module.exports = fusker
View
24 lib/http-detectives/404.js
@@ -1,24 +0,0 @@
-var fs = require('fs');
-var url = require('url');
-var path = require('path');
-var fusker = require('../fusker');
-
-exports.check = function (req, res) {
- var file = url.parse(req.url).pathname;
- switch (file) {
- case '/':
- file = '/index.html';
- break;
- case '/socket.io/socket.io.js':
- case '/socket.io/socket.io.min.js':
- case '/favicon.ico':
- //commonly 404d items that arent really snooping
- return;
- }
-
- fs.readFile(path.join(fusker.config.dir + file), function (err, data) {
- if (err) {
- fusker.http.handleAttack('404', req, res);
- }
- });
-};
View
17 lib/http-detectives/csrf.js
@@ -1,17 +0,0 @@
-var fusker = require('../fusker');
-
-exports.check = function (req, res) {
- var headers = req.headers;
-
- if (/application\/j/.test(headers.accept)) {
- fusker.http.handleAttack('CSRF-0', req, res);
-
- //If we get a POST from another site, CSRF
- } else if (req.method == "POST" && headers.referer && !(headers.referer.indexOf(headers.host + '/') > 0)) {
- fusker.http.handleAttack('CSRF-1', req, res);
-
- //If we get a request without a method, CSRF (This seems a little sloppy, could be improved)
- } else if (req.method != "GET" && req.method != "POST") {
- fusker.http.handleAttack('CSRF-2', req, res);
- }
-};
View
10 lib/http-detectives/lfi.js
@@ -1,10 +0,0 @@
-var fusker = require('../fusker');
-
-exports.check = function (req, res) {
- for (var i = fusker.patterns.lfi.length - 1; i >= 0; --i) {
- if (fusker.patterns.lfi[i].test(req.url)) {
- fusker.http.handleAttack('LFI-' + i, req, res);
- return;
- }
- }
-};
View
10 lib/http-detectives/sqli.js
@@ -1,10 +0,0 @@
-var fusker = require('../fusker');
-
-exports.check = function (req, res) {
- for (var i = fusker.patterns.sql.length - 1; i >= 0; --i) {
- if (fusker.patterns.sql[i].test(req.url)) {
- fusker.http.handleAttack('SQLi-' + i, req, res);
- return;
- }
- }
-};
View
10 lib/http-detectives/xss.js
@@ -1,10 +0,0 @@
-var fusker = require('../fusker');
-
-exports.check = function (req, res) {
- for (var i = fusker.patterns.xss.length - 1; i >= 0; --i) {
- if (fusker.patterns.xss[i].test(req.url)) {
- fusker.http.handleAttack('XSS-' + i, req, res);
- return;
- }
- }
-};
View
7 lib/http-payloads/blacklist.js
@@ -1,7 +0,0 @@
-var fusker = require('../fusker');
-var log = require('../logger');
-
-exports.run = function (req, res) {
- fusker.http.blacklist.push({ip: req.connection.remoteAddress, date: new Date()});
- log.debug(req.connection.remoteAddress + ' has been banned from HTTP for ' + fusker.config.banLength + ' min');
-};
View
4 lib/http-payloads/bush.js
@@ -1,4 +0,0 @@
-exports.run = function (req, res) {
- res.writeHead(302, {'Location': 'http://img.flyinglobsters.com/flash/src/april1.swf'});
- res.end();
-};
View
19 lib/http-payloads/crews.js
@@ -1,19 +0,0 @@
-var html = '<html>';
-html += '<head>';
-html += '<title>LOL BANNED</title>';
-html += '</head>';
-html += '<body bgcolor="black" background="http://content.ytmnd.com/content/1/d/b/1db6ede2772ba8f5428dbff9f1f2e3be.gif">';
-html += '<br/><br/>';
-html += '<center>';
-html += '<h1>YA GOOFED - B&</h1><br/>';
-html += '<img src="http://content.ytmnd.com/content/1/7/c/17c9f89183c18613f48450a649e3f64c.gif">';
-html += '<embed src="http://www.youtube.com/v/ykJxwaGVzYY?autoplay=1&rel=0" type="application/x-shockwave-flash" wmode="transparent" width="1" height="1"></embed>';
-html += '</center>';
-html += '</body>';
-html += '</html>';
-
-exports.run = function (req, res) {
- res.writeHead(200);
- res.write(html, 'utf8');
- res.end();
-};
View
4 lib/http-payloads/explosive-impact.js
@@ -1,4 +0,0 @@
-exports.run = function (req, res) {
- res.writeHead(302, {'Location': 'http://www.youtube.com/v/uK0aQTzhBzE?autoplay=1'});
- res.end();
-};
View
11 lib/http-payloads/fake-report.js
@@ -1,11 +0,0 @@
-exports.run = function (req, res) {
- var html = '<html>';
- html += '<head><title>Crime Report</title></head>';
- html += '<body><center>';
- html += '<img src="http://mokellyreport.files.wordpress.com/2009/07/doj.gif"/><br/>';
- html += 'Your IP (' + req.connection.remoteAddress + ') and appropriate attack details have been automatically submitted to http://ic3.gov/';
- html += '</center></body>';
- res.writeHead(200);
- res.write(html, 'utf8');
- res.end();
-};
View
4 lib/http-payloads/goatse.js
@@ -1,4 +0,0 @@
-exports.run = function (req, res) {
- res.writeHead(302, {'Location': 'http://goatse.bz/goatse.jpg'});
- res.end();
-};
View
4 lib/http-payloads/lemonparty.js
@@ -1,4 +0,0 @@
-exports.run = function (req, res) {
- res.writeHead(302, {'Location': 'http://lemonparty.org/'});
- res.end();
-};
View
4 lib/http-payloads/meatspin.js
@@ -1,4 +0,0 @@
-exports.run = function (req, res) {
- res.writeHead(302, {'Location': 'http://meatspin.com/'});
- res.end();
-};
View
4 lib/http-payloads/nimp.js
@@ -1,4 +0,0 @@
-exports.run = function (req, res) {
- res.writeHead(302, {'Location': 'http://fusker.on.nimp.org/'});
- res.end();
-};
View
4 lib/http-payloads/nyan.js
@@ -1,4 +0,0 @@
-exports.run = function (req, res) {
- res.writeHead(302, {'Location': 'http://nyan.cat/'});
- res.end();
-};
View
4 lib/http-payloads/raggedyann.js
@@ -1,4 +0,0 @@
-exports.run = function (req, res) {
- res.writeHead(302, {'Location': 'http://raggedyann.ytmnd.com/'});
- res.end();
-};
View
4 lib/http-payloads/saxroll.js
@@ -1,4 +0,0 @@
-exports.run = function (req, res) {
- res.writeHead(302, {'Location': 'http://1227.com/'});
- res.end();
-};
View
101 lib/http.coffee
@@ -1,101 +0,0 @@
-https = require 'http'
-url = require 'url'
-sys = require 'sys'
-fs = require 'fs'
-path = require 'path'
-util = require './util'
-config = require './config'
-log = require 'node-log'
-mime = require 'mime'
-digest = require 'digest'
-
-http = {}
-http.detectives = []
-http.payloads = []
-http.blacklist = []
-
-http.detect = (args...) -> http.detectives.merge args
-http.punish = (args...) -> http.payloads.merge args
-
-http.createServer = (port, username, password) ->
- log.info ('Creating HTTP server on port ' + port).green
- log.info 'Detectives: ' + http.detectives
- log.info 'Payloads: ' + http.payloads
- if username? and password?
- log.info 'Login Credentials: ' + (username + ':' + password).red
- serv = digest.createServer username, password, http.serveRequest
- else
- serv = https.createServer http.serveRequest
- serv.listen port
- return serv
-
-http.serveRequest = (req, res) ->
- unless req
- return
-
- http.processRequest req, res
-
- uri = url.parse(req.url).pathname
- filename = path.join(config.dir, uri)
-
- path.exists filename, (exists) ->
- unless exists
- res.writeHead 404, 'Content-Type': 'text/plain'
- return res.end()
-
- if fs.statSync(filename).isDirectory()
- filename += '/' + config.index
- path.exists filename, (exists) ->
- unless exists
- res.writeHead 404, 'Content-Type': 'text/plain'
- return res.end()
-
- fs.readFile path.normalize(filename), 'binary', (err, file) ->
- if err
- res.writeHead 500, 'Content-Type': 'text/plain'
- res.write err + '\n'
- return res.end()
-
- res.writeHead 200, 'Content-Type': mime.lookup(filename)
- res.write file, 'binary'
- res.end()
-
-/* This is split out so it can be used in other places (such as the express middleware) */
-http.processRequest = (req, res) ->
- userIP = req.connection.remoteAddress
- log.debug 'HTTP: ' + userIP + ' -> ' + req.url
-
- for entry in http.blacklist
- if entry.ip is userIP
- served = util.getSince entry.date
- if served >= config.banLength
- log.debug 'Lifting HTTP ban on ' + userIP
- http.blacklist.remove entry
- break
- else
- log.debug userIP + ' blocked via HTTP. Remaining: ' + Math.round(config.banLength - served) + ' min'
- res.end()
- return
-
- for detective in http.detectives
- module = require './http-detectives/' + detective
- module.check req, res
-
-http.logAttack = (file, module, req) ->
- olog = fs.createWriteStream file, flags: 'a'
- olog.write '[- ATTACK DETAILS FOR ' + new Date() + ' -]\r\n'
- olog.write ' --> Detective: ' + module + '\r\n'
- olog.write ' --> Request: ' + req.method + ' ' + req.url + '\r\n'
- olog.write ' --> IP: ' + req.connection.remoteAddress + '\r\n'
- olog.write '[- END ATTACK DETAILS -]\r\n\r\n'
- olog.end()
-
-http.handleAttack = (module, req, res) ->
- log.warn 'HTTP attack detected! Module: ' + module + ' IP: ' + req.connection.remoteAddress
- http.logAttack config.httplog, module, req
-
- for payload in http.payloads
- module = require './http-payloads/' + payload
- module.run req, res
-
-module.exports = http
View
15 lib/patterns.js
@@ -1,15 +0,0 @@
-var patterns = {};
-
-patterns.xss = [/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/ix, //Simple XSS
-/((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/I, //IMG SRC XSS
-/((\%3C)|<)[^\n]+((\%3E)|>)/I]; //All XSS
-
-patterns.lfi = [/\.\.\//]; //Basic ../ match
-
-patterns.sql = [/((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|(\%3B)|(;))/i, //SQL meta-characters
-/\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/i, //Simple SQLi
-/((\%27)|(\'))union/i, //SQLi with UNION
-/exec(\s|\+)+(s|x)p\w+/ix, //SQLi for MSSQL
-/UNION(?:\s+ALL)?\s+SELECT/i]; //SQLi UNION SELECT
-
-module.exports = patterns;
View
10 lib/socket-detectives/lfi.js
@@ -1,10 +0,0 @@
-var fusker = require('../fusker');
-
-exports.check = function (socket, msg) {
- for (var i = fusker.patterns.lfi.length - 1; i >= 0; --i) {
- if (fusker.patterns.lfi[i].test(msg)) {
- fusker.socket.handleAttack('LFI-' + i, socket, msg);
- return;
- }
- }
-};
View
10 lib/socket-detectives/sqli.js
@@ -1,10 +0,0 @@
-var fusker = require('../fusker');
-
-exports.check = function (socket, msg) {
- for (var i = fusker.patterns.sql.length - 1; i >= 0; --i) {
- if (fusker.patterns.sql[i].test(msg)) {
- fusker.socket.handleAttack('SQLi-' + i, socket, msg);
- return;
- }
- }
-};
View
10 lib/socket-detectives/xss.js
@@ -1,10 +0,0 @@
-var fusker = require('../fusker');
-
-exports.check = function (socket, msg) {
- for (var i = fusker.patterns.xss.length - 1; i >= 0; --i) {
- if (fusker.patterns.xss[i].test(msg)) {
- fusker.socket.handleAttack('XSS-' + i, socket, msg);
- return;
- }
- }
-};
View
8 lib/socket-payloads/blacklist.js
@@ -1,8 +0,0 @@
-var fusker = require('../fusker');
-var log = require('../logger');
-
-exports.run = function (socket, msg) {
- fusker.socket.blacklist.push({ip: socket.remoteAddress, date: new Date()});
- socket.disconnect();
- log.debug(socket.remoteAddress + ' has been banned from SocketIO for ' + fusker.config.banLength + ' min');
-};
View
69 lib/socketio.coffee
@@ -1,69 +0,0 @@
-url = require 'url'
-sys = require 'sys'
-fs = require 'fs'
-path = require 'path'
-util = require './util'
-config = require './config'
-log = require 'node-log'
-
-socketio = {}
-socketio.detectives = []
-socketio.payloads = []
-socketio.blacklist = []
-
-socketio.detect = (args...) -> socketio.detectives.merge args
-socketio.punish = (args...) -> socketio.payloads.merge args
-
-socketio.listen = (server) ->
- log.info 'Creating Socket.IO server!'.green
- log.info 'Detectives: ' + socketio.detectives
- log.info 'Payloads: ' + socketio.payloads
- sio = require 'socket.io'
- io = sio.listen server
-
- io.sockets.on 'connection', (socket) ->
- socket.remoteAddress ?= socket.handshake.address.address
-
- for entry in socketio.blacklist
- if entry.ip is socket.remoteAddress
- served = util.getSince entry.date
- if served >= config.banLength
- log.debug 'Lifting SocketIO ban on ' + socket.remoteAddress
- socketio.blacklist.remove entry
- break
- else
- log.debug socket.remoteAddress + ' blocked via SocketIO. Remaining: ' + Math.round(config.banLength - served) + ' min'
- socket.disconnect()
- return
-
- socket.on 'newListener', (evt, listener) ->
- socket.listeners(evt).push (msg) ->
- log.debug 'SocketIO: ' + socket.remoteAddress + ' -> ' + evt
- for detective in socketio.detectives
- module = require './socket-detectives/' + detective
- module.check socket, sys.inspect(msg)
-
- io.enable 'browser client minification'
- io.enable 'browser client etag'
- io.set 'log level', 1
- io.set 'transports', [ 'websocket', 'flashsocket', 'htmlfile', 'xhr-polling', 'jsonp-polling' ]
- return io
-
-socketio.logAttack = (file, module, socket, msg) ->
- olog = fs.createWriteStream file, flags: 'a'
- olog.write '[- ATTACK DETAILS FOR ' + new Date() + ' -]\r\n'
- olog.write ' --> Detective: ' + module + '\r\n'
- olog.write ' --> Socket Message: ' + msg + '\r\n'
- olog.write ' --> IP: ' + socket.remoteAddress + '\r\n'
- olog.write '[- END ATTACK DETAILS -]\r\n\r\n'
- olog.end()
-
-socketio.handleAttack = (module, socket, msg) ->
- log.warn 'Socket attack detected! Module: ' + module + ' IP: ' + socket.remoteAddress
- socketio.logAttack config.socketlog, module, socket, msg
-
- for payload in socketio.payloads
- module = require './socket-payloads/' + payload
- module.run socket, msg
-
-module.exports = socketio
View
7 lib/util.coffee
@@ -1,7 +0,0 @@
-exports.getMinutes = (date) ->
- minute = 1000 * 60
- return date.getTime() / minute
-
-exports.getSince = (date) ->
- currTime = new Date()
- return exports.getMinutes(currTime) - exports.getMinutes(date)
View
40 package.json
@@ -1,40 +0,0 @@
-{
- "name": "fusker",
- "description": "Detect, prevent, and fight back against hackers in the lulziest ways possible",
- "version": "0.1.9",
- "homepage": "http://github.com/wearefractal/fusker",
- "keywords": ["fusker", "hack", "protect", "csrf", "lfi", "xss", "sqli", "injection", "attack", "blacklist", "express", "socket", "security", "firewall"],
- "author": "Contra <contra@australia.edu> (http://wearefractal.com)",
- "main": "./lib/fusker.coffee",
- "directories": {
- "lib": "./lib"
- },
- "bugs": {
- "mail": "contra@australia.edu",
- "web": "http://github.com/wearefractal/fusker/issues"
- },
- "repository": {
- "type": "git",
- "url": "http://github.com/wearefractal/fusker.git"
- },
- "dependencies": {
- "socket.io": ">= 0.7.4",
- "coffee-script": "*",
- "colors":"*",
- "protege":"*",
- "mime":"*",
- "digest":"*",
- "node-log":"*"
- },
- "contributors": [{
- "name": "Contra",
- "github": "https://github.com/Contra"
- }],
- "engines": {
- "node": "*"
- },
- "licenses": [{
- "type": "MIT",
- "url": "http://github.com/wearefractal/fusker/raw/master/LICENSE"
- }]
-}
Please sign in to comment.
Something went wrong with that request. Please try again.