forked from ickerwx/tcpproxy
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtcpproxy.py
More file actions
305 lines (252 loc) · 10.8 KB
/
tcpproxy.py
File metadata and controls
305 lines (252 loc) · 10.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
#!/usr/bin/env python2
import argparse
import pkgutil
import os
import sys
import threading
import socket
import ssl
import time
# TODO: implement verbose output
# some code snippets, as well as the original idea, from Black Hat Python
def is_valid_ip4(ip):
# some rudimentary checks if ip is actually a valid IP
octets = ip.split('.')
if len(octets) != 4:
return False
return octets[0] != 0 and all(0 <= int(octet) <= 255 for octet in octets)
def parse_args():
parser = argparse.ArgumentParser(description='Simple TCP proxy for data ' +
'interception and ' +
'modification. ' +
'Select modules to handle ' +
'the intercepted traffic.')
parser.add_argument('-ti', '--targetip', dest='target_ip', required=True,
help='remote target IP')
parser.add_argument('-tp', '--targetport', dest='target_port', type=int,
help='remote target port', required=True)
parser.add_argument('-li', '--listenip', dest='listen_ip',
default='0.0.0.0', help='IP address to listen for ' +
'incoming data')
parser.add_argument('-lp', '--listenport', dest='listen_port', type=int,
default=8080, help='port to listen on')
parser.add_argument('-om', '--outmodules', dest='out_modules',
help='comma-separated list of modules to modify data' +
' before sending to remote target.')
parser.add_argument('-im', '--inmodules', dest='in_modules',
help='comma-separated list of modules to modify data' +
' received from the remote target.')
parser.add_argument('-t', '--timeout', dest='timeout', type=float, default=5,
help='Socket timeout to wait for incoming data')
parser.add_argument('-v', '--verbose', dest='verbose', default=False,
action='store_true',
help='More verbose output of status information')
parser.add_argument('-r', '--receivefirst', dest='receive_first',
action='store_true', default=False,
help='Receive data from remote first, e.g. a banner')
parser.add_argument('-n', '--no-chain', dest='no_chain_modules',
action='store_true', default=False,
help='Don\'t send output from one module to the ' +
'next one')
parser.add_argument('-l', '--log', dest='logfile', default=None,
help='Log all data to a file before modules are run.')
parser.add_argument('--list', dest='list', action='store_true',
help='list available modules')
parser.add_argument('-lo', '--list-options', dest='help_modules', default=None,
help='Print help of selected module')
parser.add_argument('-s', '--ssl', dest='use_ssl', action='store_true',
default=False, help='use SSL, certificate is mitm.pem')
return parser.parse_args()
def generate_module_list(modstring, incoming=False):
# This method receives the comma-separated module list, imports the modules
# and creates a Module instance for each module. A list of these instances
# is then returned.
# The incoming parameter is True when the modules belong to the incoming
# chain (-im)
# modstring looks like mod1,mod2:key=val,mod3:key=val:key2=val2,mod4 ...
modlist = []
namelist = modstring.split(',')
for n in namelist:
name, options = parse_module_options(n)
try:
__import__('proxymodules.' + name)
modlist.append(sys.modules['proxymodules.' + name].Module(incoming, options))
except ImportError:
print 'Module %s not found' % name
sys.exit(3)
return modlist
def parse_module_options(n):
# n is of the form module_name:key1=val1:key2=val2 ...
# this method returns the module name and a dict with the options
n = n.split(':', 1)
if len(n) == 1:
# no module options present
return n[0], None
name = n[0]
optionlist = n[1].split(':')
options = {}
for op in optionlist:
try:
k, v = op.split('=')
options[k] = v
except ValueError:
print op, 'is not valid!'
sys.exit(23)
return name, options
def list_modules():
# show all available proxy modules
cwd = os.getcwd()
module_path = cwd + os.sep + 'proxymodules'
for _, module, _ in pkgutil.iter_modules([module_path]):
__import__('proxymodules.' + module)
m = sys.modules['proxymodules.' + module].Module()
print '%s - %s' % (m.name, m.description)
def print_module_help(modlist):
# parse comma-separated list of module names, print module help text
modules = generate_module_list(modlist)
for m in modules:
try:
print m.name
print m.help()
except AttributeError:
print '\tNo options.'
def receive_from(s, timeout):
# receive data from a socket until no more data is there or until timeout
b = ""
s.settimeout(timeout)
try:
while True:
data = s.recv(4096)
if not data:
break
b += data
except:
pass
return b
def handle_data(data, modules, dont_chain, verbose=False):
# execute each active module on the data. If dont_chain is set, feed the
# output of one plugin to the following plugin. Not every plugin will
# necessarily modify the data, though.
for m in modules:
print ("> > > > in: " if m.incoming else "< < < < out: ") + m.name
if dont_chain:
m.execute(data)
else:
data = m.execute(data)
return data
def start_proxy_thread(local_socket, args, in_modules, out_modules):
# This method is executed in a thread. It will relay data between the local
# host and the remote host, while letting modules work on the data before
# passing it on.
remote_socket = socket.socket()
if args.use_ssl:
remote_socket = ssl.wrap_socket(remote_socket)
remote_socket.connect((args.target_ip, args.target_port))
in_data = '' # incoming data, intended for the local host
out_data = '' # outgoing data, intended for the remote host
# instead of sending data to the remote host, receive some data first.
# might be necessary to read banners, etc.
if args.receive_first:
in_data = receive_from(remote_socket, args.timeout)
log(args.logfile, '> > > in\n' + in_data)
if len(in_data):
if in_modules is not None:
in_data = handle_data(in_data, in_modules,
args.no_chain_modules, args.verbose)
local_socket.send(in_data)
# This loop ends when no more data is received on either the local or the
# remote socket
while True:
out_data = receive_from(local_socket, args.timeout)
log(args.logfile, '< < < out\n' + out_data)
if len(out_data):
if out_modules is not None:
out_data = handle_data(out_data, out_modules,
args.no_chain_modules, args.verbose)
remote_socket.send(out_data)
in_data = receive_from(remote_socket, args.timeout)
log(args.logfile, '> > > in\n' + in_data)
if len(in_data):
if in_modules is not None:
in_data = handle_data(in_data, in_modules,
args.no_chain_modules, args.verbose)
local_socket.send(in_data)
if not len(in_data) or not len(out_data):
# no more data on one of the sockets, exit the loop and return
local_socket.close()
remote_socket.close()
break
def log(handle, message, message_only=False):
# if message_onlz is True, only the message will be logged
# otherwise the message will be prefixed with a timestamp and a line is
# written after the message to make the log file easier to write
if handle is None:
return
if not message_only:
logentry = time.strftime('%Y%m%d-%H%M%S') + ' ' + str(time.time()) + '\n'
else:
logentry = ''
logentry += message
if not message_only:
logentry += '\n' + '-' * 20 + '\n'
handle.write(logentry)
def main():
args = parse_args()
if args.logfile is not None:
try:
args.logfile = open(args.logfile, 'a', 0) # unbuffered
except Exception, ex:
print 'Error opening logfile'
print ex
sys.exit(4)
if args.list:
list_modules()
sys.exit(0)
if args.help_modules is not None:
print_module_help(args.help_modules)
sys.exit(0)
if args.listen_ip != '0.0.0.0' and not is_valid_ip4(args.listen_ip):
print '%s is not a valid IP address' % args.listen_ip
sys.exit(1)
if not is_valid_ip4(args.target_ip):
print '%s is not a valid IP address' % args.target_ip
sys.exit(2)
if args.in_modules is not None:
in_modules = generate_module_list(args.in_modules, True)
else:
in_modules = None
if args.out_modules is not None:
out_modules = generate_module_list(args.out_modules)
else:
out_modules = None
# this is the socket we will listen on for incoming connections
proxy_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
proxy_socket.bind((args.listen_ip, args.listen_port))
except socket.error, e:
print e.strerror
sys.exit(5)
proxy_socket.listen(10)
log(args.logfile, str(args))
# endless loop until ctrl+c
try:
while True:
in_socket, in_addrinfo = proxy_socket.accept()
if args.verbose:
print 'Connection from %s:%d' % in_addrinfo
if args.use_ssl:
in_socket = ssl.wrap_socket(in_socket, certfile="mitm.pem",
keyfile="mitm.pem",
server_side=True,
ssl_version=ssl.PROTOCOL_SSLv23)
proxy_thread = threading.Thread(target=start_proxy_thread,
args=(in_socket, args, in_modules,
out_modules))
log(args.logfile, "Starting proxy thread")
proxy_thread.start()
except KeyboardInterrupt:
log(args.logfile, 'Ctrl+C detected, exiting...')
print '\nCtrl+C detected, exiting...'
sys.exit(0)
if __name__ == '__main__':
main()