Day 15 - Proxy VI

15th鐵人賽 python for cybersecurity black hat python

monles_yen

2023-09-15 20:30:26

362 瀏覽

分享至

This series of tutorials is aimed to share the notes taken while I was learning python for cybersecurity with the books - Black Hat Python.
這系列教學文章為學習筆記+延伸資源，旨在分享學習書籍 Black Hat Python時所思所學，也希望能幫助想了解Python和資安的大大們入門。

This tutorail has also been written in English in Medium.

看文前, 你應該要具備以下基礎能力:

Let's get started! 開始吧!

Proxy VI

完整程式碼

def proxy_handler(client_socket, remote_host, remote_port, receive_first):
    remote_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    remote_socket.connect((remote_host, remote_port))

    if receive_first:
        remote_buffer = receive_from(remote_socket)
        hexdump(remote_buffer)
        if len(remote_buffer):
            print("[<==] Received %d bytes from remote." % len(remote_buffer))
            hexdump(remote_buffer)

            remote_buffer = response_handler(remote_buffer)
            client_socket.send(remote_buffer)
            print("[==>] Sent to local.")

    while True:
        local_buffer = receive_from(client_socket)
        if len(local_buffer):
            print("[<==] Received %d bytes from local." % len(local_buffer))
            hexdump(local_buffer)

            local_buffer = request_handler(local_buffer)
            remote_socket.send(local_buffer)
            print("[==>] Sent to remote.")

        remote_buffer = receive_from(remote_socket)
        if len(remote_buffer):
            print("[<==] Received %d bytes from remote." % len(remote_buffer))
            hexdump(remote_buffer)

            remote_buffer = response_handler(remote_buffer)
            client_socket.send(remote_buffer)
            print("[==>] Sent to local.")

        if not len(local_buffer) or not len(remote_buffer):
            client_socket.close()
            remote_socket.close()
            print("[*] No more data. Closing connections.")
            break

接下來，分步驟講解:

1.

remote_socket.connect((remote_host, remote_port))

連接到遠端host.

2.

if receive_first:
        remote_buffer = receive_from(remote_socket)
        hexdump(remote_buffer)
if receive_first:
        remote_buffer = receive_from(remote_socket)
        hexdump(remote_buffer)

確認我們不需要:

先初始化一個連接(connection)到遠端
進主要迴圈前要求檔案

3.

while True:
        local_buffer = receive_from(client_socket)
        if len(local_buffer):
            print("[<==] Received %d bytes from local." % len(local_buffer))
            hexdump(local_buffer)

            local_buffer = request_handler(local_buffer)
            remote_socket.send(local_buffer)
            print("[==>] Sent to remote.")

        remote_buffer = receive_from(remote_socket)
        if len(remote_buffer):
            print("[<==] Received %d bytes from remote." % len(remote_buffer))
            hexdump(remote_buffer)

            remote_buffer = response_handler(remote_buffer)
            client_socket.send(remote_buffer)
            print("[==>] Sent to local.")

有些伺服器常駐程式/守護進程(daemons)會期望你做以下(如: FTP伺服器通常先傳送banner):

函式receive_from: 溝通的兩端( both sides of the communication )都可接受一個連接的sockey物件，並接收(performs a receive)
函式receive_handler: 將輸出結果放在這函式，並傳送已被接收的buffer到當地客戶端

4.

if not len(local_buffer) or not len(remote_buffer):
    client_socket.close()
    remote_socket.close()
    print("[*] No more data. Closing connections.")
    break

當以沒有任何資料被傳送到連接的任何一端，關閉當地和遠端sockets，並break已離開迴圈

Reference參考資料