gnh1201/caterpillar
1
0
Fork 0
mirror of https://github.com/gnh1201/caterpillar.git synced 2025-05-16 06:31:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix SSL negotiation #32

Browse Source
This commit is contained in:
Namhyeon Go 2024-07-11 19:03:34 +09:00
parent 77ae320f40
commit e2442a6290
2 changed files with 79 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
base.py
View File

@ -8,7 +8,7 @@
# Euiseo Cha (Wonkwang University) <zeroday0619_dev@outlook.com> # Euiseo Cha (Wonkwang University) <zeroday0619_dev@outlook.com>
# https://github.com/gnh1201/caterpillar # https://github.com/gnh1201/caterpillar
# Created at: 2024-05-20 # Created at: 2024-05-20
# Updated at: 2024-07-09 # Updated at: 2024-07-11
# #
import logging import logging
@ -17,6 +17,8 @@ import json
import os import os
import re import re
import importlib import importlib
import subprocess
import platform
from datetime import datetime, timezone from datetime import datetime, timezone
from typing import Union, List from typing import Union, List
@ -60,6 +62,59 @@ def jsonrpc2_error_encode(error, id=""):
return json.dumps(data) return json.dumps(data)
def find_openssl_binpath():
system = platform.system()
if system == "Windows":
possible_paths = [
os.path.join(
os.getenv("ProgramFiles", "C:\\Program Files"),
"OpenSSL-Win64",
"bin",
"openssl.exe",
),
os.path.join(
os.getenv("ProgramFiles", "C:\\Program Files"),
"OpenSSL-Win32",
"bin",
"openssl.exe",
),
os.path.join(
os.getenv("ProgramFiles(x86)", "C:\\Program Files (x86)"),
"OpenSSL-Win32",
"bin",
"openssl.exe",
),
os.path.join(
os.getenv("ProgramW6432", "C:\\Program Files"),
"OpenSSL-Win64",
"bin",
"openssl.exe",
),
os.path.join(
os.getenv("ProgramW6432", "C:\\Program Files"),
"OpenSSL-Win32",
"bin",
"openssl.exe",
),
]
for path in possible_paths:
if os.path.exists(path):
return path
else:
try:
result = subprocess.run(
["which", "openssl"], stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
path = result.stdout.decode().strip()
if path:
return path
except Exception as e:
pass
return "openssl"
class Extension: class Extension:
extensions = [] extensions = []
protocols = [] protocols = []

29
server.py
View File

@ -7,7 +7,7 @@
# Namyheon Go (Catswords Research) <gnh1201@gmail.com> # Namyheon Go (Catswords Research) <gnh1201@gmail.com>
# https://github.com/gnh1201/caterpillar # https://github.com/gnh1201/caterpillar
# Created at: 2022-10-06 # Created at: 2022-10-06
# Updated at: 2024-07-09 # Updated at: 2024-07-11
# #
import argparse import argparse
@ -38,6 +38,7 @@ from base import (
jsonrpc2_create_id, jsonrpc2_create_id,
jsonrpc2_encode, jsonrpc2_encode,
jsonrpc2_result_encode, jsonrpc2_result_encode,
find_openssl_binpath,
Logger, Logger,
) )
@ -54,7 +55,7 @@ try:
cacert = config("CA_CERT", default="ca.crt") cacert = config("CA_CERT", default="ca.crt")
certkey = config("CERT_KEY", default="cert.key") certkey = config("CERT_KEY", default="cert.key")
certdir = config("CERT_DIR", default="certs/") certdir = config("CERT_DIR", default="certs/")
openssl_binpath = config("OPENSSL_BINPATH", default="openssl") openssl_binpath = config("OPENSSL_BINPATH", default=find_openssl_binpath())
client_encoding = config("CLIENT_ENCODING", default="utf-8") client_encoding = config("CLIENT_ENCODING", default="utf-8")
local_domain = config("LOCAL_DOMAIN", default="") local_domain = config("LOCAL_DOMAIN", default="")
proxy_pass = config("PROXY_PASS", default="") proxy_pass = config("PROXY_PASS", default="")
@ -230,17 +231,33 @@ def proxy_connect(webserver, conn):
stderr=PIPE, stderr=PIPE,
) )
p2.communicate() p2.communicate()
except FileNotFoundError as e:
logger.error(
"[*] OpenSSL distribution not found on this system. Skipping certificate issuance.",
exc_info=e,
)
certpath = "default.crt"
except Exception as e: except Exception as e:
logger.error("[*] Skipped generating the certificate.", exc_info=e) logger.error("[*] Skipping certificate issuance.", exc_info=e)
certpath = "default.crt"
# https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server # https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server
# https://docs.python.org/3/library/ssl.html # https://docs.python.org/3/library/ssl.html
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
context.load_cert_chain(certpath, certkey) context.load_cert_chain(certpath, certkey)
# https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server try:
conn = context.wrap_socket(conn, server_side=True) # https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server
data = conn.recv(buffer_size) conn = context.wrap_socket(conn, server_side=True)
data = conn.recv(buffer_size)
except ssl.SSLError as e:
logger.error(
"[*] SSL negotiation failed. Check that the CA certificate is installed.",
exc_info=e,
)
return (conn, b"")
return (conn, data) return (conn, data)