Created
April 10, 2024 05:19
-
-
Save brutexploiter/3133b5f772f02be6424d3f5522b5a012 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import http.server | |
import ssl | |
import sys | |
import random | |
import string | |
import argparse | |
import socket | |
hostname = "httpserver.example.com" | |
redirect_enabled = False | |
redirect_target = "" | |
redirect_token = "" | |
manual_redirect_token = False | |
redirect_code = 303 | |
verbose = False | |
parser = argparse.ArgumentParser() | |
parser.add_argument("--redirect", type=str) | |
parser.add_argument("--redirect_code", type=int) | |
parser.add_argument("--redirect_token", type=str) | |
parser.add_argument("--verbose", action="store_true") | |
args = parser.parse_args() | |
url = "https://" + hostname + "/" | |
if args.redirect is not None: | |
print("[redirect] Redirecting enabled. Target: '" + args.redirect + "'") | |
redirect_enabled = True | |
redirect_target = args.redirect | |
if args.redirect_code is not None: | |
if not redirect_enabled: | |
print("[!] Redirecting is disabled. Can't set 'redirect_code'.") | |
exit() | |
print("[redirect] Setting custom redirect response code to '" + str(args.redirect_code) + "'.") | |
redirect_code = args.redirect_code | |
if args.redirect_token is not None: | |
if not redirect_enabled: | |
print("[!] Redirecting is disabled. Can't set 'redirect_token'.") | |
exit() | |
print("[redirect] Manually setting redirect token to '" + str(args.redirect_token) + "'. Redirect URL: " + url + args.redirect_token) | |
redirect_token = args.redirect_token | |
manual_redirect_token = True | |
if args.verbose is not False: | |
print("[verbose] Verbose mode enabled.") | |
verbose = True | |
if redirect_enabled and not manual_redirect_token: | |
redirect_token = "".join(random.SystemRandom().choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for _ in range(30)) | |
print("[redirect] Random redirect URL: " + url + redirect_token) | |
class CustomServer(http.server.BaseHTTPRequestHandler): | |
def do_request(self, method): | |
if verbose: | |
print() | |
print(self.client_address) | |
try: | |
print(socket.gethostbyaddr(self.client_address[0])[0]) | |
except: | |
print("[!] Reverse DNS failed.") | |
print("\n\n[verbose]") | |
print(self.requestline) | |
print(self.headers) | |
if redirect_enabled and self.path == "/" + redirect_token: | |
print("[redirect] Redirect path hit! Returning " + str(redirect_code) + " to '" + redirect_target + "'.") | |
self.send_response(redirect_code) | |
self.send_header("Location", redirect_target) | |
self.end_headers() | |
if method == "OPTIONS": | |
self.send_response(200) | |
self.send_header("Allow", "GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH") | |
self.end_headers() | |
elif method in ["POST", "PUT", "PATCH"]: | |
self.handle_request_with_body(method) | |
else: | |
if redirect_enabled and self.path == "/" + redirect_token: | |
self.send_response(redirect_code) | |
self.send_header("Location", redirect_target) | |
self.end_headers() | |
else: | |
self.handle_request_without_body(method) | |
def handle_request_with_body(self, method): | |
content_length = int(self.headers['Content-Length']) # Get the length of the request body | |
request_data = self.rfile.read(content_length) # Read the request data | |
# Print the raw request data directly | |
print(request_data.decode('utf-8')) # Assuming UTF-8 encoding | |
# Respond with a 200 OK | |
self.send_response(200) | |
self.end_headers() | |
def handle_request_without_body(self, method): | |
# Respond with a 200 OK | |
self.send_response(200) | |
self.end_headers() | |
def do_GET(self): | |
self.do_request("GET") | |
def do_HEAD(self): | |
self.do_request("HEAD") | |
def do_POST(self): | |
self.do_request("POST") | |
def do_PUT(self): | |
self.do_request("PUT") | |
def do_PATCH(self): | |
self.do_request("PATCH") | |
def do_DELETE(self): | |
self.do_request("DELETE") | |
def do_CONNECT(self): | |
self.do_request("CONNECT") | |
def do_OPTIONS(self): | |
self.do_request("OPTIONS") | |
def do_TRACE(self): | |
self.do_request("TRACE") | |
server_address = ("0.0.0.0", 443) | |
httpd = http.server.HTTPServer(server_address, CustomServer) | |
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) | |
context.load_cert_chain(certfile="/etc/letsencrypt/live/" + hostname + "/fullchain.pem", keyfile="/etc/letsencrypt/live/" + hostname + "/privkey.pem") | |
httpd.socket = context.wrap_socket(httpd.socket, server_side=True) | |
print("[+] Starting server. URL: " + url) | |
try: | |
httpd.serve_forever() | |
except KeyboardInterrupt: | |
print("\nShutting down the server...") | |
httpd.server_close() | |
sys.exit(0) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment