Skip to content

Instantly share code, notes, and snippets.

@mdonkers
Last active September 14, 2024 18:11
Show Gist options
  • Save mdonkers/63e115cc0c79b4f6b8b3a6b797e485c7 to your computer and use it in GitHub Desktop.
Save mdonkers/63e115cc0c79b4f6b8b3a6b797e485c7 to your computer and use it in GitHub Desktop.
Simple Python 3 HTTP server for logging all GET and POST requests
#!/usr/bin/env python3
"""
License: MIT License
Copyright (c) 2023 Miel Donkers
Very simple HTTP server in python for logging requests
Usage::
./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
import logging
class S(BaseHTTPRequestHandler):
def _set_response(self):
self.send_response(200)
self.send_header('Content-type', 'text/html')
self.end_headers()
def do_GET(self):
logging.info("GET request,\nPath: %s\nHeaders:\n%s\n", str(self.path), str(self.headers))
self._set_response()
self.wfile.write("GET request for {}".format(self.path).encode('utf-8'))
def do_POST(self):
content_length = int(self.headers['Content-Length']) # <--- Gets the size of data
post_data = self.rfile.read(content_length) # <--- Gets the data itself
logging.info("POST request,\nPath: %s\nHeaders:\n%s\n\nBody:\n%s\n",
str(self.path), str(self.headers), post_data.decode('utf-8'))
self._set_response()
self.wfile.write("POST request for {}".format(self.path).encode('utf-8'))
def run(server_class=HTTPServer, handler_class=S, port=8080):
logging.basicConfig(level=logging.INFO)
server_address = ('', port)
httpd = server_class(server_address, handler_class)
logging.info('Starting httpd...\n')
try:
httpd.serve_forever()
except KeyboardInterrupt:
pass
httpd.server_close()
logging.info('Stopping httpd...\n')
if __name__ == '__main__':
from sys import argv
if len(argv) == 2:
run(port=int(argv[1]))
else:
run()
@mjl778374
Copy link

La dirección IP sirve para localizar un recurso en una red (como un servidor web o de correo en Internet). El puerto sirve para ubicar el mismo recurso dentro del servidor. Por eso el código fuente del servidor debería ser independiente de la infraestructura subyacente. Si depende de dicha infraestructura, está mal programado pues no es modular. (No se separa la interfaz de la implementación).

@mjl778374
Copy link

La IP corresponde a la capa de red de la pila de protocolos TCP-IP. IPv4 e IPv6 son dos implementaciones de ella. El TCP y el UDP corresponden a la capa de transporte, mientras que el servidor web está en la capa de aplicación. Para que un servidor que funcione en esta tecnología, esté bien programado, solo debería saber de su puerto (el cual es su buzón de correo), pues tiene que saber dónde debe escuchar las peticiones que le llegan.

@mjl778374
Copy link

Quien debería saber de la IP y el puerto del servidor es el cliente que le hace peticiones, pues tiene que saber dónde está el buzón de correo al que debe enviarlas. El servidor solo debería saber, a lo sumo, el puerto donde escucha, pues solo debería saber que le llegan al mismo servidor donde está instalado.

@nevstas
Copy link

nevstas commented Oct 21, 2021

@mjl778374 server from first post does not support ipv6. If you dont believe - try it

@VAkris
Copy link

VAkris commented Nov 4, 2021

Method do_Post gets from database for the Read, post_data, format, encode elements. This may enable Stored xss. Can someone help prevent this vulnerability

@ericnyamubbp
Copy link

Hi

Isit possible to redirect output to a file?Using > doesnot work .

Thanks

Copy link

ghost commented Jan 14, 2022

Great, simple and easy to work with. Thanks!

@sickwell
Copy link

sickwell commented Mar 6, 2022

There is an small issue when working with the server - there is no js,html execution at the client side when you use such server.

@ikingye
Copy link

ikingye commented Apr 18, 2022

What about do_DELETE

@amgodoi
Copy link

amgodoi commented Jul 22, 2022

#! /usr/bin/env python3

#The MIT License (MIT)
#
#Copyright <2022> <Alexandre Maia Godoi>
#
#Permission is hereby granted, free of charge, to any person obtaining a copy of
#this software and associated documentation files (the “Software”), to deal in
#the Software without restriction, including without limitation the rights to
#use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
#of the Software, and to permit persons to whom the Software is furnished to do so.

#THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
#IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
#FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
#AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
#LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
#FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
#DEALINGS IN THE SOFTWARE.


from http.server import BaseHTTPRequestHandler, HTTPServer
import logging
import sys

COLOR = "\033[1;32m"
RESET_COLOR = "\033[00m"

class S(BaseHTTPRequestHandler):
    def _set_response(self):
        self.send_response(200)
        self.send_header('Content-type', 'text/html')
        self.end_headers()

    def do_log(self, method):
        content_length = self.headers['Content-Length']
        content_length = 0 if (content_length is None) else int(content_length)
        post_data = self.rfile.read(content_length)
        logging.info(COLOR + method + " request,\n" + RESET_COLOR + "Path: %s\nHeaders:\n%sBody:\n%s\n",
                str(self.path), str(self.headers), post_data.decode('utf-8'))
        self._set_response()
        self.wfile.write((method + " request for {}".format(self.path)).encode('utf-8'))

    def do_GET(self):
        self.do_log("GET")

    def do_POST(self):
        self.do_log("POST")

    def do_PUT(self):
        self.do_log("PUT")

    def do_DELETE(self):
        self.do_log("DELETE")

def run(address, port, server_class=HTTPServer, handler_class=S):
    logging.basicConfig(level=logging.INFO)
    server_address = (address, port)
    httpd = server_class(server_address, handler_class)
    logging.info('Starting httpd...\n')
    try:
        httpd.serve_forever()
    except KeyboardInterrupt:
        pass
    httpd.server_close()
    logging.info('Stopping httpd...\n')

if __name__ == '__main__':
    if len(sys.argv) != 3:
        print("Usage:\n" + sys.argv[0] + " [address] [port]")
        sys.exit(1)

    run(sys.argv[1], int(sys.argv[2]))

@mraslam0543
Copy link

I am trying to migrate the same code to AWS Lambda and need guidance, any help would be greatly appreciated.

@erikmd
Copy link

erikmd commented Feb 14, 2023

@mdonkers @amgodoi would you have an objection to set a FOSS license for your gist's code?

— to give more context, I'm assoc. professor in CS and if possible, I'd like to set a small assignment, reusing your PoC 😊

@amgodoi
Copy link

amgodoi commented Feb 14, 2023

no objection @erikmd

@mdonkers
Copy link
Author

@mdonkers @amgodoi would you have an objection to set a FOSS license for your gist's code?

— to give more context, I'm assoc. professor in CS and if possible, I'd like to set a small assignment, reusing your PoC blush

@erikmd I wonder to what extend such simple code is licensable in the first place. But no objections. Hereby granting you (and everyone else) all the freedom to do with the code however you like.

@erikmd
Copy link

erikmd commented Feb 15, 2023

OK thanks for your reply!

@HNJAMeindersma
Copy link

Awesome, thanks! Used in gist 36583dde8e0eb8e97e2cff2e7d9d2836

@Roboxkin
Copy link

Roboxkin commented Mar 2, 2024

port

What host and port are you trying to run it on?

@Roboxkin
Copy link

Roboxkin commented Mar 3, 2024

error when receiving the request result: headers responsible for the end of the data were not found

@maiphi
Copy link

maiphi commented Mar 7, 2024

Thank you! This can be easily extended to handle https requests by adding
httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True, keyfile="key.pem", certfile='cert.pem')
after line 36. However, ssl.wrap_socket() is deprecated. Does anyone know how to do this with SSLContext.wrap_socket()?

I tried with

context = ssl.create_default_context()
context.load_cert_chain(certfile='cert.pem', keyfile="key.pem")

but then context.wrap_socket(httpd.socket, server_side=True) complains about "check_hostname requires server_hostname". Adding a hostname, it complains that hostnames can only be used in client mode.

@kiranchavala
Copy link

@maiphi any luck in getting the https to work ?

@maiphi
Copy link

maiphi commented Apr 15, 2024

Seeing your question, I just looked into it again. This should do the job (note that I did only a very quick test):

context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain('cert.pem', 'key.pem')
httpd.socket = context.wrap_socket(httpd.socket, server_side=True)

Note that except for the deprecation warning the version using ssl.wrap_socket() works fine, too.

@djshaji
Copy link

djshaji commented Aug 25, 2024

wonderful! many, many, many thanks 👌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment