-
-
Save qkta/1aa70a1e51b414354d8ab4c231d8147f to your computer and use it in GitHub Desktop.
analysis cve-2020-5902
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
from http.server import BaseHTTPRequestHandler, HTTPServer | |
from cgi import parse_header, parse_multipart | |
from urllib.parse import parse_qs | |
from socketserver import ThreadingMixIn | |
class ProxyHTTPRequestHandler(BaseHTTPRequestHandler): | |
protocol_version = 'HTTP/1.0' | |
proxies = {'http': 'http://192.168.92.1:8080', 'https': 'http://192.168.92.1:8080'} | |
def do_POST(self): | |
length = int(self.headers['content-length']) | |
postvars = self.rfile.read(length) | |
req_headers = self.parse_headers() | |
resp = requests.post("https://192.168.92.133:8443{}".format(self.path), data=postvars, | |
headers=req_headers, verify=False, proxies=self.proxies) | |
self.send_response(resp.status_code) | |
self.send_header('Content-Length', len(resp.content)) | |
self.end_headers() | |
self.wfile.write(resp.content) | |
def parse_headers(self): | |
req_header = {} | |
for line in self.headers: | |
line_parts = [o.strip() for o in line.split(':', 1)] | |
if len(line_parts) == 2: | |
req_header[line_parts[0]] = line_parts[1] | |
return req_header | |
class ThreadedHTTPServer(ThreadingMixIn, HTTPServer): | |
"""""" | |
if __name__ == '__main__': | |
server_address = ('127.0.0.1', 5000) | |
httpd = ThreadedHTTPServer(server_address, ProxyHTTPRequestHandler) | |
print('http server is running') | |
httpd.serve_forever() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment