Skip to content

Instantly share code, notes, and snippets.

@qkta

qkta/p.py Secret

Created Jul 12, 2020
Embed
What would you like to do?
analysis cve-2020-5902
import requests
from http.server import BaseHTTPRequestHandler, HTTPServer
from cgi import parse_header, parse_multipart
from urllib.parse import parse_qs
from socketserver import ThreadingMixIn
class ProxyHTTPRequestHandler(BaseHTTPRequestHandler):
protocol_version = 'HTTP/1.0'
proxies = {'http': 'http://192.168.92.1:8080', 'https': 'http://192.168.92.1:8080'}
def do_POST(self):
length = int(self.headers['content-length'])
postvars = self.rfile.read(length)
req_headers = self.parse_headers()
resp = requests.post("https://192.168.92.133:8443{}".format(self.path), data=postvars,
headers=req_headers, verify=False, proxies=self.proxies)
self.send_response(resp.status_code)
self.send_header('Content-Length', len(resp.content))
self.end_headers()
self.wfile.write(resp.content)
def parse_headers(self):
req_header = {}
for line in self.headers:
line_parts = [o.strip() for o in line.split(':', 1)]
if len(line_parts) == 2:
req_header[line_parts[0]] = line_parts[1]
return req_header
class ThreadedHTTPServer(ThreadingMixIn, HTTPServer):
""""""
if __name__ == '__main__':
server_address = ('127.0.0.1', 5000)
httpd = ThreadedHTTPServer(server_address, ProxyHTTPRequestHandler)
print('http server is running')
httpd.serve_forever()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment