analysis cve-2020-5902
import requests | |
from http.server import BaseHTTPRequestHandler, HTTPServer | |
from cgi import parse_header, parse_multipart | |
from urllib.parse import parse_qs | |
from socketserver import ThreadingMixIn | |
class ProxyHTTPRequestHandler(BaseHTTPRequestHandler): | |
protocol_version = 'HTTP/1.0' | |
proxies = {'http': 'http://192.168.92.1:8080', 'https': 'http://192.168.92.1:8080'} | |
def do_POST(self): | |
length = int(self.headers['content-length']) | |
postvars = self.rfile.read(length) | |
req_headers = self.parse_headers() | |
resp = requests.post("https://192.168.92.133:8443{}".format(self.path), data=postvars, | |
headers=req_headers, verify=False, proxies=self.proxies) | |
self.send_response(resp.status_code) | |
self.send_header('Content-Length', len(resp.content)) | |
self.end_headers() | |
self.wfile.write(resp.content) | |
def parse_headers(self): | |
req_header = {} | |
for line in self.headers: | |
line_parts = [o.strip() for o in line.split(':', 1)] | |
if len(line_parts) == 2: | |
req_header[line_parts[0]] = line_parts[1] | |
return req_header | |
class ThreadedHTTPServer(ThreadingMixIn, HTTPServer): | |
"""""" | |
if __name__ == '__main__': | |
server_address = ('127.0.0.1', 5000) | |
httpd = ThreadedHTTPServer(server_address, ProxyHTTPRequestHandler) | |
print('http server is running') | |
httpd.serve_forever() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment