indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check for suspicious headers

merge-requests/30/head
Bob Mottram 2024-07-26 21:16:56 +01:00
parent ba07e86fec
commit b05968e9b7
3 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
daemon_get.py
View File

@ -78,6 +78,7 @@ from httprequests import request_http
from httpheaders import set_headers from httpheaders import set_headers
from httpheaders import logout_headers from httpheaders import logout_headers
from httpheaders import logout_redirect from httpheaders import logout_redirect
from httpheaders import contains_suspicious_headers
from httpcodes import http_200 from httpcodes import http_200
from httpcodes import http_402 from httpcodes import http_402
from httpcodes import http_403 from httpcodes import http_403
@ -262,6 +263,12 @@ def daemon_http_get(self) -> None:
http_402(self) http_402(self)
return return
# suspicious headers
if contains_suspicious_headers(self.headers):
print('GET HTTP suspicious headers ' + str(self.headers))
http_403(self)
return
if contains_invalid_chars(str(self.headers)): if contains_invalid_chars(str(self.headers)):
print('GET HTTP headers contain invalid characters ' + print('GET HTTP headers contain invalid characters ' +
str(self.headers)) str(self.headers))

7
daemon_post.py
View File

@ -35,6 +35,7 @@ from httpcodes import http_402
from httpcodes import http_403 from httpcodes import http_403
from httpcodes import http_404 from httpcodes import http_404
from httpcodes import http_503 from httpcodes import http_503
from httpheaders import contains_suspicious_headers
from httpheaders import update_headers_catalog from httpheaders import update_headers_catalog
from httpheaders import redirect_headers from httpheaders import redirect_headers
from daemon_utils import get_user_agent from daemon_utils import get_user_agent
@ -99,6 +100,12 @@ def daemon_http_post(self) -> None:
http_402(self) http_402(self)
return return
# suspicious headers
if contains_suspicious_headers(self.headers):
print('POST HTTP suspicious headers ' + str(self.headers))
http_403(self)
return
calling_domain = self.server.domain_full calling_domain = self.server.domain_full
if self.headers.get('Host'): if self.headers.get('Host'):
calling_domain = decoded_host(self.headers['Host']) calling_domain = decoded_host(self.headers['Host'])

15
httpheaders.py
View File

@ -219,10 +219,23 @@ def update_headers_catalog(base_dir: str, headers_catalog: {},
for fieldname, fieldvalue in headers.items(): for fieldname, fieldvalue in headers.items():
if fieldname in headers_catalog: if fieldname in headers_catalog:
continue continue
if fieldname == 'cookie' or fieldname == 'Cookie': if fieldname in ('cookie', 'Cookie'):
fieldvalue = "" fieldvalue = ""
headers_catalog[fieldname] = fieldvalue headers_catalog[fieldname] = fieldvalue
changed = True changed = True
if changed: if changed:
save_json(headers_catalog, headers_catalog_fieldname) save_json(headers_catalog, headers_catalog_fieldname)
def contains_suspicious_headers(headers: {}) -> bool:
"""returns true if the given headers contain something suspicious
"""
if 'Shellshock' in headers or \
'shellshock' in headers or \
'think-lang' in headers or \
'Think-lang' in headers:
return True
if '../../' in str(headers):
return True
return False