STRLCPY/geneva

Merge pull request #36 from VwCSXg/improve-http-plugin
```
Fine-tuning http-plugin evaluation
```
Kevin Bock committed with GitHub 2 years ago

5551466e

2 parents
3c1c963c
4108f731

Total 1 files

■ ■ ■ ■ ■ ■

plugins/http/client.py

		skipped 2 lines
3	3		"""
4	4
5	5		import argparse
6		-	import logging
7	6		import os
8		-	import random
9	7		import socket
10		-	import sys
11		-	import time
12		-	import traceback
13	8		import urllib.request
14		-
15	9		import requests
16		-
17		-	socket.setdefaulttimeout(1)
18		-
19		-	import external_sites
20		-	import actions.utils
21	10
22	11		from plugins.plugin_client import ClientPlugin
23	12
	13	+	socket.setdefaulttimeout(1)
	14	+
24	15		BASEPATH = os.path.dirname(os.path.abspath(__file__))
25	16
26	17
		skipped 19 lines
46	37		parser = argparse.ArgumentParser(description='HTTP Client', prog="http/client.py")
47	38
48	39		parser.add_argument('--host-header', action='store', default="", help='specifies host header for HTTP request')
49		-	parser.add_argument('--injected-http-contains', action='store', default="", help='checks if injected http response contains string')
	40	+	parser.add_argument('--injected-http-contains', action='store',
	41	+	default="", help='checks if injected http response contains string')
	42	+	parser.add_argument('--valid-http-contains', action='store',
	43	+	default="", help='checks if http response contains the given string. '
	44	+	'if not, the connection is evaluated as broken')
50	45
51	46		args, _ = parser.parse_known_args(command)
52	47		args = vars(args)
		skipped 17 lines
70	65		# If we've been given a non-standard port, append that to the URL
71	66		port = args.get("port", 80)
72	67		if port != 80:
73		-	url += ":%s" % str(port)
	68	+	url += f":{str(port)}"
74	69
75	70		if args.get("bad_word"):
76		-	url += "?q=%s" % args.get("bad_word")
	71	+	url += f"?q={args.get('bad_word')}"
77	72
78		-	injected_http = args.get("injected_http_contains")
79	73		try:
80	74		res = requests.get(url, allow_redirects=False, timeout=3, headers=headers)
81	75		logger.debug(res.text)
82	76		# If we need to monitor for an injected response, check that here
83		-	if injected_http and injected_http in res.text:
	77	+	if args.get("injected_http_contains") and args.get("injected_http_contains") in res.text:
84	78		fitness -= 90
	79	+	elif args.get("valid_http_contains"):
	80	+	if args.get("valid_http_contains") in res.text:
	81	+	# valid response found
	82	+	fitness += 100
	83	+	else:
	84	+	fitness -= 120
	85	+	logger.debug("valid response needed, but not found -> connection broke\n")
85	86		else:
86	87		fitness += 100
87		-	except requests.exceptions.ConnectTimeout as exc:
	88	+	except requests.exceptions.ConnectTimeout:
88	89		logger.exception("Socket timeout.")
89	90		fitness -= 100
90		-	except (requests.exceptions.ConnectionError, ConnectionResetError) as exc:
	91	+	except (requests.exceptions.ConnectionError, ConnectionResetError):
91	92		logger.exception("Connection RST.")
92	93		fitness -= 90
93	94		except urllib.error.URLError as exc:
94	95		logger.debug(exc)
95		-	fitness += -101
	96	+	fitness -= 101
96	97		# Timeouts generally mean the strategy killed the TCP stream.
97	98		# HTTPError usually mean the request was destroyed.
98	99		# Punish this more harshly than getting caught by the censor.
99	100		except (requests.exceptions.Timeout, requests.exceptions.HTTPError) as exc:
100	101		logger.debug(exc)
101		-	fitness += -120
	102	+	fitness -= 120
102	103		except Exception:
103	104		logger.exception("Exception caught in HTTP test to site %s.", url)
104		-	fitness += -100
	105	+	fitness -= 100
105	106		return fitness * 4
106	107

Merge pull request #36 from VwCSXg/improve-http-plugin