make lan server test only a few ports, add run time test grace period in service detection attack prevetion mechanism
This commit is contained in:
Kevin
parent
5751468e8a
commit
7205189d62
|
|
@ -3,6 +3,7 @@
|
|||
LAN transport server thread
|
||||
"""
|
||||
import ipaddress
|
||||
import time
|
||||
from threading import Thread
|
||||
|
||||
from gevent.pywsgi import WSGIServer
|
||||
|
|
@ -36,6 +37,7 @@ from utils.bettersleep import better_sleep
|
|||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
"""
|
||||
ports = range(1337, 1340)
|
||||
_start_time = time.time()
|
||||
|
||||
class LANServer:
|
||||
def __init__(self, shared_state):
|
||||
|
|
@ -50,7 +52,8 @@ class LANServer:
|
|||
@app.before_request
|
||||
def dns_rebinding_prevention():
|
||||
if request.remote_addr in lan_ips or ipaddress.ip_address(request.remote_addr).is_loopback:
|
||||
abort(403)
|
||||
if time.time() - _start_time < 600:
|
||||
abort(403)
|
||||
if request.host != f'{self.host}:{self.port}':
|
||||
logger.warn('Potential DNS rebinding attack on LAN server:')
|
||||
logger.warn(f'Hostname {request.host} was used instead of {self.host}:{self.port}')
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import logger
|
|||
|
||||
def test_lan_server(testmanager):
|
||||
start_time = get_epoch()
|
||||
for i in range(1024, 65536):
|
||||
for i in range(1337, 1340):
|
||||
try:
|
||||
if requests.get(f"http://{best_ip}:{i}/ping").text == 'onionr!':
|
||||
bl = insert('test data')
|
||||
|
|
|
|||
Loading…
Reference in New Issue