make lan server test only a few ports, add run time test grace period in service detection attack prevetion mechanism
This commit is contained in:
parent
5751468e8a
commit
7205189d62
@ -3,6 +3,7 @@
|
|||||||
LAN transport server thread
|
LAN transport server thread
|
||||||
"""
|
"""
|
||||||
import ipaddress
|
import ipaddress
|
||||||
|
import time
|
||||||
from threading import Thread
|
from threading import Thread
|
||||||
|
|
||||||
from gevent.pywsgi import WSGIServer
|
from gevent.pywsgi import WSGIServer
|
||||||
@ -36,6 +37,7 @@ from utils.bettersleep import better_sleep
|
|||||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
"""
|
"""
|
||||||
ports = range(1337, 1340)
|
ports = range(1337, 1340)
|
||||||
|
_start_time = time.time()
|
||||||
|
|
||||||
class LANServer:
|
class LANServer:
|
||||||
def __init__(self, shared_state):
|
def __init__(self, shared_state):
|
||||||
@ -50,7 +52,8 @@ class LANServer:
|
|||||||
@app.before_request
|
@app.before_request
|
||||||
def dns_rebinding_prevention():
|
def dns_rebinding_prevention():
|
||||||
if request.remote_addr in lan_ips or ipaddress.ip_address(request.remote_addr).is_loopback:
|
if request.remote_addr in lan_ips or ipaddress.ip_address(request.remote_addr).is_loopback:
|
||||||
abort(403)
|
if time.time() - _start_time < 600:
|
||||||
|
abort(403)
|
||||||
if request.host != f'{self.host}:{self.port}':
|
if request.host != f'{self.host}:{self.port}':
|
||||||
logger.warn('Potential DNS rebinding attack on LAN server:')
|
logger.warn('Potential DNS rebinding attack on LAN server:')
|
||||||
logger.warn(f'Hostname {request.host} was used instead of {self.host}:{self.port}')
|
logger.warn(f'Hostname {request.host} was used instead of {self.host}:{self.port}')
|
||||||
|
@ -10,7 +10,7 @@ import logger
|
|||||||
|
|
||||||
def test_lan_server(testmanager):
|
def test_lan_server(testmanager):
|
||||||
start_time = get_epoch()
|
start_time = get_epoch()
|
||||||
for i in range(1024, 65536):
|
for i in range(1337, 1340):
|
||||||
try:
|
try:
|
||||||
if requests.get(f"http://{best_ip}:{i}/ping").text == 'onionr!':
|
if requests.get(f"http://{best_ip}:{i}/ping").text == 'onionr!':
|
||||||
bl = insert('test data')
|
bl = insert('test data')
|
||||||
|
Loading…
Reference in New Issue
Block a user