0xb00b5/firegex-traffic-viewer
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code refactoring + port-hijacking backend (need port-hijacking backend testing)+

Browse Source
This commit is contained in:
DomySh
2022-08-11 15:38:17 +00:00
parent e6b4ddd4a0
commit 4076400ec4
4 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/modules/porthijack/firewall.py
View File

@@ -1,7 +1,6 @@
from ast import Delete
import asyncio import asyncio
from typing import Dict from typing import Dict
from modules.porthijack.nftables import FiregexTables, FiregexFilter from modules.porthijack.nftables import FiregexTables
from modules.porthijack.models import Service from modules.porthijack.models import Service
from utils.sqlite import SQLite from utils.sqlite import SQLite

4
backend/modules/porthijack/nftables.py
View File

@@ -91,8 +91,8 @@ class FiregexTables(NFTableManager):
target=filter["chain"], target=filter["chain"],
id=int(filter["handle"]), id=int(filter["handle"]),
proto=filter["expr"][1]["match"]["left"]["payload"]["protocol"], proto=filter["expr"][1]["match"]["left"]["payload"]["protocol"],
public_port=filter["expr"][1]["match"]["right"] if filter["target"] == self.prerouting_porthijack else filter["expr"][2]["mangle"]["value"], public_port=filter["expr"][1]["match"]["right"] if filter["chain"] == self.prerouting_porthijack else filter["expr"][2]["mangle"]["value"],
proxy_port=filter["expr"][1]["match"]["right"] if filter["target"] == self.postrouting_porthijack else filter["expr"][2]["mangle"]["value"], proxy_port=filter["expr"][1]["match"]["right"] if filter["chain"] == self.postrouting_porthijack else filter["expr"][2]["mangle"]["value"],
ip_int=ip_int ip_int=ip_int
)) ))
return res return res

4
backend/routers/porthijack.py
View File

@@ -41,8 +41,8 @@ db = SQLite('db/port-hijacking.db', {
'services': { 'services': {
'service_id': 'VARCHAR(100) PRIMARY KEY', 'service_id': 'VARCHAR(100) PRIMARY KEY',
'active' : 'BOOLEAN NOT NULL CHECK (active IN (0, 1))', 'active' : 'BOOLEAN NOT NULL CHECK (active IN (0, 1))',
'public_port': 'INT NOT NULL CHECK(port > 0 and port < 65536)', 'public_port': 'INT NOT NULL CHECK(public_port > 0 and public_port < 65536)',
'proxy_port': 'INT NOT NULL CHECK(port > 0 and port < 65536)', 'proxy_port': 'INT NOT NULL CHECK(proxy_port > 0 and proxy_port < 65536)',
'name': 'VARCHAR(100) NOT NULL UNIQUE', 'name': 'VARCHAR(100) NOT NULL UNIQUE',
'proto': 'VARCHAR(3) NOT NULL CHECK (proto IN ("tcp", "udp"))', 'proto': 'VARCHAR(3) NOT NULL CHECK (proto IN ("tcp", "udp"))',
'ip_int': 'VARCHAR(100) NOT NULL', 'ip_int': 'VARCHAR(100) NOT NULL',

1
tests/px_test.py
View File

@@ -82,6 +82,7 @@ def checkRegex(regex, should_work=True, upper=False):
if not server.sendCheckData(secrets.token_bytes(200) + s + secrets.token_bytes(200)): if not server.sendCheckData(secrets.token_bytes(200) + s + secrets.token_bytes(200)):
puts(f"The malicious request was successfully blocked ✔", color=colors.green) puts(f"The malicious request was successfully blocked ✔", color=colors.green)
n_blocked += 1 n_blocked += 1
time.sleep(0.5)
if firegex.px_get_regex(r["id"])["n_packets"] == n_blocked: if firegex.px_get_regex(r["id"])["n_packets"] == n_blocked:
puts(f"The packed was reported as blocked ✔", color=colors.green) puts(f"The packed was reported as blocked ✔", color=colors.green)
else: else: