分类目录归档:开发

python urllib2.ProxyBasicAuthHandler Examples

urllib2.ProxyBasicAuthHandler用来挂载访问网页时的代理

Example 1

def build_opener(self):
        cookiejar = cookielib.FileCookieJar(cookiefile)
        cookie_handler = urllib2.HTTPCookieProcessor(cookiejar)
        redirect_handler = urllib2.HTTPRedirectHandler()
        #proxy_handler = urllib2.ProxyHandler()
        #proxy_auth_handker = urllib2.ProxyBasicAuthHandler()
        return urllib2.build_opener(cookie_handler, redirect_handler)

Example 2

def install_proxy():
    USE_PROXY=True
    import urllib2 
    global urlretrieve
    proxy_handler = urllib2.ProxyHandler({'http': 'http://proxy.cma-cgm.com:8080/'})
    proxy_auth_handler = urllib2.ProxyBasicAuthHandler()
    #proxy_auth_handler.add_password('realm', 'host', 'username', 'password')
    opener = urllib2.build_opener(proxy_handler, proxy_auth_handler)
    # This time, rather than install the OpenerDirector, we use it directly:
    urlretrieve=opener.open

Example 3

def get_urlopen():
    proxy_type = get_prefs('proxy_type')
    if proxy_type == 'http':
        scheme = 'http'
        host = str(get_prefs('proxy_host'))
        port = str(get_prefs('proxy_port'))
        url = scheme + '://' + host + ':' + port
        if get_prefs('proxy_auth'):
            proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url })
            username = str(get_prefs('proxy_auth_name'))
            password = str(get_prefs('proxy_auth_password'))
            auth_handler = urllib2.ProxyBasicAuthHandler()
            auth_handler.add_password(None, url, username, password)
            return urllib2.build_opener(proxy_support, auth_handler).open
        else:
            proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url })
            return urllib2.build_opener(proxy_support).open
    elif proxy_type == 'system':
        if 'http_proxy' in os.environ and os.environ["http_proxy"]:
            url = os.environ["http_proxy"]
        elif 'HTTP_PROXY' in os.environ and os.environ["HTTP_PROXY"]:
            url = os.environ["HTTP_PROXY"]
        else:
            url = None

        if not url:
            return urllib2.urlopen
        else:
            proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url })
            return urllib2.build_opener(proxy_support).open
    else:
        return urllib2.urlopen

Example 4

def get_urlopen():
    proxy_type = get_prefs('proxy_type');
    if proxy_type == 'http':
        scheme = 'http'
        host = str(get_prefs('proxy_host'))
        port = str(get_prefs('proxy_port'))
        url = scheme + '://' + host + ':' + port
        if get_prefs('proxy_auth'):
            proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url })
            username = str(get_prefs('proxy_auth_name'))
            password = str(get_prefs('proxy_auth_password'))
            auth_handler = urllib2.ProxyBasicAuthHandler()
            auth_handler.add_password(None, url, username, password)
            return urllib2.build_opener(proxy_support, auth_handler).open
        else:
            proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url })
            return urllib2.build_opener(proxy_support).open
    elif proxy_type == 'system':
        if 'http_proxy' in os.environ and os.environ["http_proxy"]:
            url = os.environ["http_proxy"]
        elif 'HTTP_PROXY' in os.environ and os.environ["HTTP_PROXY"]:
            url = os.environ["HTTP_PROXY"]
        else:
            url = None

        if not url:
            return urllib2.urlopen
        else:
            proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url })
            return urllib2.build_opener(proxy_support).open
    else:
        return urllib2.urlopen

Example 5

def _opener(self):

        build = [urllib2.HTTPHandler()]

        if self.request.redirect:
            build.append(urllib2.HTTPRedirectHandler())

        if self.request.proxy_host and self.request.proxy_port:
            build.append(urllib2.ProxyHandler(
                {self.request.proxy_protocol: self.request.proxy_host + ':' + str(self.request.proxy_port)}))

            if self.request.proxy_username:
                proxy_auth_handler = urllib2.ProxyBasicAuthHandler()
                proxy_auth_handler.add_password('realm', 'uri', self.request.proxy_username,
                                                self.request.proxy_password)
                build.append(proxy_auth_handler)

        if self.request.cookies:
            self.request.cookies = os.path.join(self._dirname, self.request.cookies)
            self.cookies = cookielib.MozillaCookieJar()
            if os.path.isfile(self.request.cookies):
                self.cookies.load(self.request.cookies)
            build.append(urllib2.HTTPCookieProcessor(self.cookies))

        urllib2.install_opener(urllib2.build_opener(*build))

Example 6

def setup_opener(self, url, timeout):
        """
        Sets up a urllib OpenerDirector to be used for requests. There is a
        fair amount of custom urllib code in Package Control, and part of it
        is to handle proxies and keep-alives. Creating an opener the way
        below is because the handlers have been customized to send the
        "Connection: Keep-Alive" header and hold onto connections so they
        can be re-used.

        :param url:
            The URL to download

        :param timeout:
            The int number of seconds to set the timeout to
        """

        if not self.opener:
            http_proxy = self.settings.get('http_proxy')
            https_proxy = self.settings.get('https_proxy')
            if http_proxy or https_proxy:
                proxies = {}
                if http_proxy:
                    proxies['http'] = http_proxy
                if https_proxy:
                    proxies['https'] = https_proxy
                proxy_handler = ProxyHandler(proxies)
            else:
                proxy_handler = ProxyHandler()

            password_manager = HTTPPasswordMgrWithDefaultRealm()
            proxy_username = self.settings.get('proxy_username')
            proxy_password = self.settings.get('proxy_password')
            if proxy_username and proxy_password:
                if http_proxy:
                    password_manager.add_password(None, http_proxy, proxy_username,
                        proxy_password)
                if https_proxy:
                    password_manager.add_password(None, https_proxy, proxy_username,
                        proxy_password)

            handlers = [proxy_handler]

            basic_auth_handler = ProxyBasicAuthHandler(password_manager)
            digest_auth_handler = ProxyDigestAuthHandler(password_manager)
            handlers.extend([digest_auth_handler, basic_auth_handler])

            debug = self.settings.get('debug')

            if debug:
                console_write(u"Urllib Debug Proxy", True)
                console_write(u"  http_proxy: %s" % http_proxy)
                console_write(u"  https_proxy: %s" % https_proxy)
                console_write(u"  proxy_username: %s" % proxy_username)
                console_write(u"  proxy_password: %s" % proxy_password)

            secure_url_match = re.match('^https://([^/]+)', url)
            if secure_url_match != None:
                secure_domain = secure_url_match.group(1)
                bundle_path = self.check_certs(secure_domain, timeout)
                bundle_path = bundle_path.encode(sys.getfilesystemencoding())
                handlers.append(ValidatingHTTPSHandler(ca_certs=bundle_path,
                    debug=debug, passwd=password_manager,
                    user_agent=self.settings.get('user_agent')))
            else:
                handlers.append(DebuggableHTTPHandler(debug=debug,
                    passwd=password_manager))
            self.opener = build_opener(*handlers)

 

Mirai Internet of Things IoT DDoS sets record 600+ GB/Sec and your refrigerator could have been one of the attackers!

What is the Internet of Things (IoT) ?

In today’s technological expansion everything seems to be connected to the Internet, for instance in my own home I have my refrigerator, thermostat, video cameras, tablets, cell phone, TV, xbox, DirecTV box, printer, security system, laptops, servers, workstations, Ethernet tap, a switch and a router all connected to the Internet! This is all collectively referred to as the Internet of Things, basically everything connected to the interwebs.A lot of devices that connect to the internet now are a combination of hardware and software (firmware) and are not commonly updated and patched as that requires typically flashing the firmware. New vulnerabilities are being discovered daily in these devices and being used in botnets to conduct massive Distributed Denial of Service attacks.

There is a new botnet being used to conduct IoT attacks and it is called Mirai and the source code has been leaded onto github here https://github.com/jgamblin/Mirai-Source-Code

Mirai functions by infecting IoT devices by trying to brute force their passwords.The tactic it uses to brute force passwords is entering commonly used and default passwords. Several things have been noted in Mirai.Such as the bots being written in C and the command & control being written in Go and the fact it contains a list of IPs for which to avoid activating its scans on.

 

继续阅读

代码审计工具列表

代码审计工具收集


Tool Language(s) Avail. CCR Finds or Checks for       as of
ABASH Bash free String expansion errors, option insertion errors, and other weaknesses that may lead to security vulnerabilities. Mar-12
ApexSec Security Console PL/SQL(Oracle Apex) Recx SQL Injection, Cross-Site Scripting, Access Control and Configuration issues within an Apex application Mar-10
Astrée C AbsInt undefined code constructs and run-time errors, e.g., out-of-bounds array indexing or arithmetic overflow. Jun-09
BOON C free integer range analysis determines if an array can be indexed outside its bounds Feb-05
bugScout Java, C#, Visual Basic, ASP, php buguroo multiple security failures, such as deprecated libraries errors, vulnerable functions, sensitive information within the source code comments, etc. Mar-12
C/C++test® C, C++ Parasoft defects such as memory leaks, buffer issues, security issues and arithmetic issues, plus SQL injection, cross-site scripting, exposure of sensitive data and other potential issues Dec-13
dotTEST™ C#, VB.NET, MC++
Jtest® Java
HP Code Advisor (cadvise) C, C++ HP many lint-like checks plus memory leak, potential null pointer dereference, tainted data for file paths, and many others Dec-13
Checkmarx CxSAST Java, JavaScript, PHP, C#, VB.NET, VB6, ASP.NET, C/C++, Apex, Ruby, Perl, Objective-C, Python, Groovy, HTML5, Swift, APEX, J2SE, J2EE Checkmarx All OWASP Top 10 and SANS 25 vulnerabilities and compliance with PCI-DSS, HIPAA, and MISRA requirements along with custom queries, all with a low rate of false-positives and easy to integrate throughout the SDLC. Mar-16
Clang Static Analyzer C, Objective-C free Resports dead stores, memory leaks, null pointer deref, and more. Uses source annotations like “nonnull”. Aug-10
Closure Compiler JavaScript free Removes dead code, checks syntax, variable references and types and warns about common JavaScript pitfalls. Feb-14
CodeCenter C ICS incorrect pointer values, illegal array indices, bad function arguments, type mismatches, and uninitialized variables Apr-11
CodePeer Ada AdaCore detects uninitialized data, pointer misuse, buffer overflow, numeric overflow, division by zero, dead code, concurrency faults (race conditions), unused variables, etc. Apr-10
CodeSecure ASP.NET, C#, PHP, Java, JSP, VB.NET, others Armorize Technologies XSS, SQL Injection, Command Injection, tainted data flow, etc. Aug-12
CodeSonar C and C++ GrammaTech null-pointer dereferences, divide-by-zeros, buffer over- and underruns Nov-12
Coverity SAVE™ C, C++, Java, C# Coverity flaws and security vulnerabilities – reduces false positives while minimizing the likelihood of false negatives. Apr-11
Cppcheck C, C++ free pointer to a variable that goes out of scope, bounds, classes (missing constructors, unused private functions, etc.), exception safety, memory leaks, invalid STL usage, overlapping data in sprintf, division by zero, null pointer dereference, unused struct member, passing parameter by value, etc. Aims for no false positives. Feb-10
CQual C free uses type qualifiers to perform a taint analysis, which detects format string vulnerabilities Feb-05
Csur C free cryptographic protocol-related vulnerabilities Apr-06
DoubleCheck C, C++ Green Hills Software like buffer overflows, resource leaks, invalid pointer references, and violations of … MISRA Jul-07
FindBugs Java, Groovy, Scala free Null pointer deferences, synchronization errors, vulnerabilities to malicious code, etc. It can be used to analyse any JVM languages. Sep-12
FindSecurityBugs Java, Groovy, Scala free Extends FindBugs with more security detectors (Command Injection, XPath Injection, SQL/HQL Injection, Cryptography weakness and many more). Jun-16
Flawfinder C/C++ free uses of risky functions, buffer overflow (strcpy()), format string ([v][f]printf()), race conditions (access(), chown(), and mktemp()), shell metacharacters (exec()), and poor random numbers (random()). 2005
Fluid Java call “analysis based verification” for attributes such as race conditions, thread policy, and object access with no false negatives Oct-05
Goanna Studio and Goanna Central C, C++ Red Lizard Software memory corruptions, resource leaks, buffer overruns, null pointer dereferences, C++ hazards, MISRA C 2012, … Mar-15
HP QAInspect C#, Visual Basic, JavaScript, VB Script Fortify application vulnerabilities Apr-11
Insight C, C++, Java, and C# Klocwork Buffer overflow, un-validated user input, SQL injection, path injection, file injection, cross-site scripting, information leakage, weak encryption and vulnerable coding practices, as well as quality, reliability and maintainability issues. May-11
Jlint Java free bugs, inconsistencies, and synchronization problems Aug-12
LAPSE Java free helps audit Java J2EE applications for common types of security vulnerabilities found in Web applications. Sep-06
ObjectCenter C/C++ ICS “run-time and static error detection … more than 250 types of errors, including more than 80 run-time errors … inter-module inconsistencies” Apr-11
Parfait C/C++ ? Oracle proprietary Apr-13
PLSQLScanner 2008 PLSQL Red-Database-Security SQL Injection, hardcoded passwords, Cross-site scripting (XSS), etc. Jun-08
PHP-Sat PHP free static analysis tool, XSS, etc. description Sep-06
Pixy PHP free static analysis tool, only detect XSS and SQL Injection. No home page? Jun-14
PMD Java free questionable constructs, dead code, duplicate code Feb-06
PolySpace Ada, C, C++ MathWorks run-time errors, unreachable code Sep-13
PREfix and PREfast C, C++ Microsoft proprietary Feb-06
pylint Python free Checks for errors and looks for bad code smells. Feb-14
QA-C, QA-C++, QA-J C, C++, Java Programming Research A suite of static analysis tools, with over 1400 messages. Detects a variety of problems from undefined language features to redundant or unreachable code. May-09
Qualitychecker VB6, Java, C# Qualitychecker static analysis tool Sep-07
Rational AppScan Source Edition C, C++, Java, JSP, ASP.NET, VB.NET, C# IBM (formerly Ounce Labs) coding errors, security vulnerabilities, design flaws, policy violations and offers remediation Aug-10
RATS (Rough Auditing Tool for Security) C, C++, Perl, PHP, Python free potential security risks Sep-13
Resource Standard Metrics(RSM) C, C++, C#, and Java M Squared Technologies Scan for 50 readability or portability problems or questionable constructs, e.g. different number of “new” and “delete” key words or an assignment operator (=) in a conditional (if). Apr-11
RIPS PHP free and RIPS Tech all types of injection vulnerabilities, including PHP-specific and second-order vulnerabilities May-16
Smatch C free simple scripts look for problems in simplified representation of code. primarily for Linux kernel code Apr-06
SCA ASP.NET, C, C++, C# and other .NET languages, COBOL, Java, JavaScript/AJAX, JSP, PHP, PL/SQL, Python, T-SQL, XML, and others Fortify Software security vulnerabilities, tainted data flow, etc. “more than 470 types of software security vulnerabilities” Aug-12
SPARK tool set SPARK (Ada subset) Altran ambiguous constructs, data- and information-flow errors, any property expressible in first-order logic (Examiner, Simplifier, and SPADE) Aug-06
SPARROW C/C++, Java, JSP, JavaScript, C#, ASP(.NET), Objective-C, PHP, VB.NET, VBScript, HTML, SQL, XML Fasoo OWASP Top 10, SANS 25, CWE, CERT vulnerabilities, MISRA, efficient and effective issue management based on machine learning technology Aug-16
Splint C free security vulnerabilities and coding mistakes. with annotations, it performs stronger checks 2005
TBmisra®, TBsecure® C, C++, Java, Ada, Assembler LDRA The TBsecure module for LDRA Testbed® comes with the Carnegie Mellon Software Engineering Institute (SEI) CERT C secure coding standard. TBsecure identifies concerns such as buffer overflow, out-of-bounds array access, dangling pointers, double-free, and dereferencing null pointer. Other modules handle High Intergrity C++, HIS, IPA/SEC C, JSF++ AV, MISRA C/C++, and Netrino C. 2013
UNO C free uninitialized variables, null-pointers, and out-of-bounds array indexing and “allows for the specification and checking of a broad range of user-defined properties”. aims for a very low false alarm rate. Oct-07
PVS-Studio C++ OOO “Program Verification Systems” (Co LTD) PVS-Studio is a static analyer that detects errors in source code of C/C++/C++0x applitations. There are 3 sets of rules included in PVS-Studio: (1) Diagnosis of 64-bit errors (Viva64) (2) Diagnosis of parallel errors (VivaMP) (3) General-purpose diagnosis Jan-10
xg++ C unk kernel and device driver vulnerabilities in Linux and OpenBSD through range checking, etc. Feb-05
Yasca Java, C/C++, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, etc. free a “glorified grep” and aggregator of other tools, including: FindBugs, PMD, JLint, JavaScript Lint, PHPLint, CppCheck, ClamAV, RATS, and Pixy. “It is designed to be very flexible and easy to extend. … writing a new rule is as easy as coming up with a regular expression” Mar-10
WAP PHP free Finds or checks for: SQL Injection (SQLI) / Cross-site scripting (XSS) / Remote File Inclusion (RFI) / Local File Inclusion (LFI) / Directory Traversal or Path Traversal (DT/PT) / Source Code Disclosure (SCD) / OS Command Injection (OSCI) / PHP Code Injection

如何学习逆向分析-老工程师的经验

一直想学习逆向分析,先攒点资料吧

摘自:http://www.freebuf.com/articles/system/119374.html


从事搬砖(逆向分析)这行也有好多年了,期间分析各种不同类型的样本,从最开始的window时代的鬼影第三代到第六代,蠕虫病毒,输入法,感染型,灰鸽子远程,熊猫烧香,游戏盗号,QQ盗号等样本,到后面Android时代的各种截持短信,流氓推广,弹广告,刷流量,刷ROM,以及后面手机端蠕虫,敲诈者,百脑虫,FakeDebugger,GhostPush,ios/mac上WireLurker,XcodeGhost,YiSpecter,ZergHelper,BackStab,KeyRaider,TinyV的等样本,以及现在linux上的一些恶意样本等,做为一名从业人员,有些是公司要求分析的,有些是自己觉得好玩下载分析的,我简单说说一些学习技巧与方法,需要的知识点,以及分析的大致流程。

(1)拿到一个样本,不管是什么,先弄清它是什么文件格式,这里就要求你要对不同的文件格式有所了解了:window(PE),linux(ELF),android(dex,ELF),ios/mac(mach-o)

(2)然后看样本有没有壳或加密,如果有壳就脱壳,有加密就看能不能解密

(3)脱完壳,解完密,后面就是动+静态分析了

动态调试:window(od,windbg),linux(gdb,edb),android(jeb,ida),ios/mac(lldb)

静态调试: ida,010Editor,readelf,objdump,string等

继续阅读

对 Mirai 病毒的初步分析——物联网安全形式严峻

前几天,半个美国的吃瓜群众纷纷表示上不了网了。经过各种调查,发现是一个代号为 Mirai(日语:未来)的病毒感染了物联网设备,形成了一个僵尸网络,最终这个超大型的僵尸网络向美国某 DNS 公司的服务器发起了 DDoS 攻击。Mirai 的 C 语言源码在网上很容易获取到,刚好我最近在上计算机病毒课,于是就下载下来研究了一下,顺便看一下以自己现在的能力可以理解到哪一步。

下载下来之后粗略看了一下,第一感觉就是作者的代码风格真的是超级好!不光代码格式很赞(虽说大括号放到了下一行),而且变量名、文件名都很有目的性,重要的地方都写了注释或者打了 log,因此分析起来还是相对比较简单的。


目录结构

Mirai 源码目录结构是这样的:

Mirai_Source_Code
├─loader           # 加载器
│  ├─bins          # 一部分二进制文件
│  └─src           # 加载器的源码
│      └─headers
└─mirai            # 病毒本体
    ├─bot          # 攻击、扫描器、域名解析等模块
    ├─cnc          # 使用 go 语言写的服务器程序
    └─tools        # 存活状态检测、加解密、下载文件等功能

继续阅读

Dnmap-分布式端口扫描

在执行安全事务时,利用端口扫描搜集信息是非常重要的。当我们试着将可接受的超时时间设置得较长时,扫描就要花费大量时间。

但是,如果我们需要扫描大量主机呢?或是说要扫描整个网络呢?这类情况下,我们需要找到一种方法能够将负载分发到多台主机上并行扫描。

幸运地是,这样的工具已经被开发出来了,它可以创建并管理一个主机集群,集群中的每台主机使用各自的带宽进行端口扫描。

DNmap介绍

2009年,Sebastian Garcia利用Python下的Twisted框架开发了DNmap。DNmap使用标准的客户端/服务端(C/S)架构创建分布式的Nmap扫描网 络。DNmap是Backtrack默认包含的工具之一,而且可以在任何装有Python的系统下轻松安装。

要注意的是,在安装并运行DNmap之前,要确保客户端能够运行任何发送给它们的Nmap命令。DNmap的设计导致它无法阻止服务器对客户端的滥用,因此你要确保能够信任你要链接的服务端。

继续阅读

PowerShell启动进程时隐藏窗口

方法一


 

在C#的System.Diagnostics.ProcessStartinfo类可以支持设置进程启动时隐藏窗口,今天再来分享一个使用WMI对象的的方法来隐藏启动程序的窗口。使用Win32_Process可以直接启动一个进程,但是缺少对这个进程的控制:比如让它隐藏自己的窗口。下面的的例子可以做到这一点:

function start-hiddenproc {
    [CmdletBinding()]
    param(
    [string]$processname = 'notepad.exe'
    )
 
    $startclass = Get-CimClass -ClassName Win32_ProcessStartup
    $startinfo = New-CimInstance -CimClass $startclass -Property @{ShowWindow = 0} -ClientOnly
 
    $class = Get-CimClass -ClassName Win32_Process
    Invoke-CimMethod -CimClass $class -MethodName Create -Arguments @{
    Commandline = $processname;
    ProcessStartupInformation = [CimInstance]$startinfo
    }
}

该函数将要执行的进程的路径作为参数,这也方便你在脚本中加入验证路径是否存在的逻辑。

继续阅读

PowerShell:函数、脚本、作用域

脚本所体现的是PowerShell的编程特性,是任务自动化的基础。函数是比脚本粒度更细的代码复用单元,可以定义在命令行中或者脚本中。作用域就是变量和函数的作用范围,是执行上下文的划分。

函数

函数就是命名的命令列表,与一般编程语言中的函数概念具有相同的范畴。函数中不但可以有简单命令,还可以有控制流程的命令,如if、while、switch等。函数可以有匿名参数或者命名参数列表。命令参数列表可以用大括号或者Param关键字定义。匿名函数可以使用$Args变量来访问。函数也可接收来自管道的对象作为输入,管道对象可以通过$input变量类访问。

在脚本中定义的函数,可以定义在#require命令和Param关键字之后的任何位置,但要定义在调用之前。还有,自定义的函数不会自动运行,需要被明确调用。可以使用filter或者function定义函数,用filter关键字定义的函数比较简单,而使用function关键字定义的函数可以有更加复杂的功能。

简单函数定义示例如下:

function SayHello
{
   "Hello"
}

函数调用方法与使用Cmdlet方法相似,输入SayHello,并回车。则结果为Hello。

继续阅读