Gebruik url's in de vorm proxy.piratenpartij.nl/<site> ipv <site>.pro…

…xy.piratenpartij.nl . Dit omzeilt problemen met ssl certificaat hostnames + het gaat 'lekken' van info over bezochte sites naar ISP DNS-servers tegen.
Piratenpartij · Mar 23, 2014 · 9468aa3 · 9468aa3
1 parent d74dafd
commit 9468aa3
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 64 deletions.
diff --git a/pirateproxy-0.4/CSSPage.py b/pirateproxy-0.4/CSSPage.py
@@ -6,21 +6,22 @@
 class CSSPage:
 	BLKSIZE=65536
 
-	def __init__(self, config, ssl, reader, writer):
+	def __init__(self, config, ssl, reader, writer, remote_host):
 		self.config = config
 		self.ssl = ssl
 		self.reader = reader
 		self.writer = writer
 		self.input_buffer = ''
 		self.output_buffer = ''
+		self.remote_host = remote_host
 
 	def rewrite_re(self, m):
 		part1 = m.group(1) or ''
 		scheme = m.group(6) or ''
 		url = m.group(7) or ''
 		closer = m.group(9) or ''
 
-		return part1 + Util.rewrite_URL(scheme+"//"+url, self.config, self.ssl) + closer
+		return part1 + Util.rewrite_URL(scheme+"//"+url, self.config, self.ssl, self.remote_host) + closer
 
 	def rewrite(self):
 		pattern = r"(((background(-image)?\s*:)|@import)\s*(url)?\s*[('\"]+\s*)(https?:)?//([^\"')]+)(:\d+)?([)'\"]+)"

diff --git a/pirateproxy-0.4/JSPage.py b/pirateproxy-0.4/JSPage.py
@@ -10,7 +10,7 @@
 re_url = re.compile(r"(https?:\\?/\\?/)?([a-zA-Z0-9\-\.]+\.(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CW|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SX|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XN--0ZWM56D|XN--11B5BS3A9AJ6G|XN--3E0B707E|XN--45BRJ9C|XN--80AKHBYKNJ4F|XN--80AO21A|XN--90A3AC|XN--9T4B11YI5A|XN--CLCHC0EA0B2G2A9GCD|XN--DEBA0AD|XN--FIQS8S|XN--FIQZ9S|XN--FPCRJ9C3D|XN--FZC2C9E2C|XN--G6W251D|XN--GECRJ9C|XN--H2BRJ9C|XN--HGBK6AJ7F53BBA|XN--HLCJ6AYA9ESC7A|XN--J6W193G|XN--JXALPDLP|XN--KGBECHTV|XN--KPRW13D|XN--KPRY57D|XN--LGBBAT1AD8J|XN--MGBAAM7A8H|XN--MGBAYH7GPA|XN--MGBBH1A71E|XN--MGBC0A9AZCG|XN--MGBERP4A5D4AR|XN--O3CW4H|XN--OGBPF8FL|XN--P1AI|XN--PGBS0DH|XN--S9BRJ9C|XN--WGBH1C|XN--WGBL6A|XN--XKC2AL3HYE2A|XN--XKC2DL3A5EE0H|XN--YFRO4I67O|XN--YGBI2AMMX|XN--ZCKZAH|XXX|YE|YT|ZA|ZM|ZW))(?![a-zA-Z0-9\-\.])(:\d+)?", re.I)
 
 class JSPage(object):
-	def __init__(self, config, ssl, reader, writer):
+	def __init__(self, config, ssl, reader, writer, remote_host):
 		self.config = config
 		self.ssl = ssl
 		self.reader = reader
@@ -20,6 +20,7 @@ def __init__(self, config, ssl, reader, writer):
 		self.input_pos = 0
 		self.eof = False
 		self.output_size = 0
+		self.remote_host = remote_host
 
 	# Read a block of data into the input buffer. Discard any data
 	# in the input buffer that has already been processed.

diff --git a/pirateproxy-0.4/Page.py b/pirateproxy-0.4/Page.py
@@ -18,7 +18,7 @@ class Page(HtmlParser):
 	simple_attriburl_regex = re.compile(r"((https?:)//[^ \r\n<]+)", re.I|re.M|re.S)
 	counter = 0
 
-	def __init__(self, config, ssl, reader, writer):
+	def __init__(self, config, ssl, reader, writer, remote_host):
 		HtmlParser.__init__(self)
 		self.config = config
 		self.ssl = ssl
@@ -28,6 +28,7 @@ def __init__(self, config, ssl, reader, writer):
 		self.output_buffer = ''
 		self.state = -1
 		self.tags_and_attribs = self.create_tabs_and_attribs()
+		self.remote_host = remote_host
 
 	# Based on a list of tuples, create a hash-table with tagnames plus
 	# attrib names as keys
@@ -41,7 +42,7 @@ def create_tabs_and_attribs(self):
 
 	# Rewrite a matched URL attribute value snippet
 	def rewrite_url(self, m):
-		return Util.rewrite_URL(m.group(0), self.config, self.ssl)
+		return Util.rewrite_URL(m.group(0), self.config, self.ssl, self.remote_host)
 
 	def rewrite(self):
 		while True:
@@ -74,9 +75,9 @@ def handle_tag(self):
 		# or CSS data anymore. This is all handled in the JSPage and
 		# CSSPage classes.
 		if self.tag() == 'script':
-			p = JSPage(self.config, self.ssl, self.parsing_reader, self.buffered_writer)
+			p = JSPage(self.config, self.ssl, self.parsing_reader, self.buffered_writer, self.remote_host)
 		elif self.tag() == 'style':
-			p = CSSPage(self.config, self.ssl, self.parsing_reader, self.buffered_writer)
+			p = CSSPage(self.config, self.ssl, self.parsing_reader, self.buffered_writer, self.remote_host)
 		p.rewrite()
 
 
@@ -136,7 +137,7 @@ def handle_attribute(self):
 			# this by using StringIO on the already read value
 			f = StringIO(self.input_buffer[:pos])
 			outf = StringIO()
-			p = CSSPage(self.config, self.ssl, f.read, outf.write)
+			p = CSSPage(self.config, self.ssl, f.read, outf.write, self.remote_host)
 			p.rewrite()
 			outf.seek(0)
 			self.output_buffer += outf.read()
@@ -148,7 +149,7 @@ def handle_attribute(self):
 			# this by using StringIO on the already read value
 			f = StringIO(self.input_buffer[:pos])
 			outf = StringIO()
-			p = JSPage(self.config, self.ssl, f.read, outf.write)
+			p = JSPage(self.config, self.ssl, f.read, outf.write, self.remote_host)
 			p.rewrite()
 			outf.seek(0)
 			self.output_buffer += outf.read() + self.input_buffer[pos]
@@ -163,7 +164,7 @@ def handle_attribute(self):
 			return
 
 		# Other URL-containing attributes
-		val = Util.rewrite_URL(self.input_buffer[:pos], self.config, self.ssl)
+		val = Util.rewrite_URL(self.input_buffer[:pos], self.config, self.ssl, self.remote_host)
 		self.output_buffer += val
 		self.write_output(False)
 		self.input_buffer = self.input_buffer[pos:]

diff --git a/pirateproxy-0.4/Proxy.py b/pirateproxy-0.4/Proxy.py
@@ -65,7 +65,7 @@ def handle_redirect(self, resp):
 		if resp.status >= 300 and resp.status <= 400:
 			location = resp.getheader('location', None)
 			if location:
-				location = Util.rewrite_URL(location, self.server.config, self.is_ssl())
+				location = Util.rewrite_URL(location, self.server.config, self.is_ssl(), self.remote_host)
 			resp.newlocation = location
 		else:
 			resp.newlocation = None
@@ -112,18 +112,12 @@ def do_GETPOST(self, post):
 		if client and self.server.config.use_forwarded_for:
 			client = client.split(',')[-1].strip()
 			self.client_address = (client, self.client_address[1])
-
-		host = self.headers.getheader('host') or ''
-		if host:
-			p = host.find("."+self.server.config.hostname)
-			if p != -1:
-				self.remote_host = host[:p]
-			else:
-				self.remote_host = host
-
-		self.server.reqs[threading.currentThread().name] = (self.remote_host, self.path)
 		if self.handle_own() or self.handle_robot_block():
 			return
+		self.remote_host = self.path.split('/')[1]
+		self.path = '/' + '/'.join(self.path.split('/')[2:])
+		self.server.reqs[threading.currentThread().name] = (self.remote_host, self.path)
+
 
 		# Redirect blocked hostnames and IP addresses to block target
 		if self.is_blocked(self.remote_host):
@@ -214,7 +208,6 @@ def do_GETPOST(self, post):
 			self.handle_redirect(resp)
 
 			content_type = resp.msg.gettype()
-
 			if content_type in ["text/html"]:
 				self.handle_rewritable(resp, Page)
 			elif content_type in ["application/xhtml+xml", "application/xml", "application/xhtml" ]:
@@ -257,11 +250,12 @@ def rewrite_cookie(self, cookie):
 
 			for cookiename in c:
 				domain = c[cookiename].get('domain')
-				if domain:
-					# Need to strip as sometimes at least ',' is retained
-					domain = domain.strip(' \t\r\n,;')
-					domain = domain + "." + self.server.config.hostname
-					c[cookiename]['domain'] = domain
+				# Need to strip as sometimes at least ',' is retained
+				domain = domain.strip(' \t\r\n,;')
+				#domain = domain + "." + self.server.config.hostname
+				c[cookiename]['path'] = '/' + self.remote_host
+				domain = self.server.config.hostname
+				c[cookiename]['domain'] = domain
 			cookie = c.output()
 		except Exception, e:
 			self.my_log_error(traceback.format_exc())
@@ -282,7 +276,6 @@ def handle_rewritable(self, resp, rewriter_class):
 		else:
 			self.gzip_from_server = False
 
-
 		self.my_log_request(resp.status, self.content_length)
 
 		# Write the response headers
@@ -313,7 +306,7 @@ def handle_rewritable(self, resp, rewriter_class):
 		# are given to the Page, JSPage or CSSPage instance to read blocks
 		# of data from the server response and write blocks of data to the
 		# client. Gzip-handling is done in the reader/writer.
-		p = rewriter_class(self.server.config, self.is_ssl(), self.reader, self.writer)
+		p = rewriter_class(self.server.config, self.is_ssl(), self.reader, self.writer, self.remote_host)
 		p.rewrite()
 
 
@@ -479,26 +472,13 @@ def handle_robot_block(self):
 	# hostnames or non-existing host-header. Returns true if request was 
 	# handled here.
 	def handle_own(self):
-		host = self.headers.getheader('host')
-
-		if host:
-			a = host.rfind(":")
-			if a != -1 and len(host) > a:
-				if host[a+1:].isdigit():
-					host = host[:a]
-		else:
-			host = ''
-
-		if host.endswith(self.server.config.hostname) and host != self.server.config.hostname:
+		if self.path != '/' and self.path != '/index.html' and self.path != '/images/piratenpartijproxybanner.jpg' and self.path != '/favicon.ico':
 			return False
-
-		# This is for us, so handle it
 		try:
 			if os.path.isdir(self.server.config.files_location+"/"+self.path):
 				self.path += '/index.html'
 		except Exception, e:
 			pass
-
 		if self.path.find('..') != -1:
 			self.my_log_request(403, 0)
 			self.send_error(403)

diff --git a/pirateproxy-0.4/Util.py b/pirateproxy-0.4/Util.py
@@ -2,7 +2,6 @@
 import urlparse
 import traceback
 
-
 # Strip the proxy hostname part of the passed URL
 def rewrite_URL_strip(url, config):
 	try:
@@ -23,7 +22,7 @@ def rewrite_URL_strip(url, config):
 # Rewrite the URL and add the proxy's HTTP or HTTPS ports when necessary.
 # For absolute URLs without scheme, use the same scheme as used to access
 # the proxy (using the 'ssl' flag)
-def rewrite_URL(url, config, ssl):
+def rewrite_URL(url, config, ssl, remote_host):
 	try: 
 		# Strip our own hostname for the rewrites to work
 		url = rewrite_URL_strip(url,config)
@@ -54,26 +53,26 @@ def rewrite_URL(url, config, ssl):
 				return url
 
 		# Handle absolute HTTP or HTTPS URL
-		if res[1] and (res[0] == '' or res[0] == 'http' or res[0] == 'https'): 
-			newres = [ item for item in res ] 
-			host = res[1].split(":")[0]
+		newres = [ item for item in res ] 
+		host = res[1].split(":")[0]
 
-			# No scheme, use the scheme used to access proxy
-			if res[0] == '': # res[0] == scheme
-				if ssl:
-					newres[0]='https'
-				else:
-					newres[0]='http'
+		# No scheme, use the scheme used to access proxy
+		if res[0] == '': # res[0] == scheme
+			if ssl:
+				newres[0]='https'
+			else:
+				newres[0]='http'
 
-			# Add port of proxy
-			if newres[0] == 'http':
-				port = config.http_port
-			elif newres[0] == 'https':
-				port = config.https_port
-
-			newres[1] = host + "." + config.hostname + ":" + str(port)
-			url = urlparse.urlunsplit(newres) 
+		# Add port of proxy
+		if newres[0] == 'http':
+			port = config.http_port
+		elif newres[0] == 'https':
+			port = config.https_port
+		newres[1] = config.hostname + ":" + str(port)
+		if host == '':
+			host = remote_host
+		newres[2] = host + newres[2]
+		url = urlparse.urlunsplit(newres) 
 	except Exception, e: 
 		pass
-
 	return url
diff --git a/pirateproxy-0.4/html/index.html b/pirateproxy-0.4/html/index.html
@@ -38,7 +38,7 @@
 </style>
 	<script type="text/javascript">
 		function doclick() {
-			document.location="http://"+document.getElementById('url').value+".proxy.piratenpartij.nl";
+			document.location="http://proxy.piratenpartij.nl/"+document.getElementById('url').value;
 		}
 	</script>
 </head>