Documentation ¶
Index ¶
- Variables
- func Auth(r *http.Request) (AuthToken string, ok bool)
- func DNSRebindFromQueryFirstThenSecond(session string, dcss *DNSClientStateStore, q dns.Question) []string
- func DNSRebindFromQueryMultiA(session string, dcss *DNSClientStateStore, q dns.Question) []string
- func DNSRebindFromQueryRandom(session string, dcss *DNSClientStateStore, q dns.Question) []string
- func DNSRebindFromQueryRoundRobin(session string, dcss *DNSClientStateStore, q dns.Question) []string
- func GenerateRandomString() (string, error)
- func MakeRebindDNSHandler(appConfig *AppConfig, dcss *DNSClientStateStore) dns.HandlerFunc
- func NewHTTPProxyServer(port int, dcss *DNSClientStateStore, wscss *WebsocketClientStateStore, ...) *http.Server
- func NewHTTPServer(port int, hss *HTTPServerStoreHandler, dcss *DNSClientStateStore, ...) *http.Server
- func StartHTTPProxyServer(s *http.Server) error
- func StartHTTPServer(s *http.Server, hss *HTTPServerStoreHandler, dynamic bool, tproxy bool) error
- func StopHTTPServer(s *http.Server, hss *HTTPServerStoreHandler)
- type AppConfig
- type AuthHandler
- type DNSClientState
- type DNSClientStateStore
- type DNSQuery
- type DefaultHeadersHandler
- type DelayDOMLoadHandler
- type HTTPClientInfoHandler
- type HTTPServerError
- type HTTPServerStoreHandler
- type HTTPServersConfig
- type IPTablesHandler
- type IPTablesRule
- type LoginHandler
- type PayloadTemplateHandler
- type ProxyHandler
- type ProxytoWebsocketTransport
- type WSCall
- type WSClient
- type WebsocketClientState
- type WebsocketClientStateStore
- type WebsocketHandler
Constants ¶
This section is empty.
Variables ¶
var DNSRebindingStrategy = map[string]func(session string, dcss *DNSClientStateStore, q dns.Question) []string{ "rr": DNSRebindFromQueryRoundRobin, "fs": DNSRebindFromQueryFirstThenSecond, "rd": DNSRebindFromQueryRandom, "ma": DNSRebindFromQueryMultiA, }
DNSRebindingStrategy maps a DNS Rebinding strategy name to a function
Functions ¶
func DNSRebindFromQueryFirstThenSecond ¶
func DNSRebindFromQueryFirstThenSecond(session string, dcss *DNSClientStateStore, q dns.Question) []string
DNSRebindFromQueryFirstThenSecond is a response handler to DNS queries It extracts the hosts in the DNS query string It first returns the first host once in the DNS query string then the second host in all subsequent queries for a period of time timeout.
func DNSRebindFromQueryMultiA ¶
func DNSRebindFromQueryMultiA(session string, dcss *DNSClientStateStore, q dns.Question) []string
DNSRebindFromQueryMultiA s a response handler to DNS queries It extracts the two hosts in the DNS query string then returns the extracted hosts as multiple DNS A records
func DNSRebindFromQueryRandom ¶
func DNSRebindFromQueryRandom(session string, dcss *DNSClientStateStore, q dns.Question) []string
DNSRebindFromQueryRandom is a response handler to DNS queries It extracts the two hosts in the DNS query string then returns either extracted hosts randomly
func DNSRebindFromQueryRoundRobin ¶
func DNSRebindFromQueryRoundRobin(session string, dcss *DNSClientStateStore, q dns.Question) []string
DNSRebindFromQueryRoundRobin is a response handler to DNS queries It extracts the two hosts in the DNS query string then returns the extracted hosts in a round robin fashion
func GenerateRandomString ¶
GenerateRandomString returns a secure random hexstring, 20 chars long
func MakeRebindDNSHandler ¶
func MakeRebindDNSHandler(appConfig *AppConfig, dcss *DNSClientStateStore) dns.HandlerFunc
MakeRebindDNSHandler generates a DNS request handler based on app settings. This is the core DNS queries handling loop
func NewHTTPProxyServer ¶
func NewHTTPProxyServer(port int, dcss *DNSClientStateStore, wscss *WebsocketClientStateStore, hss *HTTPServerStoreHandler) *http.Server
NewHTTPProxyServer starts a new HTTP proxy server
func NewHTTPServer ¶
func NewHTTPServer(port int, hss *HTTPServerStoreHandler, dcss *DNSClientStateStore, wscss *WebsocketClientStateStore) *http.Server
NewHTTPServer configures a HTTP server
func StartHTTPProxyServer ¶
StartHTTPProxyServer starts an HTTP reverse proxy server to target clients
func StartHTTPServer ¶
StartHTTPServer starts an HTTP server and adds it to dynamic (if dynamic is true) or static HTTP Store
func StopHTTPServer ¶
func StopHTTPServer(s *http.Server, hss *HTTPServerStoreHandler)
StopHTTPServer stops an HTTP server
Types ¶
type AppConfig ¶
type AppConfig struct { HTTPServerPorts []int ResponseIPAddr string ResponseReboundIPAddr string RebindingFn func(session string, dcss *DNSClientStateStore, q dns.Question) []string RebindingFnName string ResponseReboundIPAddrtimeOut int AllowDynamicHTTPServers bool DNSServerBindAddr string WsHTTPProxyServerPort int EnableLinuxTProxySupport bool }
AppConfig stores running parameter of singularity server.
type AuthHandler ¶
AuthHandler is an HTTP header token authentication handler
func (*AuthHandler) ServeHTTP ¶
func (ah *AuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type DNSClientState ¶
type DNSClientState struct { FirstQueryTime time.Time LastQueryTime time.Time CurrentQueryTime time.Time ResponseIPAddr string ResponseReboundIPAddr string LastResponseReboundIPAddr int ResponseReboundIPAddrtimeOut int FirewalledOnce bool }
DNSClientState holds the current rebinding state of client.
type DNSClientStateStore ¶
type DNSClientStateStore struct { sync.RWMutex Sessions map[string]*DNSClientState }
DNSClientStateStore stores DNS sessions It permits to respond to multiple clients based on their current DNS rebinding state. Must use RO or RW mutex to access.
func (*DNSClientStateStore) ExpireOldEntries ¶
func (dcss *DNSClientStateStore) ExpireOldEntries(duration time.Duration)
ExpireOldEntries expire DNS Client Sessions that existed longer than duration Old entries are expire at a provided interval Someone could possibly fill memory before old entries are expired
type DNSQuery ¶
type DNSQuery struct { ResponseIPAddr string ResponseReboundIPAddr string Session string DNSRebindingStrategy string Domain string }
DNSQuery is a convenience structure to hold the parsed DNS query of a client.
func NewDNSQuery ¶
NewDNSQuery parses DNS query string and returns a DNSQuery structure. "-" is used a field delimitor in query string if target contains a CNAME instead of an IP address and if CNAME includes any "-", then each of these "-" must be escaped with another "-"
type DefaultHeadersHandler ¶
DefaultHeadersHandler is a HTTP handler that adds default headers to responses for all routes
func (*DefaultHeadersHandler) ServeHTTP ¶
func (d *DefaultHeadersHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type DelayDOMLoadHandler ¶
type DelayDOMLoadHandler struct{}
DelayDOMLoadHandler is a HTTP handler that forces browsers to wait for more data thus delaying DOM load event.
func (*DelayDOMLoadHandler) ServeHTTP ¶
func (h *DelayDOMLoadHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type HTTPClientInfoHandler ¶
HTTPClientInfoHandler is a HTTP handler to provide HTTP client information including IP address to HTTP cllients
func (*HTTPClientInfoHandler) ServeHTTP ¶
func (hcih *HTTPClientInfoHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
HTTP Handler for "/clientinfo"
type HTTPServerError ¶
HTTPServerError is used to report issues with an HTTP instance when started or closed
type HTTPServerStoreHandler ¶
type HTTPServerStoreHandler struct { Errc chan HTTPServerError // communicates http server errors AllowDynamicHTTPServers bool sync.RWMutex DynamicServers []*http.Server StaticServers []*http.Server Dcss *DNSClientStateStore Wscss *WebsocketClientStateStore WsHTTPProxyServerPort int AuthToken string }
HTTPServerStoreHandler holds the list of HTTP servers Many servers at startup and one (1) dynamically instantianted server Access to the servers list must be performed via mutex
func (*HTTPServerStoreHandler) ServeHTTP ¶
func (hss *HTTPServerStoreHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
HTTP Handler for /servers
type HTTPServersConfig ¶
type HTTPServersConfig struct { ServerInformation []httpServerInfo AllowDynamicHTTPServers bool }
HTTPServersConfig is a stucture that is returned to JS client to inform about Singularity HTTP ports and whether dynamic HTTP server allocation is allowed
type IPTablesHandler ¶
type IPTablesHandler struct { }
IPTablesHandler is a HTTP handler that adds/removes iptables rules if the DNS rebinding strategy is to respond with multiple A records.
func (*IPTablesHandler) ServeHTTP ¶
func (ipt *IPTablesHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type IPTablesRule ¶
type IPTablesRule struct {
// contains filtered or unexported fields
}
IPTablesRule is a struct representing a linux iptable firewall rule
func NewIPTableRule ¶
func NewIPTableRule(srcAddr string, srcPort string, dstAddr string, dstPort string) *IPTablesRule
NewIPTableRule populate an iptables rule
func (*IPTablesRule) AddRule ¶
func (ipt *IPTablesRule) AddRule()
AddRule adds an iptables rule in Linux iptable
func (*IPTablesRule) RemoveRule ¶
func (ipt *IPTablesRule) RemoveRule()
RemoveRule removes an iptables rule in Linux iptable
type LoginHandler ¶
type LoginHandler struct {
AuthToken string
}
LoginHandler is an HTTP login handler for proxy functions
func (*LoginHandler) ServeHTTP ¶
func (lh *LoginHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PayloadTemplateHandler ¶
type PayloadTemplateHandler struct { }
PayloadTemplateHandler is a HTTP handler to deliver payloads to HTTP clients
func (*PayloadTemplateHandler) ServeHTTP ¶
func (pth *PayloadTemplateHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
HTTP Handler for "/soopayload"
type ProxyHandler ¶
type ProxyHandler struct { Wscss *WebsocketClientStateStore Dcss *DNSClientStateStore }
ProxyHandler is an HTTP proxy for an attacker to interact with hijacked JavaScript Clients
func (*ProxyHandler) ServeHTTP ¶
func (p *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type ProxytoWebsocketTransport ¶
type ProxytoWebsocketTransport struct {
WSClient *WSClient
}
ProxytoWebsocketTransport is a custom transport to bridge Singularity reverse proxy and target via websockets
type WSClient ¶
type WSClient struct {
// contains filtered or unexported fields
}
WSClient is a Websocket client used by Singularity to channel reverse proxy requests to target via websockets.
type WebsocketClientState ¶
WebsocketClientState maintains information about a target hooked via websockets
type WebsocketClientStateStore ¶
type WebsocketClientStateStore struct { sync.RWMutex Sessions map[string]*WebsocketClientState }
WebsocketClientStateStore keeps track of all targets hooked via websockets
type WebsocketHandler ¶
type WebsocketHandler struct {
// contains filtered or unexported fields
}
WebsocketHandler is an WS endpoint for an attacker to interact with hijacked JavaScript Clients
func (*WebsocketHandler) ServeHTTP ¶
func (ws *WebsocketHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)