binproxy 1.0.0

data/lib/binproxy/parsers/chat_demo.rb

@@ -0,0 +1,14 @@
+
+class ChatDemo < BinData::Record
+  endian  :little
+  uint32  :timestamp
+  string  :user, length: 8, trim_padding: true
+  bit1    :emote_flag
+  bit1    :private_flag
+  string  :recipient, length: 8, trim_padding: true, onlyif: :private_flag
+  stringz :message
+
+  def summary
+    "#{emote_flag ? 'emote' : 'message'} from #{user}"
+  end
+end

data/lib/binproxy/parsers/dns.rb

@@ -0,0 +1,70 @@
+# DNS Parser for BinProxy
+#  use Dns::Packet class for UDP traffic, or Dns::TcpPacket for TCP.
+
+require 'bindata'
+require 'binproxy/bd_util'
+
+module Dns
+
+  class Header < BinData::Record
+    endian :big
+
+    uint16 :id
+    bit1 :qr
+    bit4 :opcode
+    bit1 :aa
+    bit1 :tc
+    bit1 :rd
+    bit1 :ra
+    bit3 :z
+    bit4 :rcode
+    uint16 :qdcount
+    uint16 :ancount
+    uint16 :nscount
+    uint16 :arcount
+  end
+
+  class NameElement < BinData::Record; end
+
+  class NameSeq < BinData::Array
+    default_parameter read_until: lambda { element.flag != 0x0 or element.val == '' }
+    name_element
+  end
+  class NameElement < BinData::Record
+    bit2 :flag
+    choice :val, selection: :flag do
+      pascal_string 0x0, size_type: :bit6
+      pointer 0x3, ptr_type: :bit14, val_type: :name_seq, seek_offset: 2 #XXX
+    end
+  end
+
+  class DnsRecord < BinData::Record
+    endian :big
+    name_seq :name
+    uint16 :type
+    uint16 :rclass
+  end
+
+  class Question < DnsRecord; end
+
+  class ResourceRecord < DnsRecord
+    uint32 :ttl
+    uint16 :rdlength
+    string :rdata, read_length: :rdlength
+  end
+
+  #XXX can't use Packet for UDP currently b/c of hardcoded 2 byte adjustment to pointers (due to length pre-header in TCP packets)
+  class Packet < BinData::Record
+    header :header
+    array :questions,    type: :question,        initial_length: lambda { header.qdcount }
+    array :answers,      type: :resource_record, initial_length: lambda { header.ancount }
+    array :authorities,  type: :resource_record, initial_length: lambda { header.nscount }
+    array :addl_records, type: :resource_record, initial_length: lambda { header.arcount }
+  end
+
+
+  class TcpPacket < BinData::Record
+    uint16be :len
+    packet :pkt
+  end
+end

data/lib/binproxy/parsers/dumb_http.rb

@@ -0,0 +1,28 @@
+# A stupid HTTP BinData class to demonstrate the proxy
+require_relative '../bd_util'
+
+module DumbHttp
+  class Headers < BinData::Array 
+    default_parameter read_until: lambda { element == '' }
+    line line_end: "\r\n"
+  end
+
+  class BaseMessage < BinData::Record
+    headers :headers
+
+    def body_len
+      (headers.snapshot.grep(/\AContent-Length: (\d+)/) { $1.to_i }).first || 0
+    end
+
+    def summary; headers.first.sub(/HTTP\/\d\.\d/,'').strip; end
+  end
+
+  class Message < BaseMessage
+    string :body, display_as: 'multiline', onlyif: lambda { body_len > 0 }, length: :body_len
+  end
+
+  class BinMessage < BaseMessage
+    string :body, display_as: 'hexdump', onlyif: lambda { body_len > 0 }, length: :body_len
+  end
+
+end

data/lib/binproxy/parsers/msgpack.rb

@@ -0,0 +1,56 @@
+require 'bindata'
+
+class MsgPack
+  class MpNil < BinData::Primitive
+    def get; nil; end
+    def set(v); raise unless v.nil? end;
+  end
+  class MpTrue < BinData::Primitive
+    def get; true; end
+    def set(v); raise unless v; end
+  end
+  class MpFalse < BinData::Primitive
+    def get; false; end
+    def set(v); raise unless !v; end
+  end
+  class
+
+
+  class TypedValue < BinData::Choice
+    positive_fixint :positive_fixint
+    fixmap :fixmap
+    fixarray :fixarray
+    fixstr :fixstr
+    mp_nil :nil
+    mp_true :true
+    mp_false :false
+    bin8 :bin8
+  end
+
+  uint8 :type_byte
+  typed_value :value, selection: lambda do
+    case type_byte
+    when 0..0x7f
+      :positive_fixint
+    when 0x80..0x8f
+      :fixmap
+    when 0x90..0x9f
+      :fixarray
+    when 0xa0..0xbf
+      :fixstr
+    when 0xc0
+      :nil
+    when 0xc1
+      :unused
+    when 0xc2
+      :true
+    when 0xc3
+      :false
+    when 0xc4
+      :bin8
+    else
+      raise 'todo'
+    end
+  end
+  end
+end

data/lib/binproxy/parsers/plain_text.rb

@@ -0,0 +1,4 @@
+require 'bindata'
+class PlainText < BinData::Rest
+  default_parameter display_as: 'multiline'
+end

data/lib/binproxy/parsers/raw_message.rb

@@ -0,0 +1,4 @@
+require 'bindata'
+class RawMessage < BinData::Record
+  rest :data, display_as: 'hexdump'
+end

data/lib/binproxy/parsers/x11_proto.rb

@@ -0,0 +1,134 @@
+require 'bindata'
+
+module X11
+end
+
+class X11SetupReq < BinData::Record
+  endian :little #totally cheating here!
+  uint8 :byte_order
+  skip length: 1
+  uint16 :proto_major
+  uint16 :proto_minor
+  uint16 :auth_proto_name_len, value: lambda { auth_proto_name.length }
+  uint16 :auth_proto_data_len, value: lambda { auth_proto_data.length }
+  string :auth_proto_name, read_length: :auth_proto_name_len
+  skip length: lambda { (4 - (auth_proto_name_len % 4)) % 4 }
+  string :auth_proto_data, read_length: :auth_proto_data_len
+  skip length: lambda { (4 - (auth_proto_data_len % 4)) % 4 }
+  skip length: 2 #???
+end
+
+class X11StdReqBody < BinData::Record
+  endian :little
+  uint16 :req_len
+  string :data, read_length: lambda {(req_len - 1) * 4}
+end
+
+class X11ExtReqBody < BinData::Record
+  rest :data
+end
+
+class X11StdReq < BinData::Record
+  endian :little
+  uint8 :opcode
+  uint8 :subcode
+  choice :req_type, selection: lambda { opcode <= 128 } do
+    x11_std_req_body true
+    x11_ext_req_body false
+  end
+end
+
+class X11Req < BinData::Record
+  choice :msg2, display_as: 'anon', selection: lambda { current_state[:connected] } do
+    x11_setup_req false
+    x11_std_req true
+  end
+end
+
+class X11SetupRes < BinData::Record
+  endian :little #more cheating
+  uint8 :status
+  skip length: 1
+  uint16 :proto_major
+  uint16 :proto_minor
+  uint16 :addl_data_dwords
+  uint32 :release_num
+  uint32 :res_id_base, display_as: 'hex'
+  uint32 :res_id_mask, display_as: 'hex'
+  uint32 :motion_buffer_size
+  uint16 :vendor_len, value: lambda { vendor.length }
+  uint16 :max_req_len
+  uint8  :num_screens
+  uint8  :num_formats
+  uint8  :image_byte_order
+  uint8  :bitmap_bit_order
+  uint8  :bitmap_format_scanline_unit
+  uint8  :bitmap_format_scanlin_pad
+  uint8  :min_keycode
+  uint8  :max_keycode
+  skip   length: 4
+  string :vendor, read_length: :vendor_len
+  string :vpad, read_length: lambda { (4 - ( vendor.length % 4 )) % 4 }
+  rest   :listofformatandroots, display_as: 'hexdump'
+end
+
+class X11Reply < BinData::Record
+  endian :little
+  uint8 :detail
+  uint16 :seq_num
+  uint32 :extra_len
+  string :data, length: lambda { 24 + (4 * extra_len) }, display_as: 'hexdump'
+end
+
+class X11Event < BinData::Record
+  endian :little
+  uint8 :detail
+  string :data, length: 30, display_as: 'hexdump'
+end
+
+class X11Error < BinData::Record
+  endian :little
+  uint8 :detail
+  string :data, length: 30, display_as: 'hexdump'
+end
+
+class X11StdRes < BinData::Record
+  endian :little
+  uint8 :res_type
+  choice :res_detail, selection: :res_type do
+    x11_error 0
+    x11_reply 1
+    x11_event :default
+  end
+end
+
+
+class X11Res < BinData::Record
+  choice :msg2, display_as: 'anon', selection: lambda { current_state[:connected] } do
+    x11_setup_res false
+    x11_std_res true
+  end
+end
+
+class X11Proto < BinData::Record
+  def self.initial_state; { connected: false, endian: nil }; end
+
+  #XXX wrap this in something that dups the current state so we're unable to mutate it by accident
+  def update_state
+    c = current_state.dup
+    if eval_parameter(:src) == 'server' #hack, assume we're connected after 1st c-s-c exchange
+      c[:connected] = true
+    end
+    c
+  end
+
+  def summary
+    msg.msg2.summary
+  end
+
+  choice :msg, selection: :src, display_as: 'anon' do
+    x11_req 'client'
+    x11_res 'server'
+  end
+end
+

data/lib/binproxy/parsers/zmq.rb

@@ -0,0 +1,62 @@
+# ZeroMQ (ZMTPv3) Parser for BinProxy
+
+module ZMQ
+  # this greeting1/2/3 business is due to the fact that
+  # zmq sends the greeting in parts and waits for the reply
+  # from the other endpoint in order to do version detection.
+  class Greeting1 < BinData::Record
+    uint8 :sig_start, asserted_value: 0xFF
+    string :sig_padding, length: 8
+    uint8 :sig_end, asserted_value: 0x7F
+  end
+
+  class Greeting2 < BinData::Record
+    uint8 :version_major, asserted_value: 0x03
+  end
+
+  class Greeting3 < BinData::Record
+    uint8 :version_minor, asserted_value: 0x00
+
+    string :mechanism, length: 20
+
+    uint8 :as_server
+
+    string :filler, length: 31 #pad to 64 bytes
+  end
+
+  class Frame < BinData::Record
+    bit5 :reserved
+    bit1 :is_command
+    bit1 :is_long
+    bit1 :has_more
+    choice :body_size, selection: :is_long, display_as: 'anon' do
+      uint8    0
+      uint64be 1
+    end
+    string :body, read_length: :body_size
+  end
+
+  class Message < BinData::Record
+    # States are (G)reeting 1/2/3 (see above), (H)andshake, and (T)raffic.
+    def next_state(s); {'G1'=>'G2','G2'=>'G3','G3'=>'H', 'H'=>'T', 'T'=>'T'}[s]; end
+    def self.initial_state; {'client'=>'G1','server'=>'G1'}; end
+
+    # Protocol is symmetrical.  Each endpoint has its own state.
+    # This is a bit clunky and maybe should be abstracted into a module?
+    # Or update parser.rb to differentiate between proto-shared and endpoint-separate state?
+    def update_state
+      current_state.dup.tap do |s|
+        src = eval_parameter :src
+        s[src] = next_state s[src]
+      end
+    end
+
+    choice :msg_type, selection: lambda { current_state[eval_parameter(:src) ] }, display_as: 'anon' do
+      greeting1  'G1'
+      greeting2  'G2'
+      greeting3  'G3'
+      frame 'H' #contains a command w/ arbitrary content
+      frame 'T' #can contain command or message
+    end
+  end
+end

data/lib/binproxy/proxy.rb

@@ -0,0 +1,242 @@
+require 'eventmachine'
+require 'observer'
+require 'bindata'
+require 'active_support/core_ext/object/blank'
+require_relative 'bindata'
+require_relative 'connection'
+require_relative 'session'
+require_relative 'parser'
+require_relative 'logger'
+
+module BinProxy
+  class Proxy
+    include BinProxy::Logger
+    include Observable
+    attr_accessor :hold
+    attr_reader :sessions
+    attr_reader :buffer
+
+    def initialize(root, opts)
+      @class_loader = BinProxy::ClassLoader.new(root)
+      @options = {}
+      @sessions = []
+      @buffer = []
+      @filter_pids = []
+      configure(opts)
+    end
+
+    def configure(new_opts = {})
+      old_opts = @options.dup
+      new_opts = old_opts.merge new_opts
+
+      @hold = !! new_opts[:hold];
+      @inbound_filters = []
+      @upstream_filters = []
+
+      if new_opts[:socks_proxy]
+        @inbound_filters << BinProxy::Connection::Filters::Socks
+      elsif new_opts[:http_proxy]
+        @inbound_filters << BinProxy::Connection::Filters::HTTPConnect
+      else
+        @inbound_filters << BinProxy::Connection::Filters::StaticUpstream
+      end
+
+      if new_opts[:tls]
+        @inbound_filters << BinProxy::Connection::Filters::InboundTLS
+        @upstream_filters << BinProxy::Connection::Filters::UpstreamTLS
+      end
+
+      if new_opts[:debug_extra]
+        @inbound_filters << BinProxy::Connection::Filters::Logger
+        @upstream_filters << BinProxy::Connection::Filters::Logger
+      end
+
+
+
+      #XXX this reloads the class on every config change
+      #XXX bad, but reloading in web console relies on it
+      new_opts[:class] = @class_loader.load_class(new_opts[:class_name],new_opts[:class_file])
+      if old_opts[:class] != new_opts[:class]
+        @parser_class = Parser.subclass(self, new_opts[:class])
+        @parser_class.validate = new_opts[:validate_parser]
+      elsif new_opts[:class] == nil
+        raise "Option :class must be specified"
+      end
+
+      [:lhost, :lport, :dhost, :dport].each do |o|
+        # let people get away with it if it's already blank
+        if old_opts[o].present? and new_opts[o].blank?
+          raise "Option :#{o} must be specified"
+        end
+      end
+
+      # This will not handle an exception if the server is started asynchronously, but
+      # the only time that should happen is the initial configuration from command line args,
+      # in which case we don't have existing opts to revert to anyway.
+      begin
+        @options = new_opts
+        if old_opts[:lhost] != new_opts[:lhost] or old_opts[:lport] != new_opts[:lport]
+          restart_server!
+        end
+      rescue Exception => e
+        @options = old_opts
+        raise e
+      end
+    end
+
+    # XXX below is incorrect, we do call it on first configuration
+    # We'll only call this internally if the server's host or port has changed; there's still the possiblility
+    # that a quick a->b->a change, or manually calling this could fail because the OS hasn't released the port yet;
+    # we'll punt on that for now, though.
+    def restart_server!
+      if stop_server!
+        #server was indeed running
+        #  TODO investigate whether this is actually necessary, or could be reduced/removed
+        sleep 5
+      end
+      start_server!
+    end
+
+    def start_server!
+      if EM.reactor_running?
+        # Prefer to do this synchronously, so we can catch errors.
+        start_server_now!
+      else
+        # Have to defer this until Sinatra/Thin starts EM running.
+        EM.next_tick { start_server_now! }
+      end
+    end
+
+    def stop_server!
+      if @server_id
+        @filter_pids.each do |pid|
+          log.debug "Killing #{pid}"
+          Process.kill "INT", pid  #TODO invstigate ncat signal handling
+        end
+        @filter_pids = [];
+        Process.waitall
+        EM.stop_server @server_id
+        @server_id = nil
+        true
+      else
+        false
+      end
+    end
+
+    def status
+      @server_id.nil? ? 'stopped' : 'running'
+    end
+
+    def history_size
+      @buffer.length
+    end
+
+    def message_received(message)
+      log.debug "proxy handling message_received"
+      message.id = @buffer.length
+      @buffer.push(message)
+
+      if hold
+        message.disposition = 'Held'
+      else
+        send_message(message, :auto)
+      end
+
+      changed
+      notify_observers(:message_received, message)
+    end
+
+    def update_message_from_hash(hash)
+      log.debug "updating message from hash"
+      orig = @buffer[hash[:head][:message_id]]
+      orig.update!(hash[:body][:snapshot])
+      orig
+    rescue Exception => e
+      puts '', e.class, e.message, e.backtrace, ''
+      on_bindata_error('deserialization', e)
+    end
+
+    def send_message(message, reason)
+      log.debug "proxy.send_message #{message.inspect}"
+      message.forward!(reason)
+    rescue Exception => e
+      puts '', e.class, e.message, e.backtrace, ''
+      on_bindata_error('forwarding', e)
+    end
+
+    def drop_message(message, reason)
+      log.debug "proxy.drop_message #{message.inspect}"
+      message.drop!(reason)
+    rescue Exception => e
+      puts '', e.class, e.message, e.backtrace, ''
+      on_bindata_error('dropping', e)
+    end
+
+    def session_closed(session, closing_peer, reason)
+      pe = BinProxy::ProxyEvent.new("Connection closed (#{reason||'no error'})")
+      pe.id = @buffer.length
+      pe.src = closing_peer
+      pe.session = session
+      @buffer.push(pe)
+
+      session.delete_observer(self)
+      changed
+      notify_observers(:session_event, pe)
+    end
+
+    def ssl_handshake_completed(session, peer)
+      changed
+      notify_observers(:ssl_handshake_completed, session, peer)
+    end
+
+    def on_bindata_error(operation, err)
+      changed
+      notify_observers(:bindata_error, operation, err)
+    end
+
+    private
+    def create_session(inbound_conn, upstream_conn)
+      id = @sessions.length
+      session = Session.new(id, inbound_conn, upstream_conn, @parser_class)
+      session.add_observer(self, :send)
+      @sessions << session
+
+      pe = BinProxy::ProxyEvent.new "Connection opened"
+      pe.id = @buffer.length
+      pe.src = :client
+      pe.session = session
+      @buffer.push(pe)
+
+      changed
+      notify_observers(:session_event, pe)
+    rescue Exception => e
+      puts e, e.backtrace
+    end
+
+    def start_server_now!
+      lhost = @options[:lhost]
+      lport = @options[:lport].to_i #force port to_i, or EM may assume different method signature
+
+      #These may be nil and are ignored in socks mode
+      dhost = @options[:dhost]
+      dport = @options[:dport].to_i
+
+      log.info "(re)starting proxy on #{lhost}:#{lport}"
+      upstream_args = {
+        peer: :server,
+        filter_classes: @upstream_filters
+      }
+      inbound_args = {
+        peer: :client,
+        session_callback: self.method(:create_session),
+        tls_args: { cert_chain_file: @options[:tls_cert], private_key_file: @options[:tls_key] },
+        filter_classes: @inbound_filters,
+        upstream_host: dhost,
+        upstream_port: dport,
+        upstream_args: upstream_args
+      }
+      @server_id = EM.start_server(lhost, lport, Connection, inbound_args)
+    end
+
+  end
+end