atomicshop 2.11.47__py3-none-any.whl → 3.10.5__py3-none-any.whl

atomicshop/mitm/centered_settings.py

@@ -0,0 +1,132 @@
+import os
+import argparse
+import base64
+
+from ..print_api import print_api
+from .. import networks, ssh_remote, package_mains_processor
+from . import config_static, mitm_main
+
+
+def _make_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        description="Apply centered network settings to the target hosts based on the configuration file and arguments."
+    )
+    parser.add_argument(
+        "-t", "--target-hosts-file",
+        type=str,
+        required=True,
+        help="Path to the text file that will include the list of hosts (name/ipv4)."
+    )
+
+    parser.add_argument(
+        "-dns", "--set-default-dns-gateway",
+        action="store_true",
+        help="Set the default gateway as this server LAN IPv4 on the target hosts."
+    )
+    parser.add_argument(
+        "-ca", "--install-ca-cert",
+        action="store_true",
+        help="Install the CA certificate on the target hosts."
+    )
+
+
+    return parser
+
+
+def centered_settings_main(config_file_path: str, script_version: str):
+    print(f"Centered Settings Application Script Version: {script_version}")
+    # Import the configuration file.
+    rc: int = config_static.load_config(config_file_path, print_kwargs=dict(stdout=False))
+    if rc != 0:
+        return rc
+
+    if config_static.MainConfig.is_localhost:
+        print_api("The server is set to localhost mode. No changes will be applied.", color="yellow")
+        return 0
+
+    interface_name: str = mitm_main._get_interface_name()
+    if interface_name is None:
+        return 1
+
+    # File path to the CA certificate file.
+    crt_file_path: str = config_static.MainConfig.ca_certificate_crt_filepath
+    with open(crt_file_path, 'r') as crt_file:
+        ca_certificate_string: str = crt_file.read()
+
+    # Get the main non-virtual IPv4 address.
+    main_ipv4_list: list[str] = networks.get_interface_ips_powershell(interface_name, "dynamic")
+
+    if not main_ipv4_list:
+        print_api(f"Could not determine the main IPv4 address for interface: {interface_name}", color="red")
+        return 1
+    else:
+        main_ipv4: str = main_ipv4_list[0]
+
+    parser = _make_parser()
+    args = parser.parse_args()
+
+    target_hosts_file_path: str = args.target_hosts_file
+    set_default_dns_gateway: bool = args.set_default_dns_gateway
+    install_ca_cert: bool = args.install_ca_cert
+
+    if not set_default_dns_gateway and not install_ca_cert:
+        print_api("No actions specified. Use -dns and/or -ca arguments to apply settings.", color="yellow")
+        return 0
+
+    if not os.path.exists(target_hosts_file_path):
+        print_api(f"Target host list file does not exist: {target_hosts_file_path}", color="red")
+        return 1
+
+    # Read the target hosts from the file.
+    with open(target_hosts_file_path, 'r') as f:
+        target_hosts: list[str] = [line.strip() for line in f if line.strip()]
+    if not target_hosts:
+        print_api(f"No target hosts found in the file: {target_hosts_file_path}", color="red")
+        return 1
+
+    dns_script_string: str | None = None
+    if set_default_dns_gateway:
+        package_processor: package_mains_processor.PackageMainsProcessor = package_mains_processor.PackageMainsProcessor(
+            script_file_stem="set_default_dns_gateway")
+        dns_script_string = package_processor.read_script_file_to_string()
+    ca_script_string: str | None = None
+    if install_ca_cert:
+        package_processor: package_mains_processor.PackageMainsProcessor = package_mains_processor.PackageMainsProcessor(
+            script_file_stem="install_ca_certificate")
+        ca_script_string = package_processor.read_script_file_to_string()
+
+    for host in target_hosts:
+        ssh_client = ssh_remote.SSHRemote(
+            ip_address=host,
+            username=config_static.ProcessName.ssh_user,
+            password=config_static.ProcessName.ssh_pass
+        )
+        stderr = ssh_client.connect()
+        if stderr:
+            print_api(f"SSH connection to {host} failed:\n"
+                      f"{stderr}", color="red")
+            continue
+
+        if set_default_dns_gateway:
+            stdout, stderr = ssh_client.remote_execution_python(
+                script_string=dns_script_string, script_arg_values=(main_ipv4,))
+
+            if stderr:
+                print_api(f"Failed to apply settings on {host}:\n{stderr}", color="red")
+            else:
+                print_api(f"Successfully applied settings on {host}:\n{stdout}", color="green")
+        if install_ca_cert:
+            cert_b64 = base64.b64encode(ca_certificate_string.encode("utf-8")).decode("ascii")
+            stdout, stderr = ssh_client.remote_execution_python(
+                script_string=ca_script_string, script_arg_values=(config_static.MainConfig.ca_certificate_name, cert_b64,))
+
+            if stderr:
+                print_api(f"Failed to install CA certificate on {host}:\n{stderr}", color="red")
+            else:
+                print_api(f"Successfully installed CA certificate on {host}:\n{stdout}", color="green")
+
+        # Closing SSH connection to the target host.
+        ssh_client.close()
+
+
+    return 0

atomicshop/mitm/config_static.py

@@ -0,0 +1,207 @@
+import os
+from dataclasses import dataclass
+from typing import Literal
+
+from . import import_config
+from .message import ClientMessage
+
+
+# noinspection PyTypeChecker
+ENGINES_LIST: list = None           # list[initialize_engines.ModuleCategory]
+REFERENCE_MODULE = None             # initialize_engines.ModuleCategory
+
+
+class MainConfig:
+    # '' (empty) - system's default internet interface.
+    # Any other network interface name available on the system.
+    is_offline: bool
+    network_interface: str
+    is_localhost: bool
+
+    set_default_dns_gateway: list[str]
+    set_default_dns_gateway_to_localhost: bool = False
+    set_default_dns_gateway_to_network_interface_ipv4: bool = False
+    default_localhost_dns_gateway_ipv4: str = '127.0.0.1'
+
+    LOGGER_NAME: str = 'network'
+
+    SCRIPT_DIRECTORY: str = None
+
+    ENGINES_DIRECTORY_PATH: str = None
+    ENGINES_DIRECTORY_NAME: str = "engines"
+    ENGINE_CONFIG_FILE_NAME: str = "engine_config.toml"
+
+    # Certificates.
+    default_server_certificate_name: str = 'default'
+    ca_certificate_name: str = 'ElaborateCA'
+    ca_certificate_pem_filename: str = f'{ca_certificate_name}.pem'
+    ca_certificate_crt_filename: str = f'{ca_certificate_name}_for_manual_installation_not_used_by_script.crt'
+    # CA Certificate name and file name without extension.
+    ca_certificate_filepath: str = None
+    ca_certificate_crt_filepath: str = None
+    # Default server certificate file name and path.
+    default_server_certificate_filename = f'{default_server_certificate_name}.pem'
+    default_server_certificate_filepath: str = None
+
+    @classmethod
+    def update(cls):
+        # This runs after the dataclass is initialized
+        cls.ENGINES_DIRECTORY_PATH = cls.SCRIPT_DIRECTORY + os.sep + cls.ENGINES_DIRECTORY_NAME
+        cls.ca_certificate_filepath = f'{cls.SCRIPT_DIRECTORY}{os.sep}{cls.ca_certificate_pem_filename}'
+        cls.ca_certificate_crt_filepath = f'{cls.SCRIPT_DIRECTORY}{os.sep}{cls.ca_certificate_crt_filename}'
+        cls.default_server_certificate_filepath = \
+            f'{cls.SCRIPT_DIRECTORY}{os.sep}{cls.default_server_certificate_filename}'
+
+
+@dataclass
+class DNSServer:
+    is_enabled: bool
+    offline_mode: bool
+
+    listening_ipv4: str
+    listening_port: int
+
+    listening_address: str
+    forwarding_dns_service_ipv4: str
+    cache_timeout_minutes: int
+
+    resolve_by_engine: bool
+    resolve_regular_pass_thru: bool
+    resolve_all_domains_to_ipv4_enable: bool
+    target_ipv4: str
+
+    # Convertable variables.
+    resolve_all_domains_to_ipv4: dict
+
+    # Static variables.
+    forwarding_dns_service_port: int = 53
+
+
+
+@dataclass
+class TCPServer:
+    is_enabled: bool
+    no_engines_usage_to_listen_addresses_enable: bool
+    no_engines_listening_address_list: list[str]
+
+    # Convertable variables.
+    no_engines_usage_to_listen_addresses: dict
+
+@dataclass
+class LogRec:
+    logs_path: str
+    recordings_path: str
+    enable_request_response_recordings_in_logs: bool
+    store_logs_for_x_days: int
+
+    recordings_directory_name: str = 'recs'
+
+
+@dataclass
+class Certificates:
+    install_ca_certificate_to_root_store: bool
+    uninstall_unused_ca_certificates_with_mitm_ca_name: bool
+
+    default_server_certificate_usage: bool
+    sni_add_new_domains_to_default_server_certificate: bool
+
+    custom_server_certificate_usage: bool
+    custom_server_certificate_path: str
+    custom_private_key_path: str
+
+    sni_create_server_certificate_for_each_domain: bool
+    sni_server_certificates_cache_directory: str
+    sni_get_server_certificate_from_server_socket: bool
+    sni_server_certificate_from_server_socket_download_directory: str
+
+    domains_all_times: list[str]
+    sslkeylog_file_path: str
+
+    sslkeylog_file_name: str = "sslkeylog.txt"
+    enable_sslkeylogfile_env_to_client_ssl_context: bool = True
+
+
+@dataclass
+class SkipExtensions:
+    tls_web_client_authentication: bool
+    crl_distribution_points: bool
+    authority_information_access: bool
+
+    SKIP_EXTENSION_ID_LIST: list
+
+
+@dataclass
+class ProcessName:
+    get_process_name: bool
+    ssh_user: str
+    ssh_pass: str
+
+    ssh_script_to_execute: Literal['process_from_port', 'process_from_ipv4'] = 'process_from_port'
+
+
+def load_config(
+        config_toml_file_path: str,
+        print_kwargs: dict = None
+):
+    # global CONFIG
+
+    script_path = os.path.dirname(config_toml_file_path)
+    MainConfig.SCRIPT_DIRECTORY = script_path
+    MainConfig.update()
+
+    # Load the configuration file.
+    result = import_config.import_config_files(config_toml_file_path, print_kwargs=print_kwargs or {})
+    return result
+
+
+def get_listening_addresses(client_message: ClientMessage) -> dict | None:
+    """
+    Get the list of listening addresses from the TCPServer configuration.
+    If no_engines_usage_to_listen_addresses_enable is True, return the no_engines_listening_address_list.
+    Otherwise, return an empty list.
+    """
+
+    for engine in ENGINES_LIST:
+        if engine.engine_name == client_message.engine_name:
+            return {
+                'domain_target_dict': engine.domain_target_dict,
+                'port_target_dict': engine.port_target_dict
+            }
+
+
+# ============ Server Tester Specific ===============
+CONFIG_INI_TESTER_FILE_NAME: str = 'config_tester.ini'
+
+"""
+config.toml:
+target_domain_or_ip: the domain or ip that the requests will be sent to. Better use domains, for better testing
+    simulation.
+target_port: the port that requests will be sent to.
+request_type: type of each request: json / string / binary.
+    json format that contain a key with hex string of the request that will be converted to bytes.
+    string that will contain a request and will be converted to bytes.
+    binary file that will contain all request data - will be converted to bytes.
+request_json_hex_key_list: this key stores raw request in hex format, since there can be characters that can't be 
+    decoded to string / unicode.
+    'request_raw_hex' key is the default key in recorded files from mitm server, you may add keys for your custom
+     JSON files.
+requests_directory: the directory that requests are will be taken from. Can be relative folder that will be in
+    current working directory.
+
+parallel_connections_bool: boolean, sets if sockets should be initialized in threads (in parallel) or one after another.
+    Use all the connections / cycles in parallel when 'True'. New sockets will be created for each request.
+    Reuse the same socket / connection for all the requests when 'False'.
+interval_between_requests_defaults_seconds: default interval in seconds between request sends.
+interval_between_request_custom_list_seconds: list of intervals in seconds. If this configuration will not be empty,
+    this should be a list. Each interval in the list will follow the interval between requests and 
+    'interval_between_requests_defaults_seconds' will not be used. It will be used only if number of requests
+    is less than then number of intervals in 'interval_between_request_custom_list_seconds'. The missing intervals
+    will be filled by default values from 'interval_between_requests_defaults_seconds'.
+    Example: you have 10 requests.
+        interval_between_requests_defaults_seconds = 5
+        interval_between_request_custom_list_seconds = 7, 10, 8, 4, 15
+    The rest will be filled from defaults: 7, 10, 8, 4, 15, 5, 5, 5, 5
+send_request_batch_cycles: how many batch cycles to send of the same 10 requests (or any other number of requests that
+    you might have in the requests folder.
+interval_between_batch_cycles_seconds: interval in seconds between each batch.
+"""

atomicshop/mitm/config_toml_editor.py

@@ -0,0 +1,55 @@
+from dataclasses import dataclass
+
+from ..file_io import tomls
+
+
+class CategoryNotFoundInConfigError(Exception):
+    pass
+
+
+@dataclass
+class PropertyUpdate:
+    """
+    :param category: str, Category in the config file.
+    :param category_property: str, Property in the category.
+    :param value: str, Value to set to the property.
+    """
+    category: str
+    category_property: str
+    value: any
+
+
+def update_properties(
+        property_update_list: list[PropertyUpdate],
+        config_file_path: str
+) -> None:
+    """
+    Edit a property in the config file.
+
+    :param property_update_list: list of PropertyUpdate objects.
+    :param config_file_path: str, Path to the config file.
+
+    -----------
+
+    Config Example:
+    [category]
+    category_property = value
+    """
+
+    toml_config = tomls.read_toml_file(config_file_path)
+
+    for property_update in property_update_list:
+        if property_update.category not in toml_config:
+            raise CategoryNotFoundInConfigError(f"Category '{property_update.category}' not found in the config file.")
+
+    changes_dict: dict = dict()
+    for property_update in property_update_list:
+        if property_update.category in changes_dict:
+            changes_dict[property_update.category].update({property_update.category_property: property_update.value})
+        else:
+            changes_dict[property_update.category] = {property_update.category_property: property_update.value}
+
+    tomls.update_toml_file_with_new_config(
+        main_config_file_path=config_file_path,
+        changes_dict=changes_dict
+    )