atomicshop 2.15.12__py3-none-any.whl → 2.16.0__py3-none-any.whl

atomicshop/mitm/connection_thread_worker.py

@@ -1,86 +1,45 @@
 from datetime import datetime
 
-from .message import ClientMessage
-from .initialize_engines import assign_class_by_domain
-from ..wrappers.socketw.receiver import Receiver
-from ..wrappers.socketw.sender import Sender
-from ..wrappers.socketw.socket_client import SocketClient
+from ..wrappers.socketw import receiver, sender, socket_client, base
 from ..http_parse import HTTPRequestParse, HTTPResponseParse
 from ..basics.threads import current_thread_id
 from ..print_api import print_api
 
+from .message import ClientMessage
+from .initialize_engines import assign_class_by_domain
+from . import config_static
+
 
 # Thread function on client connect.
 def thread_worker_main(
         function_client_socket_object,
         process_commandline: str,
         is_tls: bool,
+        tls_type: str,
+        tls_version: str,
         domain_from_dns,
         network_logger,
-        statistics_logger,
+        statistics_writer,
         engines_list,
-        reference_module,
-        config):
+        reference_module
+):
     def output_statistics_csv_row():
-        statistics_dict['host'] = client_message.server_name
-        try:
-            statistics_dict['path'] = client_message.request_raw_decoded.path
-        except Exception:
-            pass
-        try:
-            statistics_dict['status_code'] = \
-                ','.join([str(x.code) for x in client_message.response_list_of_raw_decoded])
-        except Exception:
-            pass
-        try:
-            statistics_dict['command'] = client_message.request_raw_decoded.command
-        except Exception:
-            pass
-        try:
-            statistics_dict['request_time_sent'] = client_message.request_time_received
-        except Exception:
-            pass
-        try:
-            statistics_dict['request_size_bytes'] = len(client_message.request_raw_bytes)
-        except Exception:
-            pass
-        try:
-            statistics_dict['response_size_bytes'] = \
-                ','.join([str(len(x)) for x in client_message.response_list_of_raw_bytes])
-        except Exception:
-            pass
-        # try:
-        #     statistics_dict['request_hex'] = client_message.request_raw_hex
-        # except Exception:
-        #     pass
-        # try:
-        #     statistics_dict['response_hex'] = \
-        #         f'"' + ','.join([x for x in client_message.response_list_of_raw_hex]) + '"'
-        # except Exception:
-        #     pass
-        try:
-            statistics_dict['file_path'] = recorded_file
-        except Exception:
-            pass
-        try:
-            statistics_dict['process_cmd'] = process_commandline
-        except Exception:
-            pass
-        statistics_dict['error'] = str()
-
-        statistics_logger.info(f"{statistics_dict['request_time_sent']},"
-                               f"{statistics_dict['host']},"
-                               f"\"{statistics_dict['path']}\","
-                               f"{statistics_dict['command']},"
-                               f"{statistics_dict['status_code']},"
-                               f"{statistics_dict['request_size_bytes']},"
-                               f"{statistics_dict['response_size_bytes']},"
-                               # f"{statistics_dict['request_hex']},"
-                               # f"{statistics_dict['response_hex']},"
-                               f"\"{statistics_dict['file_path']}\","
-                               f"\"{statistics_dict['process_cmd']}\","
-                               f"{statistics_dict['error']}"
-                               )
+        status_code = ','.join([str(x.code) for x in client_message.response_list_of_raw_decoded])
+        response_size_bytes = ','.join([str(len(x)) for x in client_message.response_list_of_raw_bytes])
+
+        statistics_writer.write_row(
+            host=client_message.server_name,
+            tls_type=tls_type,
+            tls_version=tls_version,
+            path=client_message.request_raw_decoded.path,
+            status_code=status_code,
+            command=client_message.request_raw_decoded.command,
+            request_time_sent=client_message.request_time_received,
+            request_size_bytes=len(client_message.request_raw_bytes),
+            response_size_bytes=response_size_bytes,
+            recorded_file_path=recorded_file,
+            process_cmd=process_commandline,
+            error=str())
 
     try:
         # Defining variables before assignment
@@ -113,8 +72,12 @@ def thread_worker_main(
         # Loading parser by domain, if there is no parser for current domain - general reference parser is loaded.
         # These should be outside any loop and initialized only once entering the thread.
         parser, responder, recorder = assign_class_by_domain(
-            engines_list, client_message.server_name, reference_module=reference_module, config=config,
-            logger=network_logger)
+            engines_usage=config_static.TCPServer.engines_usage,
+            engines_list=engines_list,
+            message_domain_name=client_message.server_name,
+            reference_module=reference_module,
+            logger=network_logger
+        )
 
         # Defining client connection boolean variable to enter the loop
         client_connection_boolean: bool = True
@@ -128,22 +91,22 @@ def thread_worker_main(
             client_message.reinitialize()
 
             # Initialize statistics_dict for the same reason as 'client_message.reinitialize()'.
-            statistics_dict: dict = dict()
-            statistics_dict['host'] = client_message.server_name
-            statistics_dict['path'] = str()
-            statistics_dict['status_code'] = str()
-            statistics_dict['command'] = str()
-            statistics_dict['request_time_sent'] = str()
-            statistics_dict['request_size_bytes'] = str()
-            # statistics_dict['response_time_sent'] = str()
-            statistics_dict['response_size_bytes'] = str()
-            statistics_dict['file_path'] = str()
-            statistics_dict['process_cmd'] = str()
-            statistics_dict['error'] = str()
+            # statistics_dict: dict = dict()
+            # statistics_dict['host'] = client_message.server_name
+            # statistics_dict['path'] = str()
+            # statistics_dict['status_code'] = str()
+            # statistics_dict['command'] = str()
+            # statistics_dict['request_time_sent'] = str()
+            # statistics_dict['request_size_bytes'] = str()
+            # # statistics_dict['response_time_sent'] = str()
+            # statistics_dict['response_size_bytes'] = str()
+            # statistics_dict['file_path'] = str()
+            # statistics_dict['process_cmd'] = str()
+            # statistics_dict['error'] = str()
 
             network_logger.info("Initializing Receiver")
             # Getting message from the client over the socket using specific class.
-            client_received_raw_data = Receiver(function_client_socket_object).receive()
+            client_received_raw_data = receiver.Receiver(function_client_socket_object).receive()
 
             # If the message is empty, then the connection was closed already by the other side,
             # so we can close the socket as well.
@@ -214,7 +177,7 @@ def thread_worker_main(
                     pass
 
                 # If we're in response mode, execute responder.
-                if config['tcp']['server_response_mode']:
+                if config_static.TCPServer.server_response_mode:
                     # Since we're in response mode, we'll record the request anyway, after the responder did its job.
                     client_message.info = "In Server Response Mode"
 
@@ -251,14 +214,15 @@ def thread_worker_main(
                     if not service_client:
                         # If we're on localhost, then use external services list in order to resolve the domain:
                         # config['tcp']['forwarding_dns_service_ipv4_list___only_for_localhost']
-                        if client_message.client_ip == "127.0.0.1":
-                            service_client = SocketClient(
+                        if client_message.client_ip in base.THIS_DEVICE_IP_LIST:
+                            service_client = socket_client.SocketClient(
                                 service_name=client_message.server_name, service_port=client_message.destination_port,
                                 tls=is_tls,
-                                dns_servers_list=config['tcp']['forwarding_dns_service_ipv4_list___only_for_localhost'])
+                                dns_servers_list=
+                                config_static.TCPServer.forwarding_dns_service_ipv4_list___only_for_localhost)
                         # If we're not on localhost, then connect to domain directly.
                         else:
-                            service_client = SocketClient(
+                            service_client = socket_client.SocketClient(
                                 service_name=client_message.server_name, service_port=client_message.destination_port,
                                 tls=is_tls)
 
@@ -289,7 +253,7 @@ def thread_worker_main(
                 # Recording the message, doesn't matter what type of mode this is.
                 try:
                     recorded_file = recorder(class_client_message=client_message,
-                                             record_path=config['recorder']['recordings_path']).record()
+                                             record_path=config_static.Recorder.recordings_path).record()
                 except Exception:
                     message = "Exception in Recorder"
                     print_api(
@@ -315,7 +279,7 @@ def thread_worker_main(
 
                         # Iterate through the list of byte responses.
                         for response_raw_bytes in client_message.response_list_of_raw_bytes:
-                            function_data_sent = Sender(function_client_socket_object, response_raw_bytes).send()
+                            function_data_sent = sender.Sender(function_client_socket_object, response_raw_bytes).send()
 
                             # If there was problem with sending data, we'll break current loop.
                             if not function_data_sent:
@@ -348,7 +312,7 @@ def thread_worker_main(
         if not function_recorded:
             try:
                 recorded_file = recorder(
-                    class_client_message=client_message, record_path=config['recorder']['recordings_path']).record()
+                    class_client_message=client_message, record_path=config_static.Recorder.recordings_path).record()
             except Exception:
                 message = "Exception in Recorder"
                 print_api(

atomicshop/mitm/import_config.py

@@ -1,145 +1,153 @@
-import sys
+from pathlib import Path
 
-from ..wrappers.configparserw import ConfigParserWrapper
-from .. import filesystem
-from ..permissions import is_admin
-from ..basics.booleans import check_3_booleans_when_only_1_can_be_true
+from ..print_api import print_api
+from .. import config_init, permissions, filesystem, dns
+from ..wrappers.socketw import base
+from ..basics import booleans
 
+from . import config_static
 
-class ImportConfig:
+
+def assign_bool(dict_instance: dict, section: str, key: str):
+    # If the value is already boolean, don't do anything.
+    if dict_instance[section][key] is True or dict_instance[section][key] is False:
+        return
+    elif dict_instance[section][key] == 1:
+        dict_instance[section][key] = True
+    elif dict_instance[section][key] == 0:
+        dict_instance[section][key] = False
+    else:
+        print_api(f"Error: {section}.{key} must be 0 or 1.", color='red')
+        return 1
+
+
+def import_config_file(
+        config_file_path: str
+):
+    """
+    Import the configuration file 'config.toml' and write all the values to 'config_static' dataclasses module.
+    :param config_file_path:
+    :return:
+    """
+
+    config_toml: dict = config_init.get_config(
+        script_directory=str(Path(config_file_path).parent), config_file_name=Path(config_file_path).name)
+
+    # Assign boolean values to the toml dict module.
+    for boolean_tuple in config_static.LIST_OF_BOOLEANS:
+        assign_bool(config_toml, boolean_tuple[0], boolean_tuple[1])
+
+    # Assign the configuration file content to the 'config_static' dataclasses module.
+    for category, category_settings in config_toml.items():
+        for setting_name, value in category_settings.items():
+            # Get the dynamic class or dataclass from the 'config_static' module.
+            dynamic_class = getattr(config_static, config_static.TOML_TO_STATIC_CATEGORIES[category])
+            # Set the value to the dynamic class setting.
+            setattr(dynamic_class, setting_name, value)
+
+    manipulations_after_import()
+
+    result = check_configurations()
+    return result
+
+
+def check_configurations() -> int:
     """
-    ImportConfig class is responsible for importing 'config.ini' file and its variables.
+    Check the configurations from the 'config.toml' file.
+    If there are any errors, print them and return 1.
+    :return: int, status code.
     """
 
-    def __init__(self, file_name: str, directory_path: str):
-        self.directory_path: str = directory_path
-        self.admin_rights = None
-        self.config_parser = ConfigParserWrapper(file_name=file_name, directory_path=self.directory_path)
-        self.config: dict = dict()
-
-    def open(self) -> None:
-        """
-        Open configuration file
-
-        :return:
-        """
-
-        # Read file to dictionary.
-        self.config_parser.read_to_dict()
-
-        # === Convert string values to python objects. ===
-        # Auto convert to booleans.
-        self.config_parser.auto_convert_values(integers=False)
-        # Convert keys.
-        self.config_parser.convert_string_values(['listening_port', 'cache_timeout_minutes'], 'int')
-        self.config_parser.convert_string_values(
-            ['forwarding_dns_service_ipv4_list___only_for_localhost'], 'list')
-        self.config_parser.convert_string_values(['listening_port_list'], 'list_of_int')
-        self.config_parser.convert_string_values(
-            ['logs_path', 'recordings_path', 'custom_server_certificate_path', 'custom_private_key_path',
-             'sni_server_certificates_cache_directory',
-             'sni_server_certificate_from_server_socket_download_directory'],
-            'path_relative_to_full')
-
-        # Move final dict to local config.
-        self.config = self.config_parser.config
-
-        self.check_configurations()
-        self.manipulations_after_import()
-
-    def check_configurations(self):
-        # Check if both DNS and TCP servers are disabled. ==============================================================
-        if not self.config['dns']['enable_dns_server'] and not self.config['tcp']['enable_tcp_server']:
-            print("What are you trying to do? You had disabled both DNS and TCP servers in config ini file.\n"
-                  "Exiting...")
-            sys.exit()
-
-        # Check [tcp_server] boolean configurations. ===================================================================
-        if not self.config['tcp']['engines_usage'] and self.config['tcp']['server_response_mode']:
-            print(
-                "You can't set [server_response_mode = True], while setting\n"
-                "[engines_usage = False].\n"
-                "No engine modules will be loaded - so nothing to respond to.\n"
-                "Exiting..."
-            )
-
-        # Check [dns] boolean configurations. ==========================================================================
-        check_3_booleans_when_only_1_can_be_true(
-            (self.config['dns']['route_to_tcp_server_only_engine_domains'], 'route_to_tcp_server_only_engine_domains'),
-            (self.config['dns']['route_to_tcp_server_all_domains'], 'route_to_tcp_server_all_domains'),
-            (self.config['dns']['regular_resolving'], 'regular_resolving')
-        )
-
-        check_3_booleans_when_only_1_can_be_true(
-            (self.config['certificates']['default_server_certificate_usage'], 'default_server_certificate_usage'),
-            (self.config['certificates']['sni_create_server_certificate_for_each_domain'],
-             'sni_create_server_certificate_for_each_domain'),
-            (self.config['certificates']['custom_server_certificate_usage'], 'custom_server_certificate_usage'))
-
-        if not self.config['certificates']['default_server_certificate_usage'] and \
-                self.config['certificates']['sni_default_server_certificate_addons']:
-            print(
-                f"No point setting [default_server_certificate_addons = True]\n"
-                f"If you're not going to use default certificates [default_server_certificate_usage = False]\n"
-                f"Exiting...")
-            sys.exit()
-
-        if self.config['certificates']['sni_get_server_certificate_from_server_socket'] and \
-                not self.config['certificates']['sni_create_server_certificate_for_each_domain']:
-            print("[sni_get_server_certificate_from_server_socket] was set to 'True', "
-                  "but no [sni_create_server_certificate_for_each_domain] was specified.\n"
-                  "Exiting...")
-            sys.exit()
-
-        if self.config['certificates']['custom_server_certificate_usage'] and \
-                not self.config['certificates']['custom_server_certificate_path']:
-            print("[custom_server_certificate_usage] was set to 'True', but no [custom_server_certificate_path] "
-                  "was specified.\n"
-                  "Exiting...")
-            sys.exit()
-
-        # Check admin right if on localhost ============================================================================
-        # If the 'config.dns['target_tcp_server_ipv4']' IP address is localhost, then we need to check if the script
-        # is executed with admin rights. There are some processes that 'psutil' can't get their command line if not
-        # executed with administrative privileges.
-        # Also, check Admin privileges only if 'config.tcp['get_process_name']' was set to 'True' in 'config.ini' of
-        # the script.
-        if self.config['dns']['target_tcp_server_ipv4'] == "127.0.0.1" and self.config['ssh']['get_process_name']:
-            self.admin_rights = is_admin()
-
-            # If we're not running with admin rights, prompt to the user and make him decide what to do.
-            # If he wants to continue running with 'psutil' exceptions or close the script and rerun with admin rights.
-            if not self.admin_rights:
-                print("=============================================================")
-                error_on_admin: str = \
-                    "[!!!] You're running the script in LOCALHOST mode without Administrative Privileges.\n" \
-                    "[!!!] 'psutil' needs them to read Command Lines of system Processes.\n" \
-                    "[!!!] Press [ENTER] to CONTINUE running with errors " \
-                    "on Process Command Line harvesting or rerun the script with Administrative Rights..."
-                print(error_on_admin)
-                # Stopping execution and waiting for user's [ENTER] key.
-                input()
-                print("=============================================================")
-
-    def manipulations_after_import(self):
-        # If 'custom_certificate_usage' was set to 'True'.
-        if self.config['certificates']['custom_server_certificate_usage']:
-            # Check file existence.
-            if not filesystem.is_file_exists(file_path=self.config['certificates']['custom_server_certificate_path']):
-                raise FileNotFoundError
-
-            # And if 'custom_private_key_path' field was populated in [advanced] section, we'll check its existence.
-            if self.config['certificates']['custom_private_key_path']:
-                # Check private key file existence.
-                if not filesystem.is_file_exists(file_path=self.config['certificates']['custom_private_key_path']):
-                    raise FileNotFoundError
-
-        skip_extensions: list = list()
-        if self.config['skip_extensions']['tls_web_client_authentication']:
-            skip_extensions.append('1.3.6.1.5.5.7.3.2')
-        if self.config['skip_extensions']['crl_distribution_points']:
-            skip_extensions.append('2.5.29.31')
-        if self.config['skip_extensions']['authority_information_access']:
-            skip_extensions.append('1.3.6.1.5.5.7.1.1')
-
-        self.config['skip_extensions'] = skip_extensions
+    is_admin = permissions.is_admin()
+
+    # Check if both DNS and TCP servers are disabled. ==============================================================
+    if not config_static.DNSServer.enable and not config_static.TCPServer.enable:
+        print_api("Both DNS and TCP servers in config ini file, nothing to run. Exiting...", color='red')
+        return 1
+
+    # Check [tcp_server] boolean configurations. ===================================================================
+    if not config_static.TCPServer.engines_usage and config_static.TCPServer.server_response_mode:
+        message = "You can't set [server_response_mode = True], while setting\n" \
+                    "[engines_usage = False].\n" \
+                    "No engine modules will be loaded - so nothing to respond to.\n" \
+                    "Exiting..."
+        print_api(message, color='red')
+        return 1
+
+    # Check admin right if on localhost ============================================================================
+    # If the 'config.dns['target_tcp_server_ipv4']' IP address is localhost, then we need to check if the script
+    # is executed with admin rights. There are some processes that 'psutil' can't get their command line if not
+    # executed with administrative privileges.
+    # Also, check Admin privileges only if 'config.tcp['get_process_name']' was set to 'True' in 'config.ini' of
+    # the script.
+    if (config_static.DNSServer.target_tcp_server_ipv4 in base.THIS_DEVICE_IP_LIST and
+            config_static.ProcessName.get_process_name):
+        # If we're not running with admin rights, prompt to the user and make him decide what to do.
+        # If he wants to continue running with 'psutil' exceptions or close the script and rerun with admin rights.
+        if not is_admin:
+            message: str = \
+                ("Need to run the script with administrative rights to get the process name while TCP running "
+                 "on the same computer.\nExiting...")
+            print_api(message, color='red')
+            return 1
+
+    if config_static.DNSServer.set_default_dns_gateway or \
+            config_static.DNSServer.set_default_dns_gateway_to_localhost or \
+            config_static.DNSServer.set_default_dns_gateway_to_default_interface_ipv4:
+        try:
+            booleans.check_3_booleans_when_only_1_can_be_true(
+                (config_static.DNSServer.set_default_dns_gateway, '[dns][set_default_dns_gateway]'),
+                (config_static.DNSServer.set_default_dns_gateway_to_localhost,
+                 '[dns][set_default_dns_gateway_to_localhost]'),
+                (config_static.DNSServer.set_default_dns_gateway_to_default_interface_ipv4,
+                 '[dns][set_default_dns_gateway_to_default_interface_ipv4]'))
+        except ValueError as e:
+            print_api(str(e), color='red')
+            return 1
+
+    if (config_static.DNSServer.set_default_dns_gateway or
+            config_static.DNSServer.set_default_dns_gateway_to_localhost or
+            config_static.DNSServer.set_default_dns_gateway_to_default_interface_ipv4):
+        is_dns_dynamic, current_dns_gateway = dns.get_default_dns_gateway()
+        if is_dns_dynamic and not is_admin:
+            message: str = \
+                "Need to run the script with administrative rights to set the default DNS gateway.\nExiting..."
+            print_api(message, color='red')
+            return 1
+
+    return 0
+
+
+def manipulations_after_import():
+    # Convert extensions to skip to a list of extension IDs.
+    skip_extensions: list = list()
+    if config_static.SkipExtensions.tls_web_client_authentication:
+        skip_extensions.append('1.3.6.1.5.5.7.3.2')
+    if config_static.SkipExtensions.crl_distribution_points:
+        skip_extensions.append('2.5.29.31')
+    if config_static.SkipExtensions.authority_information_access:
+        skip_extensions.append('1.3.6.1.5.5.7.1.1')
+    config_static.SkipExtensions.SKIP_EXTENSION_ID_LIST = skip_extensions
+
+    # If the paths are relative, convert them to absolute paths.
+    config_static.Log.logs_path = filesystem.check_absolute_path___add_full(
+        config_static.Log.logs_path, config_static.MainConfig.SCRIPT_DIRECTORY)
+    config_static.Recorder.recordings_path = filesystem.check_absolute_path___add_full(
+        config_static.Recorder.recordings_path, config_static.MainConfig.SCRIPT_DIRECTORY)
+    config_static.Certificates.custom_server_certificate_path = filesystem.check_absolute_path___add_full(
+        config_static.Certificates.custom_server_certificate_path, config_static.MainConfig.SCRIPT_DIRECTORY)
+
+    # At this point the user that sets the config can set it to null or empty string ''. We will make sure
+    # that the path is None if it's empty.
+    if config_static.Certificates.custom_private_key_path:
+        config_static.Certificates.custom_private_key_path = filesystem.check_absolute_path___add_full(
+            config_static.Certificates.custom_private_key_path, config_static.MainConfig.SCRIPT_DIRECTORY)
+    else:
+        config_static.Certificates.custom_private_key_path = None
+
+    config_static.Certificates.sni_server_certificates_cache_directory = filesystem.check_absolute_path___add_full(
+        config_static.Certificates.sni_server_certificates_cache_directory, config_static.MainConfig.SCRIPT_DIRECTORY)
+    config_static.Certificates.sni_server_certificate_from_server_socket_download_directory = \
+        filesystem.check_absolute_path___add_full(
+            config_static.Certificates.sni_server_certificate_from_server_socket_download_directory,
+            config_static.MainConfig.SCRIPT_DIRECTORY)

atomicshop/mitm/initialize_engines.py

@@ -96,7 +96,12 @@ class ModuleCategory:
 # Assigning external class object by message domain received from client. If the domain is not in the list,
 # the reference general module will be assigned.
 def assign_class_by_domain(
-        engines_list: list, message_domain_name: str, reference_module, config, logger=None):
+        engines_usage: bool,
+        engines_list: list,
+        message_domain_name: str,
+        reference_module,
+        logger=None
+):
     # Defining return variables:
     function_parser = None
     function_responder = None
@@ -106,7 +111,7 @@ def assign_class_by_domain(
     if message_domain_name:
         # If the engines_usage is set to True in the config file, then we'll iterate through the list of engines
         # to find the domain in the list of domains of the engine.
-        if config['tcp']['engines_usage']:
+        if engines_usage:
             # Checking if current domain is in engines' domain list to activate domain specific engine
             for function_module in engines_list:
                 # The list: matches_list = ["domain1.com", "domain2.com", "domain3.com"]