]>
Commit | Line | Data |
---|---|---|
c0eaf759 | 1 | /* vim: set shiftwidth=3 softtabstop=3 expandtab: */ |
2 | ||
0f60592d | 3 | /* Copyright (C) 2002 Erik Fears |
4 | * | |
5 | * This program is free software; you can redistribute it and/or | |
6 | * modify it under the terms of the GNU General Public License | |
7 | * as published by the Free Software Foundation; either version 2 | |
8 | * of the License, or (at your option) any later version. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | * GNU General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU General Public License | |
58bbba92 | 16 | * along with this program; if not, write to |
0f60592d | 17 | * |
58bbba92 | 18 | * The Free Software Foundation, Inc. |
0f60592d | 19 | * 59 Temple Place - Suite 330 |
20 | * Boston, MA 02111-1307, USA. | |
21 | * | |
22 | * | |
23 | */ | |
24 | ||
58bbba92 | 25 | #include "setup.h" |
26 | ||
c0eaf759 | 27 | #include <stdio.h> |
28 | ||
29 | #ifdef STDC_HEADERS | |
30 | # include <stdlib.h> | |
31 | # include <string.h> | |
32 | #endif | |
33 | ||
c004766d | 34 | #include "inet.h" |
a72c9e1a | 35 | #include "compat.h" |
0f60592d | 36 | #include "config.h" |
37 | #include "proxy.h" | |
38 | #include "opm_common.h" | |
39 | #include "opm_types.h" | |
40 | #include "opm_error.h" | |
41 | #include "libopm.h" | |
0f60592d | 42 | |
58bbba92 | 43 | RCSID("$Id$"); |
44 | ||
7e10348d | 45 | static char SENDBUF[SENDBUFLEN + 1]; |
0e4ea0ca | 46 | |
3d935da4 | 47 | int libopm_proxy_http_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn) |
0f60592d | 48 | { |
117a8c20 | 49 | USE_VAR(scan); |
50 | ||
7e10348d | 51 | snprintf(SENDBUF, SENDBUFLEN, "CONNECT %s:%d HTTP/1.0\r\n\r\n", |
5a8150aa | 52 | (char *) libopm_config(scanner->config, OPM_CONFIG_SCAN_IP), |
53 | *(int *) libopm_config(scanner->config, OPM_CONFIG_SCAN_PORT)); | |
0f60592d | 54 | |
7e10348d | 55 | if(send(conn->fd, SENDBUF, strlen(SENDBUF), 0) == -1) |
0f60592d | 56 | return 0; /* Return error code ? */ |
57 | ||
58 | return OPM_SUCCESS; | |
59 | } | |
e3f09ebb | 60 | |
61 | ||
62 | /* | |
63 | * CONNECT request byte order for socks4 | |
64 | * | |
65 | * +----+----+----+----+----+----+----+----+----+----+....+----+ | |
66 | * | VN | CD | DSTPORT | DSTIP | USERID |NULL| | |
67 | * +----+----+----+----+----+----+----+----+----+----+....+----+ | |
68 | * # of bytes: 1 1 2 4 variable 1 | |
69 | * | |
70 | * VN = Version, CD = Command Code (1 is connect request) | |
71 | */ | |
72 | ||
3d935da4 | 73 | int libopm_proxy_socks4_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn) |
e3f09ebb | 74 | { |
75 | struct in_addr addr; | |
76 | unsigned long laddr; | |
77 | int len, scan_port; | |
78 | char *scan_ip; | |
92d9f47e | 79 | USE_VAR(scan); |
e3f09ebb | 80 | |
5a8150aa | 81 | scan_ip = (char *) libopm_config(scanner->config, OPM_CONFIG_SCAN_IP); |
82 | scan_port = *(int *) libopm_config(scanner->config, OPM_CONFIG_SCAN_PORT); | |
e3f09ebb | 83 | |
ea297abf | 84 | if (inet_aton(scan_ip, &addr) == 0) |
85 | ; /* handle error */ | |
86 | ||
e3f09ebb | 87 | laddr = htonl(addr.s_addr); |
88 | ||
7e10348d | 89 | len = snprintf(SENDBUF, SENDBUFLEN, "%c%c%c%c%c%c%c%c%c", 4, 1, |
e3f09ebb | 90 | (((unsigned short) scan_port) >> 8) & 0xFF, |
91 | (((unsigned short) scan_port) & 0xFF), | |
92 | (char) (laddr >> 24) & 0xFF, (char) (laddr >> 16) & 0xFF, | |
93 | (char) (laddr >> 8) & 0xFF, (char) laddr & 0xFF, 0); | |
94 | ||
c0eaf759 | 95 | send(conn->fd, SENDBUF, (unsigned int)len, 0); |
96 | ||
e3f09ebb | 97 | return OPM_SUCCESS; |
98 | } | |
99 | ||
100 | ||
101 | /* | |
102 | * Send version authentication selection message to socks5 | |
103 | * | |
104 | * +----+----------+----------+ | |
105 | * |VER | NMETHODS | METHODS | | |
106 | * +----+----------+----------+ | |
107 | * | 1 | 1 | 1 to 255 | | |
108 | * +----+----------+----------+ | |
109 | * | |
110 | * VER always contains 5, for socks version 5 | |
111 | * Method 0 is 'No authentication required' | |
112 | * | |
113 | * | |
114 | * | |
115 | * The SOCKS request is formed as follows: | |
116 | * | |
117 | * +----+-----+-------+------+----------+----------+ | |
118 | * |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT | | |
119 | * +----+-----+-------+------+----------+----------+ | |
120 | * | 1 | 1 | X'00' | 1 | Variable | 2 | | |
121 | * +----+-----+-------+------+----------+----------+ | |
122 | * | |
123 | * | |
124 | * o VER protocol version: X'05' | |
125 | * o CMD | |
126 | * o CONNECT X'01' | |
127 | * o BIND X'02' | |
128 | * o UDP ASSOCIATE X'03' | |
129 | * o RSV RESERVED | |
130 | * o ATYP address type of following address | |
131 | * o IP V4 address: X'01' | |
132 | * o DOMAINNAME: X'03' | |
133 | * o IP V6 address: X'04' | |
134 | * o DST.ADDR desired destination address | |
135 | * o DST.PORT desired destination port in network octet | |
136 | * order | |
137 | * | |
138 | * | |
139 | */ | |
140 | ||
3d935da4 | 141 | int libopm_proxy_socks5_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn) |
e3f09ebb | 142 | { |
143 | struct in_addr addr; | |
144 | unsigned long laddr; | |
145 | int len, scan_port; | |
146 | char *scan_ip; | |
92d9f47e | 147 | USE_VAR(scan); |
148 | ||
5a8150aa | 149 | scan_ip = (char *) libopm_config(scanner->config, OPM_CONFIG_SCAN_IP); |
150 | scan_port = *(int *) libopm_config(scanner->config, OPM_CONFIG_SCAN_PORT); | |
e3f09ebb | 151 | |
bffcb5fd | 152 | if (inet_aton(scan_ip, &addr) == 0) |
153 | ; /* handle error */ | |
154 | ||
e3f09ebb | 155 | laddr = htonl(addr.s_addr); |
156 | ||
157 | /* Form authentication string */ | |
158 | /* Version 5, 1 number of methods, 0 method (no auth). */ | |
7e10348d | 159 | len = snprintf(SENDBUF, SENDBUFLEN, "%c%c%c", 5, 1, 0); |
c0eaf759 | 160 | send(conn->fd, SENDBUF, (unsigned int)len, 0); |
e3f09ebb | 161 | |
162 | /* Form request string */ | |
163 | ||
164 | /* Will need to write ipv6 support here in future | |
165 | * as socks5 is ipv6 compatible | |
166 | */ | |
7e10348d | 167 | len = snprintf(SENDBUF, SENDBUFLEN, "%c%c%c%c%c%c%c%c%c%c", 5, 1, 0, 1, |
e3f09ebb | 168 | (char) (laddr >> 24) & 0xFF, (char) (laddr >> 16) & 0xFF, |
169 | (char) (laddr >> 8) & 0xFF, (char) laddr & 0xFF, | |
170 | (((unsigned short) scan_port) >> 8) & 0xFF, | |
171 | (((unsigned short) scan_port) & 0xFF)); | |
172 | ||
c0eaf759 | 173 | send(conn->fd, SENDBUF, (unsigned int)len, 0); |
e3f09ebb | 174 | |
c0eaf759 | 175 | return OPM_SUCCESS; |
e3f09ebb | 176 | } |
177 | ||
178 | /* | |
179 | * Open wingates require no authentication, they will send a prompt when | |
180 | * connect. | |
181 | */ | |
182 | ||
3d935da4 | 183 | int libopm_proxy_wingate_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn) |
e3f09ebb | 184 | { |
185 | int scan_port, len; | |
186 | char *scan_ip; | |
92d9f47e | 187 | USE_VAR(scan); |
e3f09ebb | 188 | |
5a8150aa | 189 | scan_ip = (char *) libopm_config(scanner->config, OPM_CONFIG_SCAN_IP); |
190 | scan_port = *(int *) libopm_config(scanner->config, OPM_CONFIG_SCAN_PORT); | |
e3f09ebb | 191 | |
7e10348d | 192 | len = snprintf(SENDBUF, SENDBUFLEN, "%s:%d\r\n", scan_ip, scan_port); |
c0eaf759 | 193 | send(conn->fd, SENDBUF, (unsigned int)len, 0); |
194 | ||
e3f09ebb | 195 | return OPM_SUCCESS; |
196 | } | |
197 | ||
198 | ||
199 | /* | |
200 | * Cisco scanning | |
201 | * | |
202 | * Some cisco routers have 'cisco' set as password which allow open telnet | |
203 | * relay. Attempt to connect using cisco as a password, then give command for | |
204 | * telnet to the scanip/scanport | |
205 | */ | |
206 | ||
3d935da4 | 207 | int libopm_proxy_router_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn) |
e3f09ebb | 208 | { |
209 | int len, scan_port; | |
210 | char *scan_ip; | |
92d9f47e | 211 | USE_VAR(scan); |
e3f09ebb | 212 | |
5a8150aa | 213 | scan_ip = (char *) libopm_config(scanner->config, OPM_CONFIG_SCAN_IP); |
214 | scan_port = *(int *) libopm_config(scanner->config, OPM_CONFIG_SCAN_PORT); | |
e3f09ebb | 215 | |
7e10348d | 216 | len = snprintf(SENDBUF, SENDBUFLEN, "cisco\r\n"); |
c0eaf759 | 217 | send(conn->fd, SENDBUF, (unsigned int)len, 0); |
e3f09ebb | 218 | |
7e10348d | 219 | len = snprintf(SENDBUF, SENDBUFLEN, "telnet %s %d\r\n", scan_ip, scan_port); |
c0eaf759 | 220 | send(conn->fd, SENDBUF, (unsigned int)len, 0); |
221 | ||
e3f09ebb | 222 | return OPM_SUCCESS; |
223 | } | |
224 | ||
57c377c8 | 225 | |
226 | /* | |
227 | * HTTP POST Scanning | |
228 | * | |
229 | */ | |
230 | ||
231 | int libopm_proxy_httppost_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn) | |
232 | { | |
233 | int len, scan_port; | |
234 | char *scan_ip; | |
92d9f47e | 235 | USE_VAR(scan); |
57c377c8 | 236 | |
237 | scan_ip = (char *) libopm_config(scanner->config, OPM_CONFIG_SCAN_IP); | |
238 | scan_port = *(int *) libopm_config(scanner->config, OPM_CONFIG_SCAN_PORT); | |
239 | ||
7e10348d | 240 | len = snprintf(SENDBUF, SENDBUFLEN, "POST http://%s:%d/ HTTP/1.0\r\n" |
57c377c8 | 241 | "Content-type: text/plain\r\n" |
242 | "Content-length: 5\r\n\r\n" | |
243 | "quit\r\n\r\n", | |
244 | scan_ip, scan_port); | |
245 | ||
c0eaf759 | 246 | send(conn->fd, SENDBUF, (unsigned int)len, 0); |
247 | ||
c0eaf759 | 248 | return OPM_SUCCESS; |
57c377c8 | 249 | } |