diff --git a/README.rst b/README.rst
index 684a902..5f3dbd4 100644
--- a/README.rst
+++ b/README.rst
@@ -79,6 +79,7 @@ This project is still in early development, as such the feature set is limited.
* DNS redirection based on simple config file
* HTTP/HTTPS serving of static files based on url regexes
+* Imitate known external IP address lookup sites (thanks to `ipgetter`_ for the compiled list)
* IRC service to capture connect and channel joins, etc.
* Basic SMTP server support (no auth support yet)
* Listening port ranges easily configurable and separate from the modules that handle the traffic.
@@ -90,7 +91,7 @@ Planned Additions:
* Internal DHCP server to auto configure clients
* Expand available fake services to include FTP, etc.
* SMTP Authentication support
-* HTTP/S response switching based on requested host/server not just URL pattern
+* Pluggable fake C2 servers
* Better documentation
Issues
@@ -101,6 +102,7 @@ requests can be made using GitHub's `issues system`_.
.. _GitHub: https://github.com/shendo/netsink
.. _issues system: https://github.com/shendo/netsink/issues
+.. _ipgetter: https://github.com/phoemur/ipgetter
.. |build_status| image:: https://secure.travis-ci.org/shendo/netsink.png?branch=master
:target: https://travis-ci.org/shendo/netsink
diff --git a/netsink/conf/http.conf b/netsink/conf/http.conf
index 3a4582d..a71bb4e 100644
--- a/netsink/conf/http.conf
+++ b/netsink/conf/http.conf
@@ -1,8 +1,18 @@
[http]
-responses = test,default
+responses = iplookup.txt,iplookup.html,test,default
serverstring = Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
+[iplookup.txt]
+pattern = (ip\.dnsexit\.com|ifconfig\.me/ip|ipecho\.net/plain|checkip\.dyndns\.org/plain|bot\.whatismyipaddress\.com|myexternalip\.com/raw|www\.trackip\.net/ip|icanhazip\.com|wtfismyip\.com/text)
+status = 200
+file = ipaddress.txt
+
+[iplookup.html]
+pattern = (ipecho\.net|checkip\.dyndns\.org|ipogre\.com|whatismyipaddress\.com|ip\.my-proxy\.com|websiteipaddress\.com/WhatIsMyIp|getmyipaddress\.org|www\.my-ip-address\.net|myexternalip\.com|www\.canyouseeme\.org|www\.trackip\.net|www\.iplocation\.net|www\.howtofindmyipaddress\.com|www\.ipchicken\.com|whatsmyip\.net|www\.ip-adress\.com|checkmyip\.com|www\.tracemyip\.org|checkmyip\.net|www\.lawrencegoetz\.com/programs/ipinfo|www\.findmyip\.co|ip-lookup\.net|www\.dslreports\.com/whois|www\.mon-ip\.com/../my-ip|myip\.ru|ipgoat\.com|www\.myipnumber\.com/my-ip-address\.asp|www\.whatsmyipaddress\.net|formyip\.com|check\.torproject\.org|www\.displaymyip\.com|www\.bobborst\.com/tools/whatsmyip|www\.geoiptool\.com|www\.whatsmydns\.net/whats-my-ip-address\.html|www\.privateinternetaccess\.com/pages/whats-my-ip|checkip\.dyndns\.com|myexternalip\.com|www\.ip-adress\.eu|www\.infosniper\.net|wtfismyip\.com|ipinfo\.io|httpbin\.org/ip)
+status = 200
+file = ipaddress.html
+
[test]
pattern = .*/404$
status = 404
diff --git a/netsink/data/ipaddress.html b/netsink/data/ipaddress.html
new file mode 100644
index 0000000..141d1c7
--- /dev/null
+++ b/netsink/data/ipaddress.html
@@ -0,0 +1,13 @@
+
+
+ What Is My IP Address
+
+
+ Your IP Address Is:
+
+
+11.22.33.44
+
+
+
+
\ No newline at end of file
diff --git a/netsink/data/ipaddress.txt b/netsink/data/ipaddress.txt
new file mode 100644
index 0000000..411897e
--- /dev/null
+++ b/netsink/data/ipaddress.txt
@@ -0,0 +1 @@
+11.22.33.44
\ No newline at end of file
diff --git a/netsink/modules/http.py b/netsink/modules/http.py
index 6396519..632edb9 100644
--- a/netsink/modules/http.py
+++ b/netsink/modules/http.py
@@ -59,19 +59,23 @@ def handle(self):
break
# read (and ignore) any body
- m = re.match("Content-Length: (?P\d+)", data)
+ m = re.search("Content-Length: (?P\d+)\r\n", data)
if m:
self.rfile.read(int(m.group('length')))
# handle request
+ host = ""
+ m = re.search(r"Host: (?P[0-9a-zA-Z\-\.\:]+)\r\n", data)
+ if m:
+ host = m.group('host').lower() # normalise
m = re.match(r"^(?P\w+) (?P\S+) (?PHTTP/\d\.\d)\r\n", data)
if m:
- self.handlepath(m.group('method'), m.group('path'))
+ self.handlepath(host, m.group('method'), m.group('path'))
- def handlepath(self, method, path):
+ def handlepath(self, host, method, path):
"""Search config patterns to find an appropriate file/response to return.
"""
for x in self.responses:
- m = re.match(x.pattern, path)
+ m = re.match(x.pattern, host + path)
if m:
data = ""
if x.file and x.file != "None":
diff --git a/tests/test_http.py b/tests/test_http.py
index 731a5f9..3e19345 100644
--- a/tests/test_http.py
+++ b/tests/test_http.py
@@ -12,3 +12,23 @@ def test_http():
resp = urllib2.urlopen("http://127.0.0.1:{0}/anything/blah.html".format(
server.socket.getsockname()[1])).read()
assert "Netsink" in resp
+
+def test_iplookup():
+ server = SocketServer.TCPServer(('', 0), http.HTTPHandler)
+ server.cfg = ModuleConfig('http.conf').cfg
+ thread.start_new_thread(server.serve_forever, ())
+ headers = { "User-Agent": 'Google-Bot', "Host": 'ipgoat.com' }
+ req = urllib2.Request("http://127.0.0.1:{0}".format(
+ server.socket.getsockname()[1]), headers=headers)
+ resp = urllib2.urlopen(req).read()
+ assert "11.22.33.44" in resp
+
+def test_iplookup_raw():
+ server = SocketServer.TCPServer(('', 0), http.HTTPHandler)
+ server.cfg = ModuleConfig('http.conf').cfg
+ thread.start_new_thread(server.serve_forever, ())
+ headers = { "Host": 'checkip.dyndns.org' }
+ req = urllib2.Request("http://127.0.0.1:{0}/plain".format(
+ server.socket.getsockname()[1]), headers=headers)
+ resp = urllib2.urlopen(req).read()
+ assert resp.startswith("11.22.33.44")