Untitled

#!/usr/bin/python
#
# This is the relay script mentioned in http://blog.zorinaq.com/?e=81
#
# Listens on the address and port specified by --local-ip and --local-port, and
# relay all connections to the endpoint specified by --remote-hosts and
# --remote-port. Multiple remote hosts can be specified: one will be selected
# randomly for each connection.
#
# Optionally, if --mode 1:<secret> is specified, insert the secret key as the
# first bytes of data transmitted through each relayed connection, and if
# --mode 2:<secret> is specified, verify and remove the secret key (ignore
# the connection by discarding all data if the key does not match).
#
# I recommend a long hex string for the secret, for example:
# $ secret=`ps aux | md5sum | cut -c 1-32`
# $ ./tcprelay-secret-exp.py [...] -m 1:"$secret"

#import asyncake
import asyncore
import socket, random, struct
import re

class forwarder(asyncore.dispatcher):
    def __init__(self, ip, port, remoteip, remoteport, mode, secret, backlog=600):
        asyncore.dispatcher.__init__(self)
        self.remoteip=remoteip
        self.remoteport=remoteport
        self.mode=mode
        self.secret=secret
        self.create_socket(socket.AF_INET,socket.SOCK_STREAM)
        self.set_reuse_addr()
        self.bind((ip,port))
        self.listen(backlog)

    def handle_accept(self):
        conn, addr = self.accept()
        # print '--- Connect --- '
        sender(receiver(conn, addr[0], self.mode, self.secret),self.remoteip,self.remoteport, addr[0])

class receiver(asyncore.dispatcher):
    def __init__(self, conn, client_ip, mode, secret):
        asyncore.dispatcher.__init__(self,conn)
        self.mode=mode
        self.secret=secret
        self.from_remote_buffer=''
        self.to_remote_buffer=''
        self.sender=None
        self.client_ip = client_ip
        self.zero_bytes_forwarded = True
        # for framing
        self.look_for_type = True
        self.field_type = None
        self.look_for_len_byte_nr = None
        self.field_len = None
        self.bytes_left_to_extract = None

    def handle_connect(self):
        pass

    def detect_and_remove_framing(self, read):
        processed_read = ''
        for b in read:
            if self.look_for_type:
                self.field_type = b
                self.look_for_type = False
                self.look_for_len_byte_nr = 0
                self.field_len = 0
            elif self.look_for_len_byte_nr != None:
                self.field_len <<= 8
                self.field_len += ord(b)
                self.look_for_len_byte_nr += 1
                if self.look_for_len_byte_nr >= 2:
                    self.look_for_len_byte_nr = None
                    self.bytes_left_to_extract = self.field_len
            elif self.bytes_left_to_extract != None:
                if self.field_type == 'd':
                    processed_read += b
                else:
                    pass
                self.bytes_left_to_extract -= 1
                if self.bytes_left_to_extract == 0:
                    self.bytes_left_to_extract = None
                    self.look_for_type = True
        return processed_read

    def handle_read(self):
        """Read from TCP client."""
        read = self.recv(4096)
        if self.mode == '1': # insert the secret key
            # Implement simple framing ('d' for data packets, 'p' for padding packets)
            read = 'd' + struct.pack('>h', len(read)) + read
            rlen = 0
            padding = 1
            if padding == 0: # no padding
                rlen = 0
            elif padding == 1 and len(read) < 1500: # padding
                if len(read) < 1000:
                    rlen = random.randint(1000 - len(read), 1500 - len(read))
                else:
                    rlen = random.randint(0, 1500 - len(read))
            if rlen:
                read += 'p' + struct.pack('>h', rlen) + ('_' * rlen)
            if self.zero_bytes_forwarded:
                read = self.secret + read
                self.zero_bytes_forwarded = False
        elif self.mode == '2': # verify and remove the secret key
            if self.zero_bytes_forwarded:
                if read.startswith(self.secret):
                    read = read[len(self.secret):]
                    self.zero_bytes_forwarded = False
                else:
                    read = ''
            read = self.detect_and_remove_framing(read)
        # print '%04i -->'%len(read)
        self.from_remote_buffer += read

    def writable(self):
        return (len(self.to_remote_buffer) > 0)

    def handle_write(self):
        sent = self.send(self.to_remote_buffer)
        # print '%04i <--'%sent
        self.to_remote_buffer = self.to_remote_buffer[sent:]

    def handle_close(self):
        self.close()
        if self.sender:
            self.sender.close()

class sender(asyncore.dispatcher):
    def __init__(self, receiver, remoteaddr, remoteport, client_ip):
        asyncore.dispatcher.__init__(self)
        self.receiver=receiver
        receiver.sender=self
        self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
        self.connect((random.choice(remoteaddr), remoteport))

    def handle_connect(self):
        pass

    def handle_read(self):
        """Read from TCP server."""
        read = self.recv(4096)
        # print '<-- %04i'%len(read)
        self.receiver.to_remote_buffer += read

    def writable(self):
        return (len(self.receiver.from_remote_buffer) > 0)

    def handle_write(self):
        sent = self.send(self.receiver.from_remote_buffer)
        # print '--> %04i'%sent
        self.receiver.from_remote_buffer = self.receiver.from_remote_buffer[sent:]

    def handle_close(self):
        # when the buffer has not yet fully been written to the client, don't close quite yet.
        # handle_close() will be automatically called again by asyncore
        if not self.receiver.to_remote_buffer:
            self.close()
            self.receiver.close()

if __name__=='__main__':
    import optparse
    parser = optparse.OptionParser()

    parser.add_option(
            '-l','--local-ip',
            dest='local_ip',default='127.0.0.1',
            help='Local IP address to bind to (for listening socket)')
    parser.add_option(
            '-p','--local-port',
            type='int',dest='local_port',
            help='Local port to bind to')
    parser.add_option(
            '-P','--remote-port',
            type='int',dest='remote_port',
            help='Remote port to connect to')
    parser.add_option(
            '-r','--remote-hosts',
            type='string',dest='remote_hosts',default='127.0.0.1',
            help='Remote host(s) to connect to, comma-separated')
    parser.add_option(
            '-m','--mode',
            type='string',dest='mode',
            help='Operating mode ("0" for not using a secret key, ' + \
                    '"1:<secret>" for using/inserting the specified secret key, ' + \
                    '"2:<secret>" for verifying/stripping the specified secret key')
    options, args = parser.parse_args()
    alladdresses = {}
    for h in options.remote_hosts.split(','):
        (name, aliaslist, addresslist) = socket.gethostbyname_ex(h)
        for a in addresslist:
            alladdresses[a] = None
    if options.mode is None:
        (mode, secret) = (None, None)
    else:
        (mode, secret) = options.mode.split(':', 1)
        if len(secret) < 32:
            raise Exception('secret specified in -m option needs to be at least 32 characters long')
    #x = asyncake.AsynCake()
    forwarder(options.local_ip, options.local_port, alladdresses.keys(), options.remote_port, mode, secret)
    #x.loop()
    asyncore.loop()