Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python3
- from http.server import HTTPServer, BaseHTTPRequestHandler
- from urllib.parse import unquote_to_bytes
- import datetime
- LISTEN_HOST = "0.0.0.0"
- LISTEN_PORT = 6667
- OUT_BASENAME = "received_secret.png"
- def parse_form_bytes(body: bytes):
- """
- Minimal x-www-form-urlencoded parser that works on bytes.
- Returns: dict[bytes, bytes]
- """
- params = {}
- for pair in body.split(b"&"):
- if b"=" not in pair:
- continue
- k, v = pair.split(b"=", 1)
- # + is space, %XX is hex-encoded
- k = unquote_to_bytes(k.replace(b"+", b" "))
- v = unquote_to_bytes(v.replace(b"+", b" "))
- params[k] = v
- return params
- class Handler(BaseHTTPRequestHandler):
- def do_POST(self):
- length = int(self.headers.get("Content-Length", 0))
- body = self.rfile.read(length)
- params = parse_form_bytes(body)
- if b"secret_file" in params:
- data = params[b"secret_file"]
- ts = datetime.datetime.utcnow().strftime("%Y%m%d-%H%M%S")
- filename = f"{ts}-{OUT_BASENAME}"
- with open(filename, "wb") as f:
- f.write(data)
- print(f"[+] Received {len(data)} bytes -> {filename}")
- self.send_response(200)
- self.end_headers()
- self.wfile.write(b"OK\n")
- else:
- print("[-] POST without 'secret_file' field")
- self.send_response(400)
- self.end_headers()
- self.wfile.write(b"Missing secret_file\n")
- # optional: silence default logging
- def log_message(self, format, *args):
- return
- def main():
- server_address = (LISTEN_HOST, LISTEN_PORT)
- httpd = HTTPServer(server_address, Handler)
- print(f"[+] Listening on http://{LISTEN_HOST}:{LISTEN_PORT}/post")
- httpd.serve_forever()
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
