honeyd-common 1.5c-8ubuntu1 / usr / share / honeyd / scripts / proxy.pl

This file is indexed.

/usr/share/honeyd/scripts/proxy.pl is in honeyd-common 1.5c-8ubuntu1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/usr/bin/perl
#
# Spam Bait and Analyzer for Honeyd
#
# Copyright 2003 Niels Provos <provos@citi.umich.edu>
# All rights reserved.
#
# For the license refer to the main source code of Honeyd.
use warnings;

unless ( eval "use Net::DNS; 1" )
{
    die "Please install Net::DNS";
}

$execprg = shift @ARGV;
$execargs = join(" ", @ARGV);
$execargs =~ s/\@/\\\\\\\@/g;	# Escape @ in email address if given.

#
# DNS Reverse Lookup
#

sub reverse_lookup {
    my $ipaddress = shift(@_);
    my $res = Net::DNS::Resolver->new;
    my ($query, $hostname);

    $query = $res->query("$ipaddress", "PTR");

    if (!$query) {
	return ("");
    }

    $hostname= ($query->answer)[0]->rdatastr;
    $hostname =~ s/\.$//;

    return ($hostname);
}

#
# Main
#

$connectionfailed = <<_EOF_;
HTTP/1.0 503 Connect failed
Content-Type: text/html

<html>
<head>
<title>Internet Junkbuster: Connect failed</title>
</head>
<body bgcolor="#f8f8f0" link="#000078" alink="#ff0022" vlink="#787878">
<h1><center><strong>Internet J<small>UNK<i><font color="red">BUSTER</font></i></small></strong></center></h1>TCP connection to 'xmagic_magicx' failed: Operation not permitted.
<br></body>
</html>
_EOF_
$connectionestablished = <<_EOF_;
HTTP/1.0 200 Connection established
Proxy-Agent: IJ/2.0.2

_EOF_
$connectionbad = <<_EOF_;
HTTP/1.0 400 Invalid header received from browser

_EOF_
$connectioninvalid = <<_EOF_;
HTTP/1.0 400 Invalid header received from browser

_EOF_

$| = 1;

$srcip = "127.0.0.1";
$srcip = $ENV{HONEYD_SRC_IP} if $ENV{HONEYD_SRC_IP};


while (<STDIN>) {
    s/[\r\n]*\Z//m;  # remove trailing newlines

    if (/^CONNECT (.*) HTTP/i) {
	@what = split(/:/, $1);
    LINE: while (<STDIN>) {
	    s/[\r\n]*\Z//m;  # remove trailing newlines
	    if (length $_ == 0) {
		last LINE;
	    }
	}
	
	$host = $what[0];
	$port = $what[1];

	if (not $port eq "25") {
	    $connectionfailed =~ s/xmagic_magicx/$host:$port/gm;
	    print $connectionfailed;
	    exit;
	}
	# Check if the host is an IP address or not
	if ($host =~ /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/) {
	    $hostname = reverse_lookup($host);
	} elsif ($host =~ /.*\.(edu|com|org)$/) {
	    $hostname = $host;
	} else {
	    $hostname = "";
	}

	$execargs = "-h $hostname ".$execargs unless $hostname eq "";

	print $connectionestablished;
	print STDERR "$srcip->$host:$port: $execargs";
	eval "exec \"$execprg $execargs\"";
	exit;
    } elsif (/^GET (.*) HTTP/i) {
	$host = $1;
    LINE: while (<STDIN>) {
	    s/[\r\n]*\Z//m;  # remove trailing newlines
	    if (length $_ == 0) {
		last LINE;
	    }
	}
	print $connectioninvalid;
	exit;
    } else {
	print $connectionbad;
	exit;
    }
}

APT Browse - Built by Thomas Orozco.