2020-05-28 19:30:31 +08:00
|
|
|
import sys
|
2019-12-20 15:38:14 +08:00
|
|
|
import unittest
|
|
|
|
|
import json
|
|
|
|
|
import pycurl
|
|
|
|
|
import os
|
|
|
|
|
import re
|
2020-05-26 10:43:17 +08:00
|
|
|
import time
|
2019-12-20 15:38:14 +08:00
|
|
|
from io import BytesIO
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
URLBypass = 'https://sha384.badssl.self-test.geedge.net'
|
|
|
|
|
URLIntercept = 'https://sha256.badssl.self-test.geedge.net'
|
|
|
|
|
URLSexpired = 'https://expired.badssl.self-test.geedge.net'
|
|
|
|
|
URLSwronghost = 'https://wrong.host.badssl.self-test.geedge.net'
|
|
|
|
|
URLSselfsigned = 'https://self-signed.badssl.self-test.geedge.net'
|
|
|
|
|
URLSuntrustedroot = 'https://untrusted-root.badssl.self-test.geedge.net'
|
|
|
|
|
URLSrevoked = 'https://revoked.badssl.self-test.geedge.net'
|
|
|
|
|
URLSpinningtest = 'https://pinning-test.badssl.self-test.geedge.net'
|
|
|
|
|
|
|
|
|
|
URLRedirect = 'https://cn.bing.com/rs/2V/pE/cj,nj/b1392357/d94c45f4.js'
|
|
|
|
|
URLReplace = 'https://cn.bing.com/rs/5j/1pF/cj,nj/2213d9b6/b50738ca.js'
|
|
|
|
|
URLInsert = 'https://cn.bing.com/?FORM=BEHPTB'
|
|
|
|
|
URLHijack = 'https://cn.bing.com/rs/31/2n/cj,nj/4c7364c5/40e1b425.js'
|
|
|
|
|
URLBlock = 'https://cn.bing.com/rs/31/22/cj,nj/3f1e2270/f8c6dd44.js'
|
|
|
|
|
|
2020-05-28 22:49:17 +08:00
|
|
|
URLdictConTrafficInject = {
|
|
|
|
|
"0k":"https://downloadfile.self-test.geedge.net/0k", \
|
|
|
|
|
"1k":"https://downloadfile.self-test.geedge.net/1k", \
|
|
|
|
|
"2k":"https://downloadfile.self-test.geedge.net/2k", \
|
|
|
|
|
"4k":"https://downloadfile.self-test.geedge.net/4k", \
|
|
|
|
|
"8k":"https://downloadfile.self-test.geedge.net/8k", \
|
|
|
|
|
"16k":"https://downloadfile.self-test.geedge.net/16k", \
|
|
|
|
|
"32k":"https://downloadfile.self-test.geedge.net/32k", \
|
|
|
|
|
"64k":"https://downloadfile.self-test.geedge.net/64k", \
|
|
|
|
|
"128k":"https://downloadfile.self-test.geedge.net/128k", \
|
|
|
|
|
"256k":"https://downloadfile.self-test.geedge.net/256k", \
|
|
|
|
|
"512k":"https://downloadfile.self-test.geedge.net/512k", \
|
|
|
|
|
"1M":"https://downloadfile.self-test.geedge.net/1M", \
|
|
|
|
|
"2M":"https://downloadfile.self-test.geedge.net/2M", \
|
|
|
|
|
"4M":"https://downloadfile.self-test.geedge.net/4M", \
|
|
|
|
|
"8M":"https://downloadfile.self-test.geedge.net/8M", \
|
|
|
|
|
"16M":"https://downloadfile.self-test.geedge.net/16M", \
|
|
|
|
|
"32M":"https://downloadfile.self-test.geedge.net/32M", \
|
|
|
|
|
"64M":"https://downloadfile.self-test.geedge.net/64M"}
|
|
|
|
|
|
2019-12-20 15:38:14 +08:00
|
|
|
|
|
|
|
|
ssl_bypass_info_re = "ssl bypass ok"
|
|
|
|
|
ssl_intercept_info_re = "ssl intercept ok"
|
|
|
|
|
https_exprired_info_re = "https exprired ok"
|
|
|
|
|
https_wrong_host_info_re = "https wrong host ok"
|
|
|
|
|
https_self_signed_info_re = "https self signed ok"
|
|
|
|
|
https_untrusted_root_info_re = "https untrusted_root ok"
|
|
|
|
|
https_revoked_info_re = "https revoked ok"
|
|
|
|
|
https_pinning_test_info_re = "https pinning-test ok"
|
|
|
|
|
http_redirect_info_re = "http connection redirect success"
|
|
|
|
|
http_replace_info_re = "http connection replace success"
|
|
|
|
|
http_insert_info_re = "http connection insert success"
|
|
|
|
|
http_hijack_info_re = "http connection hijack success"
|
|
|
|
|
http_block_info_re = "http connection block success"
|
|
|
|
|
|
2020-05-28 22:49:17 +08:00
|
|
|
https_download_file_info_re = "http download file success"
|
|
|
|
|
|
2020-05-26 23:52:15 +08:00
|
|
|
wpr_dns_resolve = ['cn.bing.com:443:192.0.2.131']
|
2019-12-20 15:38:14 +08:00
|
|
|
|
|
|
|
|
class SSLCheckRequestBuild:
|
|
|
|
|
def __init__(self):
|
|
|
|
|
self.conn = pycurl.Curl()
|
|
|
|
|
self.conn.setopt(self.conn.WRITEFUNCTION, BytesIO().write)
|
|
|
|
|
self.conn.setopt(self.conn.OPT_CERTINFO, 1)
|
|
|
|
|
self.conn.setopt(self.conn.SSL_VERIFYPEER, False)
|
|
|
|
|
|
|
|
|
|
def ssl_bypass(self):
|
|
|
|
|
self.conn.setopt(self.conn.URL,URLBypass)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
certs = self.conn.getinfo(self.conn.INFO_CERTINFO)
|
|
|
|
|
self.conn.close()
|
|
|
|
|
issuer = ()
|
|
|
|
|
for cert_info in certs[0]:
|
|
|
|
|
if cert_info[0] == "Issuer":
|
|
|
|
|
issuer = cert_info
|
|
|
|
|
break
|
|
|
|
|
if len(issuer) <= 0:
|
|
|
|
|
raise Exception("Error: get Certificate info error")
|
|
|
|
|
if re.search(r'\bCN[\s]*=[\s]*BadSSL\b',issuer[1],0):
|
|
|
|
|
raise Exception(ssl_bypass_info_re)
|
|
|
|
|
elif re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
|
|
|
|
|
raise Exception("Error:Ssl link is intercepted")
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Got other error certificate information")
|
|
|
|
|
|
|
|
|
|
def ssl_intercept(self):
|
|
|
|
|
self.conn.setopt(self.conn.URL,URLIntercept)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
certs = self.conn.getinfo(self.conn.INFO_CERTINFO)
|
|
|
|
|
self.conn.close()
|
|
|
|
|
issuer = ()
|
|
|
|
|
for cert_info in certs[0]:
|
|
|
|
|
if cert_info[0] == "Issuer":
|
|
|
|
|
issuer = cert_info
|
|
|
|
|
break
|
|
|
|
|
if len(issuer) <= 0:
|
|
|
|
|
raise Exception("Error: get Certificate info error")
|
|
|
|
|
if re.search(r'CN = Tango[\s\S]*UNTRUST',issuer[1],0):
|
|
|
|
|
raise Exception(ssl_intercept_info_re)
|
|
|
|
|
elif re.search(r'\bCN[\s]*=[\s]*BadSSL\b',issuer[1],0):
|
|
|
|
|
raise Exception("Error:Ssl link is intercepted")
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Got other error certificate information")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SslInterceptRequestBuild:
|
|
|
|
|
def __init__(self):
|
|
|
|
|
self.conn = pycurl.Curl()
|
|
|
|
|
self.conn.setopt(self.conn.WRITEFUNCTION, BytesIO().write)
|
|
|
|
|
self.conn.setopt(self.conn.OPT_CERTINFO, 1)
|
|
|
|
|
self.conn.setopt(self.conn.SSL_VERIFYPEER, False)
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def ssl_intercept_certerrExpired(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
self.conn.setopt(self.conn.URL, URLSexpired)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
certs = self.conn.getinfo(self.conn.INFO_CERTINFO)
|
|
|
|
|
self.conn.close()
|
|
|
|
|
issuer = ()
|
|
|
|
|
for cert_info in certs[0]:
|
|
|
|
|
if cert_info[0].lower() == "issuer":
|
|
|
|
|
issuer = cert_info
|
|
|
|
|
break
|
|
|
|
|
if len(issuer) <= 0:
|
|
|
|
|
raise Exception("Error: get Certificate info error")
|
|
|
|
|
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
|
|
|
|
|
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
|
|
|
|
|
raise Exception(https_exprired_info_re)
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Fail:ssl intercept cert is trust")
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Got other error certificate information")
|
|
|
|
|
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def ssl_intercept_certerrWrong_host(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
self.conn.setopt(self.conn.URL,URLSwronghost)
|
|
|
|
|
self.conn.setopt(self.conn.SSL_VERIFYHOST, False)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
certs = self.conn.getinfo(self.conn.INFO_CERTINFO)
|
|
|
|
|
self.conn.close()
|
|
|
|
|
issuer = ()
|
|
|
|
|
for cert_info in certs[0]:
|
|
|
|
|
if cert_info[0].lower() == "issuer":
|
|
|
|
|
issuer = cert_info
|
|
|
|
|
break
|
|
|
|
|
if len(issuer) <= 0:
|
|
|
|
|
raise Exception("Error: get Certificate info error")
|
|
|
|
|
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
|
|
|
|
|
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
|
|
|
|
|
raise Exception(https_wrong_host_info_re )
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Fail:ssl intercept cert is trust")
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Got other error certificate information")
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def ssl_intercept_certerrSelf_signed(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
self.conn.setopt(self.conn.URL,URLSselfsigned)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
certs = self.conn.getinfo(self.conn.INFO_CERTINFO)
|
|
|
|
|
self.conn.close()
|
|
|
|
|
issuer = ()
|
|
|
|
|
for cert_info in certs[0]:
|
|
|
|
|
if cert_info[0].lower() == "issuer":
|
|
|
|
|
issuer = cert_info
|
|
|
|
|
break
|
|
|
|
|
if len(issuer) <= 0:
|
|
|
|
|
raise Exception("Error: get Certificate info error")
|
|
|
|
|
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
|
|
|
|
|
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
|
|
|
|
|
raise Exception(https_self_signed_info_re)
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Fail:ssl intercept cert is trust")
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Got other error certificate information")
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def ssl_intercept_certerrUntrusted_root(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
self.conn.setopt(self.conn.URL,URLSuntrustedroot)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
certs = self.conn.getinfo(self.conn.INFO_CERTINFO)
|
|
|
|
|
self.conn.close()
|
|
|
|
|
issuer = ()
|
|
|
|
|
for cert_info in certs[0]:
|
|
|
|
|
if cert_info[0].lower() == "issuer":
|
|
|
|
|
issuer = cert_info
|
|
|
|
|
break
|
|
|
|
|
if len(issuer) <= 0:
|
|
|
|
|
raise Exception("Error: get Certificate info error")
|
|
|
|
|
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
|
|
|
|
|
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
|
|
|
|
|
raise Exception(https_untrusted_root_info_re)
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Fail:ssl intercept cert is trust")
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Got other error certificate information")
|
|
|
|
|
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def ssl_intercept_certerrRevoked(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
|
|
|
|
|
self.conn.setopt(self.conn.URL,URLSrevoked)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
certs = self.conn.getinfo(self.conn.INFO_CERTINFO)
|
|
|
|
|
self.conn.close()
|
|
|
|
|
issuer = ()
|
|
|
|
|
for cert_info in certs[0]:
|
|
|
|
|
if cert_info[0].lower() == "issuer":
|
|
|
|
|
issuer = cert_info
|
|
|
|
|
break
|
|
|
|
|
if len(issuer) <= 0:
|
|
|
|
|
raise Exception("Error: get Certificate info error")
|
|
|
|
|
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
|
|
|
|
|
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
|
|
|
|
|
raise Exception(https_revoked_info_re)
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Fail:ssl intercept cert is trust")
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Got other error certificate information")
|
|
|
|
|
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def ssl_intercept_certerrPinning_test(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
|
|
|
|
|
self.conn.setopt(self.conn.URL,URLSpinningtest)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
certs = self.conn.getinfo(self.conn.INFO_CERTINFO)
|
|
|
|
|
self.conn.close()
|
|
|
|
|
issuer = ()
|
|
|
|
|
for cert_info in certs[0]:
|
|
|
|
|
if cert_info[0].lower() == "issuer":
|
|
|
|
|
issuer = cert_info
|
|
|
|
|
break
|
|
|
|
|
if len(issuer) <= 0:
|
|
|
|
|
raise Exception("Error: get Certificate info error")
|
|
|
|
|
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
|
|
|
|
|
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
|
|
|
|
|
raise Exception(https_pinning_test_info_re)
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Fail:ssl intercept cert is trust")
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Got other error certificate information")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SslHttpRequestBuild:
|
|
|
|
|
def __init__(self):
|
|
|
|
|
self.bodyBuf = BytesIO()
|
|
|
|
|
self.conn = pycurl.Curl()
|
|
|
|
|
self.conn.setopt(self.conn.OPT_CERTINFO, 1)
|
|
|
|
|
self.conn.setopt(self.conn.SSL_VERIFYPEER, False)
|
|
|
|
|
self.conn.setopt(self.conn.ENCODING, "gzip,deflate")
|
|
|
|
|
self.conn.setopt(self.conn.RESOLVE,wpr_dns_resolve)
|
|
|
|
|
|
|
|
|
|
def http_redirect(self):
|
|
|
|
|
self.conn.setopt(self.conn.URL, URLRedirect)
|
|
|
|
|
self.conn.setopt(self.conn.WRITEFUNCTION, BytesIO().write)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
rescode = self.conn.getinfo(self.conn.RESPONSE_CODE)
|
|
|
|
|
self.conn.close()
|
|
|
|
|
if rescode == 301 or rescode == 302:
|
|
|
|
|
raise Exception(http_redirect_info_re)
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Http connection redirect fail")
|
|
|
|
|
|
|
|
|
|
def http_replace(self):
|
|
|
|
|
self.conn.setopt(self.conn.WRITEDATA, self.bodyBuf)
|
|
|
|
|
self.conn.setopt(self.conn.URL, URLReplace)
|
|
|
|
|
resCode = self.conn.getinfo(self.conn.RESPONSE_CODE)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
body = self.bodyBuf.getvalue().decode('utf-8')
|
|
|
|
|
self.conn.close()
|
|
|
|
|
if not re.search(r'EnglishSearchShared', body, 0) and \
|
|
|
|
|
re.search(r'03C174CD9D809789CCEC18D6F585DF3E', body, 0):
|
|
|
|
|
raise Exception(http_replace_info_re)
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Http connection replace fail")
|
|
|
|
|
|
|
|
|
|
def http_insert(self):
|
|
|
|
|
self.conn.setopt(self.conn.WRITEDATA, self.bodyBuf)
|
|
|
|
|
self.conn.setopt(self.conn.URL, URLInsert)
|
|
|
|
|
resCode = self.conn.getinfo(self.conn.RESPONSE_CODE)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
body = self.bodyBuf.getvalue().decode('utf-8')
|
|
|
|
|
self.conn.close()
|
|
|
|
|
if re.search(r'httpSelfcheckInsert', body, 0) and \
|
|
|
|
|
re.search(r'5BE3754D1EA8D51E8D993060FA225330', body, 0):
|
|
|
|
|
raise Exception(http_insert_info_re)
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:Http connection insert fail")
|
|
|
|
|
|
|
|
|
|
def http_block(self):
|
|
|
|
|
self.conn.setopt(self.conn.URL, URLBlock)
|
|
|
|
|
self.conn.setopt(self.conn.WRITEFUNCTION, self.bodyBuf.write)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
rescode = self.conn.getinfo(self.conn.RESPONSE_CODE)
|
|
|
|
|
body = self.bodyBuf.getvalue().decode('utf-8')
|
|
|
|
|
self.conn.close()
|
|
|
|
|
if re.search(r'E33F01E50AFE043191931DD40190B09B', body, 0) and (rescode == 404 or rescode == 451):
|
|
|
|
|
raise Exception(http_block_info_re)
|
|
|
|
|
else:
|
|
|
|
|
raise Exception("Error:http connection block fail")
|
|
|
|
|
|
|
|
|
|
def http_hijack(self):
|
|
|
|
|
|
|
|
|
|
self.conn.setopt(self.conn.URL, URLHijack)
|
|
|
|
|
self.conn.setopt(self.conn.WRITEFUNCTION, self.bodyBuf.write)
|
|
|
|
|
self.conn.perform()
|
|
|
|
|
self.conn.close()
|
|
|
|
|
if os.path.exists("/root/http_hijack.out"):
|
|
|
|
|
os.remove("/root/http_hijack.out")
|
2020-05-26 23:52:15 +08:00
|
|
|
cmdtodo = 'curl %s -k -s --resolve cn.bing.com:443:192.0.2.131 -o /root/http_hijack.out' % URLHijack
|
2019-12-20 15:38:14 +08:00
|
|
|
optdl = os.popen(cmdtodo)
|
|
|
|
|
if len(optdl.read()):
|
|
|
|
|
optdl.close()
|
|
|
|
|
raise Exception("Error:http_hijack download file fail")
|
|
|
|
|
optdl.close()
|
|
|
|
|
if not os.path.exists("/root/http_hijack.out"):
|
|
|
|
|
raise Exception("Error:http_hijack download file fail")
|
|
|
|
|
optmd5 = os.popen("md5sum /root/http_hijack.out")
|
|
|
|
|
if re.search("4bf06db1a228c5c8d978ebf9e1169d0d", optmd5.read(), 0):
|
|
|
|
|
optmd5.close()
|
|
|
|
|
raise Exception(http_hijack_info_re)
|
|
|
|
|
else:
|
|
|
|
|
optmd5.close()
|
|
|
|
|
raise Exception("Error:http connection hijack fail")
|
|
|
|
|
|
|
|
|
|
|
2020-05-28 22:49:17 +08:00
|
|
|
class SSLFileDownloadBuild:
|
|
|
|
|
def __init__(self):
|
|
|
|
|
self.sizeList = ["0k","1k","2k","4k","8k","16k","32k","64k","128k","256k","512k","1M","2M","4M","8M","16M","32M","64M"]
|
|
|
|
|
self.resultList = []
|
|
|
|
|
self.isException = False
|
|
|
|
|
|
|
|
|
|
def build_conninfo_json(self,conn):
|
|
|
|
|
dictconninfo = {}
|
|
|
|
|
dictconninfo["status"] = conn.getinfo(pycurl.HTTP_CODE)
|
|
|
|
|
dictconninfo["dns_time"] = conn.getinfo(pycurl.NAMELOOKUP_TIME)
|
|
|
|
|
dictconninfo["conn_time"] = conn.getinfo(pycurl.CONNECT_TIME)
|
|
|
|
|
dictconninfo["app_time"] = conn.getinfo(pycurl.APPCONNECT_TIME)
|
|
|
|
|
dictconninfo["start_transfer_time"] = conn.getinfo(pycurl.STARTTRANSFER_TIME)
|
|
|
|
|
dictconninfo["total_time"] = conn.getinfo(pycurl.TOTAL_TIME)
|
|
|
|
|
dictconninfo["size_upload"] = conn.getinfo(pycurl.SIZE_UPLOAD)
|
|
|
|
|
dictconninfo["size_download"] = conn.getinfo(pycurl.SIZE_DOWNLOAD)
|
|
|
|
|
dictconninfo["header_size"] = conn.getinfo(pycurl.HEADER_SIZE)
|
|
|
|
|
dictconninfo["request_size"] = conn.getinfo(pycurl.REQUEST_SIZE)
|
|
|
|
|
dictconninfo["speed_upload"] = conn.getinfo(pycurl.SPEED_UPLOAD)
|
|
|
|
|
dictconninfo["speed_download"] = conn.getinfo(pycurl.SPEED_DOWNLOAD)
|
|
|
|
|
dictconninfo["time_pretransfer"] =conn.getinfo(pycurl.PRETRANSFER_TIME)
|
|
|
|
|
return dictconninfo
|
|
|
|
|
|
|
|
|
|
def get_value_from_succ_conn(self,urlkey,url,conn):
|
|
|
|
|
dictinfo = {}
|
|
|
|
|
dictinfo["downloadsize"] = urlkey
|
|
|
|
|
dictinfo["url"] = url
|
|
|
|
|
dictinfo["time"] = time.asctime( time.localtime(time.time()))
|
|
|
|
|
dictinfo["result"] = self.build_conninfo_json(conn)
|
|
|
|
|
self.resultList.append(dictinfo)
|
|
|
|
|
|
|
|
|
|
def conn_filedownload(self,urlkey,url):
|
|
|
|
|
issuer = ()
|
|
|
|
|
conn = pycurl.Curl()
|
|
|
|
|
errdict = {}
|
|
|
|
|
conn.setopt(conn.WRITEFUNCTION, BytesIO().write)
|
|
|
|
|
conn.setopt(conn.SSL_VERIFYPEER, False)
|
|
|
|
|
conn.setopt(conn.OPT_CERTINFO, 1)
|
|
|
|
|
conn.setopt(conn.URL,url)
|
|
|
|
|
conn.perform()
|
|
|
|
|
certs = conn.getinfo(conn.INFO_CERTINFO)
|
|
|
|
|
for cert_info in certs[0]:
|
|
|
|
|
if cert_info[0].lower() == "issuer":
|
|
|
|
|
issuer = cert_info
|
|
|
|
|
break
|
|
|
|
|
if len(issuer) <= 0:
|
|
|
|
|
errdict["status"] = "error"
|
|
|
|
|
errdict["errinfo"] = "Get certificate info error"
|
|
|
|
|
errdict["url"] = url
|
|
|
|
|
errdict["time"] = time.asctime( time.localtime(time.time()))
|
|
|
|
|
self.resultList.append(errdict)
|
|
|
|
|
self.isException = True
|
|
|
|
|
elif not re.search(r'CN = Tango[\s\S]*UNTRUST',issuer[1],0):
|
|
|
|
|
errdict["status"] = "error"
|
|
|
|
|
errdict["errinfo"] = "Intercept fail: no Tango cert"
|
|
|
|
|
errdict["url"] = url
|
|
|
|
|
errdict["time"] = time.asctime( time.localtime(time.time()))
|
|
|
|
|
self.resultList.append(errdict)
|
|
|
|
|
self.isException = True
|
|
|
|
|
else:
|
|
|
|
|
self.get_value_from_succ_conn(urlkey,url,conn)
|
|
|
|
|
conn.close()
|
|
|
|
|
|
|
|
|
|
def write_log(self):
|
|
|
|
|
logpath = "/root/result_self_test/con_traffic_inject/con_traffic_inject_result.log." + time.strftime("%Y-%m-%d",time.localtime())
|
|
|
|
|
logNewestPath = "/root/result_self_test/con_traffic_inject/con_traffic_inject_result.log.newest"
|
|
|
|
|
with open(logNewestPath,"w+") as f:
|
|
|
|
|
f.write(json.dumps(self.resultList, sort_keys=True, indent=4, separators=(',', ': ')))
|
|
|
|
|
f.close()
|
|
|
|
|
with open(logpath,"a+") as f:
|
|
|
|
|
f.write(json.dumps(self.resultList))
|
|
|
|
|
f.write("\n")
|
|
|
|
|
f.close()
|
|
|
|
|
|
|
|
|
|
def downfile_run(self):
|
|
|
|
|
for sizefield in self.sizeList:
|
|
|
|
|
self.conn_filedownload(sizefield,URLdictConTrafficInject[sizefield])
|
|
|
|
|
self.write_log()
|
|
|
|
|
if self.isException == True:
|
|
|
|
|
raise Exception("Error:http_hijack download file fail")
|
|
|
|
|
else:
|
|
|
|
|
raise Exception(https_download_file_info_re)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2019-12-20 15:38:14 +08:00
|
|
|
class SslUnitTest(unittest.TestCase):
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_securityPolicy_bypass(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
sslHandler = SSLCheckRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, ssl_bypass_info_re):
|
|
|
|
|
sslHandler.ssl_bypass()
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_securityPolicy_intercept(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
sslHandler = SSLCheckRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, ssl_intercept_info_re):
|
|
|
|
|
sslHandler.ssl_intercept()
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_securityPolicy_intercept_certerrExpired(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
requestHandler = SslInterceptRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, https_exprired_info_re):
|
2020-05-28 19:30:31 +08:00
|
|
|
requestHandler.ssl_intercept_certerrExpired()
|
2019-12-20 15:38:14 +08:00
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_securityPolicy_intercept_certerrWrong_host(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
requestHandler = SslInterceptRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, https_wrong_host_info_re):
|
2020-05-28 19:30:31 +08:00
|
|
|
requestHandler.ssl_intercept_certerrWrong_host()
|
2019-12-20 15:38:14 +08:00
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_securityPolicy_intercept_certerrSelf_signed(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
requestHandler = SslInterceptRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, https_self_signed_info_re):
|
2020-05-28 19:30:31 +08:00
|
|
|
requestHandler.ssl_intercept_certerrSelf_signed()
|
2019-12-20 15:38:14 +08:00
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_securityPolicy_intercept_certerrUntrusted_root(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
requestHandler = SslInterceptRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, https_untrusted_root_info_re):
|
2020-05-28 19:30:31 +08:00
|
|
|
requestHandler.ssl_intercept_certerrUntrusted_root()
|
2019-12-20 15:38:14 +08:00
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_securityPolicy_intercept_certerrRevoked(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
requestHandler = SslInterceptRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, https_revoked_info_re):
|
2020-05-28 19:30:31 +08:00
|
|
|
requestHandler.ssl_intercept_certerrRevoked()
|
2019-12-20 15:38:14 +08:00
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_securityPolicy_intercept_certerrPinning_test(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
requestHandler = SslInterceptRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, https_pinning_test_info_re):
|
2020-05-28 19:30:31 +08:00
|
|
|
requestHandler.ssl_intercept_certerrPinning_test()
|
2019-12-20 15:38:14 +08:00
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_proxyPolicy_redirect(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
httpHandler = SslHttpRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, http_redirect_info_re):
|
|
|
|
|
httpHandler.http_redirect()
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_proxyPolicy_block(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
httpHandler = SslHttpRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, http_block_info_re):
|
|
|
|
|
httpHandler.http_block()
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_proxyPolicy_replace(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
httpHandler = SslHttpRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, http_replace_info_re):
|
|
|
|
|
httpHandler.http_replace()
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_proxyPolicy_hijack(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
httpHandler = SslHttpRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, http_hijack_info_re):
|
|
|
|
|
httpHandler.http_hijack()
|
|
|
|
|
|
2020-05-28 19:30:31 +08:00
|
|
|
def test_proxyPolicy_insert(self):
|
2019-12-20 15:38:14 +08:00
|
|
|
httpHandler = SslHttpRequestBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception, http_insert_info_re):
|
|
|
|
|
httpHandler.http_insert()
|
|
|
|
|
|
2020-05-28 22:49:17 +08:00
|
|
|
def test_securityPolicy_con_traffic_inject(self):
|
|
|
|
|
requestHandler = SSLFileDownloadBuild()
|
|
|
|
|
with self.assertRaisesRegex(Exception,https_download_file_info_re):
|
|
|
|
|
requestHandler.downfile_run()
|
|
|
|
|
|
|
|
|
|
|
2019-12-20 15:38:14 +08:00
|
|
|
if __name__ == '__main__':
|
|
|
|
|
suite = unittest.TestSuite()
|
2020-05-26 10:43:17 +08:00
|
|
|
suite._cleanup = False
|
2020-05-28 19:30:31 +08:00
|
|
|
suite.addTest(SslUnitTest('test_securityPolicy_bypass'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_securityPolicy_intercept'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_securityPolicy_intercept_certerrExpired'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_securityPolicy_intercept_certerrWrong_host'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_securityPolicy_intercept_certerrSelf_signed'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_securityPolicy_intercept_certerrUntrusted_root'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_securityPolicy_intercept_certerrRevoked'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_securityPolicy_intercept_certerrPinning_test'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_proxyPolicy_redirect'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_proxyPolicy_block'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_proxyPolicy_replace'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_proxyPolicy_hijack'))
|
|
|
|
|
suite.addTest(SslUnitTest('test_proxyPolicy_insert'))
|
2020-05-28 22:49:17 +08:00
|
|
|
suite.addTest(SslUnitTest('test_securityPolicy_con_traffic_inject'))
|
2020-05-27 13:45:00 +08:00
|
|
|
while True:
|
2020-05-28 19:30:31 +08:00
|
|
|
try:
|
|
|
|
|
logpath = "/root/result_self_test/unittest/unittest_result.log." + time.strftime("%Y-%m-%d",time.localtime())
|
|
|
|
|
lognewestpath = "/root/result_self_test/unittest/unittest_result.log.newest"
|
|
|
|
|
with open(lognewestpath,"w+") as f:
|
|
|
|
|
runner = unittest.TextTestRunner(stream=f,verbosity=2)
|
2020-05-28 19:53:12 +08:00
|
|
|
f.write("\n" + "#"*50 + "Test start time: " + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + "#"*50 + "\n")
|
2020-05-28 19:30:31 +08:00
|
|
|
runner.run(suite)
|
2020-05-28 19:53:12 +08:00
|
|
|
f.write("\n" + "="*50 + "Test end time: " + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + "="*50 + "\n")
|
2020-05-28 19:30:31 +08:00
|
|
|
f.close()
|
|
|
|
|
with open(logpath,"a+") as f:
|
|
|
|
|
fn = open(lognewestpath,'r')
|
|
|
|
|
f.write(fn.read())
|
|
|
|
|
fn.close()
|
|
|
|
|
f.close()
|
|
|
|
|
time.sleep(1)
|
|
|
|
|
except:
|
|
|
|
|
print("Exception:an exception occurred during the execution of the program:unittest",file=sys.stderr)
|
