diff options
Diffstat (limited to 'scripts/webproxy')
-rwxr-xr-x | scripts/webproxy | 139 |
1 files changed, 0 insertions, 139 deletions
diff --git a/scripts/webproxy b/scripts/webproxy deleted file mode 100755 index 59e6a49..0000000 --- a/scripts/webproxy +++ /dev/null @@ -1,139 +0,0 @@ -#! /bin/sh -## Web proxy, following the grand tradition of Web things being handled by -## gross scripts. Uses netcat to listen on a high port [default 8000], -## picks apart requests and sends them on to the right place. Point this -## at the browser client machine you'll be coming from [to limit access to -## only it], and point the browser's concept of an HTTP proxy to the -## machine running this. Takes a single argument of the client that will -## be using it, and rejects connections from elsewhere. LOGS the queries -## to a configurable logfile, which can be an interesting read later on! -## If the argument is "reset", the listener and logfile are cleaned up. -## -## This works surprisingly fast and well, for a shell script, although may -## randomly fail when hammered by a browser that tries to open several -## connections at once. Drop the "maximum connections" in your browser if -## this is a problem. -## -## A more degenerate case of this, or preferably a small C program that -## does the same thing under inetd, could handle a small site's worth of -## proxy queries. Given the way browsers are evolving, proxies like this -## can play an important role in protecting your own privacy. -## -## If you grabbed this in ASCII mode, search down for "eew" and make sure -## the embedded-CR check is intact, or requests might hang. -## -## Doesn't handle POST forms. Who cares, if you're just watching HTTV? -## Dumbness here has a highly desirable side effect: it only sends the first -## GET line, since that's all you really ever need to send, and suppresses -## the other somewhat revealing trash that most browsers insist on sending. - -# set these as you wish: proxy port... -PORT=8000 -# logfile spec: a real file or /dev/null if you don't care -LFILE=${0}.log -# optional: where to dump connect info, so you can see if anything went wrong -# CFILE=${0}.conn -# optional extra args to the listener "nc", for instance "-s inside-net-addr" -# XNC='' - -# functionality switch has to be done fast, so the next listener can start -# prelaunch check: if no current client and no args, bail. -case "${1}${CLIENT}" in - "") - echo needs client hostname - exit 1 - ;; -esac - -case "${1}" in - "") -# Make like inetd, and run the next relayer process NOW. All the redirection -# is necessary so this shell has NO remaining channel open to the net. -# This will hang around for 10 minutes, and exit if no new connections arrive. -# Using -n for speed, avoiding any DNS/port lookups. - nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \ - 2> $CFILE & - ;; -esac - -# no client yet and had an arg, this checking can be much slower now -umask 077 - -if test "$1" ; then -# if magic arg, just clean up and then hit our own port to cause server exit - if test "$1" = "reset" ; then - rm -f $LFILE - test -f "$CFILE" && rm -f $CFILE - nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1 - exit 0 - fi -# find our ass with both hands - test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1 -# correct launch: set up client access control, passed along thru environment. - CLIENT="$1" - export CLIENT - test "$CFILE" || CFILE=/dev/null - export CFILE - touch "$CFILE" -# tell us what happened during the last run, if possible - if test -f "$CFILE" ; then - echo "Last connection results:" - cat $CFILE - fi - -# ping client machine and get its bare IP address - CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'` - test ! "$CLIENT" && echo "Can't find address of $1" && exit 1 - -# if this was an initial launch, be informative about it - echo "=== Launch: $CLIENT" >> $LFILE - echo "Proxy running -- will accept connections on $PORT from $CLIENT" - echo " Logging queries to $LFILE" - test -f "$CFILE" && echo " and connection fuckups to $CFILE" - -# and run the first listener, showing us output just for the first hit - nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" & - exit 0 -fi - -# Fall here to handle a page. -# GET type://host.name:80/file/path HTTP/1.0 -# Additional: trash -# More: trash -# <newline> - -read x1 x2 x3 x4 -echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE -test "$x4" && echo "extra junk after request: $x4" && exit 0 -# nuke questionable characters and split up the request -hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'` -# echo massaged hurl: $hurl >> $LFILE -hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"` -hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"` -test "$hp" = "$hh" && hp=80 -hf=`echo "$hurl" | sed -e "s+[^/]*++"` -# echo total split: $hh : $hp : $hf >> $LFILE -# suck in and log the entire request, because we're curious -# Fails on multipart stuff like forms; oh well... -if test "$x3" ; then - while read xx ; do - echo "${xx}" >> $LFILE - test "${xx}" || break -# eew, buried returns, gross but necessary for DOS stupidity: - test "${xx}" = " -" && break - done -fi -# check for non-GET *after* we log the query... -test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0 -# no, you can *not* phone home, you miserable piece of shit -test "`echo $hh | fgrep -i netscap`" && \ - echo "access to Netscam's servers <b>DENIED.</b>" && exit 0 -# Do it. 30 sec net-wait time oughta be *plenty*... -# Some braindead servers have forgotten how to handle the simple-query syntax. -# If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc... -echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \ - echo "oops, can't get to $hh : $hp". -echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE -exit 0 - |