2
2
from twisted.web import http
3
3
from twisted.internet import protocol
4
4
from twisted.internet import reactor, threads
5
from ConfigParser import ConfigParser
6
from nx_parser import signature_parser
7
from nx_parser import signature_parser
8
11
import MySQLConnector
15
18
class InterceptHandler(http.Request):
51
55
class InterceptFactory(http.HTTPFactory):
52
56
protocol = InterceptProtocol
55
print 'Usage: python nx_intercept [-h,--help] [-p,--port portnumber] [-a,--add-monitoring ip:1.2.3.4|md5:af794f5e532d7a4fa59c49845af7947e]'
60
print 'Usage: python nx_intercept [-h,--help] [-a,--add-monitoring ip:1.2.3.4|md5:af794f5e532d7a4fa59c49845af7947e] [-q,--quiet] [-l,--log-file /path/to/logfile]'
57
def add_monitoring(arg):
62
def add_monitoring(arg, conf_path):
84
89
cursor.execute("INSERT INTO http_monitor (peer_ip) VALUES (%s)", (ip))
92
def fill_db(filename, conf_path):
93
fd = open(filename, 'r')
94
mysqlh = MySQLConnector.MySQLConnector(conf_path)
99
raise ValueError('Cannot connect to db')
102
raise ValueError('Cannot connect to db')
104
if re.match("[a-z0-9]+$", mysqlh.dbname) == False:
105
print 'bad db name :)'
108
cursor.execute("DROP DATABASE IF EXISTS %s;" % mysqlh.dbname)
109
cursor.execute("CREATE DATABASE %s;" % mysqlh.dbname)
110
db.select_db(mysqlh.dbname)
114
if 'NAXSI_FMT' in line:
116
date = ' '.join(l[0].split()[:2])
117
sig = l[0].split('NAXSI_FMT:')[1][1:]
122
request_args[s[0]] = urllib.unquote(''.join(s[1:]))
123
# print 'args are ', request_args
125
fullstr = request_args['request'][2:-1] + ' Referer : ' + request_args.get('referrer', ' "None"')[2:-1].strip('"\n') + ',Cookie : ' + request_args.get('cookie', ' "None"')[2:-1]
126
if sig != '' and fullstr != '':
127
# print "adding %s (%s) " % (sig, fullstr)
128
parser = signature_parser(cursor)
129
parser.sig_to_db(fullstr, sig, date=date)
87
134
if __name__ == '__main__':
91
opts, args = getopt.getopt(sys.argv[1:], 'qhp:a:', ['help', 'port', 'add-monitoring', 'quiet'])
136
opts, args = getopt.getopt(sys.argv[1:], 'c:ha:l:', ['conf-file', 'help', 'add-monitoring', 'log-file'])
92
137
except getopt.GetoptError, err:
98
146
if o in ('-h', '--help'):
101
if o in ('-p', '--port'):
103
if o in ('-q', '--quiet'):
105
149
if o in ('-a', '--add-monitoring'):
150
if has_conf is False:
151
print "Conf File must be specified first !"
153
add_monitoring(a, conf_path)
155
if o in ('-l', '--log-file'):
156
if has_conf is False:
157
print "Conf File must be specified first !"
159
print "Filling database with %s. ALL PREVIOUS CONTENT WILL BE DROPPED !!!!!"
160
fill_db(a, conf_path)
163
if o in ('-c', '--conf-file'):
167
if has_conf is False:
168
print 'Conf file is mandatory !'
170
fd = open(conf_path, 'r')
171
conf = ConfigParser()
174
port = int(conf.get('nx_intercept', 'port'))
176
print "No port in conf file ! Using default port (8080)"
109
180
reactor.listenTCP(port, InterceptFactory())