#!/bin/bash # # attack the test server and try to make it fall over # SERVER=127.0.0.1 PORT=7681 LOG=/tmp/lwslog CPID= LEN=0 function check { kill -0 $CPID if [ $? -ne 0 ] ; then echo "(killed it) *******" exit 1 fi dd if=$LOG bs=1 skip=$LEN 2>/dev/null if [ "$1" = "default" ] ; then diff /tmp/lwscap /usr/share/libwebsockets-test-server/test.html > /dev/null if [ $? -ne 0 ] ; then echo "FAIL: got something other than test.html back" exit 1 fi fi if [ "$1" = "forbidden" ] ; then if [ -z "`grep '

403 Forbidden

' /tmp/lwscap`" ] ; then echo "FAIL: should have told forbidden (test server has no dirs)" exit 1 fi fi if [ "$1" == "args" ] ; then a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep Uri.Args\: | tr -s ' ' | cut -d' ' -f4-`" if [ "$a" != "$2" ] ; then echo "Args '$a' not $2" exit 1 fi fi LEN=`stat $LOG -c %s` } rm -rf $LOG killall libwebsockets-test-server 2>/dev/null libwebsockets-test-server -d31 2>> $LOG & CPID=$! while [ -z "`grep Listening $LOG`" ] ; do sleep 0.5s done check echo echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=1)" rm -f /tmp/lwscap echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check args "arg=1" echo echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=/../.)" rm -f /tmp/lwscap echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check args "arg=/../." echo echo "---- spam enough crap to not be GET" echo "not GET" | nc $SERVER $PORT check echo echo "---- spam more than the name buffer of crap" dd if=/dev/urandom bs=1 count=80 2>/dev/null | nc -i1s $SERVER $PORT check echo echo "---- spam 10MB of crap" dd if=/dev/urandom bs=1 count=655360 | nc -i1s $SERVER $PORT check echo echo "---- malformed URI" echo "GET nonsense................................................................................................................" \ | nc -i1s $SERVER $PORT check echo echo "---- missing URI" echo -e "GET HTTP/1.1\x0d\x0a\x0d\x0a" | nc -i1s $SERVER $PORT >/tmp/lwscap check echo echo "---- repeated method" echo -e "GET blah HTTP/1.1\x0d\x0aGET blah HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT >/tmp/lwscap check echo echo "---- crazy header name part" echo -e "GET blah HTTP/1.1\x0d\x0a................................................................................................................" \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ | nc -i1s $SERVER $PORT check echo echo "---- excessive uri content" echo -e "GET ................................................................................................................" \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ | nc -i1s $SERVER $PORT check echo echo "---- good request but http payload coming too (should be ignored and test.html served)" echo -e "GET /test.html HTTP/1.1\x0d\x0a\x0d\x0aILLEGAL-PAYLOAD........................................" \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ "......................................................................................................................." \ | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check default echo echo "---- directory attack 1 (/../../../../etc/passwd should be /etc/passswd)" rm -f /tmp/lwscap echo -e "GET /../../../../etc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check forbidden echo echo "---- directory attack 2 (/../ should be /)" rm -f /tmp/lwscap echo -e "GET /../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check default echo echo "---- directory attack 3 (/./ should be /)" rm -f /tmp/lwscap echo -e "GET /./ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check default echo echo "---- directory attack 4 (/blah/.. should be /)" rm -f /tmp/lwscap echo -e "GET /blah/.. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check default echo echo "---- directory attack 5 (/blah/../ should be /)" rm -f /tmp/lwscap echo -e "GET /blah/../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check default echo echo "---- directory attack 6 (/blah/../. should be /)" rm -f /tmp/lwscap echo -e "GET /blah/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check default echo echo "---- directory attack 7 (/%2e%2e%2f../../../etc/passwd should be /etc/passswd)" rm -f /tmp/lwscap echo -e "GET /%2e%2e%2f../../../etc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check forbidden echo echo "---- directory attack 7 (%2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd should be /etc/passswd)" rm -f /tmp/lwscap echo -e "GET %2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap check forbidden echo echo "--- survived OK ---" kill -2 $CPID