From a6c557097aa3103095f0b3dc48b6c41204a1ef4a Mon Sep 17 00:00:00 2001 From: brent s Date: Fri, 6 Oct 2017 14:05:56 -0400 Subject: [PATCH] whew. --- net/addr/TODO | 1 + net/addr/app/templates/about.html | 8 +++ net/addr/app/templates/base.html | 12 +++-- net/addr/app/templates/html.html | 38 +++++++++++++ net/addr/app/templates/index.html | 11 ++-- net/addr/app/templates/json.html | 1 + net/addr/app/templates/usage.html | 51 ++++++++++++++++++ net/addr/app/views.py | 89 +++++++++++++++++++++++++------ 8 files changed, 184 insertions(+), 27 deletions(-) create mode 100644 net/addr/TODO create mode 100644 net/addr/app/templates/about.html create mode 100644 net/addr/app/templates/html.html create mode 100644 net/addr/app/templates/json.html create mode 100644 net/addr/app/templates/usage.html diff --git a/net/addr/TODO b/net/addr/TODO new file mode 100644 index 0000000..7fad523 --- /dev/null +++ b/net/addr/TODO @@ -0,0 +1 @@ +We can get more in-depth: https://danidee10.github.io/2016/09/24/flask-by-example-3.html diff --git a/net/addr/app/templates/about.html b/net/addr/app/templates/about.html new file mode 100644 index 0000000..150d42c --- /dev/null +++ b/net/addr/app/templates/about.html @@ -0,0 +1,8 @@ +{% extends "base.html" %}{% block title %}r00t^2 Client Info Revealer || About{% endblock %}{% block body %}
+

About

+

This is a tool to reveal certain information about your connection that the server sees. Note that all of this information you see is sent by your client; there was no probing/scanning or the like done from the server this site is hosted on.

+

If you don't like this info being available to server administrators of the websites you visit you may want to consider hiding your client IP address0 and/or hiding your browser's metadata, which can be done via browser plugins such as Privacy Badger, {{ 'Modify Headers, '|safe if request.user_agent.browser == 'firefox' else '' }}Requestly, and others.

+

If you would like to view the server headers, then you can use a service such as SecurityHeaders.io (or use the curl -i command in *Nix operating systems).

+
+

[0] Disclosure: I am an engineer for this company.

+{% endblock %} \ No newline at end of file diff --git a/net/addr/app/templates/base.html b/net/addr/app/templates/base.html index 328e38f..5a5d7ab 100644 --- a/net/addr/app/templates/base.html +++ b/net/addr/app/templates/base.html @@ -1,31 +1,35 @@ - {% block title %}{% endblock %} + + + -
- {% block body %} {% endblock %} + {% block body %}{% endblock %}
- diff --git a/net/addr/app/templates/html.html b/net/addr/app/templates/html.html new file mode 100644 index 0000000..992376b --- /dev/null +++ b/net/addr/app/templates/html.html @@ -0,0 +1,38 @@ +

Client/Browser Information

+

This is information that your browser sends with its connection.

+

+

+

+

Request Headers

+

These are headers sent along with the request your browser sends for the page's content.

+

+ + + + + {% for k in visitor['headers'].keys()|sort(case_sensitive = True) %} + + + + {% endfor %} +
FieldValue
{{ k }}{{ visitor['headers'][k] if visitor['headers'][k] != '' else '(N/A)' }}
+

\ No newline at end of file diff --git a/net/addr/app/templates/index.html b/net/addr/app/templates/index.html index dd2a9b3..432917a 100644 --- a/net/addr/app/templates/index.html +++ b/net/addr/app/templates/index.html @@ -1,7 +1,6 @@ -{% extends "base.html" %} {% block title %}r00t^2 Client Info Revealer{% endblock %}{% block body %} -
-

What this is

-

This is a tool to reveal certain information about your connection that the server sees.

+{% extends "base.html" %}{% block title %}r00t^2 Client Info Revealer{% endblock %}{% block body %}
+

Client Info Revealer

+

A tool to reveal client-identifying data sent to webservers

-

PLACEHOLDER.

-{% endblock %} +{% include 'html.html' if not params['json'] else 'json.html' %} +{% endblock %} \ No newline at end of file diff --git a/net/addr/app/templates/json.html b/net/addr/app/templates/json.html new file mode 100644 index 0000000..f216cfa --- /dev/null +++ b/net/addr/app/templates/json.html @@ -0,0 +1 @@ +
{{ json }}
diff --git a/net/addr/app/templates/usage.html b/net/addr/app/templates/usage.html new file mode 100644 index 0000000..668408a --- /dev/null +++ b/net/addr/app/templates/usage.html @@ -0,0 +1,51 @@ +{% extends "base.html" %}{% block title %}r00t^2 Client Info Revealer || Usage{% endblock %}{% block body %}
+

Usage

+

Parameters

+

You can control how this page displays/renders. By default it will try to "guess" what you want; e.g. if you access it in Chrome, it will display this page but if you fetch via Curl, you'll get raw JSON. The following parameters control this behavior.

+

Note: "Enabled" parameter values can be one of y, yes, 1, or true. "Disabled" parameter values can be one of n, no, 0, or false. The parameter names are case-sensitive but the values are not.

+

+

Examples

+

+ + + + + + + + + + + + + + + + + + + + +
URLBehavior
{{ request.base_url }}Displays HTML and "Human" formatting if in a graphical browser, otherwise returns a raw, unformatted JSON string.
{{ request.base_url }}?raw=1Renders a raw, unformatted JSON string if in a graphical browser, otherwise no effect. All other parameters ignored (if in a graphical browser).
{{ request.base_url }}?html=1Forces HTML rendering on non-graphical clients.
{{ request.base_url }}?json=1&tabs=4Returns JSON indented by 4 spaces for each level (you can leave "json=1" off if it's in a non-graphical browser, unless you specified "html=1").

+{% endblock %} \ No newline at end of file diff --git a/net/addr/app/views.py b/net/addr/app/views.py index 7dbaf8b..466f6c4 100644 --- a/net/addr/app/views.py +++ b/net/addr/app/views.py @@ -6,11 +6,37 @@ from app import app @app.route('/', methods = ['GET']) #@app.route('/') def index(): # First we define interactive browsers - _intbrowsers = ('camino', 'chrome', 'firefox', 'galeon', 'kmeleon', 'konqueror', - 'links', 'lynx') + _intbrowsers = {'camino': ['http://caminobrowser.org/', 'Camino'], + 'chrome': ['https://www.google.com/chrome/', 'Google Chrome'], + 'firefox': ['https://www.mozilla.org/firefox/', 'Mozilla Firefox'], + 'galeon': ['http://galeon.sourceforge.net/', 'Galeon'], + 'kmeleon': ['http://kmeleonbrowser.org/', 'K-Meleon'], + 'konqueror': ['https://konqueror.org/', 'Konqueror'], + 'links': ['http://links.twibright.com/', 'Links'], + 'lynx': ['http://lynx.browser.org/', 'Lynx']} + _os = {'aix': ['https://www.ibm.com/power/operating-systems/aix', 'AIX'], + 'amiga': ['http://www.amiga.org/', 'Amiga'], + 'android': ['https://www.android.com/', 'Android'], + 'bsd': ['http://www.bsd.org/', 'BSD'], + 'chromec': ['https://www.chromium.org/chromium-os', 'ChromeOS'], + 'hpux': ['https://www.hpe.com/us/en/servers/hp-ux.html', 'HP-UX'], + 'iphone': ['https://www.apple.com/iphone/', 'iPhone'], + 'ipad': ['https://www.apple.com/ipad/', 'iPad'], + 'irix': ['https://www.sgi.com/', 'IRIX'], + 'linux': ['https://www.kernel.org/', 'GNU/Linux'], + 'macos': ['https://www.apple.com/macos/', 'macOS'], + 'sco': ['http://www.sco.com/products/unix/', 'SCO'], + 'solaris': ['https://www.oracle.com/solaris/', 'Solaris'], + 'wii': ['http://wii.com/', 'Wii'], + 'windows': ['https://www.microsoft.com/windows/', 'Windows']} + _alts = {'amiga': ' (have you tried AROS yet?)', + 'macos': ' (have you tried ElementaryOS yet?)', + 'sgi': ' (have you tried MaXX yet?)', + 'windows': ' (have you tried ReactOS yet?)'} # And then we set some parameter options for less typing later on. - _yes = ('y', 'yes', 'true', '1') - _no = ('y', 'no', 'false', '0') + _yes = ('y', 'yes', 'true', '1', True) + _no = ('y', 'no', 'false', '0', False, 'none') + # http://werkzeug.pocoo.org/docs/0.12/utils/#module-werkzeug.useragents visitor = {'client': {'str': request.user_agent.string, 'browser': request.user_agent.browser, 'os': request.user_agent.platform, @@ -20,21 +46,50 @@ def index(): 'ip': request.remote_addr, 'headers': dict(request.headers)} # We have to convert these to strings so we can do tuple comparisons on lower()s. - _json = str(request.args.get('json')).lower() - _html = str(request.args.get('html')).lower() - # Handle possibly conflicting options. - # This forces JSON if html=0, and forces HTML if json=0. json= is processed first. - if _json in _no: - _html = '1' - elif _html in _no: - _json = '1' + params = {'json': str(request.args.get('json')).lower(), + 'html': str(request.args.get('html')).lower(), + 'raw': str(request.args.get('raw')).lower()} + if visitor['client']['browser'] in _intbrowsers.keys(): + if params['html'] == 'none': + params['html'] = True + if params['json'] == 'none': + params['json'] = False + elif params['json'] in _yes: + params['json'] = True + for k in params.keys(): + if params[k] in _no: + params[k] = False + else: + params[k] = True # Set the tabs for JSON try: - _tabs = int(request.args.get('tabs')) + params['tabs'] = int(request.args.get('tabs')) except (ValueError, TypeError): - _tabs = None - if (visitor['client']['browser'] in _intbrowsers and _json not in _yes) or (_html in _yes): - return(render_template('index.html', visitor = visitor)) + if visitor['client']['browser'] in _intbrowsers.keys() or params['html']: + params['tabs'] = 4 + else: + params['tabs'] = None + j = json.dumps(visitor, indent = params['tabs']) + if (visitor['client']['browser'] in _intbrowsers.keys() and params['html'] and not params['raw']) or \ + (visitor['client']['browser'] not in _intbrowsers.keys() and params['html']): + return(render_template('index.html', + visitor = visitor, + browsers = _intbrowsers, + os = _os, + alts = _alts, + json = j, + params = params)) else: - j = json.dumps(visitor, indent = _tabs) + if visitor['client']['browser'] in _intbrowsers.keys() and not params['raw']: + return(render_template('json.html', + json = j, + params = params)) return(j) + +@app.route('/about', methods = ['GET']) +def about(): + return(render_template('about.html')) + +@app.route('/usage', methods = ['GET']) +def usage(): + return(render_template('usage.html')) \ No newline at end of file