Systemsicherheit/Assignment 4 - Protokollsicherheit (Praxis)/proxy/proxymodules/javaxml.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# THIS MODULE DOES NOT WORK AND WILL BE REPLACED, DO NOT USE

import os.path as path
import platform
if 'java' in platform.system().lower():
    import java.io as io
    from com.thoughtworks.xstream import XStream
    from java.lang import Exception


class Module:
    def __init__(self, incoming=False, verbose=False, options=None):
        self.is_jython = 'java' in platform.system().lower()
        # extract the file name from __file__. __file__ is proxymodules/name.py
        self.name = path.splitext(path.basename(__file__))[0]
        self.description = 'Serialization or deserialization of Java objects' if self.is_jython else \
                           'Serialization or deserialization of Java objects (needs jython)'
        self.incoming = incoming  # incoming means module is on -im chain
        self.execute = self.error

        if options is not None:
            if 'mode' in options.keys():
                if 'deserial' in options['mode']:
                    self.execute = self.deserial
                elif 'serial' in options['mode']:
                    self.execute = self.serial

    def help(self):
        return '\tmode: [serial|deserial] select deserialization (to XML) or serialization (to Java object)'

    def deserial(self, data):
        if not self.is_jython:
            print ('[!] This module can only be used in jython!')
            return data

        try:
            # turn data into a Java object
            bis = io.ByteArrayInputStream(data)
            ois = io.ObjectInputStream(bis)
            obj = ois.readObject()

            # converting Java object to XML structure
            xs = XStream()
            xml = xs.toXML(obj)
            return xml
        except Exception as e:
            print ('[!] Caught Exception. Could not convert.\n')
            return data

    def serial(self, data):
        if not self.is_jython:
            print ('[!] This module can only be used in jython!')
            return data
        try:
            # Creating XStream object and creating Java object from XML structure
            xs = XStream()
            serial = xs.fromXML(data)

            # writing created Java object to and serializing it with ObjectOutputStream
            bos = io.ByteArrayOutputStream()
            oos = io.ObjectOutputStream(bos)
            oos.writeObject(serial)

            # I had a problem with signed vs. unsigned bytes, hence the & 0xff
            return "".join([chr(x & 0xff) for x in bos.toByteArray().tolist()])
        except Exception as e:
            print ('[!] Caught Exception. Could not convert.\n')
            return data

    def error(self, data):
        print ('[!] Unknown mode. Please specify mode=[serial|deserial].')
        return data


if __name__ == '__main__':
    print ('This module is not supposed to be executed alone!')
[Assignment-4] added tcpproxy 2024-05-25 10:25:40 +02:00			`#!/usr/bin/env python3`
			`# -- coding: utf-8 --`

			`# THIS MODULE DOES NOT WORK AND WILL BE REPLACED, DO NOT USE`

			`import os.path as path`
			`import platform`
			`if 'java' in platform.system().lower():`
			`import java.io as io`
			`from com.thoughtworks.xstream import XStream`
			`from java.lang import Exception`


			`class Module:`
			`def __init__(self, incoming=False, verbose=False, options=None):`
			`self.is_jython = 'java' in platform.system().lower()`
			`# extract the file name from __file__. __file__ is proxymodules/name.py`
			`self.name = path.splitext(path.basename(__file__))[0]`
			`self.description = 'Serialization or deserialization of Java objects' if self.is_jython else \`
			`'Serialization or deserialization of Java objects (needs jython)'`
			`self.incoming = incoming # incoming means module is on -im chain`
			`self.execute = self.error`

			`if options is not None:`
			`if 'mode' in options.keys():`
			`if 'deserial' in options['mode']:`
			`self.execute = self.deserial`
			`elif 'serial' in options['mode']:`
			`self.execute = self.serial`

			`def help(self):`
			`return '\tmode: [serial\|deserial] select deserialization (to XML) or serialization (to Java object)'`

			`def deserial(self, data):`
			`if not self.is_jython:`
			`print ('[!] This module can only be used in jython!')`
			`return data`

			`try:`
			`# turn data into a Java object`
			`bis = io.ByteArrayInputStream(data)`
			`ois = io.ObjectInputStream(bis)`
			`obj = ois.readObject()`

			`# converting Java object to XML structure`
			`xs = XStream()`
			`xml = xs.toXML(obj)`
			`return xml`
			`except Exception as e:`
			`print ('[!] Caught Exception. Could not convert.\n')`
			`return data`

			`def serial(self, data):`
			`if not self.is_jython:`
			`print ('[!] This module can only be used in jython!')`
			`return data`
			`try:`
			`# Creating XStream object and creating Java object from XML structure`
			`xs = XStream()`
			`serial = xs.fromXML(data)`

			`# writing created Java object to and serializing it with ObjectOutputStream`
			`bos = io.ByteArrayOutputStream()`
			`oos = io.ObjectOutputStream(bos)`
			`oos.writeObject(serial)`

			`# I had a problem with signed vs. unsigned bytes, hence the & 0xff`
			`return "".join([chr(x & 0xff) for x in bos.toByteArray().tolist()])`
			`except Exception as e:`
			`print ('[!] Caught Exception. Could not convert.\n')`
			`return data`

			`def error(self, data):`
			`print ('[!] Unknown mode. Please specify mode=[serial\|deserial].')`
			`return data`


			`if __name__ == '__main__':`
			`print ('This module is not supposed to be executed alone!')`