2015-09-19 14:14:54 +00:00
|
|
|
cloak
|
|
|
|
=====
|
|
|
|
|
|
|
|
Download URL target encrypted then compressed and base64 encoded as
|
|
|
|
DATA.txt file.
|
|
|
|
|
|
|
|
Target URL is expected to be base64 encoded zlib compressed AES
|
|
|
|
encrypted URL. URL can be prepared using this same tool (see usage
|
|
|
|
below).
|
|
|
|
URL content is fetched and then AES encrypted, zlib compressed and
|
|
|
|
base64 encoded. Content is downloaded as DATA.txt. It can be
|
|
|
|
decoded, uncompressed and decrypted using this same tool (see usage
|
|
|
|
below).
|
|
|
|
Content size can be limited.
|
|
|
|
It uses lock which allows only one request at a time.
|
|
|
|
It is implemented with bottle microframework.
|
2015-09-20 06:10:07 +00:00
|
|
|
|
2015-09-19 14:14:54 +00:00
|
|
|
It is a hack! :)
|
2015-09-20 06:10:07 +00:00
|
|
|
This tool was written to deceive/fool proxy which prevented me to
|
|
|
|
download usefull tools and/or source code files.
|
2015-09-19 14:14:54 +00:00
|
|
|
|
|
|
|
Usage
|
|
|
|
=====
|
|
|
|
|
|
|
|
Print usage:
|
|
|
|
|
|
|
|
.. code:: bash
|
|
|
|
|
|
|
|
python x.py -h
|
|
|
|
|
|
|
|
Prepare target URL:
|
|
|
|
|
|
|
|
.. code:: bash
|
|
|
|
|
|
|
|
python x.py c TARGET
|
|
|
|
python x.py c 'http://www.google.com'
|
|
|
|
|
|
|
|
Decode, decompress and decrypt target content saved as DATA.txt and
|
|
|
|
save it to data.tar.xz:
|
|
|
|
|
|
|
|
.. code:: bash
|
|
|
|
|
|
|
|
cat DATA.txt | python x.py d > data.tar.xz
|
|
|
|
|
2015-09-20 06:10:07 +00:00
|
|
|
Run it in development mode using python wsgiref:
|
2015-09-19 14:14:54 +00:00
|
|
|
|
|
|
|
.. code:: bash
|
|
|
|
|
|
|
|
python x.py ANY-ARG
|
|
|
|
python x.py x
|
|
|
|
|
2015-09-20 06:10:07 +00:00
|
|
|
Run it in production mode using python wsgiref:
|
2015-09-19 14:14:54 +00:00
|
|
|
|
|
|
|
.. code:: bash
|
|
|
|
|
|
|
|
python x.py
|
|
|
|
|
2015-09-20 06:10:07 +00:00
|
|
|
Run it as apache24 wsig:
|
|
|
|
|
|
|
|
see apache-config file for apache configuration
|
|
|
|
|
2015-09-19 14:14:54 +00:00
|
|
|
When you use this same tool for prepareing target URL and decrypting
|
|
|
|
target content on the client then x.py need to be defined with the same AES
|
|
|
|
KEY and IV values as on the server.
|
|
|
|
|
|
|
|
Installation
|
|
|
|
============
|
|
|
|
|
|
|
|
Copy bottle.py and x.py to the desired server and directory and run it.
|
|
|
|
|
2015-09-20 06:10:07 +00:00
|
|
|
For use with apache24 install mod_wsgi and see apache-config file for apache configuration.
|
|
|
|
|
2015-09-19 14:14:54 +00:00
|
|
|
Documentation
|
|
|
|
=============
|
|
|
|
|
|
|
|
this README.rst, code itself, docstrings
|
|
|
|
|
|
|
|
It can be found on github.com at:
|
|
|
|
|
|
|
|
https://github.com/darko-poljak/cloak
|
|
|
|
|
|
|
|
Tested With
|
|
|
|
===========
|
|
|
|
|
|
|
|
Python2.7, Python3.4
|
|
|
|
|
|
|
|
Further development ideas
|
|
|
|
=========================
|
|
|
|
|
|
|
|
* Implement key, iv rotation or something similar.
|
|
|
|
|
|
|
|
* Add configuration file.
|
|
|
|
|
|
|
|
* Support defined maximum requests at a time instead of one lock.
|
|
|
|
|