freqy/protomolecule
3
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update 'src/eros/eros.go'

Browse Source 
added clientside api functionality for exploit; my json code might get cucked by json-iterator tho
This commit is contained in:
Dillinger 2021-08-17 20:43:35 +00:00
parent 38210653b8
commit fc5e158b46
1 changed files with 123 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
src/eros/eros.go
View File

@ -23,6 +23,13 @@ import (
bluetooth "git.tcp.direct/kayos/prototooth"
"github.com/prologic/bitcask"
"github.com/rs/zerolog/log"
structs "protomolecule/src/eros/structs"
"github.com/labstack/echo/middleware"
"github.com/labstack/echo"
"encoding/json"
"fmt"
"net/http"
)
var (
@ -31,12 +38,13 @@ var (
dbs = []string{
"devices", // details about devices discovered
"exploits", // details about exploits to be used against BLE devices
"services", // definitions of various bluetook services and will ultimately be updated via an HTTP repository
"services", // definitions of various bluetooth services and will ultimately be updated via an HTTP repository
"manufacturers", // manufacturer to UUID correlations and info
}
err error
Manufacturers ManufData
Exploits Exploit
// DataDir - should be defined by config or cmd flag
DataDir string = "./.eros-data/"
@ -256,15 +264,123 @@ func Backup(path string) error {
// Hypnosis - retrieve new exploits/attacks from a remote http repository
func Hypnosis(repo string) {
// placeholder
e:= echo.New()
// CORS
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"*"},
AllowMethods: []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE} //TODO: possibly trim the methods for security purposes
}))
// GET
e.GET("/exploits", func(c echo.Context) error {
// Build request
req, err := http.NewRequest("GET", repo, nil)
if err != nil {
fmt.Println("Error in GET request: ", err)
}
// Certificate sanity checks
caCert, err := ioutil.Readfile("server.crt")
if err != nil {
log.Fatal(err)
}
cert, err := tls.LoadX509KeyPair("client.crt", "client.key")
if err != nil {
log.Fatal(err)
}
// Add certificates
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
// Create client
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: caCertPool,
Certificates: []tls.Certificate{cert},
},
},
}
// Send request
res, err := client.Do(req)
if err != nil {
fmt.Println("Client Error: ", err)
}
// Defer body close
defer res.Body.Close()
// Late binding data from JSON
var exp structs.Exploit
// Decode JSON stream
If err := json.NewDecoder(res.Body).Decode(&exp); err != nil {
fmt.Println(err)
}
return c.JSON(http.StatusOK, exp)
})
}
// Trauma - store details of an exploit/attack against BLE devices
func Trauma(name string, targ string, cat string, vec Vector, pay Payload) {
// placeholder
func Trauma(exp *Exploit) error {
var err error
var rhist map[time.Time]int16
if !Known(exp.Addr) {
exp.Discovered = time.Now()
rhist = make(map[time.Time]int16)
} else {
re, _ := Flashback(exp.Addr)
exp.Discovered = re.Discovered
rhist = re.RSSIhist
}
rhist[time.Now()] = exp.RSSIlast
exp.RSSIhist = rhist
exp.Seen = time.Now()
var jsonData []byte
jsonData, err = json.Marshal(exp)
if err != nil {
return err
}
err = DB["exploits"].Put([]byte(exp.Addr), jsonData)
return err
}
// Flashback - retrieve details for the named exploit/attack
func Flashback(name string) {
//placeholder
func FinalizeExploit(bigidea Exploit) *Exploit {
bigidea.mu = &sync.RWMutex{}
return &bigidea
}
// Known - check if an exploit is present in the database
func Known(Addr string) bool {
if DB["exploits"].Has([]byte(Addr)) {
return true
}
return false
}
// Flashback - retrieve details for the named exploit/attack
func Flashback(Addr string) (Exploit, error) {
var err error
var bytes []byte
var member Exploit
bytes, err = DB["exploits"].Get([]byte(Addr))
if err != nil {
member = Exploit{}
return member, err
}
json.Unmarshal(bytes, &member)
return member, err
}