pypush-plus-plus/proxy/proxy.py

176 lines
5.3 KiB
Python
Raw Normal View History

2023-04-07 05:48:14 +00:00
# TLS server to proxy APNs traffic
import socket
import tlslite
import threading
2023-04-07 20:24:05 +00:00
import sys
# setting path
sys.path.append('../')
2023-04-07 05:48:14 +00:00
# APNs server to proxy traffic to
2023-04-07 17:44:56 +00:00
APNS_HOST = "windows.courier.push.apple.com"
2023-04-07 05:48:14 +00:00
APNS_PORT = 5223
ALPN = b"apns-security-v3"
#ALPN = b"apns-security-v2"
2023-04-07 05:48:14 +00:00
#ALPN = b"apns-pack-v1"
2023-04-07 20:24:05 +00:00
global_cnt = 0
2023-04-07 05:48:14 +00:00
# Connect to the APNs server
def connect() -> tlslite.TLSConnection:
# Connect to the APNs server
sock = socket.create_connection((APNS_HOST, APNS_PORT))
# Wrap the socket in TLS
ssock = tlslite.TLSConnection(sock)
2023-04-07 13:47:21 +00:00
#print("Handshaking with APNs")
2023-04-07 05:48:14 +00:00
# Handshake with the server
2023-04-07 20:24:05 +00:00
if ALPN == b"apns-security-v3":
print("Using v3")
2023-04-07 20:24:05 +00:00
ssock.handshakeClientCert(alpn=[ALPN])
else:
import albert
private_key, cert = albert.generate_push_cert()
cert = tlslite.X509CertChain([tlslite.X509().parse(cert)])
private_key = tlslite.parsePEMKey(private_key, private=True)
# Handshake with the server
ssock.handshakeClientCert(cert, private_key, alpn=[ALPN])
2023-04-07 05:48:14 +00:00
return ssock
cert:str = None
key:str = None
2023-04-07 13:28:32 +00:00
import apns
import printer
2023-04-08 00:39:55 +00:00
outgoing_list = []
incoming_list = []
#last_outgoing = b""
2023-04-07 13:28:32 +00:00
2023-04-07 05:48:14 +00:00
def proxy(conn1: tlslite.TLSConnection, conn2: tlslite.TLSConnection, prefix: str = ""):
2023-04-07 14:33:03 +00:00
try:
while True:
# Read data from the first connection
data = conn1.read()
#print(prefix, "data: ", data)
2023-04-07 14:33:03 +00:00
# If there is no data, the connection has closed
if not data:
print(prefix, "Connection closed due to no data")
2023-04-07 14:33:03 +00:00
break
2023-04-07 05:48:14 +00:00
2023-04-07 14:33:03 +00:00
override = printer.pretty_print_payload(prefix, apns._deserialize_payload_from_buffer(data))
if override is not None:
data = override
print("OVERRIDE: ", end="")
printer.pretty_print_payload(prefix, apns._deserialize_payload_from_buffer(data))
2023-04-07 13:28:32 +00:00
2023-04-08 00:39:55 +00:00
if "apsd -> APNs" in prefix:
global outgoing_list
outgoing_list.insert(0, data)
if len(outgoing_list) > 100:
outgoing_list.pop()
elif "APNs -> apsd" in prefix:
global incoming_list
incoming_list.insert(0, data)
if len(incoming_list) > 100:
incoming_list.pop()
2023-04-07 14:33:03 +00:00
#print(prefix, data)
# Write the data to the second connection
conn2.write(data)
2023-04-07 16:19:44 +00:00
except OSError as e:
if e.errno == 9:
print(prefix, "Connection closed due to OSError 9")
2023-04-07 16:19:44 +00:00
pass # Probably a connection closed error
else:
raise e
except tlslite.TLSAbruptCloseError as e:
print(prefix, "Connection closed abruptly: ", e)
2023-04-07 05:48:14 +00:00
print("Connection closed")
# Close the connections
conn1.close()
conn2.close()
2023-04-08 01:12:10 +00:00
repl_lock = False
2023-04-08 00:51:15 +00:00
def repl(conn1: tlslite.TLSConnection, conn2: tlslite.TLSConnection):
2023-04-08 01:12:10 +00:00
global repl_lock
if repl_lock:
print("REPL already running")
return
repl_lock = True
import IPython
IPython.embed()
2023-04-08 00:39:55 +00:00
2023-04-07 05:48:14 +00:00
def handle(conn: socket.socket):
# Wrap the socket in TLS
s_conn = tlslite.TLSConnection(conn)
global cert, key
chain = tlslite.X509CertChain()
chain.parsePemList(cert)
2023-04-07 13:47:21 +00:00
#print(chain)
2023-04-07 05:48:14 +00:00
#cert = tlslite.X509CertChain([tlslite.X509().parse(cert)])
key_parsed = tlslite.parsePEMKey(key, private=True)
2023-04-07 13:47:21 +00:00
#print(key_parsed)
2023-04-07 05:48:14 +00:00
s_conn.handshakeServer(certChain=chain, privateKey=key_parsed, reqCert=False, alpn=[ALPN])
print("Handling connection")
# Connect to the APNs server
apns = connect()
print("Connected to APNs")
2023-04-07 20:24:05 +00:00
2023-04-08 00:51:15 +00:00
threading.Thread(target=repl, args=(s_conn,apns)).start()
2023-04-08 00:39:55 +00:00
2023-04-07 20:24:05 +00:00
global global_cnt
global_cnt += 1
2023-04-07 05:48:14 +00:00
# Proxy data between the connections
# Create a thread to proxy data from the APNs server to the client
2023-04-07 20:24:05 +00:00
threading.Thread(target=proxy, args=(s_conn, apns, f"{global_cnt} apsd -> APNs")).start()
2023-04-07 05:48:14 +00:00
# Just proxy data from the client to the APNs server in this thread
2023-04-07 20:24:05 +00:00
proxy(apns, s_conn, f"{global_cnt} APNs -> apsd")
2023-04-07 05:48:14 +00:00
def serve():
# Create a socket to listen for connections
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Allow the socket to be reused
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2023-04-07 05:48:14 +00:00
sock.bind(("localhost", 5223))
sock.listen()
print("Listening for connections...")
# Handshake with the client
# Read the certificate and private key from the config
with open("push_certificate_chain.pem", "r") as f:
global cert
cert = f.read()
# NEED TO USE OPENSSL, SEE CORETRUST CMD, MIMIC ENTRUST? OR AT LEAST SEE PUSHPROXY FOR EXTRACTION & REPLACEMENT
with open("push_key.pem", "r") as f:
global key
key = f.read()
conns = []
2023-04-07 05:48:14 +00:00
# Accept connections
try:
while True:
# Accept a connection
conn, addr = sock.accept()
conns.append(conn)
# Create a thread to handle the connection
#handle(conn)
thread = threading.Thread(target=handle, args=(conn,))
thread.start()
except KeyboardInterrupt:
print("Keyboard interrupt, closing sockets")
for conn in conns:
conn.close()
sock.close()
2023-04-07 05:48:14 +00:00
if __name__ == "__main__":
serve()