pypush-plus-plus/proxy/proxy.py
2023-04-07 09:28:32 -04:00

110 lines
3 KiB
Python

# TLS server to proxy APNs traffic
import socket
import tlslite
import threading
# APNs server to proxy traffic to
APNS_HOST = "1-courier.push.apple.com"
APNS_PORT = 5223
ALPN = b"apns-security-v3"
#ALPN = b"apns-pack-v1"
# Connect to the APNs server
def connect() -> tlslite.TLSConnection:
# Connect to the APNs server
sock = socket.create_connection((APNS_HOST, APNS_PORT))
# Wrap the socket in TLS
ssock = tlslite.TLSConnection(sock)
print("Handshaking with APNs")
# Handshake with the server
ssock.handshakeClientCert(alpn=[b"apns-security-v3"])
print("Handshaked with APNs")
return ssock
cert:str = None
key:str = None
import sys
# setting path
sys.path.append('../')
import apns
import printer
def proxy(conn1: tlslite.TLSConnection, conn2: tlslite.TLSConnection, prefix: str = ""):
while True:
# Read data from the first connection
data = conn1.read()
# If there is no data, the connection has closed
if not data:
break
printer.pretty_print_payload(prefix, apns._deserialize_payload_from_buffer(data))
#print(prefix, data)
# Write the data to the second connection
conn2.write(data)
print("Connection closed")
# Close the connections
conn1.close()
conn2.close()
def handle(conn: socket.socket):
# Wrap the socket in TLS
s_conn = tlslite.TLSConnection(conn)
global cert, key
chain = tlslite.X509CertChain()
chain.parsePemList(cert)
print(chain)
#cert = tlslite.X509CertChain([tlslite.X509().parse(cert)])
key_parsed = tlslite.parsePEMKey(key, private=True)
print(key_parsed)
s_conn.handshakeServer(certChain=chain, privateKey=key_parsed, reqCert=False, alpn=[ALPN])
print("Handling connection")
# Connect to the APNs server
apns = connect()
print("Connected to APNs")
# Proxy data between the connections
# Create a thread to proxy data from the APNs server to the client
threading.Thread(target=proxy, args=(s_conn, apns, "apsd -> APNs")).start()
# Just proxy data from the client to the APNs server in this thread
proxy(apns, s_conn, "APNs -> apsd")
def serve():
# Create a socket to listen for connections
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind(("localhost", 5223))
sock.listen()
print("Listening for connections...")
# Handshake with the client
# Read the certificate and private key from the config
with open("push_certificate_chain.pem", "r") as f:
global cert
cert = f.read()
# NEED TO USE OPENSSL, SEE CORETRUST CMD, MIMIC ENTRUST? OR AT LEAST SEE PUSHPROXY FOR EXTRACTION & REPLACEMENT
with open("push_key.pem", "r") as f:
global key
key = f.read()
# Accept connections
while True:
# Accept a connection
conn, addr = sock.accept()
# Create a thread to handle the connection
#handle(conn)
thread = threading.Thread(target=handle, args=(conn,))
thread.start()
if __name__ == "__main__":
serve()