MCPcopy
hub / github.com/USArmyResearchLab/Dshell / http_handler

Method http_handler

dshell/plugins/http/joomla.py:69–85  ·  view source on GitHub ↗
(self, conn, request, response)

Source from the content-addressed store, hash-verified

67 return None
68
69 def http_handler(self, conn, request, response):
70 if not request:
71 return
72
73 if self.ioc_bytes not in request.blob.data:
74 # indicator of (potential) compromise is not here
75 return
76
77 # there is an attempt to exploit Joomla!
78
79 # The Joomla exploit could be sent any HTTP header field
80 for hdr, val in request.headers.items():
81 if self.ioc in val:
82 cmd = self.parse_cmd(val)
83 if cmd:
84 self.alert('{} -> {}'.format(hdr, cmd), **conn.info())
85 return conn, request, response
86

Callers

nothing calls this directly

Calls 3

parse_cmdMethod · 0.95
alertMethod · 0.80
infoMethod · 0.45

Tested by

no test coverage detected