1 files changed, 138 insertions, 0 deletions
diff --git a/src/usr.bin/nc/scripts/webproxy b/src/usr.bin/nc/scripts/webproxy
new file mode 100644
index 0000000000..cee2d29fd1
--- /dev/null
+++ b/src/usr.bin/nc/scripts/webproxy
@@ -0,0 +1,138 @@
+#! /bin/sh
+## Web proxy, following the grand tradition of Web things being handled by
+## gross scripts.  Uses netcat to listen on a high port [default 8000],
+## picks apart requests and sends them on to the right place.  Point this
+## at the browser client machine you'll be coming from [to limit access to
+## only it], and point the browser's concept of an HTTP proxy to the
+## machine running this.  Takes a single argument of the client that will
+## be using it, and rejects connections from elsewhere.  LOGS the queries
+## to a configurable logfile, which can be an interesting read later on!
+## If the argument is "reset", the listener and logfile are cleaned up.
+##
+## This works surprisingly fast and well, for a shell script, although may
+## randomly fail when hammered by a browser that tries to open several
+## connections at once.  Drop the "maximum connections" in your browser if
+## this is a problem.
+##
+## A more degenerate case of this, or preferably a small C program that
+## does the same thing under inetd, could handle a small site's worth of
+## proxy queries.  Given the way browsers are evolving, proxies like this
+## can play an important role in protecting your own privacy.
+##
+## If you grabbed this in ASCII mode, search down for "eew" and make sure
+## the embedded-CR check is intact, or requests might hang.
+##
+## Doesn't handle POST forms.  Who cares, if you're just watching HTTV?
+## Dumbness here has a highly desirable side effect: it only sends the first
+## GET line, since that's all you really ever need to send, and suppresses
+## the other somewhat revealing trash that most browsers insist on sending.
+# set these as you wish: proxy port...
+PORT=8000
+# logfile spec: a real file or /dev/null if you don't care
+LFILE=${0}.log
+# optional: where to dump connect info, so you can see if anything went wrong
+# CFILE=${0}.conn
+# optional extra args to the listener "nc", for instance "-s inside-net-addr"
+# XNC=''
+# functionality switch has to be done fast, so the next listener can start
+# prelaunch check: if no current client and no args, bail.
+case "${1}${CLIENT}" in
+  "")
+    echo needs client hostname
+    exit 1
+  ;;
+esac
+case "${1}" in
+  "")
+# Make like inetd, and run the next relayer process NOW.  All the redirection
+# is necessary so this shell has NO remaining channel open to the net.
+# This will hang around for 10 minutes, and exit if no new connections arrive.
+# Using -n for speed, avoiding any DNS/port lookups.
+    nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \
+        2> $CFILE &
+  ;;
+esac
+# no client yet and had an arg, this checking can be much slower now
+umask 077
+if test "$1" ; then
+# if magic arg, just clean up and then hit our own port to cause server exit
+  if test "$1" = "reset" ; then
+    rm -f $LFILE
+    test -f "$CFILE" && rm -f $CFILE
+    nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1
+    exit 0
+  fi
+# find our ass with both hands
+  test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1
+# correct launch: set up client access control, passed along thru environment.
+  CLIENT="$1"
+  export CLIENT
+  test "$CFILE" || CFILE=/dev/null
+  export CFILE
+  touch "$CFILE"
+# tell us what happened during the last run, if possible
+  if test -f "$CFILE"  ; then
+    echo "Last connection results:"
+    cat $CFILE
+  fi
+# ping client machine and get its bare IP address
+  CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'`
+  test ! "$CLIENT" && echo "Can't find address of $1" && exit 1
+# if this was an initial launch, be informative about it
+  echo "=== Launch: $CLIENT" >> $LFILE
+  echo "Proxy running -- will accept connections on $PORT from $CLIENT"
+  echo "  Logging queries to $LFILE"
+  test -f "$CFILE" && echo "  and connection fuckups to $CFILE"
+# and run the first listener, showing us output just for the first hit
+  nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" &
+  exit 0
+fi
+# Fall here to handle a page.
+# GET type://host.name:80/file/path HTTP/1.0
+# Additional: trash
+# More: trash
+# <newline>
+read x1 x2 x3 x4
+echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE
+test "$x4" && echo "extra junk after request: $x4" && exit 0
+# nuke questionable characters and split up the request
+hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'`
+# echo massaged hurl: $hurl >> $LFILE
+hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"`
+hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"`
+test "$hp" = "$hh" && hp=80
+hf=`echo "$hurl" | sed -e "s+[^/]*++"`
+# echo total split: $hh : $hp : $hf >> $LFILE
+# suck in and log the entire request, because we're curious
+# Fails on multipart stuff like forms; oh well...
+if test "$x3" ; then
+  while read xx ; do
+    echo "${xx}" >> $LFILE
+    test "${xx}" || break
+# eew, buried returns, gross but necessary for DOS stupidity:
+    test "${xx}" = "
+" && break
+  done
+fi
+# check for non-GET *after* we log the query...
+test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0
+# no, you can *not* phone home, you miserable piece of shit
+test "`echo $hh | fgrep -i netscap`" && \
+  echo "access to Netscam's servers <b>DENIED.</b>" && exit 0
+# Do it.  30 sec net-wait time oughta be *plenty*...
+# Some braindead servers have forgotten how to handle the simple-query syntax.
+# If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc...
+echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \
+  echo "oops, can't get to $hh : $hp".
+echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE
+exit 0

diff --git a/src/usr.bin/nc/scripts/webproxy b/src/usr.bin/nc/scripts/webproxy new file mode 100644 index 0000000000..cee2d29fd1 --- /dev/null +++ b/src/usr.bin/nc/scripts/webproxy
@@ -0,0 +1,138 @@
	1	#! /bin/sh
	2	## Web proxy, following the grand tradition of Web things being handled by
	3	## gross scripts. Uses netcat to listen on a high port [default 8000],
	4	## picks apart requests and sends them on to the right place. Point this
	5	## at the browser client machine you'll be coming from [to limit access to
	6	## only it], and point the browser's concept of an HTTP proxy to the
	7	## machine running this. Takes a single argument of the client that will
	8	## be using it, and rejects connections from elsewhere. LOGS the queries
	9	## to a configurable logfile, which can be an interesting read later on!
	10	## If the argument is "reset", the listener and logfile are cleaned up.
	11	##
	12	## This works surprisingly fast and well, for a shell script, although may
	13	## randomly fail when hammered by a browser that tries to open several
	14	## connections at once. Drop the "maximum connections" in your browser if
	15	## this is a problem.
	16	##
	17	## A more degenerate case of this, or preferably a small C program that
	18	## does the same thing under inetd, could handle a small site's worth of
	19	## proxy queries. Given the way browsers are evolving, proxies like this
	20	## can play an important role in protecting your own privacy.
	21	##
	22	## If you grabbed this in ASCII mode, search down for "eew" and make sure
	23	## the embedded-CR check is intact, or requests might hang.
	24	##
	25	## Doesn't handle POST forms. Who cares, if you're just watching HTTV?
	26	## Dumbness here has a highly desirable side effect: it only sends the first
	27	## GET line, since that's all you really ever need to send, and suppresses
	28	## the other somewhat revealing trash that most browsers insist on sending.
	29
	30	# set these as you wish: proxy port...
	31	PORT=8000
	32	# logfile spec: a real file or /dev/null if you don't care
	33	LFILE=${0}.log
	34	# optional: where to dump connect info, so you can see if anything went wrong
	35	# CFILE=${0}.conn
	36	# optional extra args to the listener "nc", for instance "-s inside-net-addr"
	37	# XNC=''
	38
	39	# functionality switch has to be done fast, so the next listener can start
	40	# prelaunch check: if no current client and no args, bail.
	41	case "${1}${CLIENT}" in
	42	"")
	43	echo needs client hostname
	44	exit 1
	45	;;
	46	esac
	47
	48	case "${1}" in
	49	"")
	50	# Make like inetd, and run the next relayer process NOW. All the redirection
	51	# is necessary so this shell has NO remaining channel open to the net.
	52	# This will hang around for 10 minutes, and exit if no new connections arrive.
	53	# Using -n for speed, avoiding any DNS/port lookups.
	54	nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \
	55	2> $CFILE &
	56	;;
	57	esac
	58
	59	# no client yet and had an arg, this checking can be much slower now
	60	umask 077
	61
	62	if test "$1" ; then
	63	# if magic arg, just clean up and then hit our own port to cause server exit
	64	if test "$1" = "reset" ; then
	65	rm -f $LFILE
	66	test -f "$CFILE" && rm -f $CFILE
	67	nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1
	68	exit 0
	69	fi
	70	# find our ass with both hands
	71	test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1
	72	# correct launch: set up client access control, passed along thru environment.
	73	CLIENT="$1"
	74	export CLIENT
	75	test "$CFILE" \|\| CFILE=/dev/null
	76	export CFILE
	77	touch "$CFILE"
	78	# tell us what happened during the last run, if possible
	79	if test -f "$CFILE" ; then
	80	echo "Last connection results:"
	81	cat $CFILE
	82	fi
	83
	84	# ping client machine and get its bare IP address
	85	CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 \| sed 's/.\[\(..\)\].*/\1/'`
	86	test ! "$CLIENT" && echo "Can't find address of $1" && exit 1
	87
	88	# if this was an initial launch, be informative about it
	89	echo "=== Launch: $CLIENT" >> $LFILE
	90	echo "Proxy running -- will accept connections on $PORT from $CLIENT"
	91	echo " Logging queries to $LFILE"
	92	test -f "$CFILE" && echo " and connection fuckups to $CFILE"
	93
	94	# and run the first listener, showing us output just for the first hit
	95	nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" &
	96	exit 0
	97	fi
	98
	99	# Fall here to handle a page.
	100	# GET type://host.name:80/file/path HTTP/1.0
	101	# Additional: trash
	102	# More: trash
	103	# <newline>
	104
	105	read x1 x2 x3 x4
	106	echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE
	107	test "$x4" && echo "extra junk after request: $x4" && exit 0
	108	# nuke questionable characters and split up the request
	109	hurl=`echo "$x2" \| sed -e "s+.//++" -e 's+[\`'\''\|$;<>{}\\!()"]++g'`
	110	# echo massaged hurl: $hurl >> $LFILE
	111	hh=`echo "$hurl" \| sed -e "s+/.++" -e "s+:.++"`
	112	hp=`echo "$hurl" \| sed -e "s+.:++" -e "s+/.++"`
	113	test "$hp" = "$hh" && hp=80
	114	hf=`echo "$hurl" \| sed -e "s+[^/]*++"`
	115	# echo total split: $hh : $hp : $hf >> $LFILE
	116	# suck in and log the entire request, because we're curious
	117	# Fails on multipart stuff like forms; oh well...
	118	if test "$x3" ; then
	119	while read xx ; do
	120	echo "${xx}" >> $LFILE
	121	test "${xx}" \|\| break
	122	# eew, buried returns, gross but necessary for DOS stupidity:
	123	test "${xx}" = " " && break
	124	done
	125	fi
	126	# check for non-GET after we log the query...
	127	test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0
	128	# no, you can not phone home, you miserable piece of shit
	129	test "`echo $hh \| fgrep -i netscap`" && \
	130	echo "access to Netscam's servers <b>DENIED.</b>" && exit 0
	131	# Do it. 30 sec net-wait time oughta be plenty...
	132	# Some braindead servers have forgotten how to handle the simple-query syntax.
	133	# If necessary, replace below with (echo "$x1 $hf" ; echo '') \| nc...
	134	echo "$x1 $hf" \| nc -w 30 "$hh" "$hp" 2> /dev/null \|\| \
	135	echo "oops, can't get to $hh : $hp".
	136	echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE
	137	exit 0
	138