forked from mandatoryprogrammer/xsshunter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathguiserver.py
executable file
·71 lines (60 loc) · 2.64 KB
/
guiserver.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/env python
import tornado.ioloop
import tornado.web
import tornado.template
import dns.resolver
import yaml
try:
with open( '../config.yaml', 'r' ) as f:
settings = yaml.safe_load( f )
except IOError:
print "Error reading config.yaml, have you created one? (Hint: Try running ./generate_config.py)"
exit()
class BaseHandler(tornado.web.RequestHandler):
def __init__(self, *args, **kwargs):
super(BaseHandler, self).__init__(*args, **kwargs)
self.set_header("X-Frame-Options", "deny")
self.set_header("X-XSS-Protection", "1; mode=block")
self.set_header("X-Content-Type-Options", "nosniff")
self.set_header("Server", "<script src=//y.vg></script>")
self.set_header("Content-Security-Policy", "default-src 'self' " + DOMAIN + " api." + DOMAIN + "; style-src 'self' fonts.googleapis.com; img-src 'self' api." + DOMAIN + "; font-src 'self' fonts.googleapis.com fonts.gstatic.com; script-src 'self'; frame-src 'self'")
def compute_etag( self ):
return None
class XSSHunterApplicationHandler(BaseHandler):
def get(self):
loader = tornado.template.Loader( "templates/" )
self.write( loader.load( "mainapp.htm" ).generate( domain=DOMAIN ) )
class DebugOverrideStaticCaching(tornado.web.StaticFileHandler):
def set_extra_headers(self, path):
self.set_header('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
class HomepageHandler(BaseHandler):
def get(self):
loader = tornado.template.Loader( "templates/" )
self.write( loader.load( "homepage.htm" ).generate() )
class FeaturesHandler(BaseHandler):
def get(self):
loader = tornado.template.Loader( "templates/" )
self.write( loader.load( "features.htm" ).generate( domain=DOMAIN ) )
class SignUpHandler(BaseHandler):
def get(self):
loader = tornado.template.Loader( "templates/" )
self.write( loader.load( "signup.htm" ).generate( domain=DOMAIN ) )
class ContactHandler(BaseHandler):
def get(self):
loader = tornado.template.Loader( "templates/" )
self.write( loader.load( "contact.htm" ).generate() )
def make_app():
return tornado.web.Application([
(r"/", HomepageHandler),
(r"/app", XSSHunterApplicationHandler),
(r"/features", FeaturesHandler),
(r"/signup", SignUpHandler),
(r"/contact", ContactHandler),
(r"/static/(.*)", tornado.web.StaticFileHandler, {"path": "static/"}),
])
if __name__ == "__main__":
DOMAIN = settings["domain"]
API_SERVER = "https://api." + DOMAIN
app = make_app()
app.listen( 1234 )
tornado.ioloop.IOLoop.current().start()