addon_examples/shield.py

"""Block potentially bad things"""
from hippolyzer.lib.base.templates import IMDialogType, XferFilePath
from hippolyzer.lib.proxy.addon_utils import BaseAddon, show_message
from hippolyzer.lib.base.message.message import Message
from hippolyzer.lib.base.network.transport import Direction
from hippolyzer.lib.proxy.region import ProxiedRegion
from hippolyzer.lib.proxy.sessions import Session

SUSPICIOUS_PACKETS = {
    "TransferRequest",
    "UUIDNameRequest",
    "UUIDGroupNameRequest",
    "OpenCircuit",
    "AddCircuitCode",
}
REGULAR_IM_DIALOGS = (IMDialogType.TYPING_STOP, IMDialogType.TYPING_STOP, IMDialogType.NOTHING_SPECIAL)


class ShieldAddon(BaseAddon):
    def handle_lludp_message(self, session: Session, region: ProxiedRegion, message: Message):
        if message.direction != Direction.IN:
            return
        if message.name in SUSPICIOUS_PACKETS:
            show_message(f"Blocked suspicious {message.name} packet")
            region.circuit.drop_message(message)
            return True
        if message.name == "ImprovedInstantMessage":
            msg_block = message["MessageBlock"][0]
            if msg_block["Dialog"] not in REGULAR_IM_DIALOGS:
                return
            from_agent = message["AgentData"]["AgentID"]
            if from_agent == session.agent_id:
                expected_id = from_agent
            else:
                expected_id = from_agent ^ session.agent_id
            msg_block["ID"] = expected_id
        if message.name == "RequestXfer":
            xfer_block = message["XferID"][0]
            # Don't allow Xfers for files, only assets
            if xfer_block["FilePath"] != XferFilePath.NONE or xfer_block["Filename"]:
                show_message(f"Blocked suspicious {message.name} packet")
                region.circuit.drop_message(message)
                return True


addons = [ShieldAddon()]
Import Hippolyzer 2021-04-30 17:30:24 +00:00			`"""Block potentially bad things"""`
Switch to importing hippolyzer.lib.base.templates Should help deal with automatic template reloading issues since mtime wasn't changing on `lib.proxy.templates`. 2021-06-01 08:23:33 +00:00			`from hippolyzer.lib.base.templates import IMDialogType, XferFilePath`
Import Hippolyzer 2021-04-30 17:30:24 +00:00			`from hippolyzer.lib.proxy.addon_utils import BaseAddon, show_message`
Move Circuit and Message to lib.base Fairly invasive, but will help make lib.base useful again. No more Message / ProxiedMessage split! 2021-06-03 02:58:41 +00:00			`from hippolyzer.lib.base.message.message import Message`
			`from hippolyzer.lib.base.network.transport import Direction`
Import Hippolyzer 2021-04-30 17:30:24 +00:00			`from hippolyzer.lib.proxy.region import ProxiedRegion`
			`from hippolyzer.lib.proxy.sessions import Session`

Update shield addon 2021-06-18 20:49:31 +00:00			`SUSPICIOUS_PACKETS = {`
			`"TransferRequest",`
			`"UUIDNameRequest",`
			`"UUIDGroupNameRequest",`
			`"OpenCircuit",`
			`"AddCircuitCode",`
			`}`
Import Hippolyzer 2021-04-30 17:30:24 +00:00			`REGULAR_IM_DIALOGS = (IMDialogType.TYPING_STOP, IMDialogType.TYPING_STOP, IMDialogType.NOTHING_SPECIAL)`


			`class ShieldAddon(BaseAddon):`
Move Circuit and Message to lib.base Fairly invasive, but will help make lib.base useful again. No more Message / ProxiedMessage split! 2021-06-03 02:58:41 +00:00			`def handle_lludp_message(self, session: Session, region: ProxiedRegion, message: Message):`
Import Hippolyzer 2021-04-30 17:30:24 +00:00			`if message.direction != Direction.IN:`
			`return`
			`if message.name in SUSPICIOUS_PACKETS:`
			`show_message(f"Blocked suspicious {message.name} packet")`
			`region.circuit.drop_message(message)`
			`return True`
			`if message.name == "ImprovedInstantMessage":`
			`msg_block = message["MessageBlock"][0]`
			`if msg_block["Dialog"] not in REGULAR_IM_DIALOGS:`
			`return`
			`from_agent = message["AgentData"]["AgentID"]`
			`if from_agent == session.agent_id:`
			`expected_id = from_agent`
			`else:`
			`expected_id = from_agent ^ session.agent_id`
			`msg_block["ID"] = expected_id`
Better inbound RequestXfer filter 2021-05-12 19:57:12 +00:00			`if message.name == "RequestXfer":`
			`xfer_block = message["XferID"][0]`
			`# Don't allow Xfers for files, only assets`
Account for recent stringification of Filename in ShieldAddon 2021-05-28 20:51:18 +00:00			`if xfer_block["FilePath"] != XferFilePath.NONE or xfer_block["Filename"]:`
Better inbound RequestXfer filter 2021-05-12 19:57:12 +00:00			`show_message(f"Blocked suspicious {message.name} packet")`
			`region.circuit.drop_message(message)`
			`return True`
Import Hippolyzer 2021-04-30 17:30:24 +00:00

			`addons = [ShieldAddon()]`