Web applications often transfer sensitive data between client and server. Even a session id is not something that should be vulnerable to eavesdropping. It is therefore a very good idea to encrypt all communication and implement a HTTPS server.
Subclassing HTTPServer
Python's ssl
module has been cleaned up quite a bit since version 3.x and with a little help from this recipe it was incredibly simple to adapt the HTTPServer
class from the http.server
module to accept only secure connections:
import ssl import socket from socketserver import BaseServer from http.server import HTTPServer class HTTPSServer(HTTPServer): def __init__(self,address,handler): BaseServer.__init__(self,address,handler) self.socket = ssl.SSLSocket( sock=socket.socket(self.address_family,self.socket_type), ssl_version=ssl.PROTOCOL_TLSv1, certfile='test.pem', server_side=True) self.server_bind() self.server_activate()
All we do basically is change the initialization code to create a secure socket instead of a regular one (in line 10). The things to watch out for is the ssl_version
: older versions are considered unsafe so we use TLS 1.0 here. Also the certificate file we use here contains both our certificate and our private key. If you want to use a self signed certificate for testing purposes you could generate one with openssl (most UNIX-like operating systems offer binary packages, for a precompiled package for windows check the faq.)
openssl req -new -x509 -keyout test.pem -out test.pem -days 365 -nodes
Note that your browser will still complain about this certificate because it is self signed.
Dear Michel, thanks for the code. Do you know how I use as HTTPRequestHandler.setup(self)?
ReplyDeleteI used:
def setup(self):
self.connection = self.request
self.rfile = self.request.makefile(mode='rb',buffering=self.rbufsize)
self.wfile = self.request.makefile(mode='wb',buffering=self.rbufsize)
The program runs, but when I makes a browser request, the server recieve a bunch of random symbols (like they are not decrypted, or ill-decripted)
Any idea? thanks!
This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:
ReplyDelete-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change
-funds recovery
Email: onlineghosthacker247@ gmail .com
jQuery loop over JSON result
ReplyDeletePHP MYSQL Advanced Search Feature
Simple Show Hide Menu Navigation
NodeJS Simple way to send SMTP mail
Simple pagination in PHP
Date Timestamp Formats in PHP
Getting IP address and type in Node js
R Plot Types
Php file based authentication
PHP user registration & login/ logout