If you need dynamic response data instead of static response files, Airpwn can be configured to retrieve dynamic response data from a Python script. By using the pyscript pythonmodule directive instead of response in the configuration file, Airpwn uses the script output when the request expression matches.
The pythonmodule parameter should be the name of a Python module; for example, if your configuration file contains the line pyscript foo, the file foo.py should be present in your python script path. Airpwn invokes the airpwn_response function of your module with a single argument, which is the content of the packet that matched the request expression. The airpwn_response function should return a string to be sent as the response data, or None if no response should be sent.
Here is an example configuration file that invokes a Python script called pyexample when nongraphical HTTP requests are made:
begin pyexample match ^(GET|POST) ignore ^GET [^ ?]+\.(jpg|jpeg|gif|png|tif|tiff) pymodule pyexample
Here is a listing of the pyexample module that prints out a fake "access denied" page that includes the dynamically generated hostname of the site being visited:
import re
header_template = """HTTP/1.1 200 OK
Connection: close
Content-type: text/html
Content-length: %(contentlen)s
"""
content_template = """<html>
<head>
<title>ACCESS DENIED</title>
</head>
<body>
<div style="font-size:32pt;font-family:arial,sans-serif;">
Access to site %(hostname)s is denied!
</div>
</body>
</html>"""
pattern = re.compile("host: ([^\r\n]*)", re.IGNORECASE)
def airpwn_response(s):
try:
x = pattern.search(s)
hostname = x.group(1)
except AttributeError:
print("pyexample: unable to determine hostname..")
return None
content = content_template % vars( )
contentlen = len(content)
header = header_template % vars( )
return header + content