/httpsweet

An HTTP server to easily download and upload files.

Primary LanguagePythonGNU Affero General Public License v3.0AGPL-3.0

httpsweet

An HTTP server to easily download and upload files.

It was created with flexibility in mind, allowing be used in many different situations, therefore in allows deploy the very same operation in many different ways. For more information see the Specification section.

Note: This software is not intended for production enviroment, but for test purposes, therefore be careful with its use, since it don't provide any security mechanism.

Installation

From python packages:

pip3 install httpsweet

From repository:

git clone https://gitlab.com/Zer1t0/httpsweet
cd httpsweet/
python3 setup.py install # required only in case of system installation

Examples

This section show some examples of the common operations.

Download file

Download a file test:

curl 127.0.0.1:8000/test
curl 127.0.0.1:8000/?path=test
curl 127.0.0.1:8000/ -d 'action=download&path=test'

Download part of a file test:

curl '127.0.0.1:8000/test?offset=10&size=20'
curl '127.0.0.1:8000/?offset=10&size=20&path=test'
curl 127.0.0.1:8000/ -d 'action=download&offset=10&size=20&path=test'

Upload file

Upload a file named test_up:

curl 127.0.0.1:8000/test_up -H "Content-Type: application/octet-stream" --data 'thedata' 
curl localhost:8000/test_up -H "Content-Type: application/octet-stream" --data-binary "@/etc/hosts"
curl '127.0.0.1:8000/test_up?action=upload_file&data=thedata'

Upload a file appending:

curl 127.0.0.1:8000/test_app?append=t -H "Content-type: application/octet-stream" --data "thedata"
curl '127.0.0.1:8000/test_app?action=upload_file&data=thedata&append=t'

Upload base64 encoded:

curl 127.0.0.1:8000/test_64?encoding=64 -H 'Content-type: application/octet-stream' --data 'dGhlZGF0YQo=' 
curl '127.0.0.1:8000/?action=upload_file&path=test_64&data=dGhlZGF0YQo&encoding=64'

HTTPS

The server also support the HTTPS protocol, for which you should provide a certificate with a private key, by using the parameters --cert and --key. In case of genereting a cert which also includes the private key, only the --cert parameter must be used.

To generate an auto-self certificate you could use the following command:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
cat key.pem >> cert.pem # generate cert with the private key

Directory listing

By default, directory listing is disabled, in case you want to enable it, you must provide the flag --dir-list.

Specification

The server perform 2 basic actions: download and upload file.

Request Fields

In order to determine the action required in each request, the server examines the following parts of the request:

  • Method
    • POST | PUT :: Indicate upload
    • Rest of methods :: Indicate download
  • Url
    • Url path :: Indicates the path of the desired file
    • Url parameters :: Indicates the action parameters
  • Body, which could be:
    • Raw data :: Indicates the content of the file
    • Url encoded parameters :: Indicates the action parameters
    • Json data :: Indicates the action parameters
  • Headers :: Indicates the action parameters
  • Cookies :: Indicates the action parameters. Since path key has a special meaning in cookies, it is not possible to use that parameter in these fields.

The more relevant parts are those in last positions of the list. That means, for instance, if the Url path indicates the path index.html, but there is a parameter path (in the Url or in the Body) which indicates other_file.txt, then other_file.txt will be selected as the desired path.

Key-Value fields (Url, Body, Headers, Cookies)

In all those fields which can specified the action parameters, the following values can be provided:

  • action: str :: Determines the action
  • path: str :: Indicates the path of the desired file
  • offset: int :: (Download) Indicates the starting point for reading a file
  • size: int :: (Download) Indicates the number of bytes read
  • append: flag :: (Upload) Indicates if the data should be appended to the desired file
  • encoding: str :: Indicates the desired encoder use in the actions, actually only base64 is supported (or not encoder)
  • data: str :: (Upload) The data to write into the desired file

Matching keywords

The key of the key value fields are case-insensitive, then, for instance, is the same offset that Offset or OFFSET.

In the parameter action, any value starting by d (such as d, down, download) will match as download action and any value starting by u (such as u, up, upload) will match as upload action.