Project description

signed_xmlrpc - Send signed XML RPC Requests

signed_xmlrpc is a python library send signed xml rpc requests.

This library can be used in cyber defense exercises when communication with a compromised server and using credentials like usernames and passwords is not possible, because an attacker can use those to compromise more services and servers.

:warning: do not use this library in proiduction environments!

Installation

pip install signed_xmlrpc

Create Key Pair

At this time, the ecdsa library (https://pypi.org/project/ecdsa/) is used to handle signature verification.

from ecdsa import SigningKey
sk = SigningKey.generate()

# private_key
print(base64.b64encode(sk.to_string()))

# public_key
print(base64.b64encode(sk.verifying_key.to_string()))

Example Server

import base64

from ecdsa import VerifyingKey
from signed_xmlrpc.server import SignedXMLRPCServer, SignedRequestHandler

public_key = b'dmTk8IGtxQBC4lPuk9tXUIJqbiz4G01qLEzmt5Fmh9AkpqOWwcSyyVeDczrhGWe7'

# if the signature is not required, the standard python xmlrpc library can be used as client
SignedRequestHandler.REQUIRE_SIGNATURE = True

SignedXMLRPCServer(
    VerifyingKey.from_string(base64.b64decode(public_key)),
    ('0.0.0.0', 8081)
).serve_forever()

Example Client

import base64
from ecdsa import SigningKey
from signed_xmlrpc.client import SigningTransport
import xmlrpc

private_key = b'BxbHQpNKpwKmYOs1RDSMg1vkIYsTTP3o'

server = xmlrpc.client.ServerProxy(
    'http://127.0.0.1:8081',
    transport=SigningTransport(
        private_key=SigningKey.from_string(
            base64.b64decode(private_key)
        )
    )
)
print(server.ping())

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

0.0.1

May 26, 2020

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

signed_xmlrpc-0.0.1.tar.gz (4.1 kB view details)

Uploaded May 26, 2020 Source

Built Distribution

signed_xmlrpc-0.0.1-py3-none-any.whl (17.4 kB view details)

Uploaded May 26, 2020 Python 3

File details

Details for the file signed_xmlrpc-0.0.1.tar.gz.

File metadata

Download URL: signed_xmlrpc-0.0.1.tar.gz
Upload date: May 26, 2020
Size: 4.1 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.7.5

File hashes

Hashes for signed_xmlrpc-0.0.1.tar.gz
Algorithm	Hash digest
SHA256	`d867bc5ae940586339d802314729cba7b9e34252e6e199c88a2709efdcc9b9da`
MD5	`7a3748a3d9cd62222cff7d3b07814b44`
BLAKE2b-256	`7ebc2a8e759033b911c3a2716996d780712e757a50b45fc4c03026cd9c78bd79`

See more details on using hashes here.

File details

Details for the file signed_xmlrpc-0.0.1-py3-none-any.whl.

File metadata

Download URL: signed_xmlrpc-0.0.1-py3-none-any.whl
Upload date: May 26, 2020
Size: 17.4 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.7.5

File hashes

Hashes for signed_xmlrpc-0.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`8e2ea3515080e6b2523385b5c014818ddd4d4254280d85f5366bb66aa6b3fe29`
MD5	`c28ad3bdc4bdc8b2cfe5bc8f1909453c`
BLAKE2b-256	`962f506da6ef97c8e62eb9e60e96b1eca9f8b9e379dcd07042c7abc65f27024a`