fix: Typo in copy instruction

Dockerfile

@@ -3,13 +3,17 @@ FROM --platform=$BUILDPLATFORM python:3.10-alpine AS builder
 WORKDIR /app
 
 # Install openssl and delv
-RUN apk add --no-cache openssl bind-tools
+RUN apk add --no-cache openssl bind-tools curl git
 
 COPY requirements.txt /app
 RUN --mount=type=cache,target=/root/.cache/pip \
     python3 -m pip install -r requirements.txt
 
-COPY . /app
+# Copy application files
+COPY *.py /app/
+COPY templates/ /app/templates/
+COPY hsd-ksk /app
+
 
 # Optionally mount /data to store the data
 # VOLUME /data

requirements.txt

@@ -4,4 +4,7 @@ requests
 python-dotenv
 dnspython
 cryptography
-datetime
+datetime
+beautifulsoup4
+requests-doh
+git+https://github.com/Nathanwoodburn/requests-doh.git

server.py

@@ -17,12 +17,15 @@ from datetime import datetime
 import dotenv
 import re
 import tools
+import urllib.parse
 
 dotenv.load_dotenv()
 
 app = Flask(__name__)
 
 
+BLOCKED_PATHS = ["https.js"]
+
 def find(name, path):
     for root, dirs, files in os.walk(path):
         if name in files:
@@ -78,6 +81,39 @@ def wellknown(path):
 def index():
     return render_template("index.html")
 
+@app.route("/proxy/<path:url>")
+def proxy(url: str):
+    # Decode the URL
+    url = urllib.parse.unquote(url)
+    # Get last path segment
+    path = url.split("/")[-1]
+    if path in BLOCKED_PATHS:
+        return render_template("404.html"), 403
+
+
+
+    content: requests.Response = tools.proxy(url)
+    if not content.status_code < 500:
+        print(content.text)
+        return render_template("500.html"), 500   
+    
+    # Get the content type
+    contentType = content.headers.get("Content-Type")
+    if "text/html" in contentType:
+        response = make_response(tools.cleanProxyContent(content.text,url,request.host_url))
+        response.headers["Content-Type"] = contentType
+        return response, content.status_code
+    
+    # Clean JS
+    if "text/javascript" in contentType or 'application/javascript' in contentType:
+        response = make_response(tools.proxyCleanJS(content.text,url,request.host_url))
+        response.headers["Content-Type"] = contentType
+        return response, content.status_code
+
+    response = make_response(content.content)
+    response.headers["Content-Type"] = contentType
+    return response, content.status_code
+
 
 @app.route("/<path:path>")
 def catch_all(path: str):
@@ -106,12 +142,19 @@ def catch_all(path: str):
 #region API routes
 @app.route("/api/v1/ssl/<domain>")
 def api_ssl(domain: str):
-    regexmatch = re.match(r"^([a-z0-9]+(-[a-z0-9]+)*\.)*([a-z0-9]+(-[a-z0-9]+)*)$", domain)
+    regexmatch = re.match(r"^([a-z0-9]+(-[a-z0-9]+)*\.)*([a-z0-9]+([-a-z0-9])*)$", domain)
     if not regexmatch:
         return api_error("Please provide a valid domain to check")
     result = tools.check_ssl(domain)
     return jsonify(result)
     
+@app.route("/api/v1/curl/<path:url>")
+def api_curl(url: str):
+    # Decode the URL
+    url = urllib.parse.unquote(url)
+
+    result = tools.curl(url)
+    return jsonify(result)
 
 # endregion
 

templates/500.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Nathan.Woodburn/</title>
+    <link rel="icon" href="/assets/img/favicon.png" type="image/png">
+    <link rel="stylesheet" href="/assets/css/404.css">
+</head>
+
+<body>
+    <div class="spacer"></div>
+    <div class="centre">
+        <h1>500 | Internal Server Error</h1>
+        <p>Sorry, we can't seem to display this page. Maybe try again or your request might not be valid</p>
+        <p><a href="/">Go back to the homepage</a></p>
+    </div>
+</body>
+
+</html>

templates/assets/js/curl.js

@@ -0,0 +1,242 @@
+document.addEventListener('DOMContentLoaded', function () {
+    // Get references to elements
+    const curlButton = document.getElementById('curl');
+    const curlUrlInput = document.getElementById('curl-url');
+    const resultsContainer = document.getElementById('curl-results');
+
+    // Add click event listener to the button
+    curlButton.addEventListener('click', function () {
+        // Get the URL from the input
+        const url = curlUrlInput.value.trim();
+
+        // Validate URL
+        if (!url) {
+            showMessage('Please enter a URL', 'error');
+            return;
+        }
+
+        // Update the url 
+        var params;
+        if (window.location.search){
+            params = new URLSearchParams(window.location.search);
+            params.set('url', url);
+        }
+        else {
+            params = new URLSearchParams();
+            params.append('url', url);
+        }
+        history.pushState(null, null, `?${params.toString()}`);
+
+        // Show loading state
+        curlButton.disabled = true;
+        curlButton.innerHTML = '<span class="spinner-border spinner-border-sm me-2" role="status" aria-hidden="true"></span>Loading...';
+
+        // Clear previous results
+        resultsContainer.innerHTML = '';
+        showMessage('Fetching content...', 'info');
+
+        // Make the request
+        handleCurlRequest(url);
+    });
+    // Add enter key listener to input
+    curlUrlInput.addEventListener('keyup', function (event) {
+        if (event.key === 'Enter') {
+            curlButton.click();
+        }
+    });
+
+    /**
+     * Handle the curl API request
+     * @param {string} url - The URL to curl
+     */
+    function handleCurlRequest(url) {
+        // Encode the URL for the API endpoint
+        const encodedUrl = encodeURIComponent(url);
+        const apiEndpoint = `/api/v1/curl/${encodedUrl}`;
+
+        fetch(apiEndpoint)
+            .then(response => response.json())
+            .then(data => {
+                // Clear loading message
+                resultsContainer.innerHTML = '';
+
+                if (data.success === true) {
+                    // Create a result card with iframe
+                    const resultCard = document.createElement('div');
+                    resultCard.className = 'card shadow border-0 rounded-lg mb-5';
+
+                    resultCard.innerHTML = `
+              <div class="card-header bg-success text-white py-3 d-flex justify-content-between align-items-center">
+                <h3 class="h5 mb-0">Result for ${escapeHtml(url)}</h3>
+                <div>
+                  <button class="btn btn-sm btn-light ms-2" id="new-tab">
+                    <i class="bi bi-code-slash me-1"></i>View in new tab
+                  </button>
+                  <button class="btn btn-sm btn-light ms-2" id="view-source">
+                    <i class="bi bi-code-slash me-1"></i>View Source
+                  </button>
+                </div>
+              </div>
+              <div class="card-body p-0">
+                <iframe id="result-iframe" style="width:100%; height:600px; border:0;"></iframe>
+              </div>
+            `;
+
+                    resultsContainer.appendChild(resultCard);
+
+                    // Get reference to the iframe and buttons
+                    const iframe = document.getElementById('result-iframe');
+                    const viewSourceButton = document.getElementById('view-source');
+                    const newTabButton = document.getElementById('new-tab');
+
+                    const cleanedHtml = removeScripts(data.result);
+
+                    // Create a blob URL from the cleaned HTML content
+                    const blob = new Blob([cleanedHtml], { type: 'text/html' });
+                    const blobUrl = URL.createObjectURL(blob);
+
+                    // Set the iframe src to the blob URL
+                    iframe.src = blobUrl;
+                    
+
+                    // Add event listener to view source button
+                    viewSourceButton.addEventListener('click', function () {
+                        // Show source code in a modal or new window
+                        const sourceWindow = window.open('', '_blank');
+                        sourceWindow.document.write(`
+                <!DOCTYPE html>
+                <html>
+                  <head>
+                    <title>Source for ${escapeHtml(url)}</title>
+                    <style>
+                      body { font-family: monospace; white-space: pre-wrap; padding: 20px; }
+                    </style>
+                  </head>
+                  <body>${escapeHtml(data.result)}</body>
+                </html>
+              `);
+                        sourceWindow.document.close();
+                    });
+
+                    // Add event listener to new tab button
+                    newTabButton.addEventListener('click', function () {
+                        // Get URL from window.location
+                        const proxyurl = `${window.location.protocol}//${window.location.host}/proxy/${url}`;
+
+                        // Open host/proxy/url in new tab                        
+                        window.open(proxyurl, '_blank');
+                    });
+
+                    // Set up cleanup when iframe is no longer needed
+                    window.addEventListener('beforeunload', function () {
+                        URL.revokeObjectURL(blobUrl);
+                    });
+                } else {
+                    // Show error message
+                    showMessage(data.error || 'Failed to get content', 'error');
+                }
+            })
+            .catch(error => {
+                showMessage(`Request failed: ${error.message}`, 'error');
+            })
+            .finally(() => {
+                // Reset button state
+                curlButton.disabled = false;
+                curlButton.innerHTML = '<i class="bi bi-shield-check me-2"></i>HTTP Request';
+            });
+    }
+
+    /**
+ * Remove all script tags and event handlers from HTML content
+ * @param {string} html - The HTML content
+ * @returns {string} - HTML content with scripts removed
+ */
+    function removeScripts(html) {
+        // Create a DOM parser to work with the HTML
+        const parser = new DOMParser();
+        const doc = parser.parseFromString(html, 'text/html');
+
+        // Remove all script elements
+        const scripts = doc.getElementsByTagName('script');
+        while (scripts.length > 0) {
+            scripts[0].parentNode.removeChild(scripts[0]);
+        }
+
+        // Remove inline event handlers from all elements
+        const allElements = doc.getElementsByTagName('*');
+        for (let i = 0; i < allElements.length; i++) {
+            const element = allElements[i];
+            const attrs = element.attributes;
+            const attrsToRemove = [];
+
+            // Collect all event handler attributes (on*)
+            for (let j = 0; j < attrs.length; j++) {
+                if (attrs[j].name.toLowerCase().startsWith('on')) {
+                    attrsToRemove.push(attrs[j].name);
+                }
+            }
+
+            // Remove the collected attributes
+            attrsToRemove.forEach(attr => {
+                element.removeAttribute(attr);
+            });
+        }
+
+        // Return the cleaned HTML
+        return doc.documentElement.outerHTML;
+    }
+    /**
+     * Display a message in the results container
+     * @param {string} message - The message to display
+     * @param {string} type - Message type (error, success, info)
+     */
+    function showMessage(message, type) {
+        // Clear previous content
+        resultsContainer.innerHTML = '';
+
+        // Create alert element
+        const alert = document.createElement('div');
+        alert.className = `alert alert-${getAlertClass(type)} shadow-sm`;
+        alert.innerHTML = message;
+
+        // Add the alert to the results container
+        resultsContainer.appendChild(alert);
+    }
+
+    /**
+     * Get Bootstrap alert class based on message type
+     * @param {string} type - Message type
+     * @returns {string} - Bootstrap alert class
+     */
+    function getAlertClass(type) {
+        switch (type) {
+            case 'error': return 'danger';
+            case 'success': return 'success';
+            case 'info': default: return 'info';
+        }
+    }
+
+    /**
+     * Escape HTML special characters to prevent XSS
+     * @param {string} text - Text to escape
+     * @returns {string} - Escaped text
+     */
+    function escapeHtml(text) {
+        const div = document.createElement('div');
+        div.textContent = text;
+        return div.innerHTML;
+    }
+    // Check if params are present
+    if (window.location.search) {
+        const params = new URLSearchParams(window.location.search);
+        const url = params.get('url');
+        if (url) {
+            // Add url to input
+            curlUrlInput.value = url;
+            // Show loading state
+            curlButton.disabled = true;
+            curlButton.innerHTML = '<span class="spinner-border spinner-border-sm me-2" role="status" aria-hidden="true"></span>Loading...';
+            handleCurlRequest(url);
+        }
+    }
+});

templates/assets/js/ssl.js

@@ -12,17 +12,24 @@ document.getElementById("domain").addEventListener("keyup", function (event) {
 
 function getSSL() {
     // Get the input value
-    const domain = document.getElementById("domain").value;
+    const domain = document.getElementById("domain").value.trim().toLowerCase();
     // Set the domain parameter
-    const params = new URLSearchParams();
+    var params;
-    params.append("domain", domain);
+    if (window.location.search){
+    params = new URLSearchParams(window.location.search);
+    params.set("domain", domain);
+    }
+    else {
+        params = new URLSearchParams();
+        params.append("domain", domain);
+    }    
     // Add the parameters to the URL
     const url = `/?${params.toString()}`;
     // Push the URL to the history
     history.pushState(null, null, url);
 
     // Add a loading spinner
-    document.getElementById("ssl-results").innerHTML = `<div style="text-align: center;">
+    document.getElementById("ssl-results").innerHTML = `<div style="text-align: center; margin-bottom: 3rem;">
     <div class="spinner-border text-primary" role="status">
   <span class="visually-hidden">Loading...</span>
 </div></div>`;
@@ -36,7 +43,7 @@ function getSSL() {
             if (data.success) {
                 // Display the results
                 document.getElementById("ssl-results").innerHTML = `
-    <div class="card shadow-sm p-4" style="max-width: 950px;margin: auto;">
+    <div class="card shadow-sm p-4" style="max-width: 950px;margin: auto; margin-bottom: 3rem;">
         <h2 class="mb-3">SSL Certificate Details</h2>
         <ul class="list-group">
             <li class="list-group-item"><strong>IP Address:</strong> ${data.ip}</li>
@@ -142,7 +149,7 @@ document.querySelector('.dnssec-toggle').addEventListener('click', function() {
             } else {
                 // Display an error message
                 document.getElementById("ssl-results").innerHTML = `<h2>Error</h2>
-                <p>${data.message}</p>`;
+                <p style="margin-bottom: 3rem;">${data.message}</p>`;
             }
         })
         .catch(error => {

templates/index.html

@@ -8,7 +8,8 @@
     <link rel="icon" href="/assets/img/favicon.png" type="image/png">
     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
     <link rel="stylesheet" href="/assets/css/index.css">
-    <script src="/assets/js/index.js" defer></script>
+    <script src="/assets/js/ssl.js" defer></script>
+    <script src="/assets/js/curl.js" defer></script>
 </head>
 
 <body>
@@ -20,7 +21,7 @@
         <div class="border-bottom mt-4 w-50 mx-auto"></div>
       </div>
       
-      <!-- Tool Card -->
+      <!-- SSL check Tool Card -->
       <div class="row justify-content-center">
         <div class="col-md-8">
           <div class="card shadow border-0 rounded-lg mb-5">
@@ -53,6 +54,40 @@
           <div id="ssl-results" class="animate__animated animate__fadeIn"></div>
         </div>
       </div>
+
+      <!-- CURL Tool Card -->
+      <div class="row justify-content-center">
+        <div class="col-md-8">
+          <div class="card shadow border-0 rounded-lg mb-5">
+            <div class="card-header bg-primary text-white py-3">
+              <h2 class="h4 mb-0 text-center">Curl Website</h2>
+            </div>
+            <div class="card-body p-4">
+              <p class="text-muted mb-4 text-center">Do a http request for a domain</p>
+              
+              <div class="input-group mb-3 shadow-sm">
+                <input 
+                  type="text" 
+                  id="curl-url" 
+                  placeholder="Enter url (e.g., https://nathan.woodburn http://firewallet)"
+                  class="form-control form-control-lg" 
+                  aria-label="URL to check"
+                >
+                <button class="btn btn-primary px-4" id="curl">
+                  <i class="bi bi-shield-check me-2"></i>HTTP Request
+                </button>
+              </div>
+              
+              <div class="text-center text-muted small">
+                Enter a complete url including the http or https protocol
+              </div>
+            </div>
+          </div>
+          
+          <!-- Results Container -->
+          <div id="curl-results" class="animate__animated animate__fadeIn"></div>
+        </div>
+      </div>
       
       <!-- Footer -->
       <footer class="text-center mt-5 pt-4 text-muted">

tools.py

@@ -1,4 +1,5 @@
 import random
+from urllib.parse import urlparse
 import dns.resolver
 import subprocess
 import tempfile
@@ -6,20 +7,31 @@ import binascii
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 import datetime
-from dns import resolver, dnssec, name, exception
+from dns import resolver
-import time
+import requests
+import re
+from bs4 import BeautifulSoup
+import requests_doh
+import urllib3
+import socket
+import os
 
 resolver = dns.resolver.Resolver()
-resolver.nameservers = ["194.50.5.28","194.50.5.27","194.50.5.26"]
+resolver.nameservers = os.getenv("DNS_SERVERS", "194.50.5.27").split(",")
-resolver.port = 53
+resolver.port = int(os.getenv("DNS_PORT", "53"))
+DoHsession = requests_doh.DNSOverHTTPSSession("hnsdoh")
+
+# Disable warnings
+urllib3.disable_warnings()
 
 
-def check_ssl(domain: str):    
+def check_ssl(domain: str):
     domain_check = False
     returns = {"success": False,"valid":False}
     try:
         # Query the DNS record
-        response = resolver.resolve(domain, "A")
+        response = resolver.resolve(domain, "A",lifetime=10)
+        
         records = []
         for record in response:
             records.append(str(record))
@@ -136,7 +148,7 @@ def check_ssl(domain: str):
 
         try:
             # Check for TLSA record
-            response = resolver.resolve("_443._tcp."+domain, "TLSA")
+            response = resolver.resolve("_443._tcp."+domain, "TLSA",lifetime=10)
             tlsa_records = []
             for record in response:
                 tlsa_records.append(str(record))
@@ -156,6 +168,9 @@ def check_ssl(domain: str):
         return returns
             
     # Catch all exceptions
+    except dns.exception.Timeout:
+        returns["message"] = f"DNS resolution timed out for {domain}. Please check your internet connection or try again later."
+        return returns
     except Exception as e:
         returns["message"] = f"An error occurred: {e}"
         return returns
@@ -163,11 +178,130 @@ def check_ssl(domain: str):
 
 def validate_dnssec(domain):
     # Pick a random resolver
-    resolverIP = random.choice(resolver.nameservers)
+    resolverIP = resolver.nameservers[0]
+    resolverPort = resolver.port
     # delv @194.50.5.28 -a hsd-ksk nathan.woodburn A +rtrace +vtrace
-    command = f"delv @{resolverIP} -a hsd-ksk {domain} A +rtrace +vtrace"
+    command = f"delv @{resolverIP} -p {resolverPort} -a hsd-ksk {domain} A +rtrace +vtrace"
     result = subprocess.run(command, shell=True, capture_output=True, text=True)
-    if "; fully validated" in result.stdout:
+    if "; fully validated" in result.stdout or "; negative response, fully validated" in result.stdout:
         return {"valid": True, "message": "DNSSEC is valid", "output": result.stderr + result.stdout}
     else:
-        return {"valid": False, "message": "DNSSEC is not valid", "output": result.stderr + result.stdout}
+        return {"valid": False, "message": "DNSSEC is not valid", "output": result.stderr + result.stdout}
+    
+
+
+def curl(url: str):
+    if not url.startswith("http"):
+        url = "http://" + url
+    try:
+        # curl --doh-url https://hnsdoh.com/dns-query {url} --insecure
+        command = f"curl --doh-url https://hnsdoh.com/dns-query {url} --insecure --silent -A 'Woodburn'"
+        response = subprocess.run(command, shell=True, capture_output=True, text=True, timeout=10)
+        if response.returncode != 0:
+            return {"success": False, "error": response.stderr}
+        else:
+            return {"success": True, "result": response.stdout}
+
+    except Exception as e:
+        return {"success": False, "error": "An error occurred", "message": str(e)}
+
+
+class ProxyError(Exception):
+    def __init__(self, message):
+        self.message = message
+        self.text = message
+        self.ok = False
+        self.status_code = 500
+        super().__init__(self.message)
+
+
+def proxy(url: str) -> requests.Response:
+    try:
+        r = DoHsession.get(url,verify=False,timeout=30)
+        return r
+    except Exception as e:
+        return ProxyError(str(e))
+
+def cleanProxyContent(htmlContent: str,url:str, proxyHost: str):
+    # Set proxy host to https if not 127.0.0.1 or localhost
+    if ":5000" not in proxyHost:
+        proxyHost = proxyHost.replace("http","https")
+
+    # Find all instances of the url in the html
+    hostUrl = f"{urlparse(url).scheme}://{urlparse(url).netloc}"
+    proxyUrl = f"{proxyHost}proxy/{hostUrl}"
+    # htmlContent = htmlContent.replace(hostUrl,proxyUrl)
+
+    # parse html
+    soup = BeautifulSoup(htmlContent, 'html.parser')
+    # find all resources
+
+
+    for linkType in ['link','img','script', 'a']:
+        links = soup.find_all(linkType)
+        for link in links:
+            for attrib in ['src','href']:
+                if link.has_attr(attrib):
+                    if str(link[attrib]).startswith('/'):
+                        link.attrs[attrib] = proxyUrl + link[attrib]
+                        continue
+                    if str(link[attrib]).startswith('http'):
+                        link.attrs[attrib] = str(link[attrib]).replace(hostUrl,proxyUrl)
+                        continue
+                    ignored = False
+                    for ignore in ["data:", "mailto:", "tel:", "javascript:", "blob:"]:
+                        if str(link[attrib]).startswith(ignore):
+                            ignored = True
+                            break
+                    if not ignored:
+                        if link[attrib].startswith("/"):
+                            link.attrs[attrib] = f"{proxyUrl}{link[attrib]}"
+                        else:
+                            link.attrs[attrib] = f"{proxyUrl}/{urlparse(url).path}{link[attrib]}"
+    
+    scripts = soup.find_all('script')
+    for script in scripts:
+        if script.has_attr("text"):
+            script.attrs["text"] = proxyCleanJS(script.text,url,proxyHost)
+            continue
+        if not script.has_attr("contents"):
+            continue
+        if len(script.contents) > 0:
+            newScript = soup.new_tag("script")
+            for content in script.contents:
+                newScript.append(proxyCleanJS(content,url,proxyHost))
+            script.replace_with(newScript)
+    
+    return soup.prettify()
+
+def proxyCleanJS(jsContent: str, url: str, proxyHost: str):
+    # Set proxy host to https if not 127.0.0.1 or localhost
+    if ":5000" not in proxyHost:
+        proxyHost = proxyHost.replace("http","https")
+    
+    hostUrl = f"{urlparse(url).scheme}://{urlparse(url).netloc}"
+    proxyUrl = f"{proxyHost}proxy/{hostUrl}"
+    
+    if "dprofile" in url:
+        jsContent = jsContent.replace("window.location.hostname", f"\"{urlparse(url).netloc}\"")
+        jsContent = jsContent.replace("src=\"img", f"src=\"{proxyUrl}/img")
+
+        return jsContent
+
+
+    # Replace all instances of the url with the proxy url
+    hostUrl = f"{urlparse(url).scheme}://{urlparse(url).netloc}"
+    proxyUrl = f"{proxyHost}proxy/{hostUrl}"
+
+    jsContent = jsContent.replace(hostUrl,proxyUrl)
+    # Common ways to get current url
+    for locator in ["window.location.href","window.location","location.href","location"]:
+        jsContent = jsContent.replace(locator,proxyUrl)
+
+
+    return jsContent
+    
+
+
+# if __name__ == "__main__":
+#     print(curl("https://dso.dprofile"))