typos & new examples
This commit is contained in:
cr0hn
@@ -1,6 +1,3 @@
|
|||||||
Examples
|
|
||||||
========
|
|
||||||
|
|
||||||
Using a .pow file
|
Using a .pow file
|
||||||
+++++++++++++++++
|
+++++++++++++++++
|
||||||
|
|
||||||
@@ -18,6 +15,7 @@ With the example.pow:
|
|||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
:linenos:
|
:linenos:
|
||||||
|
|
||||||
|
$ cat example.pow
|
||||||
#
|
#
|
||||||
# This is a simple example of a .pow file
|
# This is a simple example of a .pow file
|
||||||
#
|
#
|
||||||
@@ -25,7 +23,7 @@ With the example.pow:
|
|||||||
|
|
||||||
# We add 2 Kapow! routes
|
# We add 2 Kapow! routes
|
||||||
kapow route add '/my/route' -c 'echo "hello world" | kapow set /response/body'
|
kapow route add '/my/route' -c 'echo "hello world" | kapow set /response/body'
|
||||||
kapow route add -X POST /echo -c 'kapow get /request/body | kapow set /response/body'
|
kapow route add -X POST /echo -c '"$(kapow get /request/body)" | kapow set /response/body'
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
@@ -41,12 +39,12 @@ You can load more than one .pow file at time. This can help you have your .pow f
|
|||||||
|
|
||||||
$ ls pow-files/
|
$ ls pow-files/
|
||||||
example-1.pow example-2.pow
|
example-1.pow example-2.pow
|
||||||
$ kapow server <(cat *.pow)
|
$ kapow server <(cat pow-files/*.pow)
|
||||||
|
|
||||||
Add a new route
|
Add a new route
|
||||||
+++++++++++++++
|
+++++++++++++++
|
||||||
|
|
||||||
.. note::
|
.. warning::
|
||||||
|
|
||||||
Be aware when you defined more than routes in same path, only first routed added will be resolved.
|
Be aware when you defined more than routes in same path, only first routed added will be resolved.
|
||||||
|
|
||||||
@@ -81,7 +79,7 @@ Defining route:
|
|||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
:linenos:
|
:linenos:
|
||||||
|
|
||||||
$ kapow route add -X POST /echo -c 'kapow get /request/body | kapow set /response/body'
|
$ kapow route add -X POST /echo -c '"$(kapow get /request/body)" | kapow set /response/body'
|
||||||
|
|
||||||
Calling route:
|
Calling route:
|
||||||
|
|
||||||
@@ -98,7 +96,7 @@ Defining route:
|
|||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
:linenos:
|
:linenos:
|
||||||
|
|
||||||
$ kapow route add '/echo/{message}' -c 'kapow get /request/matches/message | kapow set /response/body'
|
$ kapow route add '/echo/{message}' -c '"$(kapow get /request/matches/message)" | kapow set /response/body'
|
||||||
|
|
||||||
Calling route:
|
Calling route:
|
||||||
|
|
||||||
@@ -114,13 +112,15 @@ Listing routes
|
|||||||
|
|
||||||
You can list active route in kapow! server.
|
You can list active route in kapow! server.
|
||||||
|
|
||||||
|
.. _examples_listing_routes:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
:linenos:
|
:linenos:
|
||||||
|
|
||||||
$ kapow route list
|
$ kapow route list
|
||||||
[{"id":"20c98328-0b82-11ea-90a8-784f434dfbe2","method":"GET","url_pattern":"/echo/{message}","entrypoint":"/bin/sh -c","command":"kapow get /request/matches/message | kapow set /response/body","index":0}]
|
[{"id":"20c98328-0b82-11ea-90a8-784f434dfbe2","method":"GET","url_pattern":"/echo/{message}","entrypoint":"/bin/sh -c","command":"echo \"$(kapow get /request/matches/message)\" | kapow set /response/body","index":0}]
|
||||||
|
|
||||||
Or, for pretty output, you can use samp:`jq`:
|
Or, for pretty output, you can use :samp:`jq`:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
:linenos:
|
:linenos:
|
||||||
@@ -132,7 +132,7 @@ Or, for pretty output, you can use samp:`jq`:
|
|||||||
"method": "GET",
|
"method": "GET",
|
||||||
"url_pattern": "/echo/{message}",
|
"url_pattern": "/echo/{message}",
|
||||||
"entrypoint": "/bin/sh -c",
|
"entrypoint": "/bin/sh -c",
|
||||||
"command": "kapow get /request/matches/message | kapow set /response/body",
|
"command": "\"$(kapow get /request/matches/message)\" | kapow set /response/body",
|
||||||
"index": 0
|
"index": 0
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
@@ -146,7 +146,7 @@ Or, for pretty output, you can use samp:`jq`:
|
|||||||
Deleting routes
|
Deleting routes
|
||||||
+++++++++++++++
|
+++++++++++++++
|
||||||
|
|
||||||
If we want to delete a route you need their ID. Using de above example, you can delete the route by typing:
|
If we want to delete a route you need their ID. Using de :ref:`listing routes example <examples_listing_routes>`, you can delete the route by typing:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
:linenos:
|
:linenos:
|
||||||
@@ -161,16 +161,17 @@ Some time you need to write more complex actions. So you can write multiline com
|
|||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
:linenos:
|
:linenos:
|
||||||
|
|
||||||
|
$ cat multiline.pow
|
||||||
kapow route add /log_and_stuff - <<-'EOF'
|
kapow route add /log_and_stuff - <<-'EOF'
|
||||||
echo this is a quite long sentence and other stuff | tee log.txt | kapow set /response/body
|
echo this is a quite long sentence and other stuff | tee log.txt | kapow set /response/body
|
||||||
cat log.txt | kapow set /response/body
|
cat log.txt | kapow set /response/body
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
.. note::
|
.. warning::
|
||||||
|
|
||||||
Be aware with the **"-"** at the end of Kapow! command. It allows to read commands from the samp:`stdin`.
|
Be aware with the **"-"** at the end of Kapow! command. It allows to read commands from the :samp:`stdin`.
|
||||||
|
|
||||||
.. note::
|
.. warning::
|
||||||
|
|
||||||
Multiline depends of the shell you're using (Bash by default). If you want to learn more of multiline see: `Here Doc <https://en.wikipedia.org/wiki/Here_document>`_
|
Multiline depends of the shell you're using (Bash by default). If you want to learn more of multiline see: `Here Doc <https://en.wikipedia.org/wiki/Here_document>`_
|
||||||
|
|
||||||
@@ -194,7 +195,7 @@ In this example we'll adding the security header "nosniff" in a sniff.pow:
|
|||||||
|
|
||||||
$ kapow server nosniff.pow
|
$ kapow server nosniff.pow
|
||||||
|
|
||||||
Test with curl:
|
Testing with curl:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
:emphasize-lines: 11
|
:emphasize-lines: 11
|
||||||
@@ -232,7 +233,7 @@ In this example our Kapow! service will receive a JSON value with an incorrect d
|
|||||||
$ cat fix_date.pow
|
$ cat fix_date.pow
|
||||||
kapow route add -X POST '/fix-date' - <<-'EOF'
|
kapow route add -X POST '/fix-date' - <<-'EOF'
|
||||||
kapow set /response/headers/Content-Type "application/json"
|
kapow set /response/headers/Content-Type "application/json"
|
||||||
kapow get /request/body | jq --arg newdate $(date +"%Y-%m-%d_%H-%M-%S") '.incorrectDate=$newdate' | kapow set /response/body
|
echo "$(kapow get /request/body)" | jq --arg newdate $(date +"%Y-%m-%d_%H-%M-%S") '.incorrectDate=$newdate' | kapow set /response/body
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
Call service with curl:
|
Call service with curl:
|
||||||
@@ -241,6 +242,9 @@ Call service with curl:
|
|||||||
:linenos:
|
:linenos:
|
||||||
|
|
||||||
$ curl -X POST http://localhost:8080/fix-date -H "Content-Type: application/json" -d '{"incorrectDate": "no way"}'
|
$ curl -X POST http://localhost:8080/fix-date -H "Content-Type: application/json" -d '{"incorrectDate": "no way"}'
|
||||||
|
{
|
||||||
|
"incorrectDate": "2019-11-22_10-42-06"
|
||||||
|
}
|
||||||
|
|
||||||
Upload files
|
Upload files
|
||||||
++++++++++++
|
++++++++++++
|
||||||
@@ -252,7 +256,7 @@ Upload a file using Kapow! is very simple:
|
|||||||
|
|
||||||
$ cat upload.pow
|
$ cat upload.pow
|
||||||
kapow route add -X POST '/upload-file' - <<-'EOF'
|
kapow route add -X POST '/upload-file' - <<-'EOF'
|
||||||
kapow get /request/files/data/content | kapow set /response/body
|
echo "$(kapow get /request/files/data/content) | kapow set /response/body
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
@@ -277,7 +281,7 @@ In this example, an attacker can execute arbitrary command.
|
|||||||
|
|
||||||
$ cat command-injection.pow
|
$ cat command-injection.pow
|
||||||
kapow route add '/vulnerable/{value}' - <<-'EOF'
|
kapow route add '/vulnerable/{value}' - <<-'EOF'
|
||||||
ls $(kapow get /request/matches/value) | kapow set /response/body
|
ls "$(kapow get /request/matches/value)" | kapow set /response/body
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
Exploding using curl:
|
Exploding using curl:
|
||||||
@@ -320,7 +324,7 @@ You can specify custom status code for HTTP response:
|
|||||||
Testing with curl:
|
Testing with curl:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
:emphasize-lines: 8
|
:emphasize-lines: 10
|
||||||
:linenos:
|
:linenos:
|
||||||
|
|
||||||
$ curl -v http://localhost:8080/error
|
$ curl -v http://localhost:8080/error
|
||||||
@@ -377,15 +381,15 @@ In this example we'll redirect our users to Google:
|
|||||||
How to execute two processes parallel
|
How to execute two processes parallel
|
||||||
+++++++++++++++++++++++++++++++++++++
|
+++++++++++++++++++++++++++++++++++++
|
||||||
|
|
||||||
We want to samp:`ping` two machines parallel. Kapow! get IPs from query params:
|
We want to :samp:`ping` two machines parallel. Kapow! get IPs from query params:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
:linenos:
|
:linenos:
|
||||||
|
|
||||||
$ cat parallel.pow
|
$ cat parallel.pow
|
||||||
kapow route add /parallel/{ip1}/{ip2} - <<-'EOF'
|
kapow route add /parallel/{ip1}/{ip2} - <<-'EOF'
|
||||||
ping -c 1 $(kapow get /request/matches/ip1) | kapow set /response/body &
|
ping -c 1 "$(kapow get /request/matches/ip1)" | kapow set /response/body &
|
||||||
ping -c 1 $(kapow get /request/matches/ip2) | kapow set /response/body &
|
ping -c 1 "$(kapow get /request/matches/ip2)" | kapow set /response/body &
|
||||||
wait
|
wait
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
@@ -399,3 +403,49 @@ Calling with curl:
|
|||||||
Manage cookies
|
Manage cookies
|
||||||
++++++++++++++
|
++++++++++++++
|
||||||
|
|
||||||
|
Sometimes you need track down some user state. Kapow! allows you manage Request/Response Cookies.
|
||||||
|
|
||||||
|
Next example we'll set a cookie:
|
||||||
|
|
||||||
|
.. code-block:: console
|
||||||
|
:linenos:
|
||||||
|
|
||||||
|
$ cat cookie.pow
|
||||||
|
kapow route add /setcookie - <<-'EOF'
|
||||||
|
CURRENT_STATUS="$(kapow get /request/cookies/kapow-status)"
|
||||||
|
|
||||||
|
if [ -z "$CURRENT_SATUS" ]; then
|
||||||
|
kapow set /response/cookies/Kapow-Status "Kapow Cookie Set"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Ok" | kapow set /response/body
|
||||||
|
EOF
|
||||||
|
|
||||||
|
Calling with curl:
|
||||||
|
|
||||||
|
.. code-block:: console
|
||||||
|
:linenos:
|
||||||
|
:emphasize-lines: 11
|
||||||
|
|
||||||
|
$ curl -v http://localhost:8080/set-cookie
|
||||||
|
* Trying ::1...
|
||||||
|
* TCP_NODELAY set
|
||||||
|
* Connected to localhost (::1) port 8080 (#0)
|
||||||
|
> GET /setcookie HTTP/1.1
|
||||||
|
> Host: localhost:8080
|
||||||
|
> User-Agent: curl/7.54.0
|
||||||
|
> Accept: */*
|
||||||
|
>
|
||||||
|
< HTTP/1.1 200 OK
|
||||||
|
< Set-Cookie: Kapow-Status="Kapow Cookie Set"
|
||||||
|
< Date: Fri, 22 Nov 2019 10:44:42 GMT
|
||||||
|
< Content-Length: 3
|
||||||
|
< Content-Type: text/plain; charset=utf-8
|
||||||
|
<
|
||||||
|
Ok
|
||||||
|
* Connection #0 to host localhost left intact
|
||||||
|
|
||||||
|
TODO:
|
||||||
|
+ QUITAR LOS COMMAND IJECTIONS
|
||||||
|
+ corregir los :samp:
|
||||||
|
- negritas
|
||||||
|
|||||||
Reference in New Issue
Block a user