stackp / droopy Goto Github PK
View Code? Open in Web Editor NEWMini Web server that let others upload files to your computer
Home Page: stackp.online.fr/droopy
Mini Web server that let others upload files to your computer
Home Page: stackp.online.fr/droopy
great web server and so easy to set up. Sometimes the files I receive will not open and have a permission error, have you come across this before?
I'm trying to integrate Droopy in some of my code but it's hard to use because there is no way to stop the server reliably. I've implemented something that starts Droopy in a new thread and even stops it but I can't then start it up again. I had to override the serve_forever
function with some code like this
A simple, externally available start and stop routine would be nice.
Dear Pierre,
wonderful Tool! Thank you very much for sharing Droopy!
Unluckily I do knot know Python yet and therefore I send you this feature suggestion:
When enabling SSL it would be cool if a non-SSL request would send a redirect to the https page.
Cheers, marc
I observed a get request that I don't understand and may be a security vulnerability: 45.148.10.241 - - [18/Jan/2022 12:39:39] "GET http://example.com/ HTTP/1.1" 200 -
. I am running Debian Buster with default Python 2.7.16.
When droopy is started using unicode characters in directory path or message, it fails. The server stays up, but in terminal I get error, "UnicodeDecodeError: 'ascii' codec can't decode byte 0xce in position 18: ordinal not in range(128)". (Position differs of course). On the browser "Unable to connect" message, telnet localhost 8888 connects.
I've tested it on Debian Buster Linux.
Both of them fail (using greek characters in the example):
droopy -d /home/user -m "Το μήνυμα - unicode" 8888
droopy -d /home/κάποιοςUnicode -m "message" 8888
The cgi
module has been deprecated and will be removed as of Python 3.13. Debian Bookworm currently runs Python 3.11 but I imagine that unless fixed, droopy will not work with Debian Trixie. Unfortunately, the fix does not look trivial: https://peps.python.org/pep-0594/#cgi
Your server is working very effectively.
How can I add the following
Once anyone uploaded the file, browser should close automatically or redirect to another page which not have upload option.
Hi! Thank you very much for this great project. Could you please add an option to prevent the download of files? Even without --publish-files
aka --dl
it is still possible to download files if you know their names.
For a 1M size file, it takes about many seconds(about 20 seconds) to upload. A larger file is also much longer, so my question is: is it possible to make it a bit faster? Thanks.
BTW: I'm using it under a 100M speed intranet.
Hey there,
when I try to start the encrypted version of Droopy with my letsencrypt cert.pem (I even tried generating a new selfsigned cert for testing purposes), I get the following error:
Traceback (most recent call last):
File "droopy", line 1114, in
main()
File "droopy", line 1109, in main
localisations=default_localisations)
File "droopy", line 462, in run
server_side=True)
File "/usr/lib/python3.5/ssl.py", line 1077, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python3.5/ssl.py", line 699, in init
self._context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [SSL] PEM lib (_ssl.c:2957)
Can you help me, what am I doing wrong?
Thx
I just wanted to tell you that I love you. :)
Thanks for this tool.
For some reasons, I only want user to upload files, but they can not download files, are there start up option to do this? Thanks.
I can try to do this. Any suggestion ?
👋 Hello, @stackp - a potential medium severity Cross-Site Request Forgery (CSRF) vulnerability in your repository has been disclosed to us.
1️⃣ Visit https://huntr.dev/bounties/1-other-stackp/Droopy for more advisory information.
2️⃣ Sign-up to validate or speak to the researcher for more assistance.
3️⃣ Propose a patch or outsource it to our community - whoever fixes it gets paid.
Join us on our Discord and a member of our team will be happy to help! 🤗
Speak to a member of our team: @JamieSlome
This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.
I am attempting to use happy to implement a POST command using multipart/formdata using happyhttp (e.g., https://github.com/Zintinio/HappyHTTP) to upload files to droopy directly from a c++ application.
The issue is that the server will accept the POST command and create the file as requested, but it when trying to get the return page data. This is likely an interaction between some low-level implementation in droopy and in happyhttp, but a suitably-modified test case works for other servers, such as http://posttestserver.com/upload.php. Furthermore, the test code I have will work when pointed to a straight html page--it successfully downloads the page data.
The underlying situation is that happy tries to download the data, and although it knows there is outstanding data to process, it checks whether there is data waiting on the open socket and finds there is none. I don't really know what that means on the droopy side, but when I ctrl-c out of the program, droopy throws this error--this may not really be meaningful.
127.0.0.1 - - [02/Jun/2017 08:57:52] "POST / HTTP/1.1" 200 -
127.0.0.1 - - [02/Jun/2017 08:57:52] [Errno 32] Broken pipe
----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 50762)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 596, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 331, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.7/SocketServer.py", line 654, in __init__
self.finish()
File "/usr/lib/python2.7/SocketServer.py", line 713, in finish
self.wfile.close()
File "/usr/lib/python2.7/socket.py", line 283, in close
self.flush()
File "/usr/lib/python2.7/socket.py", line 307, in flush
self._sock.sendall(view[write_offset:write_offset+buffer_size])
error: [Errno 32] Broken pipe
----------------------------------------
A happyhttp test case can be put into Test.cpp is as follows. Just add this after Test3.cpp, which can be compiled via g++ test.cpp happyhttp.cpp -o testpost
then, test with droopy running on localhost:8000
//This posts to local droopy server running on 8000
void Test4()
{
puts("-----------------Test4------------------------" );
// POST example using lower-level interface
const char* params = "--||||\nContent-Disposition: form-data; name=\"upfile\"; filename=\"testfile.txt\" \nContent-Type: application/octet-stream \n\nfile contents1\nfile contents2\nfile contents3\nfile contents4\nfile contents5\nfile contents6\nfile contents7\nfile contents8\nfile contents9\nfile contents10\n--||||--";
int l = strlen(params);
happyhttp::Connection conn( "localhost", 8000 );
conn.setcallbacks( OnBegin, OnData, OnComplete, 0 );
conn.putrequest( "POST", "/" );
conn.putheader( "Connection", "close" );
conn.putheader( "Content-Length", l );
conn.putheader( "Content-Type", "multipart/form-data; boundary=||||" );
conn.putheader( "Accept", "text/plain" );
conn.endheaders();
conn.send( (const unsigned char*)params, l );
while( conn.outstanding() )
{
conn.pump();
}
}
and later:
try
{
//Test1();
//Test2();
//Test3();
Test4();
}
The problem seems to be that outstanding() returns true, but when pump() is called, it returns on the datawaiting check:
if( !datawaiting( m_Sock ) )
return; // recv will block
I can't be sure whether happy or droopy are to blame; this works when pointed to posttestserver.com/upload.php, retrieving the custom response code; but fails on droopy. On the other hand, droopy works fine when used via a browser.
For some reason i can't get droopy to redirect to the file list page after uploading a file. It just takes me to the "upload another file" file page.
Kinda hard to share files when the users can't access the files that are on the server.
I ran the same droopy.py
with Python 2 then Python 3.
--auth
works as expected with Python 2.
With Python 3.6.4 on Win 7 -64bit, I get this error:
>python droopy.py --auth test:test
Exception happened during processing of request from ('127.0.0.1', 53806)
Traceback (most recent call last):
File "C:\Users\user\AppData\Local\Programs\Python\Python36-32\lib\socketserver.py", line 639, in process_request_thread
self.finish_request(request, client_address)
File "C:\Users\user\AppData\Local\Programs\Python\Python36-32\lib\socketserver.py", line 361, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "C:\Users\user\AppData\Local\Programs\Python\Python36-32\lib\socketserver.py", line 696, in __init__
self.handle()
File "droopy.py", line 352, in handle
httpserver.BaseHTTPRequestHandler.handle(self)
File "C:\Users\user\AppData\Local\Programs\Python\Python36-32\lib\http\server.py", line 418, in handle
self.handle_one_request()
File "C:\Users\user\AppData\Local\Programs\Python\Python36-32\lib\http\server.py", line 406, in handle_one_request
method()
File "droopy.py", line 77, in decorated
expected = 'Basic ' + base64.b64encode(self.auth)
File "C:\Users\user\AppData\Local\Programs\Python\Python36-32\lib\base64.py", line 58, in b64encode
encoded = binascii.b2a_base64(s, newline=False)
TypeError: a bytes-like object is required, not 'str'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.