signed-xmlrpc

Release 0.0.1

xml rpc library for sending signed data

Homepage PyPI Python

License
GPL-3.0
Install
pip install signed-xmlrpc==0.0.1

Documentation

signed_xmlrpc - Send signed XML RPC Requests

Github version PyPI version Supported Python versions PyPI downloads GitHub

signed_xmlrpc is a python library send signed xml rpc requests.

This library can be used in cyber defense exercises when communication with a compromised server and using credentials like usernames and passwords is not possible, because an attacker can use those to compromise more services and servers.

⚠️ do not use this library in proiduction environments!

Installation

pip install signed_xmlrpc

Create Key Pair

At this time, the ecdsa library (https://pypi.org/project/ecdsa/) is used to handle signature verification.

from ecdsa import SigningKey
sk = SigningKey.generate()

# private_key
print(base64.b64encode(sk.to_string()))

# public_key
print(base64.b64encode(sk.verifying_key.to_string()))

Example Server

import base64

from ecdsa import VerifyingKey
from signed_xmlrpc.server import SignedXMLRPCServer, SignedRequestHandler

public_key = b'qNXpRhGrdva935NR1MwNkN/aBKSABGp6uMRAoSprFo8Fj4mT6aWw/PRl3Uhe+vet'

# if the signature is not required, the standard python xmlrpc library can be used as client
SignedRequestHandler.REQUIRE_SIGNATURE = True

SignedXMLRPCServer(
    VerifyingKey.from_string(base64.b64decode(public_key)),
    ('0.0.0.0', 8081)
).serve_forever()

Example Client

import base64
from ecdsa import SigningKey
from signed_xmlrpc.client import SigningTransport
import xmlrpc

private_key = b'eTYnHIdD5AIa0CxvJLbq22mI1TztdkeS'

server = xmlrpc.client.ServerProxy(
    'http://127.0.0.1:8081',
    transport=SigningTransport(
        private_key=SigningKey.from_string(
            base64.b64decode(private_key)
        )
    )
)
print(server.ping())

Stats

Dependencies
1
Dependent packages
0
Dependent repositories
0
Total releases
1
Latest release
First release
Stars
0
Forks
2
Watchers
3
Contributors
1
Repository size
32.2 KB
SourceRank
6

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.0.1

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-21 19:35:06 UTC

Login to resync this project