PIRATEBOX

Security and blocking file types

Posted by Mimzy 
This forum is currently read only. You can not log in or make any changes. This is a temporary situation.
Now, this forum is in read-only mode. You find details Details hereContinue on /r/PirateBox
Forum List Message List New Topic
Mimzy
Security and blocking file types
July 31, 2015 03:14AM
Firstly I want to say how great pirate box is
I installed it on a z18 mini 2.5 inch android phone I got from banggood
It came pre-rooted and it runs well and the battery lasts well when ripening pirate box.

My partner is having a field day, saying that she think it's a big security risk allowing anyone to anonymously connect to a pirate box and share files.

How much of a security risk is it? Also can I block certain file types from being uploaded like images?

I Am running android 4.2.2

The signal is pretty strong on this thing and it fits the palm of my hand, it think it could be the smallest phone pirate box has run on

If tried piratebox on my Samsung a5 but it won't work so I am please it works on this mini phone



Edited 1 time(s). Last edit at 07/31/2015 03:18AM by Mimzy.
Reply Quote
joschi70
Re: Security and blocking file types
August 28, 2015 04:03PM
Hi Mimzy,

sorry for the late reply.

The main goal of a PirateBox is to share files, which of course might have a security impact when viruses or other malicious stuff is uploaded.

It might also be advisable not to run PirateBox on a device you use daily but on an older device without sensitive data.

By default the PirateBox accepts all file extensions.
There is currently no settings to restrict file uploads, but you can change the coding inside the file html/fup.xhtml. This file is not only used by the manual upload via the web frontend but also by the Droopy emulation.

Inside the fup.xhtml file you could change the line: 

Language: Java
files = UploadUtil.processUpload(new File(outDir), request, false);

into: 

Language: Java
files = UploadUtil.processUpload(new File(outDir), request, false, new String[] {"png", "jpg"});


The file upload should now only accept files with png and jpg extension.

Haven't tries this myself, but this should be working.

Bye
Jochen
Reply Quote
Neiyera
Re: Security and blocking file types
January 29, 2016 06:05AM
Is there anyway to prevent certain users from uploading? Say one person uploads a virus trying to trick others into downloading it or illegal material. Is there a way to add a block user MAC address area?
Reply Quote
joschi70
Re: Security and blocking file types
January 30, 2016 10:24PM
Hi Neiyera,

something like this should work (haven't tried): 

Language: Java
# Allowed MAC addresses
allowedMacs = "58:94:6b:7c:2x:16 58:94:6b:7c:2x:15";
 
# Read lines from /proc/net/arp
remoteIp = request.socket.getInetAddress().getHostAddress();
br = new BufferedReader(new InputStreamReader(new FileInputStream("/proc/net/arp")));​​​​​​​
 
mac = null;
while((line = br.readLine()) != null) {
 vals = line.split("\\s+");
  if(vals[0].equals(remoteIp)) {
   mac = vals[3];
   break;    
  }    
}
 
# If MAC was found and matches allowed MAC address, upload the file
if(mac != null && allowedMacs.contains(mac)) {     ​
 files = UploadUtil.processUpload(new File(outDir), request, false);
}
Reply Quote
Newer Topic Older Topic