diff --git a/cgi/auth.py b/cgi/auth.py
new file mode 100755
index 0000000..e1812cb
--- /dev/null
+++ b/cgi/auth.py
@@ -0,0 +1,49 @@
+#!/usr/bin/python
+
+import os
+import sys
+import cgi
+import cgitb
+import time
+
+sys.path.insert(1, os.path.join(sys.path[0], '..'))
+
+from constants import *
+
+def cookies(str):
+ return dict(c.split('=') for c in str.split(";"))
+
+def save_token(timestamp, number, token, filename="tokens"):
+ file = open(filename, 'a')
+ file.write("%s\t%s\t%s\n" % (str(timestamp), number, token))
+ file.close()
+
+def main():
+ form = cgi.FieldStorage()
+ number = form.getfirst("number")
+ auth_url = form.getfirst("auth_url")
+ token = form.getfirst("code")
+
+ if auth_url:
+ print "Status: 301 Moved"
+ print "Location: %s" % auth_url
+ print "Content-type: text/html"
+ print "Set-Cookie: number=%s" % number
+ print "\n\n";
+
+ elif token and os.environ.has_key('HTTP_COOKIE'):
+ print "Status: 301 Moved"
+ print "Content-type: text/html"
+ print "Location: http://whatsapp.0l.de"
+ print
+
+ c = cookies(os.environ['HTTP_COOKIE'])
+ save_token(time.time(), c['number'], token, TOKEN_FILE)
+
+ else:
+ print "Content-type: text/html"
+ print "\n"
+ print "something strange happened :("
+
+if __name__ == "__main__":
+ main()
diff --git a/cgi/index.html b/cgi/index.html
new file mode 100644
index 0000000..99a9632
--- /dev/null
+++ b/cgi/index.html
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/cgi/sipgate.py b/cgi/sipgate.py
new file mode 100644
index 0000000..a3ece4b
--- /dev/null
+++ b/cgi/sipgate.py
@@ -0,0 +1,237 @@
+#!/usr/bin/env python
+# -*- encoding: UTF8 -*-
+
+# author: Philipp Klaus, philipp.klaus →AT→ gmail.com
+
+# This file is part of python-sipgate-xmlrpc.
+#
+# python-sipgate-xmlrpc is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# python-sipgate-xmlrpc is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with python-sipgate-xmlrpc. If not, see .
+
+
+#####################################################################
+###### This the most important file of the project: #######
+###### It contains the classe api, which #######
+###### implements the XML-RPC communication with the #######
+###### Sipgate API. #######
+
+#from time import time
+from sys import stderr
+from xmlrpclib import ServerProxy, Fault, ProtocolError, ResponseError
+from exceptions import TypeError
+from socket import error as socket_error
+import re
+
+VERSION = "0.9.2"
+NAME = "%s - python-sipgate-xmlrpc/sipgate.py"
+VENDOR = "https://github.com/pklaus/python-sipgate-xmlrpc"
+
+### ------- Here comes the most important piece of code: the api class with magic methods -----
+
+class api (ServerProxy):
+ def __init__ (self, username=False, password=False, prog_name=False, verbose=False):
+ if not (username and password and prog_name):
+ raise SipgateAPIException('To use the class sipgate.api you must provide, username, password and a program name.')
+ address = SIPGATE_API_URL % {'username':username, 'password':password}
+ ### The super() call would be more modern but it doesn't work with the current Python version yet.
+ #super(api, self).__init__(address, verbose=debug)
+ ServerProxy.__init__(self, address,verbose=verbose)
+ ### It is considered good practice to Identify the client talking to the server:
+ self.ClientIdentify({ "ClientName" : NAME % prog_name, "ClientVersion" : VERSION, "ClientVendor" : VENDOR })
+
+ def __getattr__(self,name):
+ return _Method(self.__request, name)
+
+ def __request (self, methodname, params):
+ if methodname.replace(API_PREFIX,'') not in VALID_METHODS:
+ stderr.write( UNKNOWN_METHOD_MESSAGE % {
+ 'method': methodname.replace(API_PREFIX,''), 'api_prefix': API_PREFIX,
+ 'api_version': SIPGATE_API_DOC_V, 'api_date': SIPGATE_API_DOC_D } )
+ if len(params)>0 and not type(params[0]) is dict:
+ raise TypeError(DICT_AS_PARAM_MESSAGE % methodname.replace(API_PREFIX,''))
+ method_function = ServerProxy.__getattr__(self,methodname)
+ try:
+ result = method_function(params[0] if len(params)>0 and type(params[0]) is dict else dict())
+ # cast the result dictionary to a SipgateResponse (custom dictionary):
+ result = SipgateResponse(result)
+ except Fault, e:
+ raise SipgateAPIFault(e.faultCode, e.faultString)
+ except ProtocolError, e:
+ raise SipgateAPIProtocolError(e.url, e.errcode, e.errmsg, e.headers)
+ except socket_error, (value,message):
+ raise SipgateAPISocketError(value, message)
+ return result
+
+##
+class SipgateResponse(dict):
+ def __init__(self, response_dict):
+ try:
+ self.StatusCode, self.StatusString = int(response_dict['StatusCode']), response_dict['StatusString']
+ self.success = self.StatusCode == 200
+ except:
+ raise TypeError(RESPONSE_NOT_A_DICTIONARY % response_dict)
+ dict.__init__(self, response_dict)
+
+class _Method:
+ # With the help of this class the api class does not
+ # need to state explicitly the possible XML-RPC calls.
+ def __init__(self, send, name):
+ self.__send = send
+ self.__name = API_PREFIX+name
+ def __call__(self, *args):
+ return self.__send(self.__name, args)
+
+### ------ now we define the exceptions that could occur ------
+
+class SipgateAPIException(Exception):
+ pass
+
+class SipgateAPIFault(Fault, SipgateAPIException):
+ # As this inherits from xmlrpclib.Fault it also has the
+ # attributes faultCode and faultString.
+ pass
+
+class SipgateAPIProtocolError(ProtocolError, SipgateAPIException):
+ # As this inherits from xmlrpclib.ProtocolError it also has the
+ # attributes errcode and errmsg.
+ pass
+
+class SipgateAPISocketError(socket_error, SipgateAPIException):
+ # As this inherits from socket.error it also has the
+ # attributes .
+ pass
+
+### ------ This section contains message strings -------
+
+UNKNOWN_METHOD_MESSAGE = "The method '%(method)s' for the API prefix '%(api_prefix)s' " + \
+ "was called. This method, however, is currently not documented for the Sipgate API " + \
+ "v%(api_version)s (%(api_date)s). Let's try but I've warned you.\n"
+DICT_AS_PARAM_MESSAGE = 'Please specify a dictionary as function call parameter for api.%s().'
+RESPONSE_NOT_A_DICTIONARY = 'The response "%s" does not seem to be a response from the ' + \
+ 'Sipgate XML-RPC API.'
+
+### ------ This section contains constants of the Sipgate XML-RPC API -------
+
+# This constant represents the version of the currently implemented Sipgate API
+# ans is taken from the API description PDF:
+SIPGATE_API_DOC_V = '1.06'
+SIPGATE_API_DOC_D = 'August 21, 2007'
+
+# Sipgate basic and plus accounts must use this API URL:
+SIPGATE_API_URL = "https://%(username)s:%(password)s@samurai.sipgate.net/RPC2"
+# Sipgate one and team have a different URL: api.sipgate.net.
+# see
+API_PREFIX = 'samurai.'
+
+VALID_METHODS = [
+ 'AccountStatementGet',
+ 'BalanceGet',
+ 'ClientIdentify',
+ 'HistoryGetByDate',
+ 'ItemizedEntriesGet',
+ 'OwnUriListGet',
+ 'PhonebookEntryGet',
+ 'PhonebookListGet',
+ 'RecommendedIntervalGet',
+ 'ServerdataGet',
+ 'SessionClose',
+ 'SessionInitiate',
+ 'SessionInitiateMulti',
+ 'SessionStatusGet',
+ 'TosListGet',
+ 'TosListGet',
+ 'UmSummaryGet',
+ 'UserdataGreetingGet',
+ 'UserdataSipGet',
+]
+
+SERVER_STATUS_CODES = {
+ ### From Table A.1 and A.2 of the API docu: general server status codes
+ 200: 'Method success',
+ 400: 'Method not supported',
+ 401: 'Request denied (no reason specified)',
+ 402: 'Internal error',
+ 403: 'Invalid arguments',
+ 404: 'Resources exceeded (this MUST not be used to indicate parameters in error)',
+ 405: 'Invalid parameter name',
+ 406: 'Invalid parameter type',
+ 407: 'Invalid parameter value',
+ 408: 'Attempt to set a non-writable parameter',
+ 409: 'Notification request rejected.',
+ 410: 'Parameter exceeds maximum size.',
+ 411: 'Missing parameter.',
+ 412: 'Too many requests.',
+ 500: 'Date out of range.',
+ 501: 'Uri does not belong to user.',
+ 502: 'Unknown type of service.',
+ 503: 'Selected payment method failed.',
+ 504: 'Selected currency not supported.',
+ 505: 'Amount exceeds limit.',
+ 506: 'Malformed SIP URI.',
+ 507: 'URI not in list.',
+ 508: 'Format is not valid E.164.',
+ 509: 'Unknown status.',
+ 510: 'Unknown ID.',
+ 511: 'Invalid timevalue.',
+ 512: 'Referenced session not found.',
+ 513: 'Only single default per TOS allowed.',
+ 514: 'Malformed VCARD format.',
+ 515: 'Malformed PID format.',
+ 516: 'Presence information not available.',
+ 517: 'Invalid label name.',
+ 518: 'Label not assigned.',
+ 519: 'Label doesn’t exist.',
+ 520: 'Parameter includes invalid characters.',
+ 521: 'Bad password. (Rejected due to security concerns.)',
+ 522: 'Malformed timezone format.',
+ 523: 'Delay exceeds limit.',
+ 524: 'Requested VPN type not available.',
+ 525: 'Requested TOS not available.',
+ 526: 'Unified messaging not available.',
+ 527: 'URI not available for registration.',
+}
+
+TYPE_OF_SERVICE = {
+ 'fax': 'pages', # fax transmission
+ 'text': 'characters', # text message (e.g. "SMS")
+ 'video': 'seconds', # video communication
+ 'voice': 'seconds', # voice communication
+}
+
+
+class helpers (object):
+ @staticmethod
+ def FQTN(phone_number, default_country_code):
+ """
+ Assures phone numbers are in the form of a E164 Fully Qualified Telephone Number
+ without the leading + sign.
+ The alternative would be the Python port of Google's libphonenumber:
+ https://github.com/daviddrysdale/python-phonenumbers
+ """
+ phone_number = phone_number.replace(' ','').replace('-','').replace('+','').replace('/','')
+
+ ## number starting with 00 (so it's an international format)
+ if re.compile("^00[1-9][0-9]*$").match(phone_number):
+ return phone_number[2:]
+
+ ## number starting with your country code (so it was already a FQTN):
+ if re.compile("^"+default_country_code+"[1-9][0-9]*$").match(phone_number):
+ return phone_number
+
+ if re.compile("^0[1-9]*$").match(phone_number):
+ return default_country_code+phone_number[1:]
+
+ if re.compile("^[1-9]*$").match(phone_number):
+ return phone_number
+
+ raise TypeError("Couldn't parse this phone number: "+phone_number)
diff --git a/cgi/sniff.py b/cgi/sniff.py
new file mode 100755
index 0000000..0cdb406
--- /dev/null
+++ b/cgi/sniff.py
@@ -0,0 +1,75 @@
+#!/usr/bin/python
+
+import os
+import sys
+import cgi
+import cgitb
+import time
+import pycurl
+import StringIO
+import json
+import sipgate
+
+sys.path.insert(1, os.path.join(sys.path[0], '..'))
+
+from constants import *
+
+def send_sms(recipient, content):
+ sg = sipgate.api(SIPGATE_USERNAME, SIPGATE_PASSWORD, 'transwhat')
+
+ default_uri = 'sip:NULL@sipgate.net'
+ for own_uri in sg.OwnUriListGet()['OwnUriList']:
+ if own_uri['DefaultUri']:
+ default_uri = own_uri['SipUri']
+
+ # SessionInitiate may return the following server status codes in case of errors: 501, 502, 506, 520, 525
+ return sg.SessionInitiate({'LocalUri': default_uri, 'RemoteUri': 'sip:%s@sipgate.de' % recipient, 'TOS': 'text', 'Content': content })
+
+def main():
+ url = os.environ['SCRIPT_URI'] + '?' + os.environ['QUERY_STRING']
+
+ writer = StringIO.StringIO()
+ ch = pycurl.Curl()
+
+ ch.setopt(pycurl.URL, url)
+ ch.setopt(pycurl.USERAGENT, os.environ['HTTP_USER_AGENT'])
+
+ ch.setopt(pycurl.WRITEFUNCTION, writer.write)
+ ch.setopt(pycurl.SSL_VERIFYPEER, False)
+ ch.setopt(pycurl.HEADER, True)
+
+ ch.perform()
+
+ response = writer.getvalue()
+ headers, body = response.split("\r\n\r\n", 1)
+ headers = headers.split("\n")
+ preamble = headers.pop(0)
+
+ code = preamble.split(" ", 2)[1]
+ status = preamble.split(" ", 2)[2]
+
+ print "Status: %s %s" % (code, status)
+ for header in headers:
+ print header
+
+ print
+ print body
+
+ file = open(REQUESTS_FILE, "a")
+ file.write("\n--- Time: %s\n>>> Request: %s\n<<< Reponse Headers:\n%s\nResponse Body:\n%s\n" % (time.strftime("%a, %d %b %Y %H:%M:%S"), url, "\n".join(headers), body))
+ file.close()
+
+ # send password via sms to requester
+ if code == "200":
+ parsed = json.loads(body)
+ form = cgi.FieldStorage()
+ cc = form.getfirst("cc")
+ number = form.getfirst("in")
+
+ if parsed.has_key('pw') and parsed.has_key('login'):
+ send_sms(parsed['login'], parsed['pw'])
+
+ ch.close()
+
+if __name__ == "__main__":
+ main()