FTP proxy v10 and up

Problem this snippet solves:

Summary: An FTP proxy that simulates FTP proxies found on Bluecoat and Cisco Ironport Proxies.

Contribution

Bhattman at gmail dot com

How to use this snippet:

NOTE: You need to apply the FTP Profile

Code :

when CLIENT_DATA {
set ftplogin [TCP::payload]
log local0. "login is $ftplogin"
if { $ftplogin starts_with "USER" } {
# You can set it up to use any DNS server you want.
set dnslookup "4.2.2.1"
set cuser [TCP::payload]
scan $cuser {%[^@]@%s} garbage sitename
scan $garbage %s%s cmd uid
set ips [RESOLV::lookup @$dnslookup -a $sitename]
if {$ips eq "" } {
# Input wasn't an IP address, take some default action?
reject
} else { 
TCP::payload replace 0 [TCP::payload length] ""
set ftp_serv "[lindex $ips 0]"
node [lindex $ips 0] [TCP::local_port]
}
}
TCP::release
}

when SERVER_CONNECTED {
    TCP::collect 20
}

when SERVER_DATA {
  set serv_data [TCP::payload]
if { $serv_data contains "220" } {
TCP::respond "USER $uid\r\n"
TCP::payload replace 0 [TCP::payload length] ""
}
TCP::release
}

Tested this on version:

10.0

Published Mar 17, 2015

Version 1.0

devops