A flag submitter service with distributed attackers for attack/defense CTF games.
While playing ruCTFe 2015 some of our "attack" scripts didn't work as expected, flooding the game infrastructure with invalid flags (sorry guys!). We decided then to write a centralized "flag submit" service with a rest api which would act as a filter and be able to tell us if some of the attack scripts are submitting too many invalid flags. In the end it worked out pretty well! :)
Please keep in mind that this code was written in a hurry, planning to use it locally during ctfs: don't expect it to be (perfect || secure || bug free). If you find a bug, add a new feature please contribute with a pull request. If you like it or use it feel free to drop us a line ;)
This webservice is responsible for receiving flags, and storing them togheter with statistics inside the DB. Please start this one first to setup the database the first time. The service is based on bottle.py and we used cherrypy for our deploy:
python submitter.py
You will also need an instance of the "worker" which will submit the flags to the game infrastructure:
python worker.py
for RuCTFe:
for iCTF:
It was tested with mongodb 2.6.x
It is advisable to put an nginx in front of the submitter service, look at nginx_submitter.conf
for an example config.
you will need another virtualenv since right now motor doesn't wrap pymongo 3
python stats.py