OSWE Toolkit: File-Transfer Server Series
Step-by-step learning module: building a minimal file-transfer server in Python with Flask, threading, and logging.
This learning module documents the process of building a custom file-transfer server in Python. Instead of presenting the final class at once, each post adds one feature at a time. By the end, you’ll have a complete understanding of the code, the design choices, and how to use it in OSWE/WEB-300 style exploit development.
Why This Series?
Deeper learning by building: each article explains how and why, not just what.
Reusable tooling: the finished server is useful beyond the course — for PoCs, exfiltration, and payload hosting.
Clarity in design: threading, Flask, encoding, and callbacks are broken down into approachable steps.
Module Roadmap
Part 1 – Why and Where to Begin Start with the motivation and build the most minimal Flask server.
Part 2 – Serving a File (Download Route) Add the first real endpoint: deliver a payload via
send_file.Part 3 – Accepting Uploads Introduce POST routes and file saving.
Part 4 – Encoded Data and Exfiltration Handle base64-encoded input, useful for hostile transports.
Part 5 – Limits, Callbacks, and Shutdown Add one-shot transfers, lifecycle control, and local shutdown.
Part 6 – Logging and Observability Integrate with a logger for structured, report-ready output.
Part 7 – Putting It All Together The final
FileTransferServerclass, ready for use in PoCs.
How to Use This Module
Draft and experiment inside Obsidian.
Push the same Markdown files to GitBook for polished publishing.
Run each code snippet locally as you go — every post builds toward the final result.
Next Step
Begin with Part 1 – Why and Where to Begin.
Last updated