github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-16 10:03:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

AppCachePoison is now a plugin and cleaned dir tree

Browse source
This commit is contained in:
byt3bl33d3r 2014-07-24 20:22:26 +02:00
parent c02604723d
commit 3999677248
17 changed files with 35 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app_cache_poison/config.ini → config_files/app_cache_poison.cfg
View file

@ -4,10 +4,10 @@
; generic settings for tampering engine
enabled=True
tamper_class=app_cache_poison.AppCachePoison
tamper_class=libs.AppCachePoisonClass
;all settings below are specific for AppCachePoison
templates_path=app_cache_poison/templates
templates_path=config_files/app_cache_poison_templates
;enable_only_in_useragents=Chrome|Firefox
; when visiting first url matching following expression we will embed iframes with all tamper URLs

0
app_cache_poison/templates/default.append → config_files/app_cache_poison_templates/default.append
View file

0
app_cache_poison/templates/default.manifest → config_files/app_cache_poison_templates/default.manifest
View file

0
app_cache_poison/templates/facebook.append → config_files/app_cache_poison_templates/facebook.append
View file

0
app_cache_poison/templates/facebook.manifest → config_files/app_cache_poison_templates/facebook.manifest
View file

0
app_cache_poison/templates/script.append → config_files/app_cache_poison_templates/script.append
View file

0
app_cache_poison/templates/test.replace → config_files/app_cache_poison_templates/test.replace
View file

0
filepwn.cfg → config_files/filepwn.cfg
View file

0
app_cache_poison/__init__.py → config_files/javapwn.cfg
View file

20
app_cache_poison/AppCachePoison.py → libs/AppCachePoisonClass.py Executable file → Normal file
View file

@ -1,26 +1,8 @@
# Copyright (c) 2004-2009 Moxie Marlinspike, Krzysztof Kotowicz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
# USA
#
import logging, re, os.path, time
from datetime import date
from sslstrip.DummyResponseTamperer import DummyResponseTamperer
class AppCachePoison(DummyResponseTamperer):
class AppCachePoisonClass(DummyResponseTamperer):
'''
AppCachePosion performs HTML5 AppCache poisioning attack - see http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html

0
libs/__init__.py Normal file
View file

0
msfrpc.py → libs/msfrpc.py
View file

22
mitmf.py
View file

@ -5,7 +5,6 @@ from twisted.internet import reactor
from sslstrip.StrippingProxy import StrippingProxy
from sslstrip.URLMonitor import URLMonitor
from sslstrip.ResponseTampererFactory import ResponseTampererFactory
from sslstrip.CookieCleaner import CookieCleaner
from sslstrip.ProxyPlugins import ProxyPlugins
@ -25,17 +24,15 @@ if __name__ == "__main__":
parser = argparse.ArgumentParser(description="MITMf v%s - Framework for MITM attacks" % mitmf_version,epilog="Use wisely, young Padawan.",fromfile_prefix_chars='@')
#add sslstrip options
sgroup = parser.add_argument_group("sslstrip","Options for sslstrip library")
sgroup.add_argument("-w","--write",type=argparse.FileType('w'),metavar="filename", default=sys.stdout,help="Specify file to log to (stdout by default).")
sgroup.add_argument("--log-level",type=str,choices=['debug','info'],default="info",help="Specify a log level [default: info]")
sgroup.add_argument("-w", "--write", type=argparse.FileType('w'), metavar="filename", default=sys.stdout, help="Specify file to log to (stdout by default).")
sgroup.add_argument("--log-level", type=str,choices=['debug','info'], default="info", help="Specify a log level [default: info]")
slogopts = sgroup.add_mutually_exclusive_group()
slogopts.add_argument("-p","--post",action="store_true",help="Log only SSL POSTs. (default)")
slogopts.add_argument("-s","--ssl",action="store_true",help="Log all SSL traffic to and from server.")
slogopts.add_argument("-a","--all",action="store_true",help="Log all SSL and HTTP traffic to and from server.")
sgroup.add_argument("-l","--listen",type=int,metavar="port",default=10000,help="Port to listen on (default 10000)")
sgroup.add_argument("-f","--favicon",action="store_true",help="Substitute a lock favicon on secure requests.")
sgroup.add_argument("-k","--killsessions",action="store_true",help="Kill sessions in progress.")
tgroup = parser.add_argument_group("Options for app-cache poisoning")
tgroup.add_argument("-t", "--tamper",type=argparse.FileType('r'),help="Config file for app-cache poisoning")
slogopts.add_argument("-p", "--post", action="store_true",help="Log only SSL POSTs. (default)")
slogopts.add_argument("-s", "--ssl", action="store_true", help="Log all SSL traffic to and from server.")
slogopts.add_argument("-a", "--all", action="store_true", help="Log all SSL and HTTP traffic to and from server.")
sgroup.add_argument("-l", "--listen", type=int, metavar="port", default=10000, help="Port to listen on (default 10000)")
sgroup.add_argument("-f", "--favicon", action="store_true", help="Substitute a lock favicon on secure requests.")
sgroup.add_argument("-k", "--killsessions", action="store_true", help="Kill sessions in progress.")
#Initialize plugins
plugins = []
@ -77,10 +74,9 @@ if __name__ == "__main__":
except NotImplementedError:
print "Plugin %s lacked initialize function." % p.name
#Plugins are ready to go, start MITM
#Plugins are ready to go, start MITMf
URLMonitor.getInstance().setFaviconSpoofing(args.favicon)
CookieCleaner.getInstance().setEnabled(args.killsessions)
ResponseTampererFactory.buildTamperer(args.tamper)
ProxyPlugins.getInstance().setPlugins(load)
strippingFactory = http.HTTPFactory(timeout=10)

21
plugins/AppCachePoison.py Normal file
View file

@ -0,0 +1,21 @@
from plugins.plugin import Plugin
from sslstrip.ResponseTampererFactory import ResponseTampererFactory
class AppCachePlugin(Plugin):
name = "App Cache Poison"
optname = "app"
desc = "Performs App Cache Poisoning attacks"
has_opts = True
def initialize(self,options):
'''Called if plugin is enabled, passed the options namespace'''
self.options = options
self.config_file = options.tampercfg
if self.config_file == None:
self.config_file = "./config_files/app_cache_poison.cfg"
print "[*] App Cache Poison plugin online"
ResponseTampererFactory.buildTamperer(self.config_file)
def add_options(self, options):
options.add_argument("--tampercfg", type=file, help="Specify a config file")

2
plugins/FilePwn.py
View file

@ -45,7 +45,7 @@ class FilePwn(Plugin):
#NOT USED NOW
#self.supportedBins = ('MZ', '7f454c46'.decode('hex'))
self.userConfig = ConfigObj('filepwn.cfg')
self.userConfig = ConfigObj('./config_files/filepwn.cfg')
self.FileSizeMax = self.userConfig['targets']['ALL']['FileSizeMax']
self.WindowsIntelx86 = self.userConfig['targets']['ALL']['WindowsIntelx86']
self.WindowsIntelx64 = self.userConfig['targets']['ALL']['WindowsIntelx64']

2
plugins/JavaPwn.py
View file

@ -1,12 +1,12 @@
from plugins.plugin import Plugin
from plugins.BrowserProfiler import BrowserProfiler
from time import sleep
import libs.msfrpc
import string
import random
import threading
import logging
import sys, os
import msfrpc
class JavaPwn(BrowserProfiler, Plugin):
name = "JavaPwn"

0
app_cache_poison/README → plugins/app_cache_poison.README
View file