diff --git a/README.md b/README.md index 7410173..c2497cd 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,19 @@ Quick tutorial and examples at http://sign0f4.blogspot.it This tool is completely based on sergio-proxy https://code.google.com/p/sergio-proxy/ and is an attempt to revive and update the project. +Availible modules: +- ArpSpoof - Redirect traffic using arp-spoofing +- BrowserProfiler - Attempts to enumerate all browser plugins of connected clients +- CacheKill - Kills page caching by modifying headers +- FilePwn - Backdoor executables being sent over http using bdfactory +- Inject - Inject arbitrary content into HTML content +- JavaPwn - Performs drive-by attacks on clients with out-of-date java browser plugins +- jskeylogger - Injects a javascript keylogger into clients webpages +- Linkrewriter - Rewrites all href attributes to a specified url +- Replace - Replace arbitary content in HTML content +- SMBAuth - Evoke SMB challenge-response auth attempts +- Upsidedownternet - Flips images 180 degrees + So far the most significant changes have been: - Arpspoof plugin has been completely re-written to use scapy (Now able to poison via arp-requests and arp-replies) diff --git a/plugins/Replace.py b/plugins/Replace.py new file mode 100644 index 0000000..50238d6 --- /dev/null +++ b/plugins/Replace.py @@ -0,0 +1,79 @@ +import os,subprocess,logging,time,re +import argparse +from plugins.plugin import Plugin +from plugins.CacheKill import CacheKill + +class Replace(CacheKill,Plugin): + name = "Replace" + optname = "replace" + implements = ["handleResponse","handleHeader","connectionMade"] + has_opts = True + desc = "Replace arbitrary content in HTML content" + + def initialize(self,options): + self.options = options + + self.search_str = options.search_str + self.replace_str = options.replace_str + self.regex_file = options.regex_file + + if (self.search_str==None or self.search_str=="") and self.regex_file is None: + sys.exit("[*] Please provide a search string or a regex file") + + self.regexes = [] + if self.regex_file is not None: + print "[*] Loading regexes from file" + for line in self.regex_file: + self.regexes.append(line.strip().split("\t")) + + if self.options.keep_cache: + self.implements.remove("handleHeader") + self.implements.remove("connectionMade") + + self.ctable = {} + self.dtable = {} + self.mime = "text/html" + + print "[*] Replace plugin online" + + def handleResponse(self,request,data): + ip,hn,mime = self._get_req_info(request) + + if self._should_replace(ip,hn,mime): + + if self.search_str!=None and self.search_str!="": + data = data.replace(self.search_str, self.replace_str) + logging.info("%s [%s] Replaced '%s' with '%s'" % (request.client.getClientIP(), request.headers['host'], self.search_str, self.replace_str)) + + + # Did the user provide us with a regex file? + for regex in self.regexes: + try: + data = re.sub(regex[0], regex[1], data) + + logging.info("%s [%s] Occurances matching '%s' replaced with '%s'" % (request.client.getClientIP(), request.headers['host'], regex[0], regex[1])) + except Exception, e: + logging.error("%s [%s] Your provided regex (%s) or replace value (%s) is empty or invalid. Please debug your provided regex(es)" % (request.client.getClientIP(), request.headers['host'], regex[0], regex[1])) + + self.ctable[ip] = time.time() + self.dtable[ip+hn] = True + + return {'request':request,'data':data} + + return + + def add_options(self,options): + options.add_argument("--search-str",type=str,default=None,help="String you would like to replace --replace-str with. Default: '' (empty string)") + options.add_argument("--replace-str",type=str,default="",help="String you would like to replace.") + options.add_argument("--regex-file",type=file,help="Load file with regexes. File format: [tab][new-line]") + options.add_argument("--keep-cache",action="store_true",help="Don't kill the server/client caching.") + + def _should_replace(self,ip,hn,mime): + return mime.find(self.mime)!=-1 + + def _get_req_info(self,request): + ip = request.client.getClientIP() + hn = request.client.getRequestHostname() + mime = request.client.headers['Content-Type'] + + return (ip,hn,mime)