github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-30 11:48:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed a bug in SSLstrip+ code, when redirecting to certain sites

Browse source 
Created a wrapper class around Msfrpc to limit code re-use when interacting with msf
This commit is contained in:
byt3bl33d3r 2015-05-19 00:00:40 +02:00
parent b9371f7cdc
commit 563a8d37c1
10 changed files with 141 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

8
core/sslstrip/ClientRequest.py
View file

@ -69,7 +69,7 @@ class ClientRequest(Request):
if self.hsts:
if 'referer' in headers:
real = self.urlMonitor.getHstsConfig()[0]
real = self.urlMonitor.real
if len(real) > 0:
dregex = re.compile("({})".format("|".join(map(re.escape, real.keys()))))
headers['referer'] = dregex.sub(lambda x: str(real[x.string[x.start() :x.end()]]), headers['referer'])
@ -120,7 +120,7 @@ class ClientRequest(Request):
client = self.getClientIP()
path = self.getPathFromUri()
url = 'http://' + host + path
self.uri = url # set URI to absolute
self.uri = url # set URI to absolute
if self.content:
self.content.seek(0,0)
@ -129,8 +129,8 @@ class ClientRequest(Request):
if self.hsts:
host = self.urlMonitor.URLgetRealHost(str(host))
real = self.urlMonitor.getHstsConfig()[0]
host = self.urlMonitor.URLgetRealHost(str(host))
real = self.urlMonitor.real
patchDict = self.urlMonitor.patchDict
url = 'http://' + host + path
self.uri = url # set URI to absolute

6
core/sslstrip/SSLServerConnection.py
View file

@ -16,7 +16,9 @@
# USA
#
import logging, re, string
import logging
import re
import string
from ServerConnection import ServerConnection
from URLMonitor import URLMonitor
@ -58,7 +60,7 @@ class SSLServerConnection(ServerConnection):
if v[:7].lower()==' domain':
dominio=v.split("=")[1]
mitmf_logger.debug("[SSLServerConnection][HSTS] Parsing cookie domain parameter: %s"%v)
real = self.urlMonitor.getHstsConfig()[1]
real = self.urlMonitor.real
if dominio in real:
v=" Domain=%s"%real[dominio]
mitmf_logger.debug("[SSLServerConnection][HSTS] New cookie domain parameter: %s"%v)

10
core/sslstrip/ServerConnection.py
View file

@ -105,7 +105,13 @@ class ServerConnection(HTTPClient):
def connectionMade(self):
mitmf_logger.debug("[ServerConnection] HTTP connection made.")
self.clientInfo = hap.simple_detect(self.headers['user-agent'])
try:
self.clientInfo = hap.simple_detect(self.headers['user-agent'])
except KeyError as e:
mitmf_logger.debug("[ServerConnection] Client didn't send UA with request")
self.clientInfo = None
pass
self.plugins.hook()
self.sendRequest()
self.sendHeaders()
@ -214,9 +220,7 @@ class ServerConnection(HTTPClient):
nuevaurl=self.urlMonitor.addSecureLink(self.client.getClientIP(), url)
mitmf_logger.debug("[ServerConnection][HSTS] Replacing {} => {}".format(url,nuevaurl))
sustitucion[url] = nuevaurl
#data.replace(url,nuevaurl)
#data = self.urlMonitor.DataReemplazo(data)
if len(sustitucion)>0:
dregex = re.compile("({})".format("|".join(map(re.escape, sustitucion.keys()))))
data = dregex.sub(lambda x: str(sustitucion[x.string[x.start() :x.end()]]), data)

42
core/sslstrip/URLMonitor.py
View file

@ -32,6 +32,8 @@ class URLMonitor:
# Start the arms race, and end up here...
javascriptTrickery = [re.compile("http://.+\.etrade\.com/javascript/omntr/tc_targeting\.html")]
_instance = None
sustitucion = dict()
real = dict()
patchDict = {
'https:\/\/fbstatic-a.akamaihd.net':'http:\/\/webfbstatic-a.akamaihd.net',
'https:\/\/www.facebook.com':'http:\/\/social.facebook.com',
@ -107,23 +109,24 @@ class URLMonitor:
port = 443
if self.hsts:
if not self.getHstsConfig[1].has_key(host):
self.updateHstsConfig()
if not self.sustitucion.has_key(host):
lhost = host[:4]
if lhost=="www.":
self.getHstsConfig[1][host] = "w"+host
self.getHstsConfig[0]["w"+host] = host
self.sustitucion[host] = "w"+host
self.real["w"+host] = host
else:
self.getHstsConfig[1][host] = "web"+host
self.getHstsConfig[0]["web"+host] = host
mitmf_logger.debug("[URLMonitor][HSTS] SSL host ({}) tokenized ({})".format(host, self.getHstsConfig[1][host]))
self.sustitucion[host] = "web"+host
self.real["web"+host] = host
mitmf_logger.debug("[URLMonitor][HSTS] SSL host ({}) tokenized ({})".format(host, self.sustitucion[host]))
url = 'http://' + host + path
#mitmf_logger.debug("HSTS stripped URL: %s %s"%(client, url))
self.strippedURLs.add((client, url))
self.strippedURLPorts[(client, url)] = int(port)
return 'http://'+ self.getHstsConfig[1][host] + path
return 'http://'+ self.sustitucion[host] + path
else:
url = method + host + path
@ -134,15 +137,10 @@ class URLMonitor:
def setFaviconSpoofing(self, faviconSpoofing):
self.faviconSpoofing = faviconSpoofing
def getHstsConfig(self):
sustitucion = dict()
real = dict()
for k,v in ConfigWatcher.getInstance().getConfig()['SSLstrip+']:
sustitucion[k] = v
real[v] = k
return (real, sustitucion)
def updateHstsConfig(self):
for k,v in ConfigWatcher.getInstance().config['SSLstrip+'].iteritems():
self.sustitucion[k] = v
self.real[v] = k
def setHstsBypass(self):
self.hsts = True
@ -158,10 +156,12 @@ class URLMonitor:
def URLgetRealHost(self, host):
mitmf_logger.debug("[URLMonitor][HSTS] Parsing host: {}".format(host))
if self.getHstsConfig()[0].has_key(host):
mitmf_logger.debug("[URLMonitor][HSTS] Found host in list: {}".format(self.getHstsConfig()[0][host]))
return self.getHstsConfig()[0][host]
self.updateHstsConfig()
if self.real.has_key(host):
mitmf_logger.debug("[URLMonitor][HSTS] Found host in list: {}".format(self.real[host]))
return self.real[host]
else:
mitmf_logger.debug("[URLMonitor][HSTS] Host not in list: {}".format(host))