initial commit

2025-07-16 10:03:52 -07:00 · 2014-07-07 13:40:49 +02:00 · 2014-07-07 13:40:49 +02:00 · 6fa335183c
commit 6fa335183c
parent fbf31c220a
37 changed files with 2698 additions and 0 deletions
--- a/sslstrip/URLMonitor.py
+++ b/sslstrip/URLMonitor.py
@ -0,0 +1,87 @@
+# Copyright (c) 2004-2009 Moxie Marlinspike
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA
+#
+
+import re
+
+class URLMonitor:    
+
+    '''
+    The URL monitor maintains a set of (client, url) tuples that correspond to requests which the
+    server is expecting over SSL.  It also keeps track of secure favicon urls.
+    '''
+
+    # Start the arms race, and end up here...
+    javascriptTrickery = [re.compile("http://.+\.etrade\.com/javascript/omntr/tc_targeting\.html")]
+    _instance          = None
+
+    def __init__(self):
+        self.strippedURLs       = set()
+        self.strippedURLPorts   = {}
+        self.faviconReplacement = False
+
+    def isSecureLink(self, client, url):
+        for expression in URLMonitor.javascriptTrickery:
+            if (re.match(expression, url)):
+                return True
+
+        return (client,url) in self.strippedURLs
+
+    def getSecurePort(self, client, url):
+        if (client,url) in self.strippedURLs:
+            return self.strippedURLPorts[(client,url)]
+        else:
+            return 443
+
+    def addSecureLink(self, client, url):
+        methodIndex = url.find("//") + 2
+        method      = url[0:methodIndex]
+
+        pathIndex   = url.find("/", methodIndex)
+        host        = url[methodIndex:pathIndex]
+        path        = url[pathIndex:]
+
+        port        = 443
+        portIndex   = host.find(":")
+
+        if (portIndex != -1):
+            host = host[0:portIndex]
+            port = host[portIndex+1:]
+            if len(port) == 0:
+                port = 443
+        
+        url = method + host + path
+
+        self.strippedURLs.add((client, url))
+        self.strippedURLPorts[(client, url)] = int(port)
+
+    def setFaviconSpoofing(self, faviconSpoofing):
+        self.faviconSpoofing = faviconSpoofing
+
+    def isFaviconSpoofing(self):
+        return self.faviconSpoofing
+
+    def isSecureFavicon(self, client, url):
+        return ((self.faviconSpoofing == True) and (url.find("favicon-x-favicon-x.ico") != -1))
+
+    def getInstance():
+        if URLMonitor._instance == None:
+            URLMonitor._instance = URLMonitor()
+
+        return URLMonitor._instance
+
+    getInstance = staticmethod(getInstance)