github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-08-21 05:53:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Initial working PoC for the Ferret-NG plugin that will replace the SessionHijacker plugin: it will capture cookies and trasparently feed them to the proxy it starts up on port 10010 (by default), this way we just have to connect to the proxy, browse to the same website as the victim and we will automatically hijack their session! \o/

Browse source 
The way MITMf hooks SSLstrip's functions has been modified to improve plugin code readability, additionally corrected some useless function hooks that were placed in early framework realeases and never removed.

Replace plugin has been given it's own section in the config file

currently the BeedAutorun and Javapwn plugins have to be cleaned up...

BrowserProfile plugin's Pinlady code has been updated to the latest version (v0.9.0) and will now detect Flash player's version

Javapwn plugin will be renamed to BrowserPwn and will support Flash exploits too , as supposed to only Java exploits

Since we now have a built in SMB server, removed options to specify a host in the SMBauth plugin

Tweaked the output of some plugins
This commit is contained in:
byt3bl33d3r 2015-05-11 03:13:45 +02:00
commit 79025dc77e
33 changed files with 1080 additions and 5488 deletions
Download patch file Download diff file Expand all files Collapse all files

17
core/sslstrip/ClientRequest.py
View file

@ -16,7 +16,13 @@
# USA
#
import urlparse, logging, os, sys, random, re, dns.resolver
import urlparse
import logging
import os
import sys
import random
import re
import dns.resolver
from twisted.web.http import Request
from twisted.web.http import HTTPChannel
@ -33,7 +39,6 @@ from SSLServerConnection import SSLServerConnection
from URLMonitor import URLMonitor
from CookieCleaner import CookieCleaner
from DnsCache import DnsCache
from core.sergioproxy.ProxyPlugins import ProxyPlugins
mitmf_logger = logging.getLogger('mitmf')
@ -52,7 +57,6 @@ class ClientRequest(Request):
self.hsts = URLMonitor.getInstance().hsts
self.cookieCleaner = CookieCleaner.getInstance()
self.dnsCache = DnsCache.getInstance()
self.plugins = ProxyPlugins.getInstance()
#self.uniqueId = random.randint(0, 10000)
#Use are own DNS server instead of reactor.resolve()
@ -62,9 +66,6 @@ class ClientRequest(Request):
def cleanHeaders(self):
headers = self.getAllHeaders().copy()
#for k,v in headers.iteritems():
# mitmf_logger.debug("[ClientRequest] Receiving headers: (%s => %s)" % (k, v))
if self.hsts:
if 'referer' in headers:
@ -92,8 +93,6 @@ class ClientRequest(Request):
if 'cache-control' in headers:
del headers['cache-control']
self.plugins.hook()
return headers
def getPathFromUri(self):
@ -111,7 +110,7 @@ class ClientRequest(Request):
if os.path.exists(scriptPath): return scriptPath
mitmf_logger.warning("Error: Could not find lock.ico")
mitmf_logger.warning("[ClientRequest] Error: Could not find lock.ico")
return "lock.ico"
def handleHostResolvedSuccess(self, address):

65
core/sslstrip/ServerConnection.py
View file

@ -16,14 +16,16 @@
# USA
#
import logging, re, string, random, zlib, gzip, StringIO, sys
import plugins
try:
from user_agents import parse
except:
pass
import logging
import re
import string
import random
import zlib
import gzip
import StringIO
import sys
from user_agents import parse
from twisted.web.http import HTTPClient
from URLMonitor import URLMonitor
from core.sergioproxy.ProxyPlugins import ProxyPlugins
@ -53,6 +55,7 @@ class ServerConnection(HTTPClient):
self.postData = postData
self.headers = headers
self.client = client
self.printPostData = True
self.clientInfo = None
self.urlMonitor = URLMonitor.getInstance()
self.hsts = URLMonitor.getInstance().hsts
@ -78,22 +81,17 @@ class ServerConnection(HTTPClient):
mitmf_logger.info(self.clientInfo + "Sending Request: {}".format(self.headers['host']))
mitmf_logger.debug("[ServerConnection] Full request: {}{}".format(self.headers['host'], self.uri))
self.plugins.hook()
self.sendCommand(self.command, self.uri)
def sendHeaders(self):
for header, value in self.headers.iteritems():
mitmf_logger.debug("[ServerConnection] Sending header: ({} => {})".format(header, value))
mitmf_logger.debug("[ServerConnection] Sending header: ({}: {})".format(header, value))
self.sendHeader(header, value)
self.endHeaders()
def sendPostData(self):
if 'clientprfl' in self.uri:
self.plugins.hook()
elif 'keylog' in self.uri:
self.plugins.hook()
else:
if self.printPostData is True: #So we can disable printing POST data coming from plugins
try:
postdata = self.postData.decode('utf8') #Anything that we can't decode to utf-8 isn't worth logging
if len(postdata) > 0:
@ -101,8 +99,9 @@ class ServerConnection(HTTPClient):
except UnicodeDecodeError and UnicodeEncodeError:
mitmf_logger.debug("[ServerConnection] {} Ignored post data from {}".format(self.client.getClientIP(), self.headers['host']))
pass
self.transport.write(self.postData)
self.printPostData = True
self.transport.write(self.postData)
def connectionMade(self):
mitmf_logger.debug("[ServerConnection] HTTP connection made.")
@ -118,8 +117,6 @@ class ServerConnection(HTTPClient):
self.client.setResponseCode(int(code), message)
def handleHeader(self, key, value):
mitmf_logger.debug("[ServerConnection] Receiving header ({}: {})".format(key, value))
if (key.lower() == 'location'):
value = self.replaceSecureLinks(value)
if self.app:
@ -128,11 +125,11 @@ class ServerConnection(HTTPClient):
if (key.lower() == 'content-type'):
if (value.find('image') != -1):
self.isImageRequest = True
mitmf_logger.debug("[ServerConnection] Response is image content, not scanning...")
mitmf_logger.debug("[ServerConnection] Response is image content, not scanning")
if (key.lower() == 'content-encoding'):
if (value.find('gzip') != -1):
mitmf_logger.debug("[ServerConnection] Response is compressed...")
mitmf_logger.debug("[ServerConnection] Response is compressed")
self.isCompressed = True
elif (key.lower()== 'strict-transport-security'):
@ -147,15 +144,19 @@ class ServerConnection(HTTPClient):
else:
self.client.setHeader(key, value)
def handleEndHeaders(self):
if (self.isImageRequest and self.contentLength != None):
self.client.setHeader("Content-Length", self.contentLength)
if self.length == 0:
self.shutdown()
self.plugins.hook()
def handleEndHeaders(self):
if (self.isImageRequest and self.contentLength != None):
self.client.setHeader("Content-Length", self.contentLength)
if logging.getLevelName(mitmf_logger.getEffectiveLevel()) == "DEBUG":
for header, value in self.client.headers.iteritems():
mitmf_logger.debug("[ServerConnection] Receiving header: ({}: {})".format(header, value))
if self.length == 0:
self.shutdown()
def handleResponsePart(self, data):
if (self.isImageRequest):
self.client.write(data)
@ -175,15 +176,11 @@ class ServerConnection(HTTPClient):
if (self.isCompressed):
mitmf_logger.debug("[ServerConnection] Decompressing content...")
data = gzip.GzipFile('', 'rb', 9, StringIO.StringIO(data)).read()
if len(data) < 1500:
mitmf_logger.debug("[ServerConnection] Read from server {} bytes of data:\n{}".format(len(data), data))
else:
mitmf_logger.debug("[ServerConnection] Read from server {} bytes of data".format(len(data)))
data = self.replaceSecureLinks(data)
res = self.plugins.hook()
data = res['data']
data = self.plugins.hook()['data']
mitmf_logger.debug("[ServerConnection] Read from server {} bytes of data".format(len(data)))
if (self.contentLength != None):
self.client.setHeader('Content-Length', len(data))
@ -212,7 +209,7 @@ class ServerConnection(HTTPClient):
for match in iterator:
url = match.group()
mitmf_logger.debug("[ServerConnection] Found secure reference: " + url)
mitmf_logger.debug("[ServerConnection][HSTS] Found secure reference: " + url)
nuevaurl=self.urlMonitor.addSecureLink(self.client.getClientIP(), url)
mitmf_logger.debug("[ServerConnection][HSTS] Replacing {} => {}".format(url,nuevaurl))
sustitucion[url] = nuevaurl