mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-10 15:23:41 -07:00
Initial working PoC for the Ferret-NG plugin that will replace the SessionHijacker plugin: it will capture cookies and trasparently feed them to the proxy it starts up on port 10010 (by default), this way we just have to connect to the proxy, browse to the same website as the victim and we will automatically hijack their session! \o/
The way MITMf hooks SSLstrip's functions has been modified to improve plugin code readability, additionally corrected some useless function hooks that were placed in early framework realeases and never removed. Replace plugin has been given it's own section in the config file currently the BeedAutorun and Javapwn plugins have to be cleaned up... BrowserProfile plugin's Pinlady code has been updated to the latest version (v0.9.0) and will now detect Flash player's version Javapwn plugin will be renamed to BrowserPwn and will support Flash exploits too , as supposed to only Java exploits Since we now have a built in SMB server, removed options to specify a host in the SMBauth plugin Tweaked the output of some plugins
This commit is contained in:
parent
d3e509d4cd
commit
79025dc77e
33 changed files with 1080 additions and 5488 deletions
|
@ -16,14 +16,16 @@
|
|||
# USA
|
||||
#
|
||||
|
||||
import logging, re, string, random, zlib, gzip, StringIO, sys
|
||||
import plugins
|
||||
|
||||
try:
|
||||
from user_agents import parse
|
||||
except:
|
||||
pass
|
||||
import logging
|
||||
import re
|
||||
import string
|
||||
import random
|
||||
import zlib
|
||||
import gzip
|
||||
import StringIO
|
||||
import sys
|
||||
|
||||
from user_agents import parse
|
||||
from twisted.web.http import HTTPClient
|
||||
from URLMonitor import URLMonitor
|
||||
from core.sergioproxy.ProxyPlugins import ProxyPlugins
|
||||
|
@ -53,6 +55,7 @@ class ServerConnection(HTTPClient):
|
|||
self.postData = postData
|
||||
self.headers = headers
|
||||
self.client = client
|
||||
self.printPostData = True
|
||||
self.clientInfo = None
|
||||
self.urlMonitor = URLMonitor.getInstance()
|
||||
self.hsts = URLMonitor.getInstance().hsts
|
||||
|
@ -78,22 +81,17 @@ class ServerConnection(HTTPClient):
|
|||
mitmf_logger.info(self.clientInfo + "Sending Request: {}".format(self.headers['host']))
|
||||
mitmf_logger.debug("[ServerConnection] Full request: {}{}".format(self.headers['host'], self.uri))
|
||||
|
||||
self.plugins.hook()
|
||||
self.sendCommand(self.command, self.uri)
|
||||
|
||||
def sendHeaders(self):
|
||||
for header, value in self.headers.iteritems():
|
||||
mitmf_logger.debug("[ServerConnection] Sending header: ({} => {})".format(header, value))
|
||||
mitmf_logger.debug("[ServerConnection] Sending header: ({}: {})".format(header, value))
|
||||
self.sendHeader(header, value)
|
||||
|
||||
self.endHeaders()
|
||||
|
||||
def sendPostData(self):
|
||||
if 'clientprfl' in self.uri:
|
||||
self.plugins.hook()
|
||||
elif 'keylog' in self.uri:
|
||||
self.plugins.hook()
|
||||
else:
|
||||
if self.printPostData is True: #So we can disable printing POST data coming from plugins
|
||||
try:
|
||||
postdata = self.postData.decode('utf8') #Anything that we can't decode to utf-8 isn't worth logging
|
||||
if len(postdata) > 0:
|
||||
|
@ -101,8 +99,9 @@ class ServerConnection(HTTPClient):
|
|||
except UnicodeDecodeError and UnicodeEncodeError:
|
||||
mitmf_logger.debug("[ServerConnection] {} Ignored post data from {}".format(self.client.getClientIP(), self.headers['host']))
|
||||
pass
|
||||
|
||||
self.transport.write(self.postData)
|
||||
|
||||
self.printPostData = True
|
||||
self.transport.write(self.postData)
|
||||
|
||||
def connectionMade(self):
|
||||
mitmf_logger.debug("[ServerConnection] HTTP connection made.")
|
||||
|
@ -118,8 +117,6 @@ class ServerConnection(HTTPClient):
|
|||
self.client.setResponseCode(int(code), message)
|
||||
|
||||
def handleHeader(self, key, value):
|
||||
mitmf_logger.debug("[ServerConnection] Receiving header ({}: {})".format(key, value))
|
||||
|
||||
if (key.lower() == 'location'):
|
||||
value = self.replaceSecureLinks(value)
|
||||
if self.app:
|
||||
|
@ -128,11 +125,11 @@ class ServerConnection(HTTPClient):
|
|||
if (key.lower() == 'content-type'):
|
||||
if (value.find('image') != -1):
|
||||
self.isImageRequest = True
|
||||
mitmf_logger.debug("[ServerConnection] Response is image content, not scanning...")
|
||||
mitmf_logger.debug("[ServerConnection] Response is image content, not scanning")
|
||||
|
||||
if (key.lower() == 'content-encoding'):
|
||||
if (value.find('gzip') != -1):
|
||||
mitmf_logger.debug("[ServerConnection] Response is compressed...")
|
||||
mitmf_logger.debug("[ServerConnection] Response is compressed")
|
||||
self.isCompressed = True
|
||||
|
||||
elif (key.lower()== 'strict-transport-security'):
|
||||
|
@ -147,15 +144,19 @@ class ServerConnection(HTTPClient):
|
|||
else:
|
||||
self.client.setHeader(key, value)
|
||||
|
||||
def handleEndHeaders(self):
|
||||
if (self.isImageRequest and self.contentLength != None):
|
||||
self.client.setHeader("Content-Length", self.contentLength)
|
||||
|
||||
if self.length == 0:
|
||||
self.shutdown()
|
||||
|
||||
self.plugins.hook()
|
||||
|
||||
def handleEndHeaders(self):
|
||||
if (self.isImageRequest and self.contentLength != None):
|
||||
self.client.setHeader("Content-Length", self.contentLength)
|
||||
if logging.getLevelName(mitmf_logger.getEffectiveLevel()) == "DEBUG":
|
||||
for header, value in self.client.headers.iteritems():
|
||||
mitmf_logger.debug("[ServerConnection] Receiving header: ({}: {})".format(header, value))
|
||||
|
||||
if self.length == 0:
|
||||
self.shutdown()
|
||||
|
||||
def handleResponsePart(self, data):
|
||||
if (self.isImageRequest):
|
||||
self.client.write(data)
|
||||
|
@ -175,15 +176,11 @@ class ServerConnection(HTTPClient):
|
|||
if (self.isCompressed):
|
||||
mitmf_logger.debug("[ServerConnection] Decompressing content...")
|
||||
data = gzip.GzipFile('', 'rb', 9, StringIO.StringIO(data)).read()
|
||||
|
||||
if len(data) < 1500:
|
||||
mitmf_logger.debug("[ServerConnection] Read from server {} bytes of data:\n{}".format(len(data), data))
|
||||
else:
|
||||
mitmf_logger.debug("[ServerConnection] Read from server {} bytes of data".format(len(data)))
|
||||
|
||||
data = self.replaceSecureLinks(data)
|
||||
res = self.plugins.hook()
|
||||
data = res['data']
|
||||
data = self.plugins.hook()['data']
|
||||
|
||||
mitmf_logger.debug("[ServerConnection] Read from server {} bytes of data".format(len(data)))
|
||||
|
||||
if (self.contentLength != None):
|
||||
self.client.setHeader('Content-Length', len(data))
|
||||
|
@ -212,7 +209,7 @@ class ServerConnection(HTTPClient):
|
|||
for match in iterator:
|
||||
url = match.group()
|
||||
|
||||
mitmf_logger.debug("[ServerConnection] Found secure reference: " + url)
|
||||
mitmf_logger.debug("[ServerConnection][HSTS] Found secure reference: " + url)
|
||||
nuevaurl=self.urlMonitor.addSecureLink(self.client.getClientIP(), url)
|
||||
mitmf_logger.debug("[ServerConnection][HSTS] Replacing {} => {}".format(url,nuevaurl))
|
||||
sustitucion[url] = nuevaurl
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue