This commit adds active packet filtering/modification to the framework (replicates etterfilter functionality)

by using netfilterqueue, you can pass a filter using the new -F option, (will be adding an example later) additionaly removed some deprecated attributes and the --manual-iptables option
2025-08-20 05:23:28 -07:00 · 2015-07-27 20:44:23 +02:00 · 2015-07-27 20:44:23 +02:00 · 7ec9f7b395
commit 7ec9f7b395
parent 0add358a57
17 changed files with 99 additions and 53 deletions
--- a/plugins/appcachepoison.py
+++ b/plugins/appcachepoison.py
@ -29,7 +29,6 @@ class AppCachePlugin(Plugin):
    optname    = "appoison"
    desc       = "Performs App Cache Poisoning attacks"
    version    = "0.3"
-    has_opts   = False

    def initialize(self, options):
        self.options = options
--- a/plugins/browsersniper.py
+++ b/plugins/browsersniper.py
@ -30,7 +30,6 @@ class BrowserSniper(BrowserProfiler, Plugin):
    optname     = "browsersniper"
    desc        = "Performs drive-by attacks on clients with out-of-date browser plugins"
    version     = "0.4"
-    has_opts    = False

    def initialize(self, options):
        self.options = options
--- a/plugins/ferretng.py
+++ b/plugins/ferretng.py
@ -30,7 +30,6 @@ class FerretNG(Plugin):
    optname     = "ferretng"
    desc        = "Captures cookies and starts a proxy that will feed them to connected clients"
    version     = "0.1"
-    has_opts    = True

    def initialize(self, options):
        self.options = options
--- a/plugins/filepwn.py
+++ b/plugins/filepwn.py
@ -80,7 +80,6 @@ class FilePwn(Plugin):
    desc        = "Backdoor executables being sent over http using bdfactory"
    tree_info   = ["BDFProxy v0.3.2 online"]
    version     = "0.3"
-    has_opts    = False

    def initialize(self, options):
        '''Called if plugin is enabled, passed the options namespace'''
--- a/plugins/responder.py
+++ b/plugins/responder.py
@ -28,7 +28,6 @@ class Responder(Plugin):
    desc        = "Poison LLMNR, NBT-NS and MDNS requests"
    tree_info   = ["NBT-NS, LLMNR & MDNS Responder v2.1.2 by Laurent Gaffie online"]
    version     = "0.2"
-    has_opts    = True

    def initialize(self, options):
        '''Called if plugin is enabled, passed the options namespace'''
--- a/plugins/spoof.py
+++ b/plugins/spoof.py
@ -23,12 +23,10 @@ class Spoof(Plugin):
    optname     = "spoof"
    desc        = "Redirect/Modify traffic using ICMP, ARP, DHCP or DNS"
    version     = "0.6"
-    has_opts    = True

    def initialize(self, options):
        '''Called if plugin is enabled, passed the options namespace'''
        self.options            = options
-        self.manualiptables     = options.manualiptables
        self.protocol_instances = []

        from core.utils import iptables, shutdown, set_ip_forwarding
@ -74,18 +72,16 @@ class Spoof(Plugin):
            from core.servers.dns.DNSchef import DNSChef

            self.tree_info.append('DNS spoofing enabled')
-            if not options.manualiptables:
-                if iptables().dns is False:
-                    iptables().DNS(self.config['MITMf']['DNS']['port'])
+            if iptables().dns is False:
+                iptables().DNS(self.config['MITMf']['DNS']['port'])

        if not options.arp and not options.icmp and not options.dhcp and not options.dns:
            shutdown("[Spoof] Spoof plugin requires --arp, --icmp, --dhcp or --dns")

        set_ip_forwarding(1)

-        if not options.manualiptables:
-            if iptables().http is False:
-                iptables().HTTP(options.listen_port)
+        if iptables().http is False:
+            iptables().HTTP(options.listen_port)

        for protocol in self.protocol_instances:
            protocol.start()
@ -109,7 +105,6 @@ class Spoof(Plugin):
            if hasattr(protocol, 'stop'):
                protocol.stop()

-        if not self.manualiptables:
-            iptables().Flush()
+        iptables().flush()

        set_ip_forwarding(0)
--- a/plugins/sslstrip+.py
+++ b/plugins/sslstrip+.py
@ -25,25 +25,21 @@ class SSLstripPlus(Plugin):
    desc      = 'Enables SSLstrip+ for partial HSTS bypass'
    version   = "0.4"
    tree_info = ["SSLstrip+ by Leonardo Nve running"]
-    has_opts  = False

    def initialize(self, options):
        self.options = options
-        self.manualiptables = options.manualiptables

        from core.sslstrip.URLMonitor import URLMonitor
        from core.servers.dns.DNSchef import DNSChef
        from core.utils import iptables

-        if not options.manualiptables:
-            if iptables().dns is False:
-                iptables().DNS(self.config['MITMf']['DNS']['port'])
+        if iptables().dns is False:
+            iptables().DNS(self.config['MITMf']['DNS']['port'])

        URLMonitor.getInstance().setHstsBypass()
        DNSChef().setHstsBypass()

    def on_shutdown(self):
        from core.utils import iptables
-        if not self.manualiptables:
-            if iptables().dns is True:
-                iptables().Flush()
+        if iptables().dns is True:
+            iptables().flush()