github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-08-21 05:53:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Whole framework now requires root privs

Browse source 
- Added an internal DNS server
- Proxy can now use our custom DNS server (DNSChef) or Twisted's
- Removed priv check from plugins
- DNS spoofing fully re-written
- Iptables rules are now checked and set between plugins
This commit is contained in:
byt3bl33d3r 2015-04-12 01:49:43 +02:00
commit 9a1c3b0ec4
22 changed files with 129 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

26
core/sslstrip/ClientRequest.py
View file

@ -16,7 +16,7 @@
# USA
#
import urlparse, logging, os, sys, random, re
import urlparse, logging, os, sys, random, re, dns.resolver
from twisted.web.http import Request
from twisted.web.http import HTTPChannel
@ -43,8 +43,8 @@ class ClientRequest(Request):
the magic begins. Here we remove the client headers we dont like, and then
respond with either favicon spoofing, session denial, or proxy through HTTP
or SSL to the server.
'''
'''
def __init__(self, channel, queued, reactor=reactor):
Request.__init__(self, channel, queued)
self.reactor = reactor
@ -54,6 +54,12 @@ class ClientRequest(Request):
self.dnsCache = DnsCache.getInstance()
self.plugins = ProxyPlugins.getInstance()
#self.uniqueId = random.randint(0, 10000)
#Use are own DNS server instead of reactor.resolve()
self.resolver = URLMonitor.getInstance().getResolver()
self.customResolver = dns.resolver.Resolver()
self.customResolver.nameservers = ['127.0.0.1']
self.customResolver.port = URLMonitor.getInstance().getResolverPort()
def cleanHeaders(self):
headers = self.getAllHeaders().copy()
@ -173,7 +179,7 @@ class ClientRequest(Request):
self.proxyViaHTTP(address, self.method, path, postData, headers, port)
def handleHostResolvedError(self, error):
logging.warning("[ClientRequest] Host resolution error: " + str(error))
logging.debug("[ClientRequest] Host resolution error: " + str(error))
try:
self.finish()
except:
@ -186,8 +192,18 @@ class ClientRequest(Request):
mitmf_logger.debug("[ClientRequest] Host cached: %s %s" % (host, str(address)))
return defer.succeed(address)
else:
mitmf_logger.debug("[ClientRequest] Host not cached.")
return reactor.resolve(host)
if self.resolver == 'dnschef':
try:
address = str(self.customResolver.query(host)[0].address)
return defer.succeed(address)
except Exception:
return defer.fail()
elif self.resolver == 'twisted':
return reactor.resolve(host)
def process(self):
mitmf_logger.debug("[ClientRequest] Resolving host: %s" % (self.getHeader('host')))

29
core/sslstrip/URLMonitor.py
View file

@ -47,6 +47,8 @@ class URLMonitor:
self.hsts = False
self.app = False
self.hsts_config = None
self.resolver = 'dnschef'
self.resolverport = 53
@staticmethod
def getInstance():
@ -54,6 +56,22 @@ class URLMonitor:
URLMonitor._instance = URLMonitor()
return URLMonitor._instance
#This is here because I'm lazy
def setResolver(self, resolver):
self.resolver = str(resolver).lower()
#This is here because I'm lazy
def getResolver(self):
return self.resolver
#This is here because I'm lazy
def setResolverPort(self, port):
self.resolverport = int(port)
#This is here because I'm lazy
def getResolverPort(self):
return self.resolverport
def isSecureLink(self, client, url):
for expression in URLMonitor.javascriptTrickery:
@ -133,13 +151,12 @@ class URLMonitor:
self.faviconSpoofing = faviconSpoofing
def setHstsBypass(self, hstsconfig):
if hstsconfig:
self.hsts = True
self.hsts_config = hstsconfig
self.hsts = True
self.hsts_config = hstsconfig
for k,v in self.hsts_config.iteritems():
self.sustitucion[k] = v
self.real[v] = k
for k,v in self.hsts_config.iteritems():
self.sustitucion[k] = v
self.real[v] = k
def setAppCachePoisoning(self):
self.app = True